Re: [CentOS-docs] reference page for Apache test page & the project
On Sat, Jun 23, 2018 at 4:17 PM, Trevor Hemsley wrote: > On 23/06/18 21:03, John R. Dennison wrote: > > On Fri, Jun 22, 2018 at 04:58:21PM -0700, Karsten Wade wrote: > >> * Is there a better page I can point at? > > 'Better' is quite subjective; however this all goes back to > > > > https://web.archive.org/web/20060523223519/https://www. > centos.org/modules/news/article.php?storyid=127 > > > > and is as good of a reference as any. > > > > I would urge someone to scrape the gist of that thread and preserve it > > on wiki.c.o somewhere. > > > > If no one else does I will do it later today or tomorrow when I have a > > bit of time and motivation. > > You know, perhaps this is approaching this from the wrong direction. > Maybe the correct solution would be to change that welcome page to be > more explicit about what it is and why it's there so the question > doesn't arise in the first place. It *is* better than it used to be but > it could be better. If we just move the "The CentOS Project has nothing > to do with this website or its content, it just provides the software > that makes the website run." up to immediately after the "This server > powered by CentOS" under the Testing 123... heading. > > Does the attached patch make it more clear more easily? It gets the > essential message into the top paragrpah which is the one that gets > read. Having it off the bottom of the page where it resides in the > current version means you're reliant on people advancing to the next page. > > Trevor > How long does one need to be in IT to realize that people simply will not read things, period? Adding more text to an already long-winded page that clearly no one is reading will not solve the problem. The only solution is to eschew vanity completely and make a page that has nothing but "Testing 123" or something equally terse, and possibly mentioning Apache, if that is a requirement somewhere. The only mention of CentOS, should be the "powered by" badge and that's it. I would remove the "powered by CentOS" in the blue header, and then ALL of the text "About CentOS" and below. I understand the intention of trying to help users and admins, but it clearly isn't. As we have seen in the past, this page causes well-known problems, and afaik provides almost no benefit so should be removed. ~ Brian Mathis @orev ___ CentOS-docs mailing list CentOS-docs@centos.org https://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] Apache and web content permissions
You could write a script to open the permissions, apply updates using something like http://wp-cli.org/, then close the permissions again. Run it through cron so you get updates in a timely manner. ~ Brian Mathis @orev On Sat, Dec 2, 2017 at 8:27 AM, Nicolas Kovacs <i...@microlinux.fr> wrote: > Le 02/12/2017 à 14:19, Leon Fauster a écrit : > > I would build a rpm package of wordpress (everything can be defined > > there like permissions etc) > > The initial question was: WHAT permissions? > > > and disabling the automatic update > > function in wordpress. Build once it can be installed on all (two > > dozen) webservers automagically (local yum repository) ... externe > > That would mean one package per Wordpress, since I don't have only one > Wordpress installation per server. Not a solution. > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] strange system outage
> >> May 10 03:57:57 localhost.localdomain anacron[33406]: Normal exit (1 job > >> run) > >> > >> I need to get my remote hands to get me more info. > > > > > > df -hT; df -i > > > > There is no space left on a vital partition / logical volume. > > > > "Only 0MiB is available on /var/spool/abrt" > > > > "postdrop: warning: uid=0: No space left on device" > > Yes, I saw that and assumed that was the root cause of the issue. But > when I had my guy over in Japan check he found that / had 15G (of 50) > free. We did some more investigating and it seems that when mlocate > runs the disk fills up and bad things happen. Why is that happening? > It is because 15G free space is not enough? We ran a du and most of > the space on / was used by /var/log (11G), and /var/lib/mlocate (20G). > Can I disable mlocate and get rid of that large dir? > 20GB for mlocate is absolutely (and suspiciously) huge. You must have millions and millions of files on that server. If not, then there's something wrong with mlocate. 'mlocate' can be removed unless you're using it, there's nothing else really dependent on it in CentOS. You'd need to really evaluate if someone else is using it on that server. ~ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Timezone and date
On Wed, Apr 5, 2017 at 1:47 PM, Richard <lists-cen...@listmail.innovate.net> wrote: > > > Date: Wednesday, April 05, 2017 13:15:19 -0400 > > From: Brian Mathis <brian.mathis+cen...@betteradmin.com> > > > > On Tue, Apr 4, 2017 at 9:22 PM, Jerry Geis <jerry.g...@gmail.com> > > wrote: > > > >> When I do the date +%Z I get the timezone. Which currently is EDT. > >> > >> I am sending information to another system, that says EDT is not a > >> valid timezone. I have no way to modify the other system. > >> > >> My question is - is there a way to get the non-day-lite savings > >> time zone ? For example EST is valid - EDT is not. > >> > >> Just curious if there is an easy way already present to get a > >> standard time zone. > >> > >> Thanks, - I know weird situation the other end not supported EDT. > >> > >> Jerry > > > > Communication of time values should use UTC, not a specific time > > zone, unless the remote side needs to know the time zone for a > > specific reason. > > > > To get the time in a different zone, use the TZ environment var: > > TZ=UTC date > > > > ~ Brian Mathis > > @orev > > Or, if for some reason you want to pass the timezone, use the GMT > offset (e.g., -0400) rather than the three-letter abbreviations that, > as noted earlier, aren't unique. > > A better description of the context for this might also result in > more focused responses. > It may not be what you want if you need to know the actual time zone for some reason. Different places switch to Daylight Saving or Summer time on different schedules, and you might also need to know if that location was actually in DST at the time. Using just the offset does not convey that information. I agree that more context is needed. ~ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7, systemd,, and message floods
On Wed, Apr 5, 2017 at 3:18 PM, <m.r...@5-cent.us> wrote: > I've just updated a couple of servers, latest 7.3, and systemd is flooding > dmesg, journalctl with info level messages... or maybe debug level 1. > > Examples: > [ 478.258571] systemd[1]: Sent message type=signal sender=n/a > destination=n/a object=/org/freedesktop/systemd1/unit/httpd_2eservice > interface=org.freedesktop.DBus.Properties member=PropertiesChanged > cookie=436 reply_cookie=0 error=n/a > > [ 478.258971] systemd[1]: Got notification message for unit > systemd-logind.service > [ 478.258980] systemd[1]: systemd-logind.service: Got notification > message from PID 821 (WATCHDOG=1) > [ 478.258985] systemd[1]: systemd-logind.service: got WATCHDOG=1 > > What *is* all that garbage, and is there some way to turn it down to WARN > and ERR messages? > > mark > if grep -q debug /proc/cmdline; then echo "Kernel and systemd debugging was enabled as part of an errant script during the yum update" echo "See https://bugs.centos.org/view.php?id=12425 and https://wiki.centos.org/HowTos/Grub2; fi ~ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Timezone and date
On Tue, Apr 4, 2017 at 9:22 PM, Jerry Geis <jerry.g...@gmail.com> wrote: > When I do the date +%Z I get the timezone. Which currently is EDT. > > I am sending information to another system, that says EDT is not a valid > timezone. I have no way to modify the other system. > > My question is - is there a way to get the non-day-lite savings time zone ? > For example EST is valid - EDT is not. > > Just curious if there is an easy way already present to get a standard time > zone. > > Thanks, - I know weird situation the other end not supported EDT. > > Jerry > Communication of time values should use UTC, not a specific time zone, unless the remote side needs to know the time zone for a specific reason. To get the time in a different zone, use the TZ environment var: TZ=UTC date ~ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Systemd debug logging turned on in CentOS 7
On Tue, Feb 28, 2017 at 1:44 PM, Thomas Eriksson < thomas.eriks...@slac.stanford.edu> wrote: > On 02/28/2017 08:55 AM, Brian Mathis wrote: > > > > Main issue I've seen is that logs grow by an order of magnitude larger > than > > when it's off, due to systemd being systemd and now running in debug > mode. > > Other than disk space, it would affect any central logging system you > have > > with lots of unnecessary traffic, and would also add a lot of IO, > amplified > > if you have many machines running on a VM host. > > > > ~ Brian Mathis > > @orev > > > Just to put the record straight; it's not related to kernel debugging > being enabled or not. It's systemd debugging that is being turned on > for all menu entries, kernel debug or not. > > Anyway, I think I have found a pattern. Only those machines that were > updated from 7.2 to 7.3 using the CR repo are showing this behaviour. > New 7.3 installs are fine. I'll just clean up the machines affected > and move on. There must have been some debug config left in an > installation script in one of the CR rpms. > > thanks to everyone responding, > Thomas > Yes, true, this isn't technically the "kernel" debug mode, but systemd debugging is also enabled for the debug boot options, which seems to get carried into a non-debug boot entry somehow. I have seen this issue on a few machines, and I don't use the CR repos. The ones I saw were during upgrades from 7.2 systems with all updates, which were then upgraded to 7.3 with all updates as of 2 weeks ago. ~ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Systemd debug logging turned on in CentOS 7
On Tue, Feb 28, 2017 at 10:49 AM, Valeri Galtsev <galt...@kicp.uchicago.edu>
wrote:
>
> On Tue, February 28, 2017 9:22 am, Rob DeSanno wrote:
> > Last time I saw it, I had just upgraded my CentOS 7 box with the
> > 3.10.0-514 kernel and it rebooted already configured into debug mode.
> Not
> > sure if this is a “feature†of the newer kernels or not but glad to
> > see that i’m not the only one who had noticed this.
> >
> > # awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
> > 0 : CentOS Linux (3.10.0-514.6.2.el7.x86_64) 7 (Core)
> > 1 : CentOS Linux (3.10.0-514.6.2.el7.x86_64) 7 (Core) with debugging
> > 2 : CentOS Linux (0-rescue-7b37bcbe36eb420fb6426976c41b0aaf) 7 (Core)
> > 3 : CentOS Linux (0-rescue-7b37bcbe36eb420fb6426976c41b0aaf) 7 (Core)
> with
> > debugging
>
> I am not certain if there is real harm to have kernel with all debug stuff
> running on production machines. Probably no harm security wise, the only
> unpleasant stuff is: you really would prefer to run as slim kernel as
> possible on production systems. If I'm wrong about "no harm", somebody
> chime in, I then will be really eager to address it on my boxes.
>
> Valeri
>
>
Main issue I've seen is that logs grow by an order of magnitude larger than
when it's off, due to systemd being systemd and now running in debug mode.
Other than disk space, it would affect any central logging system you have
with lots of unnecessary traffic, and would also add a lot of IO, amplified
if you have many machines running on a VM host.
~ Brian Mathis
@orev
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] photos on iPhone 6
For the OP: Did you even try Google before asking the list? Google should always be your first choice. http://www.dedoimedo.com/computers/linux-iphone-6.html For Scott: If you install the VLC app on the iPad you can probably skip the transcoding and also having to add the video to iTunes first. You'll only need to transcode the audio if it uses AC3, which is proprietary and the owners have been issuing takedown notices for any app using it (so VLC doesn't support it). Otherwise VLC can handle any video format (the days of having to use a special profile just for an iPhone or iPad are long gone). You can then copy the videos directly into VLC using iTunes file sharing. ~ Brian Mathis @orev On Thu, Oct 20, 2016 at 7:22 PM, Scott Robbins <scottr...@gmail.com> wrote: > On Thu, Oct 20, 2016 at 05:11:51PM -0400, m.r...@5-cent.us wrote: > > Bowie Bailey wrote: > > > > There's also MTP packages, that can speak directly. That's what I > > installed on my 6 home workstation, and I can copy files to and from my > > Nook. > > > > mark > > Nook isn't an iPhone though. Apple's very proprietary. :) > > Is there a computer in the house with iTunes? For example, when my wife > travels, she wants videos on her iPad. I transcode them for the iPad on a > Linux or FreeBSD workstation, then scp them over to her Mac, and from > there, put them into iTunes and from there, into the iPad. > > It's less of a pain than it sounds, but is going on the premise that you > have a computer with iTunes. I don't know about it with a Windows version > of iTunes, we've only done it with her Mac. > > -- > Scott Robbins > PGP keyID EB3467D6 > ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) > gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securing RPC
You need to setup a firewall (either a separate hardware box or iptables on this server) that allows only those IPs you need to connect to those ports. You should never expose a service like this to the entire Internet. ~ Brian Mathis @orev On Fri, Jul 1, 2016 at 8:38 AM, Leon Vergottini <le...@cornerstone.ac.za> wrote: > Dear Community > > I hope you are all doing well. > > Recently I have been receiving several complaints from our service > provider. Please see the complaint below: > > A public-facing device on your network, running on IP address > XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port > 111 and participated in a large-scale attack against a customer of ours, > generating responses to spoofed requests that claimed to be from the attack > target. > > Please consider reconfiguring this server in one or more of these ways: > > 1. Adding a firewall rule to block all access to this host's UDP port 111 > at your network edge (it would continue to be available on TCP port 111 in > this case). > 2. Adding firewall rules to allow connections to this service (on UDP port > 111) from authorized endpoints but block connections from all other hosts. > 3. Disabling the port mapping service entirely (if it is not needed). > > > > Unfortunately, I cannot disable NFS which lies at the root of this > problem. In addition, I am struggling to find a proper tutorial of moving > NFS from udp over to tcp. > > May I kindly ask you to point me in a direction or provide me with ideas on > how to nail this thing in the > > Kind Regards > Leon > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Perl DBI 1.52 on el6
You might want to try installing the version of DBI you want using local::lib, which can be done with something like (this is using cpan minus): cpanm --local-lib=/path/to/custom/location DBI@1.52 then in your Perl script: use local::lib '/path/to/custom/location'; If you need to do a full compile of perl, use perlbrew. You don't want to mess with the system version of Perl in any way if you can avoid it. ~ Brian Mathis @orev On Sat, Dec 26, 2015 at 10:49 AM, Erick Ocrospoma <zipper1...@gmail.com> wrote: > Hello guys, > > I was told by the client to install Perl DBI version 1.52 on a el6 box, by > default el6 branch comes with DBI version 1.6x, this version is AFAIK not > the desired one. > > First I tried installing DBI 1.52 from some rpm package [1], which had some > dependencies, Perl 5.8.8 and dbd.4.4.x, this last package was also present > el6, so it made conflict and it was not possible to install DBI 1.52 from a > rpm. > > Then, I downloaded version 1.52 [2], and tried to compiled it, but it > failed while doing the make test. I'm not sure if it is not a problem, > because while doing make, it did not show error/failure messages. > > Finally, it seems I'd have to compile Perl 5.8.8 by hand, and then try to > add DBI module also. Is this possible to install it safely and make it > coexist with default Perl version (5.10.1) in el6 ? > > I'm also writing to DBI user list, about make test failure messages. But > maybe, I guess, it is failing because it is not supported by Perl 5.10.1 > and Perl 5.8.8 does. > > No clue about this, in my opinion it should compile with Perl 5.10.1 > > Regards. > -- > Erick. > --- > IRC : zerick > Blog: http://zerick.me > About : http://about.me/zerick > Linux User ID : 549567 > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ntpd new version
RedHat/CentOS does not upgrade packages based on version numbers. Please read https://access.redhat.com/security/updates/backporting Understanding this is essential to running a RedHat/CentOS server. ❧ Brian Mathis @orev On Mon, Jul 6, 2015 at 7:04 AM, Vijendra Agarwal (vijagarw) vijag...@cisco.com wrote: Hi All, Currently CentOS site contains the below version of ntpd. ntp-4.2.6p5-3.el6.centos.x86_64.rpm http://mirror.centos.org/centos/6.6/updates/x86_64/Packages/ntp-4.2.6p5-3.el6.centos.x86_64.rpm :- 16 mar 2015. Does anybody have any information about when the new version of ntpd is expected to release containing new vulnerabilities fixes? Thanks Vijendra. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CPAN issues
It's not a good idea to update CPAN and/or install modules from CPAN into the OS-installed perl. Use rpm packages from yum. Many can be found in the standard CentOS repo and EPEL has many as well. Take a look at perlbrew if you really need a new version of perl for some reason. If you don't really need the new version, don't update it. ❧ Brian Mathis @orev On Mon, Jun 29, 2015 at 5:08 PM, James D. Parra jam...@musicreports.com wrote: Hello List, Running CentOS Linux release 7.0.1406 (Core), and trying to update CPAN from version 1.98 to version 2.10, but it fails. snip t/97-process_setup_options.t .. ok t/97-return_values.t .. 6/10 # Failed test 'blib/script/cpan -j t/97-lib_cpan1/CPAN/Config.pm Local::Prereq::Fails' # at t/97-return_values.t line 49. # got: '2' # expected: '1' # Failed test 'blib/script/cpan -j t/97-lib_cpan1/CPAN/Config.pm Local::Make::Fails' # at t/97-return_values.t line 49. # got: '2' # expected: '1' t/97-return_values.t .. 8/10 # Failed test 'blib/script/cpan -j t/97-lib_cpan1/CPAN/Config.pm Local::Test::Fails' # at t/97-return_values.t line 49. # got: '2' # expected: '1' t/97-return_values.t .. 9/10 # Failed test 'blib/script/cpan -j t/97-lib_cpan1/CPAN/Config.pm Local::Unsupported::OS' # at t/97-return_values.t line 49. # got: '2' # expected: '1' t/97-return_values.t .. 10/10 # Failed test 'blib/script/cpan -j t/97-lib_cpan1/CPAN/Config.pm Local::Works::Fine' # at t/97-return_values.t line 49. # got: '2' # expected: '0' # Looks like you failed 5 tests of 10. t/97-return_values.t .. Dubious, test returned 5 (wstat 1280, 0x500) Failed 5/10 subtests Test Summary Report --- t/30shell.t (Wstat: 65280 Tests: 150 Failed: 0) Non-zero exit status: 255 Parse errors: Bad plan. You planned 223 tests but ran 150. t/41distribution.t (Wstat: 1024 Tests: 19 Failed: 4) Failed tests: 14, 16-17, 19 Non-zero exit status: 4 t/97-return_values.t(Wstat: 1280 Tests: 10 Failed: 5) Failed tests: 6-10 Non-zero exit status: 5 Files=30, Tests=595, 259 wallclock secs ( 0.27 usr 0.02 sys + 14.40 cusr 1.11 csys = 15.80 CPU) Result: FAIL Failed 3/30 test programs. 9/595 subtests failed. make: *** [test_dynamic] Error 5 ANDK/CPAN-2.10.tar.gz one dependency not OK (CPAN::Meta::Requirements); additionally test harness failed /usr/bin/make test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports ANDK/CPAN-2.10.tar.gz Running make install make test had returned bad status, won't install without force Failed during this command: ANDK/CPAN-2.10.tar.gz: make_test NO one dependency not OK (CPAN::Meta::Requirements); additionally test harness failed end Any ideas how I can resolve this? Thank you, James ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Facebook CentOS group close to 15.000 members!
On Mon, Mar 23, 2015 at 9:53 AM, James B. Byrne byrn...@harte-lyne.ca wrote: On Mon, March 23, 2015 05:24, Nux! wrote: I find this very, very sad. I find it unsavoury. We are recommending that acknowledged newbies subscribe to a service known for repeatedly and persistently violating its members' privacy How would you get the message to such people to inform them that alternatives exist? (this is rhetorical, so don't answer). And this has nothing to do with CentOS. If there's a platform that can be used to promote CentOS, then it should be used if there is a suitable audience there. ❧ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grsync for centos 7
On Thu, Mar 5, 2015 at 1:03 PM, Les Mikesell lesmikes...@gmail.com wrote: On Thu, Mar 5, 2015 at 11:44 AM, Francis Gerund ranr...@gmail.com wrote: Hello. I think it is just too easy to make mistakes with rsync. And getting it almost correct can really get you hurt. What are you trying to do, and what kind of mistakes are you worried about? The only things I find confusing are what the trailing / means on a directory name and that -H isn't bundled with the other options that -a includes that you normally want.You can avoid the ambiguity of whether the top directory or just the contents will be copied by cd'ing into the source directory and doing: rsync -av . host:/path/to/dir. That is, by using '.' as the source you can't mistakenly create another directory level on the target. And you just have to remember that it will create the final directory in the target path if it doesn't exist, but just the final one, not the whole path. The fact that you need a paragraph this long to describe how to avoid some of the confusion when using rsync pretty much speaks for itself. Rsync definitely has its own syntax and is much more sensitive than other unix tools, so it's not unwarranted that people might be confused. I don't know anyone who fully understands the include/exclude filters either, at least not without rereading the man page a few times. And if you add -n or --dry-run to the options along with -v, it will go through the motions and show you the files that would be transferred without actually doing it. -- Les Mikesell lesmikes...@gmail.com ❧ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grsync for centos 7
Use the --dry-run rsync option to test things out. It tells you what it's going to do but doesn't actually make any changes. ❧ Brian Mathis @orev On Thu, Mar 5, 2015 at 12:44 PM, Francis Gerund ranr...@gmail.com wrote: Hello. I think it is just too easy to make mistakes with rsync. And getting it almost correct can really get you hurt. So I would like to learn with Grsync. But, Grsync does not seem to be in the centos 7 or EPEL 7 repositories (although it may have been around as late as centos 6). Is it now in any reputable repositories? If not, has anyone installed it from source code, and if so, did it work okay? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux allow FTP
On Tue, Mar 3, 2015 at 2:33 PM, Les Mikesell lesmikes...@gmail.com wrote: On Mon, Mar 2, 2015 at 4:43 PM, Tim Dunphy bluethu...@gmail.com wrote: errr, I meant, sftp, not rscp Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow regular ol' FTP using SELinux? Or does that just defeat the purpose of having a secure SELlinux server entirely? What is the context here? The big problem with ftp is that it passes the user credentials in the clear. There is nothing particularly wrong with an anonymous ftp download area where the files are put in place with something more secure - but it is usually easier to use http for that and you'll have less trouble with firewalls. -- Les Mikesell lesmikes...@gmail.com Enough about FTP vs SFTP. This is exactly the kind of unhelpful discussion that I was referring to last month about the conversations on this list. CentOS is an *enterprise* distribution and as such it would be expected that people are either bound by corporate restrictions, or have some other requirements that you're not aware of. A single helpful comment reminding someone that they should be using SFTP instead of FTP is the only appropriate thing to be saying here, not this dead-horse-beating. So to actually address the stated problem... I don't know about proftpd, but there's a page here that discusses getting it working with selinux: http://selinuxproject.org/page/FTPRecipes and I'm sure that clicking this link will lead you to other helpful documents: https://www.google.com/search?q=proftpd+selinux+centos+7 It does require that you have an understanding of selinux, and are not just looking for a magic incantation to make it work. You can look at the audit log in /var/log/audit to get an idea of what is failing, and also the 'audit2why' and 'audit2allow' commands can help to suggest what selinux settings need to be changed or are getting in the way. P.S. FTP is not secure, so you should try to use SFTP if you are able to influence the requirements. ❧ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Easy way to strip down CentOS?
On Wed, Feb 25, 2015 at 2:04 PM, Niki Kovacs i...@microlinux.fr wrote: Le 25/02/2015 19:36, John R Pierce a écrit : I install from the 'minimum' ISO, and get that off the bat, then just install the packages I need with yum I do the same, but my question is: how to do that the other way around? Let's say you start from the base system, then install a couple dozen command-line utilities from cowsay to whois, then you install the X Window System group, a couple dozen fonts, then the WindowMaker window manager, then a handful of X applications... how do you manage from there to get back to exactly the base system you had from the start? I know this may sound a little academic, but it's for a little private experiment here. Niki It's not automatic so maybe not what you're looking for, but reviewing the yum log in /var/log/ will give you a chronological list of what packages were installed, so you could use that create a list of packages to remove. Be careful about updates that masquerade as installations, like kernel packages. You could also query by install date as outlined here: http://unix.stackexchange.com/questions/2291/centos-list-the-installed-rpms-by-date-of-installation-update I don't think there's a single yum command that lets you roll back to the packages the were installed at a given point in time. I also don't think that this would get you back to the *exact* system as it was. Linux packages aren't completely self contained like that, and have the potential to make other changes to the system, so it's not a completely clean rollback. At minimum, you'd have rpmsave files laying around, probably empty directories, etc... ❧ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Packages not available in CentOS 7
It sounds like you are trying to blindly install a set of packages from CentOS 5 to CentOS 7. This is not going to work as there are numerous changes between those versions. You need to understand and consider what packages you need for your application and then track down the necessary ones that are available in CentOS 7. Updating to a new major release requires some in-depth analysis -- it's not a simple upgrade. ❧ Brian Mathis @orev On Tue, Feb 10, 2015 at 1:08 AM, Venkateswara Rao Dokku dvrao@gmail.com wrote: Thanks for the reply. I did clean installation of the CentOS 7 and wanted to install the list of packages in the above mail, but couldn't get them installed. Can you please help me in installing the above packages? On Tue, Feb 10, 2015 at 11:33 AM, John R Pierce pie...@hogranch.com wrote: On 2/9/2015 9:57 PM, Venkateswara Rao Dokku wrote: I would like to upgrade my customized CentOS 5.5 to CentOS 7. For this I took the latest stable CentOS 7 image and wanted to install the packages that are there in the existing customized version of CentOS 5.5. you can't do that. there's no supported in-place upgrade path for EL 5 - EL 7 clean install centos 7, configure it for your requirements, move your application data and settings over (with judicious adaptation of the settings, as not everything is the same with the significantly newer components in 7). -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Thanks Regards, Venkateswara Rao Dokku. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Thread moderation and list etiquette (Reference - Another Fedora Decision)
Hi Jim, Thanks for putting in the effort here. It's never a good situation to have to moderate, but sometimes it is necessary. From my perspective, this kind of thing happens far more often than the current example, though maybe not with such intensity. This situation forces me to evaluate if replying to any message on this list is going to be worth the headache of the inevitable noise that seems to get attached to almost every thread. I can say with certainty that there are many questions that I could've provided some help on, but did not do so simply to avoid the annoyance. I think it's something people have gotten used to, and only noticed in extreme cases. CentOS is unquestionably one of the most used Linux distros in the world, and yet the mailing list is relatively quiet. To me this is a symptom of a problem, and I feel that it's partially a result of the same regular people, only be virtue of the fact that they are regulars, acting as if this is their own personal living room instead of a public community space for collaboration and support. My ability to contribute to the CentOS community is limited. There's not much I can do as far as helping out with builds, testing, etc... so the main thing I can contribute is help and (hopefully) thoughtful discussion on the list. The current environment discourages me from that, so I tend to ignore most messages and turn my attention to other things. ❧ Brian Mathis @orev On Wed, Feb 11, 2015 at 11:07 AM, Jim Perrin jper...@centos.org wrote: Hi, The thread titled Another Fedora Decision is rapidly turning into a political and opinion driven flame fest that is unsuited for the CentOS mailing list. This list should try and remain focused on CentOS, what we have and keep the area sane for new users as well as old hands to participate in a fair and thoughtful conversation around the CentOS Linux platform and the CentOS project ecosystem. We are, from this point on, considering moderating all content posted to that thread. Furthermore, consider this to be a wider general request - specially to the list regulars - to be considerate and thoughtful in their responses. General 'me too' and 'yes' or 'no' type posts are not needed. Similarly, if you must correct someone, do it politely without making it into a personal attack. Finally, if content in a conversation changes from the original post - please change the thread and start a new one. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asymmetric encryption for very large tar file
On Wed, Dec 17, 2014 at 12:14 PM, Xinhuan Zheng xzh...@christianbook.com wrote: Hello CentOS list, I have a requirement that I need to use encryption technology to encrypt very large tar file on a daily basis. The tar file is over 250G size and those are data backup. Every night the server generated a 250G data backup and it¹s tar¹ed into one tarball file. I want to encrypt this big tarball file. So far I have tried two technologies with no success. 1) generating RSA 2048 public/private key pair via ³openssl req -x509 -nodes -newkey rsa:2048 -keyout private.pem -out public.pem² command and uses the public key to encrypt the big tar file. The encryption command I used is openssl smime -encrypt -aes256 -in backup.tar -binary -outform DEM -out backup.tar.ssl public.pem². The resulting backup.tar.ssl file is only 2G then encryption process stops there and refuse to do more. Cannot get around 2G. 2) generating GPG public/private key pair via ³gpg ‹gen-key² then encrypt with gpg -e -u backup -r backup² backup.tar². However, the gpg encryption stops at file size 50G and refuse to do more and the gpg process took over 48 hours. The server is very capable. It¹s 8 CPU Intel 2.33 GHz 16G RAM installing latest RHEL 5.11. Thought CentOS 5 is pretty much compatible in release with RHEL 5. I have searched google and found out a technique that utilizes the symmetric encryption. Then it needs to generate a symmetric key every day and uses public/private key pair to encrypt the symmetric key. However the drawback is that we don¹t know how to manage the symmetric key securely. We can¹t leave the un-encrypted symmetric key there on the server but we have to use the un-encrypted symmetric key for encryption process. Plus we¹ll need to manage the symmetric encryption key, public and private key pair 3 things securely. Has anyone had experience on managing the asymmetric encryption for very large file and what¹s the best practice for that? Thanks. - xinhuan GPG is really what you want to be using for this. OpenSSL is a general toolkit that provide a lot of good functions, but you need to cobble some things together yourself. GPG is meant to handle all of the other parts of dealing with files. I will expand on what someone else mentioned -- asymmetric encryption is not meant for, and has very poor performance for encrypting data, and also has a lot of limitations. The correct way to handle this is to create a symmetric key and use that to encrypt the data, then use asymmetric encryption to encrypt only the symmetric key. GPG takes care of this all internally, so that's what you should be using. ❧ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Asymmetric encryption for very large tar file
On Fri, Dec 19, 2014 at 3:48 PM, Les Mikesell lesmikes...@gmail.com wrote: On Fri, Dec 19, 2014 at 2:40 PM, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: GPG is really what you want to be using for this. OpenSSL is a general toolkit that provide a lot of good functions, but you need to cobble some things together yourself. GPG is meant to handle all of the other parts of dealing with files. I will expand on what someone else mentioned -- asymmetric encryption is not meant for, and has very poor performance for encrypting data, and also has a lot of limitations. The correct way to handle this is to create a symmetric key and use that to encrypt the data, then use asymmetric encryption to encrypt only the symmetric key. GPG takes care of this all internally, so that's what you should be using. Will GPG use the intel aes hardware acceleration - in the version available for Centos5? -- Les Mikesell It doesn't appear to be available for any program running on CentOS 5. https://www.centos.org/forums/viewtopic.php?t=17713 ❧ Brian Mathis @orev ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tracking Open Ports
You could setup an iptables rule on the OUTPUT chain to log attempted accesses, then watch the log file, like outlined here: http://stackoverflow.com/questions/11584824/run-a-system-command-when-an-iptables-rule-is-matched You could use lsof -n ... to find the command trying to open the port. Another option might be to setup tcpdump to capture all packets (including payload data) going to that server/port, then review that and see if you find any clues about the program making the requests. ❧ Brian Mathis @orev On Fri, May 30, 2014 at 11:14 AM, Eric Falbe ericf...@gmail.com wrote: Hi All, I was wondering if anyone knew of a way to notify or log when a specific remote port is openened? I have an old LDAP server that I am looking to get rid of, but there is still a few queries reaching it. The sytem authentication is setup correctly (as is Postfix), so I am thinking there must be some script or program that is setup to query the older LDAP server. I tried using lsof -i|grep 389, but I am not quick enough to get results before the socket is closed. Is there any program or script I could write to detect when this socket gets opened, and what PID and/or program owns it? Thanks, Eric Falbe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setup a devel environment for perl modules
On Tue, Apr 1, 2014 at 2:50 AM, C. L. Martinez carlopm...@gmail.com wrote: Hi all, This is an interesting thread: http://lists.centos.org/pipermail/centos/2014-April/141871.html about the problems you can find building perl modules for CentOS releases (new or old). I agree with John R. Pierce: cpan is very very bad tool ( in fact, I hate it) to build perl modules for CentOS systems, breaks all other perl modules. I need to use several perl modules in several servers in my dept. and after some tests, I migrate to FreeBSD due to easy install perl modules with poudriere suite. But, anyone knows if it is possible to build a confident devel environment under CentOS with some tool to build rpm's perl modules without breaking anything in CentOS systems?? Maybe, it is a good idea to create a CentOS Perl SIG :)) Thanks. Just today I managed to get a modern perl (5.18.2) installed on CentOS 5 using perlbrew. This gives you a complete perl environment in a private location where you can install modules without impacting the system perl. Normally I'm all for using pre-packged RPMs, but the C5 perl is so out of date that it pays off to do it this way instead. I ran into an issue with the setup script from the web site, and this seems to have worked around it: Download and run the installer like the docs say: curl -kL http://install.perlbrew.pl | bash Manually install patchperl curl -kL https://raw.github.com/gugod/patchperl-packing/master/patchperl ~/perl5/perlbrew/bin/patchperl chmod +x ~/perl5/perlbrew/bin/patchperl Full documentation can be found here: http://search.cpan.org/~gugod/App-perlbrew-0.67/lib/App/perlbrew.pm It doesn't fully integrate into rpm/yum package management, but keeping everything isolated to a private location might be an acceptable compromise for your needs. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setup a devel environment for perl modules
On Tue, Apr 1, 2014 at 5:27 PM, m.r...@5-cent.us wrote: Brian Mathis wrote: On Tue, Apr 1, 2014 at 2:50 AM, C. L. Martinez carlopm...@gmail.com wrote: This is an interesting thread: http://lists.centos.org/pipermail/centos/2014-April/141871.html about the problems you can find building perl modules for CentOS releases (new or old). I agree with John R. Pierce: cpan is very very bad tool ( in fact, I hate it) to build perl modules for CentOS systems, breaks all other perl modules. I need to use several perl modules in several servers in my dept. and after some tests, I migrate to FreeBSD due to easy install perl modules with poudriere suite. But, anyone knows if it is possible to build a confident devel environment under CentOS with some tool to build rpm's perl modules without breaking anything in CentOS systems?? Maybe, it is a good idea to create a CentOS Perl SIG :)) Just today I managed to get a modern perl (5.18.2) installed on CentOS 5 using perlbrew. This gives you a complete perl environment in a private location where you can install modules without impacting the system perl. Normally I'm all for using pre-packged RPMs, but the C5 perl is so out of date that it pays off to do it this way instead. I ran into an issue with the setup script from the web site, and this seems to have worked around it: snip Right. And, um, don't forget to update that local userspace perl, and its modules regularly. And don't wait for the notice of updates or security or bugfixes, since there aren't any mark yumm Mark, Yes, this is a good point. In a setup like this you are taking responsibility for updates and patching yourself, just like you would for any other set of libraries you use to develop an application. It becomes local to your application and not something you can rely on the operating system to provide, much like many java applications now come with a full version of the JRE they need to work included. This is the tradeoff you make, but it's not necessarily bad. You can use the OS and patching infrastructure as the foundation for your app, then use whatever you need to actually accomplish your business goal. If that one part of the system needs to be customized, then so be it. After all, that's the reason you're running the server in the first place. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Does anyone use tcp wrappers (hosts.allow/hosts.deny) anymore?
On Thu, Mar 20, 2014 at 4:05 PM, Matthew Miller mat...@mattdm.org wrote: On Thu, Mar 20, 2014 at 12:55:56PM -0700, Keith Keller wrote: What do you think? Do you rely on hosts.allow/hosts.deny a primary security mechanism? As defense-in-depth? Do you have policies which mandate it? I currently use it in conjunction with denyhosts, but have been considering moving to something like sshguard with iptables instead. If hosts.deny support disappeared then I would simply go that route when necessary. May I ask what the reason is for considering dropping tcp wrappers support? I think the main reasons are: upstream library isn't actually maintained since June 2001. The API is somewhat ugly and crufty. Possibly also one more place to check, making systems administration harder. -- Matthew Miller mat...@mattdm.org http://mattdm.org/ The reasoning here seems to ignore one of the main tenets of open source -- people contribute with the purpose of scratching their own itch. If there is such a time when tcp wrappers stops working due to bug or other changes, it's going to break a LOT of stuff. At that point, many people will have a huge itch to scratch, and there will be a spontaneous coalescense of support and code from the people who need it. Why does there need to be a dedicated maintainer for something to be included/useful? That seems like a bureaucratic requirement that doesn't take into account the nature of open source. The project (tcp wrappers) exists as its own entity and will have a maintainer at the time when it needs one. The only improvement that could be made is figuring out where a canonical code repository should exist for it. Where is this discussion taking place in the Fedora community? ❧ Brian Mathis P.S. Is this somehow related to your Next proposal and trying to make Fedora exciting? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using CentOS Wordpress rpms
On Mon, Nov 11, 2013 at 10:59 PM, Max Pyziur p...@brama.com wrote: On Tue, 12 Nov 2013, Keith wrote: [...] I always install from the latest tarball from the WP site, as it's the latest at the time of installation. With regards to WP updates and versions, this is generally performed with it's own built in updating/upgrading mechanism which is the first thing you should check or do after install and on an ongoing basis - IMHO anyway. Makes sense. So what are the point of having RPMs if you can't apply it server-wide across multiple sites? MP Maybe the packages are meant for a different usage pattern than yours? Packaging anything, but particularly web apps, involves making tradeoffs. For most people, package defaults provide a basic set of functionality (which can be adequate for most people), but there are some cases where a power user might have need to install them with other settings. Your usage pattern as a hosting provider is on the power user end of the spectrum, and you should probably be using the tar file or even creating your own custom rpms so you can set it up as you need it. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting up postfix under CentOS-6
On Thu, Sep 12, 2013 at 7:17 AM, Timothy Murphy gayle...@eircom.net wrote: Ned Slider wrote: The CentOS document http://wiki.centos.org/HowTos/postfix explicitly says that its instructions may not work in CentOS-6. Does anyone know of reasonably simple postfix documentation for CentOS-6? The above probably should work, just that it wasn't written specifically for 6 and hasn't been tested on 6, but the changes in Postfix between 5 and 6 shouldn't prevent it from working given it describes the bare minimum required to get Postfix up on your system. Ok, thanks for the response. I'll try following the instructions in that document, as I have had no luck with the documents on www.postfix.org . The changeover from sendmail to postfix in CentOS-6 was probably a mistake, in my view, unless required to follow RedHat. At the very least proper documentation should be a pre-requisite for a change like this. -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland An important document is the architectural overview ( http://www.postfix.org/OVERVIEW.html) which is somewhat unceremoniously indexed under Other Topics on the documentation page. That really helps tie a lot of things together. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] convert webpage to image
On Wed, Aug 14, 2013 at 8:47 AM, Carl T. Miller c...@carltm.com wrote: What is the easiest way to convert a webpage into a jpg or png file? I've seen several programs that can do various conversions, but nothing open source that can do it in a single conversion. Just wondering if anyone on the list has suggestions for something I can put into a script to convert a webpage into a file I can use with my screensaver. c This will do exactly what you want without resorting to hackery or using external services. It has a component to convert to both pdf or an image and uses webkit. http://code.google.com/p/wkhtmltopdf/ The binaries are standalone and require no special dependencies. The command line is sensitive to the order you place options, but otherwise it works very well. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with yum update
On Tue, Aug 13, 2013 at 11:41 AM, Joseph Hesse joehe...@gmail.com wrote: On 08/13/2013 10:38 AM, John Doe wrote: From: Joseph Hesse joehe...@gmail.com I am trying to update my system with yum and I keep getting this error message. --- Package perl-Compress-Zlib.i686 0:2.020-131.el6_4 will be obsoleted --- Package perl-IO-Compress.noarch 0:2.052-1.el6.rfx will be obsoleting Repoforge extra wants to replace a base library with his version... Other base packages need the old library. JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos What steps should I take to fix this so I can do a successful yum update? Thanks again, Joe Hesse If you're using third party repositories, you should also be using the yum-priorities plugin, and set the priorities for all repos to avoid conflicts. http://wiki.centos.org/PackageManagement/Yum/Priorities ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] surveillance DVR
On Wed, Jul 31, 2013 at 11:59 AM, m.r...@5-cent.us wrote: Brian Mathis wrote: On Wed, Jul 31, 2013 at 10:33 AM, m.r...@5-cent.us wrote: Arun Khan wrote: On Wed, Jul 31, 2013 at 8:10 PM, m.r...@5-cent.us wrote: Does anyone know of a DVR that runs Linux that does NOT USE Active-X, and/or allows logging in directly? MythTV? It has a web UI. No joy, either this, nor zoneminder. Right now, we just have motion running on the servers that have the USB cameras plugged in; after the recent grief we had with the last upgrade to CentOS, when I wound up moving one camera that just would not work - the top 10% of the screen was fine, and the rest green, and the other I had to change the resolution to 240x360 to get it to not do that, my manager asked me to look into appliances that we could manage from our servers. We've found Zmodo, and another one, but with *both* of them, though the DVR that comes with the set is running Linux, web control *REQURES* IE, and you can't log in directly using ssh or telnet. If the camera is running on Windows, you can probably stream directly from the device using ffmpeg. See here for details: http://trac.ffmpeg.org/wiki/DirectShow You would set the input as the camera and the output as a file, and add any codec options you want, etc... I'm sure there's probably a similar mode for Linux. If nothing else, you can probe the camera to see what modes it supports, etc..., to make sure you're picking one that works, Ok, I *must* not have made clear what I was asking for. Let me try one more time We want an appliance, such as http://www.zmodo.com/4ch-h-264-full-d1-dvr-500gb-hdd-with-4-cmos-480tvl-ir-outdoor-security-cameras-with-11-leds.html , that we can put on our network, and manage, and d/l videos for long-term storage, onto a server. We have exactly, um, two? boxes running Windows, and we normally do *nothing* with them. We've over 100 servers running Linux, and that's where we live. Currently, the USB cameras are connected to -CENTOS SERVERS-, no WinCrap at all. We use the standard package motion to record for surveillance. We're looking for an appliance, like the link I give above, that we can manage the same way that we manage an HP printer, which does *NOT* require IE, and we can do with firefox, or probably even konqueror. At the very least, we want to use, say, wget, to d/l the videos. NOTHING RUNNING WINDOWS Now, if I can calm myself down, have I made it clear what it is we're looking for? If so, can anyone recommend a source for such an appliance? mark Hi Mark, If you lay off the coffee for a minute and actually take a look at what people are suggesting, you'll see that ffmpeg is a standard, cross platform, very versatile (basically industry standard) tool for manipulating audio/video files, and it also has good support for capturing from devices. Frankly I had assumed that you had probably already heard of it. It's the swiss army knife of video, and it works perfectly well on Linux as well as Windows. I only mentioned Windows because that's where I had recently used it for device capture. ❧ Brian Mathis P.S. Should I also point out how far off topic this is, since you seem to want some sort of appliance? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] surveillance DVR
If the camera is running on Windows, you can probably stream directly from the device using ffmpeg. See here for details: http://trac.ffmpeg.org/wiki/DirectShow You would set the input as the camera and the output as a file, and add any codec options you want, etc... I'm sure there's probably a similar mode for Linux. If nothing else, you can probe the camera to see what modes it supports, etc..., to make sure you're picking one that works, ❧ Brian Mathis On Wed, Jul 31, 2013 at 10:33 AM, m.r...@5-cent.us wrote: Arun Khan wrote: On Wed, Jul 31, 2013 at 8:10 PM, m.r...@5-cent.us wrote: Does anyone know of a DVR that runs Linux that does NOT USE Active-X, and/or allows logging in directly? MythTV? It has a web UI. No joy, either this, nor zoneminder. Right now, we just have motion running on the servers that have the USB cameras plugged in; after the recent grief we had with the last upgrade to CentOS, when I wound up moving one camera that just would not work - the top 10% of the screen was fine, and the rest green, and the other I had to change the resolution to 240x360 to get it to not do that, my manager asked me to look into appliances that we could manage from our servers. We've found Zmodo, and another one, but with *both* of them, though the DVR that comes with the set is running Linux, web control *REQURES* IE, and you can't log in directly using ssh or telnet. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] if /else in expect script
Hi Tim,
You seem pretty determined to make this as convoluted as possible. Adding
'expect' into the mix? Using 'tee -a' to simply append a line to a file?
chmod 777?
If you take a look at my previous reply, you can see this is relatively
simple, and I basically wrote it for you, and even improved it to add some
checking before making the changes.
There is no need to include a password in the script, as it can be read
from the user like:
echo Enter password
read PASSWD
What are the issues you see with that?
❧ Brian Mathis
On Thu, Jul 18, 2013 at 5:37 PM, Tim Dunphy bluethu...@gmail.com wrote:
I took your suggestion and turned my (ill advised) sudoers bash script
into an expect script! It works a lot better this way and is more secure.
Because I'm not trying to store a password in a script (which I recognize
as a bad idea anyway, I I think I've learned my lesson here).
It really works well. But the only thing I'm still trying to figure out is
how to put a if statement in there based on success of the last command
($?) before it'll move the new sudoers file in place. I'm verifying it with
visudo before attempting to make the move. I'd like to make the final move
based on the success/failure of that.
Anyway, here's the script:
stty -echo
send_user -- Please enter the host:
expect_user -re (.*)\n
send_user \n
set host $expect_out(1,string)
stty -echo
send_user -- Please enter your username:
expect_user -re (.*)\n
send_user \n
set username $expect_out(1,string)
stty -echo
send_user -- Please enter your passwd:
expect_user -re (.*)\n
send_user \n
set passwd $expect_out(1,string)
set timeout -1
spawn ssh -t $host {sudo -S cp /etc/sudoers /tmp/sudoers-template}
match_max 10
expect -exact \[sudo\] password for $username:
send -- $passwd\r
expect eof
set timeout -1
spawn ssh -t $host {sudo -S rm -f /tmp/sudoers.tmp}
match_max 10
expect eof
set timeout -1
spawn ssh -t $host {sudo -S echo '%tekmark_t1 ALL=(root) NOPASSWD:
/sbin/service, /bin/rm, /usr/bin/du, /bin/df, /bin/ls, /usr/bin/find,
/usr/sbin/tcpdump' /tmp/sudoers.tmp}
match_max 10
expect eof
set timeout -1
spawn ssh -t $host {sudo -S chmod 777 /tmp/sudoers-template}
match_max 10
expect eof
set timeout -1
spawn ssh -t $host {cat /tmp/sudoers.tmp | tee -a /tmp/sudoers-template}
match_max 10
expect eof
set timeout -1
spawn ssh -t $host {/usr/sbin/visudo -cf /tmp/sudoers-template}
match_max 10
expect eof
if { $? == 0 } {
set timeout -1
spawn ssh -t $host {sudo -S cp /etc/sudoers /tmp/sudoers.bak}
match_max 10
expect eof
set timeout -1
spawn ssh -t $host {sudo -S cp /tmp/sudoers-template /etc/sudoers}
match_max 10
expect eof
set timeout -1
spawn ssh -t $host {sudo -S /usr/sbin/visudo -cf /etc/sudoers}
match_max 10
expect eof
set timeout -1
spawn ssh -t $host {rm -f /tmp/sudoers-template}
match_max 10
expect eof
} else {
puts Verification of sudo template failed. Aborting. Process failed
}
Pretty simple! Got a suggestion to make this work? If I get that part
right, it'll be done.
Thanks!
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sudo add user script
Some notes: Every time you echo $?, you are wiping out the return status (because echo returns a success and changes $? to 0), so none of your if statements will ever catch any errors. Consider getting rid of the 'if' subtrees by negating your condition, which will make it much easier to understand what's going on. Having 6 levels of nested 'if's is a sure sign that something should be done differently. some_command if [[ $? -ne 0 ]]; then exit 1 fi Take a look at the bash PIPESTATUS variable and make sure you are checking the return value of the command you actually want to know about. Skip the sudoers.tmp stuff and just use the echo command to append to sudoers-template directly with: echo ... /tmp/sudoers-template You have a few commands that try to reference a file called $SUDOers and $SUDOers-template, which might expand to /usr/bin/sudoers, or might be the literal $SUDOers, either of which is most definitely not what you want. Not sure what all that http://host.jokefire.com; stuff is, but you've already specified your host in $USER@$HOST. Also, http://... makes no sense there. You first few $SSH lines use single quotes, so the variables inside will never get expanded, so you'll be trying the literal '$PASSWD' as the password. In addition to all of that, your approach is overly complicated. Something much more succinct should work just fine (untested general pseudo-code): # Make temp copy to work on if cp /etc/sudoers /tmp/sudoers.tmp; then # If sudoers doesn't contain your line, then add it if ! grep -q %my_group /etc/sudoers; then echo %my_group ... /tmp/sudoers.tmp fi # Check syntax. Replace original file if OK, otherwise, exit with error if visudo -cf /tmp/sudoers.tmp; then mv -f /tmp/sudoers.tmp /etc/sudoers else exit 1 fi else exit 1 fi Since you already have access to SSH, why not copy a full script file to the server and execute it, instead of doing each step in a separate ssh? Like: scp update_sudoers.sh user@host:/tmp ssh -t user@host echo $PASSWD | sudo -S 'bash /tmp/update_sudoers.sh; rm -f /tmp/update_sudoers.sh' That won't work if the server has /tmp mounted with the noexec option, but you get the idea. It could also probably be converted into a (long) one-liner and executed using a single ssh/sudo command. Just be careful about quoting. ❧ Brian Mathis On Wed, Jul 17, 2013 at 7:17 PM, Tim Dunphy bluethu...@gmail.com wrote: Hello list, I took another stab at finding a way to add a sudo user remotely and it gets you most of the way there. If you execute the script as root it works beautifully and does just what you want. Which is add the user to the group and gives that user group rights to certain commands. But if you execute it as a user who only has sudo access to the /etc/sudoers file it errors out. cloud:~] bluethundr% ./add_sudo.sh reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN ATTEMPT! [sudo] password for bluethundr: Sorry, try again. [sudo] password for bluethundr: Sorry, try again. [sudo] password for bluethundr: Sorry, try again. sudo: 3 incorrect password attempts Connection to $host closed. 1 reverse mapping checking getaddrinfo for $host failed - POSSIBLE BREAK-IN ATTEMPT! bash: /tmp/sudoers.tmp: Permission denied Connection $host to closed. 1 The main problem is that the script doesn't enter the password. I'm attempting to echo the user's sudo pass in like this: $SSH -t $USER@$HOST http://host.jokefire.com/ 'echo $PASSWD | $SUDO -S $CP /etc/sudoers /tmp/sudoers-template' (of course I'm trying it out in my own environment before I try to use it in their environment). Here' s the script itself, I was hoping you could offer some help here: #!/bin/bash SSH='/usr/bin/ssh' ECHO='/bin/echo' TEE='/usr/bin/tee' SUDO='/usr/bin/sudo' VISUDO='/usr/sbin/visudo' CP='/bin/cp' CAT='/bin/cat' USER='user' HOST='beta' PASSWD='secret' $SSH -t $USER@$HOST http://host.jokefire.com/ 'echo $PASSWD | $SUDO -S $CP /etc/sudoers /tmp/sudoers-template' echo $? if [ $? -eq 0 ]; then $SSH -t $USER@$HOST http://host.jokefire.com/ 'echo $PASSWD | $SUDO -S echo %my_group ALL=(root) NOPASSWD: /sbin/service, /bin/rm, /usr/bin/du, /bin/df /tmp/sudoers.tmp' echo $? if [ $? -eq 0 ]; then $SSH -t $USER@$HOST http://host.jokefire.com/ echo $PASSWD | $SUDO -S $CAT /tmp/sudoers.tmp | $TEE -a /tmp/sudoers-template echo $? if [ $? -eq 0 ]; then $SSH $USER@$HOST http://host.jokefire.com/ $VISUDO -cf '/tmp/sudoers-template' 21 /dev/null echo $? if [ $? -eq 0 ]; then $SSH -t $USER@$HOST http://host.jokefire.com/ echo $PASSWD | $SUDO -S $CP '/etc/$SUDOers' '/tmp/sudoers.bak' echo $? if [ $? -eq 0 ]; then $SSH -t $USER@$HOST http://host.jokefire.com
Re: [CentOS] about backup of centos instead of fresh install
You should setup separate test and production systems. Use the test system to experiment and figure out what you want to get done and how to do it, then apply it to the production system. Setting up a test server is easy and you do not need to buy another computer. Use VirtualBox or other virtualization software on your personal computer and install the test system there. Then you can create snapshots and rollback the system state as you need to. ❧ Brian Mathis On Wed, Apr 17, 2013 at 3:19 PM, Andrei Rolando León Salas andreileonsa...@gmail.com wrote: Hi, i have a little question but not sure if exist in centos. Theres any way to reotre all centos to default? like a goback or a security backup? im realtive new with this and want to do a full back up of centos before trying to install things. Also i really prefer to run a commands instead of do a fresh install of centos. Theres any like this? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Really changing the hostname
On Thu, Feb 14, 2013 at 1:15 PM, Digimer li...@alteeve.ca wrote: On 02/14/2013 01:13 PM, Digimer wrote: On 02/14/2013 01:11 PM, Robert Moskowitz wrote: I need to change the host name on a test server, and in the past when I used hostname to change the hostname, it did not seem to change it everywhere. I really don't want to do a rebuild just yet, but I have to feel confident that hostname is really changed (reboot is not too much of an issue). What is the recommened practice? Other than get it right the first time. To make the change permanent, edit /etc/ssyconfig/network and set the desired hostname after HOSTNAME=. Sorry, I typo'd that; # cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=your.new.hostname -- Digimer You also probably want to update /etc/hosts, though it strictly does not itself set the hostname for the machine. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] load balancer recommendations
On Sat, Jan 19, 2013 at 3:35 PM, Boris Epstein borepst...@gmail.com wrote: Hello all, The question is not necessarily CentOS-specific - but there are lots of bright people on here, and - quite possibly - the final implementation will be on CentOS hence I figured I'd ask it here. Here is the situation. I need to configure a Linux-based network load balancer (NLB) solution. The idea is this. Let us say I have a public facing load balancer machine with an public IP of, say, 50.50.50.50. It is to receive the traffic (let's say, HTTP traffic) and then route it to two private HTTP servers, let's say, 192.168.10.10 and 192.168.10.11. It has to have persistence - i.e., be state- and session-aware. If for whatever reason one of the servers goes down the remaining pool shares all the traffic in some fashion (be it eound robin, saturation based, whatever). We have tried Vyatta ( http://vyatta.org/ ) and ZeroShell ( http://www.zeroshell.org/ ) and both are very good but their NLB seems to be externally facing (i.e., you have several internet connections and are trying to divide your traffic between them). What we need is an internally facing one, if I may say so. Any advice on what may help us would be greatly appreciated. Thanks. Boris. Add another vote for HAproxy. It's excellent at what it does, as long as it meets your requirements. It's main purpose is to load balance HTTP traffic, and it can maintain session using a cookie. It will monitor each server and remove it from rotation if it goes down. It also has methods to place servers into maintenance mode. It doesn't really handle SSL (though they have been working on it for newer versions), but that can be handled by using Apache or nginx as the front-end termination point for SSL, and reverse proxy into haproxy. It also does generic TCP load balancing, but I don't use it so can't comment on that. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-docs] Not Installing Properly
On Thu, Jan 10, 2013 at 12:18 PM, R P Herrold herr...@centos.org wrote: On Thu, 10 Jan 2013, sumit gupta wrote: I tried installing Cent-OS 6.3 in my laptop. Its not getting installed normally, i've to install it using basic graphics drivers. post installation my laptop is running hot and when i am trying to install ATI graphix card drivers,its getting stuck at the boot screen. Please help in installing it in my machine. My laptop is HP Pavillion g series. and what documentation that centos ships is wrong? This is not a support venue -- Russ Herrold What Russ is trying to say (allow me to translate from curmudgeon to normal human), is that this list is specifically for discussing CentOS documentation, and is not meant to support users. Please join the discussion and information mailing list, which you can find here: http://lists.centos.org/mailman/listinfo/centos ) where you will (hopefully) receive a warmer reception. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] Disk error
On Mon, Jan 7, 2013 at 5:58 PM, Emmett Culley emm...@webengineer.com wrote: For some time I have been seeing disk errors in the syslog every seven days. Until today it always happens Sunday morning at 8:13 AM, plus or minus a minute or two. Yesterday it happened at 1:13 AM. Here are the pertinent log entries for the latest occurrence: [...] Jan 6 01:13:25 g2 kernel: res 51/40:00:db:bf:d6/40:00:04:00:00/00 Emask 0x9 (media error) [...] Jan 6 01:13:25 g2 kernel: sd 8:0:0:0: [sdg] Add. Sense: Unrecovered read error - auto reallocate failed [...] There is nothing in /etc/cron.weekly, nor are there any root crontab entries. Any suggestions for investigating this issue would be much appreciated. Emmett Based on this I'd say your disk is going bad, and has run out of spare sectors: Jan 6 01:13:25 g2 kernel: sd 8:0:0:0: [sdg] Add. Sense: Unrecovered read error - auto reallocate failed You can use smartctl to get some information from the SMART tables, but I've never been able to get a conclusive test out of the testing options. It would be a good idea to run 'badblocks' against the drive as well, as it will definitely tell you if there are bad sectors. Disks are so cheap it's usually not worth too much effort or delay once you've found out that it's bad. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum vs. freenx
On Wed, Dec 19, 2012 at 4:22 PM, Les Mikesell lesmikes...@gmail.com wrote: It works fine to just ssh in from somewhere else without needing screen. The problem is when I forget and start the yum update from a window where freenx on the same box is the parent session. I don't need yet another way to connect - I'm looking for something to either improve my memory (unlikely...) or to keep the freenx package update from breaking the connection in progress when I forget and run it there. -- Les Mikesell A wise man once told me: If you don't like things that use traditional unix tools for the purposes they were designed, why are you interested in using linux at all? -- Les Mikesell So if you don't want to use screen, which has its main purpose of preventing processes from getting killed when the terminal is killed, then how do you expect us to help? But seriously, the alias thing is a good idea. You can also have it check if its within screen instead of detecting freenx, which is probably a lot easier if you look at $TERM. Alternatively, you could exclude freenx from yum updates and have a cron job that emails you once a week if there's an update to it. At least that way you won't get bitten when it gets lumped into other updates. It seems strange that an update would kill an existing connection. Updates to other critical things like ssh have not done that in years. Maybe a bug to be filed with the package vendor? ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to configure sendmail
On Sun, Dec 2, 2012 at 6:52 PM, Harold Pritchett har...@uga.edu wrote: On 12/2/2012 6:08 PM, John R Pierce wrote: On 12/2/2012 2:46 PM, Tilman Schmidt wrote: Not a good advice for someone who already has some experience with Sendmail but none with Postfix. He'll have to read docs either way, but staying with Sendmail spares him the effort of reinstallation (including probable breakage of his running installation), and reading the docs of a familiar product (Sendmail) is much easier than reading the docs of an unfamiliar one (Postfix). except he doesn't have a working configuration with sendmail and is apparently a novice, so the postfix recommendation is, IMHO, a good one. Why? Once upon a time, many years ago, I tried postfix. I ended up removing it and installing sendmail. I've been using sendmail since the early 1980's, when we were running the Eric Allman code from UCB on a VAX 780 under BCD Unix. And, yes, I recognize this as a religious topic and I'm not trying to start a flame war. Why, in your opinion, is postfix superior to sendmail. Harold (who's first linux system was slackware 1.0) You were probably more comfortable running sendmail because you had a long history of using it. I once tried to give emacs a fair shake, but since I had already used vi for a long time, I didn't like it. I'm honest enough to say that it was mostly because I was comfortable with vi, and not that there's anything wrong with emacs [1]. Conceptually, the fact that sendmail requires a makefile and a bunch of macros just to generate the configuration pretty clearly points to *something* being wrong, or at least anachronistic, with the design. Objectively, it performs all of its tasks within the same process, adding significantly to potential security issues. Postfix uses simple name=value syntax but can still get as complex as you need, if you do. It also segregates functions into different processes, isolating areas that might pose higher security risks. ❧ Brian Mathis [1] This is just an anecdote. Please for the love of Linus do not reply to the vi vs emacs statement. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP version dilemma
On Fri, Oct 5, 2012 at 12:57 PM, Todd Cary t...@aristesoftware.com wrote: I am running Centos 5.8; at least uname -rmi gives me centos-release-5-8.el5.centos A CMS package is telling me that I need PHP 5.2x, however yum update says that I am fully up to date. Is there a safe way to upgrade PHP to 5.2x? Todd Take a look at the IUS package repo: http://iuscommunity.org/pages/About.html It's the one most people use to get PHP updates. Stay away from the official php53 packages distributed with CentOS, as they don't integrate well with many packages looking for php (it does not provide the php capability) ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] load balancer recommendation
On Fri, Sep 28, 2012 at 10:45 AM, Boris Epstein borepst...@gmail.com wrote: Hello all, If I were looking for a load balancer to run on a Linux - specifically, CentOS - machine - what would you recommend? Thanks. Boris. You need to be more specific about your requirements. There are basic IP-based load balancers such as Piranha, and more advanced layer 7 balancers such as HAproxy. They all have benefits and drawbacks, so without any further requirements, your question cannot be meaningfully answered. What kind of traffic are you balancing? If HTTP, then do you also need HTTPS support? What about session affinity? What kind of backend application are you using, and will it support balancing as well? ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Gradually adjust NTP sync over time?
On Tue, Sep 4, 2012 at 12:17 PM, Sean Carolan scaro...@gmail.com wrote: Suppose you have server A and server B. Server B is running 60 seconds too fast, while server A is accurate. Is there a way to gradually move server B's time back into sync with server A, without making a drastic, immediate change to the clock? In other words, we would like to 'smear' the difference across several hours or days to ensure there are no drastic changes in timestamps, etc. This is already how ntpd works. When you first start the service (usually upon reboot), it will use 'ntpdate' to do a hard set of the clock, then ntpd picks up and adjusts the clock back and forth to keep it correct. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deduplication data for CentOS?
On Mon, Aug 27, 2012 at 7:55 AM, Rainer Traut tr...@gmx.de wrote: Hi list, is there any working solution for deduplication of data for centos? We are trying to find a solution for our backup server which runs a bash script invoking xdelta(3). But having this functionality in fs is much more friendly... We have looked into lessfs, sdfs and ddar. Are these filesystems ready to use (on centos)? ddar is sthg different, I know. Thx Rainer This is something I have been thinking about peripherally for a while now. What are your impressions of SDFS (OpenDedupe)? I had been hoping it would be pretty good. Any issues with it on CentOS? ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How protect bash history file, do audit alike in server
On Wed, Aug 8, 2012 at 12:56 PM, Heng Su ste.suh...@gmail.com wrote: I want to protect the history file from deleted for all users except user 'root' can do it, is that possible? For my server, many users can log in with root from remote through ssh, so I can not trace which guy do wrong things. So I decide to create new account for every users and let them use 'sudo' then I can trace which guy typed which command and what he did. However, even if I create new account for every user, they also can delete the history of them self easily. How should I do. I believe everyone encountered such things normally. I think there is a gracefully solution for it as I am not experience on server manage. So any suggestions for how to trace user like to write down which user did as an audit trail and let it can not deletable exclude root user? Thanks! Su Heng Capturing history files is error-prone and a very bad way to approach this problem. You should instead look into using process accounting, provided by the psacct package. You can read about it here: http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Oracle tries to capture CentOS users
Is any part of this thread related to CentOS anymore? ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-docs] Access request to page TipsAndTricks/ApacheVhostDir
Hi Ed,
I appreciate you considering my suggestions. Comments below.
On Thu, Jul 12, 2012 at 3:07 PM, Ed Heron e...@heron-ent.com wrote:
On Wed, 2012-07-11 at 19:40 -0400, Brian Mathis wrote:
The use of mv -v ...{,_} is too clever for this kind of educational
document, and should be changed to spell out the full mv command. I
get what you're doing there, but the purpose of the document is not to
teach clever uses of bash, it's to make it obvious to people that
you're renaming the file. It will trip up the flow of reading for all
but the most knowledgeable users, and users who don't understand it
will be totally lost.
I'm not trying to be clever, I just don't like to type it twice if I
can avoid it and the typing the higher the chance for a typo. I don't
have a problem having both forms. I'll add it and see what you think.
Thanks for incorporating that. However, I think having both forms is
even more confusing. I really do like your bash shortcut, but it
simply doesn't belong in a document about apache. Maybe there's
another page, like BashTipsAndTricks, that it would fit on better?
Any time you need to stop and say hmm, what is going on there,
that's not related to the topic at hand, it only slows and confuses
the learning process. You may think it's obvious, but that's quite
firmly in the bash guru category.
In most documents and scripts, I usually spell out the short form
options as well, such as using --verbose. Short forms save you
typing, but documentation should not trip people up if they don't know
what the option means.
Normally, I expect, if people don't understand a command, they will
refer to the man page for the command. However, to my constant
disappointment, I understand that many people aren't looking for long
term knowledge improvement, they are looking for a recipe to blindly
follow.
The comment about long-form options was just an aside, and not my main
point, but thanks for taking a look at it.
Also, I find the use of _ to be obtuse and highly error prone if one
were to actually run a server that way. It's far more obvious to use
disabled, which makes it very clear that those items are disabled.
It may work for you but only because that's a convention you came up
with so you're used to it, but we're not in dos 8.3 days with
filenames, so why not be more descriptive?
Having both forms should make it plain that people can use any
convention they wish. System administration is not a fixed target.
Like many things, there are many ways to accomplish the same result.
When approaching a system that someone else is administrating, we should
try to maintain the existing conventions instead of forcing our own
ideas onto a server for which we are not the primary responsible party.
A wiki page on the CentOS site conveys a certain level of authority.
With that authority, one should recommend a consistent and obvious way
to do things, since as you say, many people just want a recipe (and
there's nothing wrong with that). Being verbose removes any ambiguity
about what is going on, and potentially sets a good practice for
people to follow.
Using the _ relies too heavily on knowing that the httpd.conf file
uses a pattern match for *.conf only, and if I was not thoroughly
familiar with the httpd.conf file setup and logged into a server the
had some files with .conf, and others with .conf_, it could be
easy to miss. A big fat label of disabled makes it quite clear
what's going on.
In a document like this, the proportion of typing you are saving is
insignificant. If someone has an existing convention they use, they
won't need to read this document. And, as you say, people are free to
set their own conventions, and you would be free to do the same in
your internal policies, but for an educational document, it's better
to spell things out.
In section 6.4, is there a reason not to make a vhosts.conf file
that contains the Include in the in the conf.d/ directory, instead
of appending to the httpd.conf, or do you run into ordering issues
there? I try to avoid changing the distro files if possible.
Sections 6 and 7 are optional. There are certainly arguments against
customization. In the past, upgrades might have replaced all files
including configuration files. In that case, creating a vhosts.conf
file in the conf.d directory to separate the directive would have been a
must. However, the Linux distributions I have used for the past decade
or so have avoided replacing existing configuration files, expecting
they might be customized.
That said, I like the suggestion. It would allow for the virtual host
files to be packaged into an RPM file that could be installed on
multiple web hosts.
❧ Brian Mathis
I think the only potential problem with this would have been if the
vhosts were somehow order-specific as they relate to the rest of the
httpd.conf file, but since they always come last (except that the
first vhost
Re: [CentOS] Oracle tries to capture CentOS users
On Fri, Jul 20, 2012 at 1:55 PM, Ken godee k...@perfect-image.com wrote: Fernando Cassia wrote: On Fri, Jul 20, 2012 at 2:16 PM, John Hinton webmas...@ew3d.com wrote: Meanwhile, if this is linux.oracle.com, shouldn't Oracle database be included in the 'free version'? No, as IBM doesn´t make DB2 GPL either. It´s the big bucks from the fortune 500 proprietary products which pays -in part- for all the FOSS goodness like OpenJDK, Netbeans, Virtualbox, Glassfish, MySQL, Btrfs, InnoDB, BerkeleyDB... Why don't they just continue to do something more useful like continue the support for OpenSolaris! Aren't the SRPMs available for OEL? How about an Indestructible CentOS sub-distro? ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-docs] Access request to page TipsAndTricks/ApacheVhostDir
Requesting access to edit page TipsAndTricks/ApacheVhostDir Looking to make some small edits for clarity. ❧ Brian Mathis ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Access request to page TipsAndTricks/ApacheVhostDir
On Wed, Jul 11, 2012 at 11:26 AM, Ed Heron e...@heron-ent.com wrote:
On Wed, 2012-07-11 at 10:42 -0400, Brian Mathis wrote:
Requesting access to edit page TipsAndTricks/ApacheVhostDir
Looking to make some small edits for clarity.
❧ Brian Mathis
Yay, somebody read it!
What are you suggesting?
The use of mv -v ...{,_} is too clever for this kind of educational
document, and should be changed to spell out the full mv command. I
get what you're doing there, but the purpose of the document is not to
teach clever uses of bash, it's to make it obvious to people that
you're renaming the file. It will trip up the flow of reading for all
but the most knowledgeable users, and users who don't understand it
will be totally lost.
In most documents and scripts, I usually spell out the short form
options as well, such as using --verbose. Short forms save you
typing, but documentation should not trip people up if they don't know
what the option means.
Also, I find the use of _ to be obtuse and highly error prone if one
were to actually run a server that way. It's far more obvious to use
disabled, which makes it very clear that those items are disabled.
It may work for you but only because that's a convention you came up
with so you're used to it, but we're not in dos 8.3 days with
filenames, so why not be more descriptive?
In section 6.4, is there a reason not to make a vhosts.conf file
that contains the Include in the in the conf.d/ directory, instead
of appending to the httpd.conf, or do you run into ordering issues
there? I try to avoid changing the distro files if possible.
❧ Brian Mathis
___
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] Build one VM with two 5.7 DVD iso
On Tue, Apr 10, 2012 at 12:36 PM, Vinay Nagrik vnag...@gmail.com wrote: Hello Group, I am trying to build one VMware VM for 5.7 centos. However, there are two DVDs. And all vms I have build so far are confined in one iso. How could I build complete 5.7 centos VM with two different Centos DVDs. I am sure somebody out there must have built one such OS. Please guild. thanks. nagrik Run the installer from DVD 1, select the packages you want, and if it asks you for DVD 2, change the virtual cd drive to point to the DVD 2 iso file. Since you're building a VM, just try it out and see what happens. That is the point of using VMs -- it is very easy to try things out. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mismatch in openssh latest rpm available at centos
On Wed, Mar 28, 2012 at 9:05 PM, Vinay Nagrik vnag...@gmail.com wrote: Hello Group, The latest rpm in openssh is 5.8, however, the corresponding latest rpm available in centos 5.7 is only openssh-4.3p2-72.el5_6.3.x86_64.rpm and in 6.0 centos is openssh-5.3p1-20.el6.x86_64.rpm I have following questions. 1. I want to start from src.rpm and where can I get the src.rpm for openssh-5.3p1-20.el6.x86_64.rpm. 2. Can I install openssh-5.3p1-20.el6.x86_64.rpm SAFELY with 5.7 centos without causing any problems. 3. Which of these two rpms will be most compatible with latest openssh rpm version 5.8. Please let me know. It is important for my work. Any help will be greatly appreciated. Nagrik You may want to read about how Redhat and thus CentOS handles package versions with regard to security patches, etc... There is information here: https://access.redhat.com/security/updates/backporting/ As for obtaining the most recent version of openssh for other reasons (such as features), it is strongly recommended against compiling your own, and instead installing the package from another publicly accepted repository, such as EPEL or RepoForge. Any packages on there have already been compiled and tested to work with your version of CentOS. I would avoid installing the C6 version of openssh on C5, and instead make sure to get the proper package meant for C5. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disable auto-negotiation gigabit ethernet
On Tue, Mar 20, 2012 at 11:47 AM, sebastian cen...@secretusenet.com wrote: Am 20.03.2012 16:33, schrieb m.r...@5-cent.us: Michael Simpson wrote: On 20 March 2012 14:29, sebastiancen...@secretusenet.com wrote: I can not disable the auto-negotiation (eth1) on my centos 6.2 via ethtool or /etc/sysconfig/network-scripts/ifcfg-eth1 Autonegotiation is mandatory for 1000BASE-T as both sides have to work out which pairs they are going to use. Check: 1)cable 2)switchport if those are ok then you probably have a driver/NIC problem Two more things: a) make sure the router/switch isn't pegged or being changed to slower b) are your cables ok for gigabit. I know this sounds absurd, but I, personally, have changed cables, and it made the difference mark Thanks, but is a remote-server, the server is in another datacenter. I can not change or check the cables/switch - and the stuff in the datacenter is not very useful. I'm hoping to solve the problem with disable the auto-negotiation. sebastian As already said, you cannot disable auto-negotiation for gigabit, so you will need to look for other ways to solve the problem. Disabling auto-negotiation is anachronistic and no one should be doing it anymore. There were reportedly problems with it in the early days, like 15 years ago, but they have all been resolved. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Server Backup Options
On Wed, Mar 14, 2012 at 6:27 PM, Tilman Schmidt t.schm...@phoenixsoftware.de wrote: Am 14.03.2012 03:05, schrieb Nataraj: I would have to dig up some references, but I have read some articles that claim that the reliability of a drive that is in full time operation in a server, running 24hrs/day and maybe even seeking under heavy load is way different than a drive that you run for a day or two and then it sits in an environmentally controlled storage, powered down for most of its lifetime. At least from what I read, the failure rate is much lower for the same drive used under the later conditions. OTOH I remember reports about drives failing to start after having been powered off for extended time periods. Something about heads sticking to platters or somesuch. Though I don't know if that information still applies to current drive technologies. Some high-density tapes will fail if you drop them on the floor. I think we can all agree that any media type has the potential to fail, which is why we use multiple copies on different physical media, so if one fails you still have another one. If you are storing all of your backups on a single tape/disk/cd/dvd/bd/holocube, you are doing it wrong. Is this horse dead yet? ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Server Backup Options
On Tue, Mar 13, 2012 at 8:05 PM, Tilman Schmidt t.schm...@phoenixsoftware.de wrote: Am 13.03.2012 19:46, schrieb m.r...@5-cent.us: Markus Falb wrote: On 12.3.2012 01:37, Mark LaPierre wrote: Tape, and tape drives, have a bad reputation. They are difficult and time consuming to verify. Harddisks have a bad reputation too. They fail regulary. Not that frequently. I beg to differ. Hard disk failures are by far the most frequent hardware problem I encounter at work. And those external USB drives people are so fond of for backup are certainly not better than typical server drives in that respect. When a disk fails, you still have the other copy. That's why they call it a backup. Otherwise, keep more than one disk as your backup media and rotate them. Now you have 3 copies. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Server Backup Options
On Sun, Mar 11, 2012 at 8:12 PM, Scott Walker scott_wal...@ramsystemscorp.com wrote: What do you guys recommend for backing up a small CentOS server in a business environment. It will have (3) 300gb drives in a raid 5 array but I don't anticipate more than about 25gb of data that needs to be backed up each night. I want a lot of backups with a rotation scheme that included daily, weekly, and monthly copies. I want the daily copies of the data kept until the next week, and the weekly copy being kept for four weeks, and the monthly copies being kept for a year. The vendor is recommending a RD1000 Removable Disk device. This looks like it has great specs. Each cartridge holds 160gb (non-compressed) and the drive costs about $420 but seems that with each removable cartridge costing $128, we may be limited to how many cartridges we could have, thus perhaps not retaining backup instances as long as I like. I asked about a HP DAT160 tape drive. Each tape holds 160gb (non-compressed) and the drive costs about $730, and each tape only costs about $24, so it would be economical to have lots of backup instances saved for a long period of time. I have been using tape and the backup rotation scheme mentioned above for over 20 years. The vendor is telling me they don't recommend tape drives anymore and all of their customers are using removable hard drive for local backups. Am I missing something? My instincts tell me the tape drive is the right solution for a system with a small amount of data, where the system is used only from 8am - 5pm (so backup speed is not critical) and where we want to save backup instances for a long time before overwriting them. Any input would be welcomed. The cost of disks is so low, it's very hard to justify tape. Don't forget you also need to have someone swapping the tapes every day or week, or spend more for a robot. For the amount you would spend on those tapes, you can get many TBs of disk space. In general it works very well to spend your money on disks and backup to multiple locations. With disk, you get so many benefits, such as random-access recovery, and most disk-based systems support some level of data deduplication. If you use something like rsync backups with hard links, there's also never a need for a full backup after the first one. I'm sure you will be able to come up with a few arguments against using disk, and in some situations tape is better, but almost never for some little server somewhere. Once you start talking about long-term archives and stuff like that, then yes, tapes are good. Disks also need a different type of maintenance, such as running a full read/refresh of the data every so often. In the SAN world they call this scrubbing, though don't confuse it with the 'scrub' command that securely wipes all data from the disk... Some common disk-to-disk backup tools: - BackupPC - rdiff-backup - dirvish - Duplicity - Duplicati An overview of using rsync for backups: http://www.mikerubel.org/computers/rsync_snapshots/ ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A silly question about getting access to webapp installed with yum
On Wed, Jan 11, 2012 at 11:58 AM, Rajagopal Swaminathan raju.rajs...@gmail.com wrote: Greetings, I have helped host a few applications such as GLPI, OCSInventory, etc etc. using the tarball method and untarring them in /var/www/htom directory. I have never done them though using yum. I was trying to install Trac, Bugzilla etc using yum install method on a Centos 6.2 box. Somehow I am not able to see the respective pages say even using http://localhost/trac or http://localhost/bugzilla Now comes the elementary and stupid question: Now where do these stuff get installed? they are not under /var/www/html I did find some under /usr/share Any pointers to instantiate them? I am not good at understanding what that beast of yum does as to post install script. Though I have created a mysql with CSV and blackhole engines about a year back and as I did it for a client of the company where I worked then and cannot have my grubby hands on that script. Any help appreciated. TIA -- Regards, Rajagopal Yum only downloads and installs RPM files, so in general you will use the rpm command to get the details of the packages you installed. You can see all the files included in a package by using rpm --query --list package. For apache web apps, the centos style is to place an include file in /etc/httpd/conf.d with the configuration for the app, but your apps might have done something different. Take a look at the include file and see if you need to configure something. There may be docs in /usr/share/doc/packagename explaining what you need to do. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] upgrade of 32bit to 64 bit CentOS 5.7
On Sat, Jan 7, 2012 at 11:30 PM, Rob Kampen rkam...@kampensonline.com wrote: Hi List, Early in dec I was forced to upgrade one of my server systems - initially built in 2004 on an intel server mb it finally failed. Under some time pressure, I replaced the mb etc with a 64 bit asus system and did a repair of the linux system upon reboot with a 64 bit DVD. As one can imagine there were some headaches as the kernel was now 64 bit, but yum and friends were still 32 bit. I managed to upgrade the required packages to 64 bit, rebooted the server a few times and all appeared to function ok. BTW the server runs bind, apache, postfix, dovecot, mysql, php and related stuff. I have now relocated the server in a lights off situation and myself to the other side of the planet. Why all the history - well as I ssh into the box and do my weekly yum updates, I find that there have been no updates, however all my other servers have had multiple updates. Thus I did a rpm -qa and find there are only 65 rpm files listed - they are all 64 bit or noarch - none of the core server files are present. How do I systematically update all the files from 32 bit to 64 bit? As I am unable to physically get in front of this machine, I have zero room for error - and need the machine to be up and operating each business day. My google searches have not given me any hits that help. Any help, directions, things to be aware off etc - appreciated. TIA I can't help with the 64-bit upgrade, though I suspect that will be extremely touchy if it's possible, but for a server like that which is business critical, you MUST add some kind of remote console access. There is no question of if, only when you will need it, like a reboot that needs you to press F1 or something. Attempting to perform this kind of upgrade without that would be very foolish. If it's Dell you can add a DRAC card (used ones are not that expensive), or any other brand name will have something similar. If it's not a brand name you can get pretty close using a Lantronix Spider and a remote power switch. The system board might already have a BMC with some ability for remote access. Fix the remote access problem before trying the 64-bit upgrade. ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iso size?
On Mon, Nov 21, 2011 at 2:19 PM, Ljubomir Ljubojevic off...@plnet.rs wrote: Vreme: 11/21/2011 08:13 PM, Beartooth piše: I've been being told, over and over, by K3B, Brasero, and Isomaster, on two machines, with three different downloads of 6.0, that the file is too large for the medium. Nautilus and the browser that die each download all say it's 4.4 GB; I've tried with two +R and an RW DVD, all of which are labelled 4.7 GB Two of the files are 32-bit, and one is 64 What is going wrong?? You are not supposed to burn FILES on the DVD, you now that right? You are supposed to use Burn DVD ISO Image in K3B or similar in other burner apps. 32-bit version needs DVD-R, not DVD+R medium. Ljubomir Ljubojevic Given that at least one of the mentioned utilities, Isomaster, is expressly created for the purpose of burning ISO images, I'd say the first comment is uncalled for. The release notes state: The i386 DVD is just a bit too large to fit on normal single layer DVD+R media. It can be burnt successfully on DVD-R or dual-layer media. Making images that are this close to capacity should be seen as a mistake and hopefully the same will not be made with the 6.1 release. It is extremely easy to predict that this will cause problems for people, so why invite such issues with something as simple as ISO burning? ❧ Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Tue, Nov 1, 2011 at 7:58 AM, Eero Volotinen eero.voloti...@iki.fi wrote: 2011/11/1 Dennis Jacobfeuerborn denni...@conversis.de: On 11/01/2011 06:53 AM, Eero Volotinen wrote: 2011/11/1 Bob Hoffmanb...@bobhoffman.com: I have been reading the threads on here with great ernest about redhat making a move to throw off centos compilations. I read some stories about microsoft wanting to work closer with centos http://www.theregister.co.uk/2011/05/17/microsoft_and_centos/ I have to update to centos 6 due to some needs of clients who need newer mysql and php (and installing them on centos5 was too hard for me). You can get updated php and mysql from ius community repo. http://iuscommunity.org/ I don't think the real question here is whether you can get updated packages from somewhere but if it's worthwhile to build upon centos when it's becoming increasingly difficult for centos to make releases. Well, I mainly use RHEL on production systems - for many reasons. You can also try use scientific linux.. br, Eero When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On Tue, Nov 1, 2011 at 1:57 PM, Rob Kampen rkam...@kampensonline.com wrote: Tony Mountifield wrote: In article calkwpeyupru5az9xu_d_brjc0m_e9xdlh1t5iub2u8rvrze...@mail.gmail.com, Brian Mathis brian.mathis+cen...@betteradmin.com wrote: When Redhat announced the changes they made it very clear they were trying to prevent other companies (like Oracle and Novell) who were providing support to RHEL customers at reduced rates. They have never said they were concerned with the free clones and in fact have helped CentOS many times in the past (according to statements from the core developers). Redhat knows that the free distros help them maintain market share, and gain customers who need full support eventually. The issues CentOS are seeing are simply collateral damage to the larger war against the other big companies who are trying to provide services by cheating. Except that the other day, Johnny posted this: I can tell you that we have been contacted by upstream to make sure we **UNDERSTAND** the new AUP restrictions on distribution. I can also tell you that we (CentOS) are doing everything in our power to meet the restrictions as they were explained to us. which sounds like RH making it clear that their changes are aimed at CentOS too. This sounds more like a butt covering exercise by lawyers, remember this all comes from the USA where there are FAR TOO MANY lawyers. To be able to enforce a possible claim under this AUP restriction, they will need to show that those involved with use of the code, under this new clause, understand and have been communicated with...etc. As I said, a butt covering exercise - rather than any expressed attempt at intimidation or enforcement - just my $0.01 worth. I know it's more fun to blame the evil lawyers for everything, but it sounds more like they respect the project and took special effort to reach out and make sure they were aware and fully understood the changes. That is far more likely given the history and widespread usage of CentOS. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What happened to 6.1
On Fri, Oct 21, 2011 at 12:54 PM, Johnny Hughes joh...@centos.org wrote: On 10/21/2011 10:01 AM, Les Mikesell wrote: On Fri, Oct 21, 2011 at 9:51 AM, Nicolas Thierry-Mieg nicolas.thierry-m...@imag.fr wrote: Johnny, chill. I don't blame him for being confused. Up until right now, you updated to a point release, then, over the weeks and months, there were updates. All of a sudden, there are *no* updates for the 6.0 point release, which is a major change in what everyone expected, based on history. this is the way it has always been: once upstream releases x.y+1 , there are no more updates to x.y (in upstream and therefore also in centos), until centos releases x.y+1 . Yes, but that used to be transparent, because the centos x.y+1 release happened quickly so it didn't matter that the update repo was held back until an iso build was done. Yes, and NOW the release process is MUCH harder. Red Hat used to have an AS release that contained everything ... we build that and we get everything. Nice and simple. Build all the packages, look at it against the AS iso set ... done. Two weeks was about as long as it took. Now, for version 6, they have: Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Workstation FasTrack (v. 6) Red Hat Enterprise Linux Server FasTrack (v. 6) Red Hat Enterprise Linux Desktop FasTrack (v. 6) Red Hat Enterprise Linux Scalable File System (v. 6) Red Hat Enterprise Linux Resilient Storage (v. 6) Red Hat Enterprise Linux Load Balancer (v. 6) Red Hat Enterprise Linux HPC Node FasTrack (v. 6) Red Hat Enterprise Linux High Performance Network (v. 6) Red Hat Enterprise Virtualization They have the same install groups with different packages based on the above groupings, so we have to do some kind of custom generation of the comps files to things work. They have created an optional channel in several of those groupings that is only accessible via RHN and they do not put those RPMS on any ISOs ... and they have completely changed their Authorized Use Policy so that we can NOT login to RHN and use anything that is not on a public FTP server or on an ISO set ... effectively cutting us off from the ability to check anything on the optional channel. Now we have to engineer a compilation of all those groupings, we have to figure out what parts of the optional channels go at the point release and which ones do not (the ones that are upgrades). Sometimes the only way to tell is when something does not build correctly and you have reverse an optional package to a previous version for the build, etc. We have to use anaconda to build our ISOs and upstream is using something else to build theirs .. so anaconda NEVER works anymore out of the box. We get ISOs (or usb images) that do not work and have to basically redesign anaconda. We can't look at upstream build logs, we can't get all the binary RPMs for testing and be within the Terms of Service. And with the new release, it seems that they have purposely broken the rpmmacros, and do not care to fix it: https://bugzilla.redhat.com/show_bug.cgi?id=743229 So, trust me, it is MUCH more complicated now than it was with previous releases to build. With the 5.7 release, there were several SRPMS that did not make it to the public FTP server without much prompting from us. And with the Authorized Use Policy, I can not just go to RHN and grab that SRPM and use it. If it is not public, we can no longer release it. So, the short answer is, it now takes longer. Thanks, Johnny Hughes As someone who was part of the previous 6.0 discussions, I have to say thank you for finally laying out some details about what the issues are. More information like this would really go a long way towards preventing future flame-fests. Thanks for your hard work. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backup live system
On Thu, Oct 20, 2011 at 10:52 AM, ken geb...@mousecar.com wrote: Though I've worked with enterprise systems, I'm not familiar with FOOS backup software. Which of those recommended would allow me to backup a system while users are active on it? If it matters the system uses LVM. I'd also like to be able to avoid needing the network if possible. That is, I'd plug in a disk into a USB port and backup the system onto that... again, while the system is live. Thanks much. Others have said that file are not locked on Linux, so you can back them up anyway, but this is surely not your point. The only way to get a consistent backup is to create a snapshot and back that up. If this is a VM you should be able to make a snapshot and then back up the VM files. LVM is a good way to do it on both physical and virtual machines, but there are a few caveats: - You need free PEs on the volume group. When you make an LVM snapshot it needs this extra space to store the changed blocks while the snapshot is in existence. Most default LVM installs do not reserve spare PEs for this. The amount of free PEs you need is completely dependent on how many changes get made to the volume while the snapshot exists. If you run out of PEs, the behavior is undefined. - There is a huge performance penalty. As long as any snapshot exists, there is at least a 50% performance hit. If this is a high performance database server, you might not be able to afford it. Make sure to do your backup on slow times. The howtoforge link seems to cover most of the mechanics. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] haproxy ssl
On Mon, Oct 17, 2011 at 10:52 PM, Tim Dunphy bluethu...@jokefire.com wrote: hello list, I am attempting to load balance SSL web servers using haproxy on centos 5.7. I am using HA-Proxy version 1.4.18 Here is the stanza in the config regarding SSL: listen https 192.168.1.200:443 mode tcp balance roundrobin option forwardfor except 192.168.1.200 option redispatch maxconn 1 reqadd X-Forwarded-Proto:\ https server web1 web1.summitnjhome.com:443 maxconn 5000 server web2 web2.summitnjhome.com:443 maxconn 5000 I can connect to https on each web server and have it serve content. the IP 192.168.1.200 is a virtual IP created with keepalived and floating between two load balancers. I can connect to the virtual ip via openssl s_connect and GET / where i see the source code for the home page For now it's just a demo page with more complex content living deeper in the directory structure. A port scan with nmap shows that port 443 is open... And the port 443 is being listened to.. But a page will not render in a web page. Firefox can't establish a connection to the server at virtual.example.com. And there is no activity in the haproxy debug logs when I hit the web page at this address which should map to that ip. [root@VIRTCENT01:~] #host virtual.example.com virtual.example.com has address 192.168.1.200 Thanks in advance! tim You cannot use haproxy with SSL. You need to terminate the SSL connection before reaching haproxy, such as (already mentioned) using apache as a front end proxy. Then on the backend you need to connect to the node servers using http, not SSL (using SSL there is a waste of resources anyway). HAproxy needs to be able to see the http traffic, and especially since you are using 'reqaddd' to add something into the stream. You can't do any of that using tcp mode, nor can you get any kind of session stickyness with tcp load balancing. Tcp mode is only meant for things that keep a persistent connection, not http that uses multiple non-persistent connections. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.7 PHP upgrade
On Mon, Oct 10, 2011 at 2:27 PM, d...@nkmo.com wrote: I would love to use the standard repository, unfortunately the package is not found which was how I ended up finding the third part solution. I tried: yum update php yum upgrade php yum install php yum install php53 root@378907 [~]# yum --disablerepo=atomic install php53 Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * rpmforge: fr2.rpmfind.net Excluding Packages in global exclude list Finished Setting up Install Process No package php53 available. Nothing to do root@378907 [~]# I am not sure how to change repositories, not sure what the name is of the official CentOS repository is to use the --enablerepo= command or how to see if there is a php 5.3.x version available for my installation available or if I am beating my head against a wall and the CentOS 5.7 is actually incompatible with the newest version. The php53 package from the standard repo does not work well *, so you are better off using a 3rd party repo. General consensus is that the IUS repo (http://iuscommunity.org/) is the best one to use. I would remove the atomic repo, install IUS, then install/update php from there. Side point: Running arbitrary code from the web is a very bad idea, so you should never do something like this: wget -q -O - http://www.atomicorp.com/installers/atomic | sh # BAD! * It's not so good because it does not provide proper rpm tags that let other rpms know that php is installed. It announces itself as php53, and most package looks for php, so they can't find it. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Chroot in CentOS 5.* ?
2011/10/7 Jorge Fábregas jorge.fabre...@gmail.com: On 10/07/2011 05:42 AM, przemol...@poczta.fm wrote: How about chrooted sftp in centos 5.* ? If I cannot - do I have to use centos 6.* ? The stock SSH package in the CentOS 5 series doesn't have the chroot functionality. The one in CentOS 6 does. HTH, Jorge The stock sshd actually does support chroot, but it's an all-or-nothing type of thing. You cannot apply the chroot only to specific groups, so even 'root' is chrooted. There are 3rd party OpenSSH 5.x packages available that work on CentOS 5 and give you the ability to set the chroot by groups. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] guest vms crash host systems
On Mon, Oct 3, 2011 at 10:16 PM, Negative negativebinom...@gmail.com wrote: I built guest vm's one for Windows 7 and one for Windows XP using the virtual machine manager on a just updated to centos 5.7, and they are both crashing the host machine. They run only for a few minutes, but suddenly freeze, crashing the host. There is no networking. No X. No way to drop out of X. The only way out is a hard reboot. I don't see anything in the logs -- messages or libvirt logs -- immediately before the crash. I haven't found anything like this on the web or on this list. The workstation has two xeon E5410s. I noticed that both the kvm-amd and kvm-intel modules are loaded, but don't know if that would cause a problem. I had an ati firepro graphics card in the machine, but suspected that might be the source of some conflict, and I put in an Nvidia card. The vm's were built with all the defaults. The configuration is just about identical to vms I have running on a smaller machine with a dual core Athalon. Thanks for any suggestions. Is this new hardware? Have you run any hardware burn testing (CPU, RAM, etc...) and/or memtest86+ on the RAM? This sounds like a hardware issue to me. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] guest vms crash host systems
On Tue, Oct 4, 2011 at 12:05 PM, Negative negativebinom...@gmail.com wrote: On Tue, Oct 4, 2011 at 10:41 AM, m.r...@5-cent.us wrote: Brian Mathis wrote: On Mon, Oct 3, 2011 at 10:16 PM, Negative negativebinom...@gmail.com wrote: I built guest vm's one for Windows 7 and one for Windows XP using the virtual machine manager on a  just updated to centos 5.7, and they are both crashing the host machine. They run only  for a few minutes, but suddenly freeze, crashing the host.  There is no networking. No X. No way to drop out of X. The only way out is a hard reboot. I don't see anything in the logs -- messages or libvirt logs -- immediately before the crash. snip Is this new hardware? Have you run any hardware burn testing (CPU, RAM, etc...) and/or memtest86+ on the RAM? This sounds like a hardware issue to me. It's about three years old. I had one hardware issue a year ago in which a video card fried, but it's been great. I will run memtest this afternoon. I agree with Brian - it may be coincidental that you built the VMs, and then it started crashing. I should run memtest. I don't know of a tool to check the processors. I use the machine for analyzing data, and often use most of the 32 gigs of memory in it, but I doubt I've ever seriously stressed the processors. I created the two guests with the gui, but since they crash, I started one without starting X on the host, using virsh. The guest and host both stay up. When starting using virsh with the --console switch I get what looks like a telnet connection. But I know almost nothing about Windows and don't know what to look at. Networking between the guest and host might be borked -- and that would've been my fault. Then, every time X is running the guest and host crash. One other question: is selinux enabled? Yes. No warnings, though. mark It should not matter what the guest is, so Windows or Linux it shouldn't be crashing. If not hardware, it points to a bug in the hypervisor software. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Migrating CentOS 5 - 6: where to put /etc/inittab respawn scripts?
On Tue, Oct 4, 2011 at 5:44 PM, Alexander Farber alexander.far...@gmail.com wrote: Hello, sorry, for 1 more question on CentOS 5 - CentOS 6 migration. On my old CentOS 5.7 machine I have the following line: pref:3:respawn:/bin/su -c '/usr/local/pref/pref.pl /tmp/pref-`date +%a`.txt 21' afarber and this has served me well, I don't want to install anything else like daemontools etc. - to keep my web-server easily reinstallable (or movable to another hoster). But now I have migrated to CentOS 6.0, added that line and the init q, but nothing happens - as indeed promised by the comments in the new /etc/inittab. Where should I move my line, which docs to read? The pref.pl is a poll()ing TCP-sockets daemon for a game Thank you Alex This sounds like something you should be using the 'service' framework for, instead of inittab. In CentOS 5 you would create a script in /etc/init.d and start the service from there. I'm not yet familiar with CentOS 6, but I would bet looking for docs on how to do that will lead you in the right direction. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RTL8111/8168B always 100mbps
On Tue, Sep 27, 2011 at 9:47 AM, m.r...@5-cent.us wrote: John Doe wrote: From: Muhammad Panji sumodi...@gmail.com I have an onboard Realtek RTL8111/8168B NIC. from lspci -vv : 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 02) It is detected, but why the speed is always 100Mbps, already change snip I tried: # ethtool -s eth0 speed 1000 duplex full autoneg off advertise 0x020 but auto-negotiation stays on and I only get 100Mbps... I tried: # ethtool -s eth0 duplex full autoneg off advertise 0x020 auto-negotiation is off but nothing change... I was working on a similar problem (turned out to be our network switch), but *did* find that order of the ethtool command is significant: you *MUST* have autoneg off as the first parameter; that is, try # ethtool -s eth0 autoneg off speed 1000 duplex full advertise 0x020 mark Auto-negotiation is a required part of the 1000Gb protocol. You cannot turn it off. In the olden days there were a few problems with it, and some people's reaction to every problem was to turn it off (and many made it the default setting). Some still repeat the mantra as if it is gospel, but they are relics of a bygone era. If your first reaction is to disable auto-negotioation, please update your ways. We are a decade into the 21st century, after all. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not receiving root mail
On Mon, Aug 22, 2011 at 8:07 AM, Barry Brimer li...@brimer.org wrote: a...@.org: host mailhost.zen.co.uk[212.23.3.98] said: 550-Verification failed for a...@xxx.lan 550-Unrouteable address 550 Envelope Sender: Domain must resolve in DNS! (in reply to RCPT TO command) It looks like your outgoing mail from your local user(s) needs to be masqueraded or the whole server does. I think Barry has it right here. Also, if you're using postfix, you should yum remove sendmail to avoid any possible conflicts. There's no reason to have sendmail, postfix implements its own 'sendmail' command. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 5.1.6 php to 5.3, a few questions
On Wed, Aug 17, 2011 at 12:20 AM, Bob Hoffman b...@bobhoffman.com wrote: Alright, looks like I have to do this (centos 5.x install). Some questions.. 1) I imagine I have to uninstall my current version of php...will yum remove want to take a ton of programs with it? Would I have to individually uninstall each package instead? 2) yum down the new version from some repo and then install it. I imagine nothing from the previous setup will be there and I would have to start going through the program and config files to make it work with my system, yes? 3) for those that have done it, how many things broke when you took out the old and added the new? honestly just thinking about getting a new comp, installing centos6, adding some virtuals, moving the sites over to the new one and being done with it. Not comfortable with a version of php that will not be backported like 5.1.6 is with centos team. any problems you encountered, would love to hear about them. thanks The official php53 packages do not provide php, in the rpm dependency sense, (they use php53) so any app that requires the php dependency will not install or complain if you try to remove the original php package. This makes the official php53 packages unusable, IMO. The IUS repository provides php 5.3 rpms that do provide the correct 'php' dependency, so the apps won't have dependency issues. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two ftp clients? Why?
On Tue, Aug 2, 2011 at 10:19 PM, Benjamin Smith li...@benjamindsmith.com wrote: On Tuesday, August 02, 2011 04:06:53 PM Brian Mathis wrote: Instead of suggesting alternate technologies, Ok, so this implies that suggesting alternatives is bad... it should be suggested to not use an ftp client at all and instead use a scripting language, such as perl or python, that has libraries meant for talking to these protocols. Their man pages pretty much show you how even if you don't know the language. Wait - isn't that an alternative technology?!? No it's not, and you're making a stupid argument. Clearly there is a difference between using a different client versus changing the entire protocol stack across all systems it's being used for. Using a better client mechanism involves maybe an hour or so worth of work, while changing the entire protocol you're using requires changing every service on every server in every company you might be interfacing with. One of those is easy to do, the other one is likely impossible. I find it strange and annoying that so many times the answers to questions like the OP's so often and so clearly miss the mark, as if no one here understands what's actually involved in implementing a new protocol stack across an enterprise or between enterprises. The questionable thing is not using entrenched protocols, but using old methods like redirecting ftp commands via STDIN into a client to control it. /bin/sh is an old method. TCP is pretty ancient, as well. For that matter, UNIX is REALLY ancient. Yet somehow, they are not only still useful, but highly relevant. Wheels are also old technology! See above, re: stupid argument. If your objection is to the use of the word old as opposed to something like error prone, please perform 's/old/error prone/g' in your head and save us the pixels. P.S. Something becomes old when it's been replaced by a newer, better way of doing things, not simply because of age. Redirecting commands into an ftp client (and, btw, I don't know if the OP is doing this, but it's still amazingly common) is a provably bad old method of doing things. You cannot deal with error conditions or anything else that might come up. Using a scripting language/library allows you to deal with these obvious problems. There are often situations that have special needs that alternatives don't accommodate. For example, a general purpose tool (such as tcp wrappers in a scripting environment) often don't give you the fine level of control that you may need for special needs. Such as, for instance, the web-based product that adds an optional http header to indicate an error condition. Tools like wget or curl don't always allow access to the options needed to access this and so sending stdout thru a pipe to an FTP client might be preferable. I've been around the block long enough to know that those who are most certain they have the right answer right away are usually those least likely to have it. Science backs this conclusion up, it's called the Dunning-Kruger effect. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two ftp clients? Why?
On Wed, Aug 3, 2011 at 12:24 AM, Les Mikesell lesmikes...@gmail.com wrote: On 8/2/11 10:32 PM, Always Learning wrote: On Tue, 2011-08-02 at 16:41 -0500, Les Mikesell wrote: But back to the original problem, why would anyone use ftp in this century when rsync or http(s) are so much easier to manage? having grown-up on computers before M$ existed, I still find FTP very easy, quick and efficient. Neither rsync nor http have anything to do with M$, they are just well designed protocols. Rysnc is specialized for copying files and directory trees, is normally used over ssh, and doesn't need any extra server-side setup other than ssh keys if you want it to work without passwords. Http is very general and the setup can be as simple or complicated as you want - and it is well understood by firewalls and proxies. Rsync barely works well on Windows, and certainly not without some sort of Cygwin involved. It works fine if you have a few files in a folder, but once you start dealing with directory trees, you run into many issues with folder redirections, loops, and junction points. As for not needing extra server-side setup, you're talking about Windows here, which most definitely *does* need server-side setup for both ssh and rsync. It does not just work at all. Once again, you're talking about Cygwin, which is great but not exactly easy to deal with nor something standard. Must have a play with rsync though. If ssh works between systems, it will 'just work'. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Two ftp clients? Why?
Please fix the fonts in your email client. I have no problem with HTML email, but it's coming across as Times New Roman at 6pt size. On Wed, Aug 3, 2011 at 3:15 PM, Benjamin Smith li...@benjamindsmith.com wrote: On Wednesday, August 03, 2011 08:30:02 AM Brian Mathis wrote: Wait - isn't that an alternative technology?!? No it's not, and you're making a stupid argument. Clearly there is a difference between using a different client versus changing the entire protocol stack across all systems it's being used for. Using a better client mechanism involves maybe an hour or so worth of work, while changing the entire protocol you're using requires changing every service on every server in every company you might be interfacing with. One of those is easy to do, the other one is likely impossible. As you make the point later, perl is a different technology than /usr/bin/ftp. Both can use the same protocol. You really want to keep this ridiculous and utterly pedantic argument going? OK. Obviously using a different client method is, oh my god, *different*. Technically, every time you run the same script, different electrons would be used, so that's different too. Many of the other replies ask why not use this or that other protocol instead. Clearly this is the context I am referring to here. Please have conversations at a human level. We are not computers trying to agree on some exact definition of a word before we can continue with some protocol negotiation. The network protocol implemented across a bunch of servers is different than a single client used to access them, and that this is clearly what I'm referring to. I find it strange and annoying that so many times the answers to questions like the OP's so often and so clearly miss the mark, as if no one here understands what's actually involved in implementing a new protocol stack across an enterprise or between enterprises. We're all doing some different, you know? Some of us have to deal with arcane requirements written by some midlevel bureaucrat. I prefer using sftp, scp, or post/https for secure file transfers. More than once I've been forced to use FTP for security reasons, even after I try to explain otherwise. My point is that this happens all the time. There are frequently responses to questions that flippantly suggest something like just change your whole universe because doing it this other way is marginally better. The poster didn't ask about that, and often knows about the other options. But as you said, everyone has different requirements, so the responses of just change everything are worse than noise; they completely derail the conversation (as exemplified by Les's insistence on beating the rsync drum into the ground). The questionable thing is not using entrenched protocols, but using old methods like redirecting ftp commands via STDIN into a client to control it. /bin/sh is an old method. TCP is pretty ancient, as well. For that matter, UNIX is REALLY ancient. Yet somehow, they are not only still useful, but highly relevant. Wheels are also old technology! See above, re: stupid argument. If your objection is to the use of the word old as opposed to something like error prone, please perform 's/old/error prone/g' in your head and save us the pixels. P.S. Something becomes old when it's been replaced by a newer, better way of doing things, not simply because of age. I see this nowhere in the standard definition for old. http://dictionary.reference.com/browse/old I once again refer you to, re: stupid argument Redirecting commands into an ftp client (and, btw, I don't know if the OP is doing this, but it's still amazingly common) is a provably bad old method of doing things. You cannot deal with error conditions or anything else that might come up. Using a scripting language/library allows you to deal with these obvious problems. You might consider becoming familiar with expect, perhaps? # yum install expect; I have used expect and it's only good as a last resort when you have no other options. It's only marginally better than having a monkey typing on the keyboard, and reacts just about as well to errors. Using an actual client library gives you full control over both functions and error handling, and generally takes much less effort than expect to get working right. It's still better than redirecting from stdin. I've been around the block long enough to know that those who are most certain they have the right answer right away are usually those least likely to have it. Science backs this conclusion up, it's called the Dunning-Kruger effect. Strange: no comment here? I was going to throw it into the stupid argument category, but decided to save the pixels. I'll also raise you an irrelevant, since this is not about certainty over the right answer, it's about the flexibility of the tools one uses to reach the answer. The ability to discuss using better
Re: [CentOS] Two ftp clients? Why?
On Tue, Aug 2, 2011 at 5:41 PM, Les Mikesell lesmikes...@gmail.com wrote: No, its 'how can I repeat old mistakes' instead of learning from them or building on them. But back to the original problem, why would anyone use ftp in this century when rsync or http(s) are so much easier to manage? Les Mikesell While I understand the sentiment of why use old stuff, this is still a pretty ridiculous statement. It takes not even 10 seconds to think of situations where one would need to, such as interfacing with *paying* clients, etc... Instead of suggesting alternate technologies, it should be suggested to not use an ftp client at all and instead use a scripting language, such as perl or python, that has libraries meant for talking to these protocols. Their man pages pretty much show you how even if you don't know the language. The questionable thing is not using entrenched protocols, but using old methods like redirecting ftp commands via STDIN into a client to control it. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ext4, 4k sector alignment
On Mon, Jul 25, 2011 at 1:10 PM, Les Mikesell lesmikes...@gmail.com wrote: I've mentioned this problem before but put off doing anything about it and maybe now someone can suggest the best solution. I have a 3-member RAID1 set where one of the members is periodically swapped and rotated offsite. The filesystem contains a backuppc archive which has millions of hardlinks that make it impractical to copy with a file-oriented approach. The current filesystem is ext3 with one partition that uses the entire disk capacity (no lvm). It works as is, but... I'd like to use a laptop size drive for the swapped member and the only ones available that match the size have 4k sectors. I have swappable, trayless SATA bays available for both drive sizes. The problem is that with the current partition layout, the drive with 4k sectors takes more than a day to re-sync even though on read access the speed is a match for the full sized drives that sync in a few hours. My questions for any filesystem experts are: Is there a way to adjust the existing md partitions to get the right alignment for 4k sectors without having to do a file-oriented copy to new partitions? A resize + a dd copy to shift the position might be feasible time-wise if that would work. Is it worth converting to ext4? Is there a difference between doing this on 5.6 or 6.x? If I start over from scratch with 6.x, will the partitioning tools automatically align for 4k sector drives (with/without lvm?)? -- Les Mikesell lesmikes...@gmail.com I've wondered many times, though haven't tried it, if the issues with hard links and backuppc could be solved by using a container file with a loopback mount, and then that file could be moved around as needed without running into hard-link issues. In this case, you could format the external drive in the optimal mode for 4k sectors, then create a container file and mount it using loopback. Then add the loopback device to the mdraid and have it sync. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ext4, 4k sector alignment
On 7/25/2011 1:42 PM, Brian Mathis wrote: I've wondered many times, though haven't tried it, if the issues with hard links and backuppc could be solved by using a container file with a loopback mount, and then that file could be moved around as needed without running into hard-link issues. In this case, you could format the external drive in the optimal mode for 4k sectors, then create a container file and mount it using loopback. Then add the loopback device to the mdraid and have it sync. It doesn't really help with the problem as it stands, which is that the target disk (a swappable sata, not really external) has no extra space that would permit shifting the alignment. It might work to shrink the existing size, then partition the new drives with the right offset, but I may just start from scratch and keep the old drives around in case I need the old history. -- Les Mikesell lesmikes...@gmail.com I thought this was a 3-disk RAID1? Can't you repartition the hotswap disk and still have the data on the other 2? Why would you need to shrink the existing partition? Just blow it away and resync the data once you rebuild the disk. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fyi: RHEL 5.7 is out
On Thu, Jul 21, 2011 at 8:45 AM, Always Learning cen...@u6.u22.net wrote: On Thu, 2011-07-21 at 11:11 +0200, Rainer Traut wrote: it seems redhat has just pushed RHEL 5.7 out. I see amoung others: kernel-2.6.18-274.el5.x86_64.rpm redhat-release-5Server-5.7.0.3.x86_64.rpm Thanks Rainer. The dilemma is whether to upgrade from 5.6 to 6.1 or stay with 5.x as more 5.x versions (5.8, 5.9, 5.10 etc. might be possible). For me the only negative aspect of 5.x is old kernel 2.6.18 whereas 6.x is 2.6.32? Is there any easy method of discovering Red Hat's 5.x intentions post-5.7 ? Will the CentOS volunteers, who do a marvelous job, be willing to convert any future 5.x versions in addition to the 6.x versions, effectively giving them a double workload in addition to their normal full-time paying-jobs ? Paul. England, EU. I don't see how this is a dilemma at all. If your servers are installed with the 5.x series, they would and probably should continue to run using the 5.x series unless they suddenly can no longer perform whatever tasks you need of them. If the kernel/OS is meeting all of your needs, why does the version number matter? As long as Redhat has committed to support 5.x, you will continue to get updates for it. RHEL5 will be supported in some way until 2017. New major versions of RHEL/CentOS should be viewed as completely separate lines of product, as opposed to one being a direct upgrade of the other. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Triggering script from cron or web client
On Mon, Jul 11, 2011 at 10:16 PM, Kenneth Porter sh...@sewingwitch.com wrote: --On Friday, July 08, 2011 8:23 PM -0400 Brian Mathis brian.mathis+cen...@betteradmin.com wrote: If you don't want to wait a full minute you could use 'incron' to monitor the temp directory and kick the update right away. Seems better than having something in a loop constantly checking. incron sounds promising. I could use the regular cron to push a signal (ie. touch a file) at the regular interval, whereupon incron launches the existing script, and the webscript can touch the signal file when I need the script run right away. Will incron not run the script again if it's already running? Will it queue the file event until the handler exits? No, incron will not queue events or wait for the other one to finish. Your script should take care of this. One thing to watch out for is if the script is running and you use a lockfile to exit from a 2nd one running, the original script won't get the message about the 2nd file. Maybe that matters for this application, maybe not. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Where can I download centos 6
PLEASE STOP. WE DO NOT NEED THIS AGAIN, ESPECIALLY SO CLOSE TO RELEASE. -☙ Brian Mathis ❧- On Fri, Jul 8, 2011 at 5:48 PM, Ron Blizzard rb4cen...@gmail.com wrote: On Fri, Jul 8, 2011 at 3:59 PM, Steven Crothers steven.croth...@gmail.com wrote: Thankfully some good things have come of this complete disaster that is CentOS 6. * Scientific Linux 6 * Oracle Enterprise 6 (Which is free to download folks) * Clear-OS Core (Which is ran by a professional organization instead of a group if you're into that) Uh... Scientific Linux didn't come from CentOS. It's been in existence since 2004. Oracle Linux? Go for it, if supporting a parasitical, ungrateful corporation is your thing and if you like to pay for updates to them (I would just use Red Hat, if it were me). Clear-OS Core? Strange, I don't see its 6.0 version available for download yet. They've got an alpha out there, but it remains to be seen how will they'll rebuild Red Hat and how long their rebuilding project will last. I'm guessing they'll find it's a lot of work, go back to using CentOS and put their time back into their main product line. But we'll see. -- RonB -- Using CentOS 5.6 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Triggering script from cron or web client
On Fri, Jul 8, 2011 at 5:58 PM, Kenneth Porter sh...@sewingwitch.com wrote: I have a Bash script, currently run a couple times an hour from cron, that pulls data from an old Windows DB by rsync, converts it to SQL, and injects it into a MySQL DB for display in a LAMP-based app. (Make and Perl are also involved to minimize the number of tables touched and to clean up the SQL generated by Pxlib.) I'd like to add the ability to refresh the data immediately from the web app, but I don't want it to trample on the periodic script and corrupt the data. I figure the ideal way to do this is to run the script in a loop in its own process, waiting on a semaphore that times out at the refresh period, and poke the semaphore from the web app to have it run before the next periodic cycle. Are there existing frameworks to wrap this kind of thing in? Something that handles starting the loop at server startup, shutting it down at server halt, and handles the IPC between the web server and the service script. Web page creates a temp file saying update, then cron job runs once a minute looking for that file, kicks off update script, then deletes temp file. If you don't want to wait a full minute you could use 'incron' to monitor the temp directory and kick the update right away. Seems better than having something in a loop constantly checking. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] crontab
On Thu, Jul 7, 2011 at 7:48 AM, Helmut Drodofsky drodof...@internet-xs.de wrote: I would like to run a program at 2:35 at the first Saturday of each odd month. My solution: 35 2 1-7 1,3,5,7,9,11 6 /bin/program The program was executed yesterday = Wednesday = day 3, cron ignores the day of the week! Is there a solution with cron – or have I to write a script to check the date? Helmut The most elegant way I have seen to do this is: 35 2 1-7 1,3,5,7,9,11 * [ $(date '+\%a') == Sat ] command This will run on the 1st through 7th days of the month, and if the day (as returned by date +%a) is Sat, then execute the command. Otherwise do nothing. I might also replace the month numbers with names, just to make it easier to understand (though the lines will get long): 35 2 1-7 Jan,Mar,May,Jul,Sep,Nov * [ $(date '+\%a') == Sat ] command -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyway to ensure SSH availability?
On Wed, Jun 29, 2011 at 4:15 PM, Emmanuel Noobadmin centos.ad...@gmail.com wrote: On 6/30/11, Rainer Duffner rai...@ultra-secure.de wrote: Yes, it's called out of band management. Have dial-in access to IPMI/iLO interfaces or just an APC remote controlled power-switch to power-off the server. I don't want to reboot the server everytime something like that happens. I'll expect pretty nasty problems will develop after a few dozen unclean shutdowns like that. Would ILO work on a server that's unresponsive due to heavy load? The actual network access isn't a problem so dial up isn't necessary. The other problem is the server in question probably doesn't have ILO features on the mainboard. Doing a hard power-off is extreme, but could be the last resort option. ILO is just one product (by HP) that provides out-of-band management for servers. Dell has DRAC, and there are others. They allow you access to the server's console as if you are standing there, as well as other functions like power on/off, virtual CD drive, etc... These are usually built-in to the server so you can't really add-on later. You can get similar functionality by using a remote IP-based KVM. They only provide the remote console, not power on/off or virtual CD. For a single server, a low cost option is the Lantronix Spider or Spider Duo. It provides a remote console for a single server for a few hundred $$$s. An alternative that is usable for Linux servers is a remote serial console; it allows you to ssh into it and then connect to the serial port of the server. You will need to setup the bios, grub, and a serial getty to be able to login to a server this way. wti.com makes a good one that I currently use. All of these solutions are out of band meaning they do not directly interface with the operating system, so if there's a problem with the server, they are not affected by it. Your name suggests you are new to sysadmin. One of the lessons here is to always have at least 1 method of out of band management as part of the non-negotiable requirements for a server, especially a remote one. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyway to ensure SSH availability?
On Wed, Jun 29, 2011 at 5:22 PM, m.r...@5-cent.us wrote: Les Mikesell wrote: On 6/29/2011 4:04 PM, Emmanuel Noobadmin wrote: On 6/30/11, Les Mikeselllesmikes...@gmail.com wrote: The seriously on-the-cheap approach is to run a few virtual servers on hardware slightly better than one of the individual servers would need. Actually THAT is the fundamental problem ;) The physical server is frankly much more powerful than the two guest running on it. I have the same applications + public web/email running on old dual core machines with less memory than the guests. snip OK, but without knowing the cause, you already know the cure. Make the virtual servers not share physical disks - they will always want a single head to be in different places at the same time. And there is also probably some ugly stuff about how using files for virtual disk images and perhaps LVM on both the real and virtual side makes your disk blocks misaligned. Fixing that might help too. Here's another one, that I got from another admin talking to VMware: watch out just how many virtual CPUs you assign to each VM. If you've assigned 4, it is actually going to sit there waiting until it gets 4 virtual CPUs. As of '09, VMware was recommending assigning 2. mark This is no longer true [1], but it's still a good idea to only assign as many CPUs as you need. [1] Source: VMware Engineer at VMware Forum 2011. -☙ Brian Mathis ❧- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EL 6 rollout strategies? (Scientific Linux)
On Mon, May 16, 2011 at 2:40 PM, Janne TH. Nyman jny...@jbtec.org wrote: Who cares? I find it amazing that these guys still keep on building and providing considering how their users treat them. Team CentOS, keep your heads up. For me, you are still the best thing that happened since sliced bread. Come on, community, where is your love? My 2 pence, Janne Janski AKA JNixus Nyman Founder of Newman IT Solutions Ltd These kind of ass-kissing posts are even worse than the flame wars. The flame wars at least usually start with some sort of reasonable criticism of the project, and have the *potential* to result in a discussion that ultimately improves the project. Ass kissing never has the potential to improve the project. Flame wars only start once Johnny or some sycophant tells everyone to fuck off, thereby derailing any potential for a constructive discussion. At that point you're left with lots of very smart, very angry people who feel like they wasted their time promoting and using CentOS. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EL 6 rollout strategies? (Scientific Linux)
On Mon, May 16, 2011 at 5:11 PM, Ron Blizzard rb4cen...@gmail.com wrote: On Mon, May 16, 2011 at 3:59 PM, Brian Mathis These kind of ass-kissing posts are even worse than the flame wars. The flame wars at least usually start with some sort of reasonable criticism of the project, and have the *potential* to result in a discussion that ultimately improves the project. Ass kissing never has the potential to improve the project. Flame wars only start once Johnny or some sycophant tells everyone to fuck off, thereby derailing any potential for a constructive discussion. At that point you're left with lots of very smart, very angry people who feel like they wasted their time promoting and using CentOS. Give me a break. Any human being, who's been working his ass off for nearly seven months to get out three separate releases of CentOS, would lose patience when all that comes from the sidelines is the constant drip, drip, drip of unending whining from a few repeat-o-matic cranks. I've basically ignored this mailing list for months because of it -- and have just recently come back to read it, and I'm already fed up with it. How the developers have put up with it for months, I have no idea. And, as for ass-kissing (as you so politely put it), I use and *like* CentOS and am grateful for all the work the developers put into it. And, especially since the ungrateful whiners can only bitch and bitch and bitch, I think every now and then the developers need to hear that there are those who appreciate their work. As I've told Les, if you know so much better how to do this, why don't you rebuild your own Red Hat distribution? So much easier to do it when you're not actually doing it, isn't it? -- RonB -- Using CentOS 5.6 The constant drip drip drip, as you put it, is generated from the disrespect shown to the users, not the other way around. Anyone who asks how much longer or how they can help is immediately slapped down and told to go away. The understanding that's missing from the Devs and sycophants is that users are asking BECAUSE THEY CARE. BECAUSE THEY LIKE THE PROJECT. BECAUSE THEY UNDERSTAND THAT THIS IS A LOT OF WORK. And their concern is met with nothing but derision and accusations of being constant freeloading whiners. As for appreciating the developers, that is what all of the posts complaining about the process are about. People complain they can't help. People complain they can't do anything. People complain that when they ask, they are shut out instead of welcomed in. All of this comes from a desire to help the project. The sycophants simply unable to have any real discussion. Those with criticisms have valid ones, but the responses do not actually address the problems -- they just ignite the flames. Anyone making personal attacks like calling people whiners or crybabies are really the ones causing the problem here, because there is no hope of ever making those constructive. While the whiners my not have done anything to help, what have the supporters done? Any one of them could start digging in to the available and possibly back-channel information to have something to supply other than calling people names. Surely working to get that information out to users would stop these constant email chains more constructively than the name-calling? So I guess anyone not doing that is also a freeloading leech? // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] EL 6 rollout strategies? (Scientific Linux)
On Mon, May 16, 2011 at 7:03 PM, Ron Blizzard rb4cen...@gmail.com wrote: On Mon, May 16, 2011 at 4:46 PM, Brian Mathis The constant drip drip drip, as you put it, is generated from the disrespect shown to the users, not the other way around. Anyone who asks how much longer or how they can help is immediately slapped down and told to go away. Bullcrap. I've seen the same old droning by the same posters for at least a year now. It's not constructive criticism it's whining. When the developers tell you that adding more and more work will slow (not speed) CentOS development, they probably know what they're talking about. You think? The understanding that's missing from the Devs and sycophants is that users are asking BECAUSE THEY CARE. BECAUSE THEY LIKE THE PROJECT. BECAUSE THEY UNDERSTAND THAT THIS IS A LOT OF WORK. And their concern is met with nothing but derision and accusations of being constant freeloading whiners. When all I see is constant whining, and empty threats to move to another distribution, what else can I conclude except that whiners will be whiners. If you suggest something, and it's rejected (for whatever reason) it's no longer constructive criticism to keep droning on about it. I don't see concern, I see whining. As for appreciating the developers, that is what all of the posts complaining about the process are about. People complain they can't help. People complain they can't do anything. People complain that when they ask, they are shut out instead of welcomed in. All of this comes from a desire to help the project. No, what *some* users whine about is that they can't control the process. They're miffed because their great suggestions are rejected. I realize that I'm probably lumping all complainers into the same category -- sorry but I'm fed up with the constant drip, drip, drip. At the very least let the developers get out from under the workload before offering yet more constructive criticism. The sycophants simply unable to have any real discussion. Those with criticisms have valid ones, but the responses do not actually address the problems -- they just ignite the flames. Anyone making personal attacks like calling people whiners or crybabies are really the ones causing the problem here, because there is no hope of ever making those constructive. Ignite the flames? Right. When I come here I see whining. I see complaints about the time required to rebuild CentOS. I see myself called a sycophant for defending the developers. But I'm the one igniting the flames. What a pant load. While the whiners my not have done anything to help, what have the supporters done? Any one of them could start digging in to the available and possibly back-channel information to have something to supply other than calling people names. Surely working to get that information out to users would stop these constant email chains more constructively than the name-calling? So I guess anyone not doing that is also a freeloading leech? We supporters (like he quotes, by the way) don't see the huge problem the concerned constantly yammer on about. We appreciate all the hard work and realize that CentOS is not Red Hat and that, if we absolutely have to have the newest releases immediately, we can go with the upstream. Good thing the concerned don't engage in name calling like the us sycophants. -- RonB -- Using CentOS 5.6 People don't complain just for the fun of it (if that's the world you live in, I feel sorry for you), they complain because something is bothering them. In this case, it is the very real and measurable delays in releases that seem to be getting longer. Release delays are an incontrovertible fact in this case, and anyone arguing otherwise needs their logic unit replaced. The case becomes even stronger given that, as you say, people have been complaining for at least a year now. That shows a long term pattern of the same issue coming up over and over and bothering people. There really can be no stronger case that is supported by both logic and evidence that there is a problem. It has been mentioned in numerous blog posts, twitter posts, and tech magazines. Given that the issue is so clear, it adds insult to insult when someone asks about it and is treated like the problem doesn't exist. Suggestions given by people are rejected flat out not because they don't like the suggestion, but by countering that the problem doesn't exist. This is what's so inflammatory and causes so many flame wars. Having a constructive discussion is derailed most frequently not by the complainers, but by the if-you-don't-like-it-get-off-my-lawns. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh in while in fsck
On Wed, Apr 27, 2011 at 4:14 PM, m.r...@5-cent.us wrote: My manager reminds me that in the old Sun days, the ssh server came up first, *before* the fsck on boot, so that if there was a problem, and fsck was waiting for an answer, you could remotely ssh in, kill it, restart it, and answer (or give it the right flags). Does anyone know if it's possible to have that happen with CentOS? It would be nice to have it boot that way, so that if you checked, and figured it should have been up already, you could handle the problem without coming in mark I think having a decent remote console is the solution to that. DRAC, KVMoIP, Serial console, etc... I'm not sure how it could be considered safe to start services like sshd before the filesystem has been checked. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh in while in fsck
On Wed, Apr 27, 2011 at 4:28 PM, m.r...@5-cent.us wrote: Brian Mathis wrote: On Wed, Apr 27, 2011 at 4:14 PM, m.r...@5-cent.us wrote: My manager reminds me that in the old Sun days, the ssh server came up first, *before* the fsck on boot, so that if there was a problem, and fsck was waiting for an answer, you could remotely ssh in, kill it, restart it, and answer (or give it the right flags). Does anyone know if it's possible to have that happen with CentOS? It would be nice to have it boot that way, so that if you checked, and figured it should have been up already, you could handle the problem without coming in I think having a decent remote console is the solution to that. DRAC, KVMoIP, Serial console, etc... I'm not sure how it could be considered safe to start services like sshd before the filesystem has been checked. Hmm, now *that's* an interesting thought: with, say, DRAC, could you ssh into a management server, then go to a booting system? mark A DRAC can provide: - Web interface to server control and monitoring functions - Remote console (KVM) - SSH login to a command-line server control - SSH login to Serial console redirect I haven;t used the SSH part that much. However, DRAC is Dell specific, and must be purchased with the server. With remote console, you might be able to get in, but I'm not sure if the other gettys are running before the fsck starts. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
On Wed, Apr 20, 2011 at 6:01 AM, Ian Murray murra...@yahoo.co.uk wrote: Okay, maybe that was an assumption too far in regards to respect. Perhaps not so one-sided if he had received an email reply from the devs assuming he did indeed send one to KB. To be fair, it does seem pretty lifted from the list, which is a point of view that not everyone agrees with. He should really have sent the article to the devs and offered them a chance respond to his comments and have those worked into the article. I assume that wasn't done. No. News reporting is about picking up and distilling the sentiment of what's going on. The article has done that. It doesn't have to be a complete factual research project with totally fair and balanced chances for everyone to have their say. If the Devs had responded, that would have been nice, but not a requirement. As for the other side of the point of view, please refer to JH's response to me comment. I'll paraphrase for you: You can still take it or leave it. It doesn't matter how many times you say it, it's still wrong. JH's responses are absolutely out of line and if I were KB I would be seriously sitting down with him to have a chat about his attitude. He doesn't seem to realize that telling people to f*ck off is not acceptable behavior, no matter who you are or what you do. It doesn't matter if you provide something for free, because it's not free. Everyone who uses CentOS invests significant time and energy into it. Choosing CentOS was based on claims on the web site, and the promise of an open alternative to Redhat, not an open alternative when we get around to it, and by the way, just be happy we deem it worthy to give you anything at all. The attitudes against any user who has a question about releases significantly undermines the project and is a slap in the face to everyone who has chosen to support and proselytize CentOS throughout the years. The idea that the Devs are the only ones who do any real work on the project is complete BS. It was the *users* who put all the hard work into implementing CentOS and building up the usage numbers, not JH and the CentOS project Devs. Also, based on this post where JH throws around the numbers [1], one can only assume that the real reason behind keeping the dev process closed is to maintain the egos of those on the inside -- since all avenues of logic seem to have been exhausted. // Brian Mathis [1] http://www.mail-archive.com/centos@centos.org/msg69365.html ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How can a company help, officially?
On Tue, Apr 12, 2011 at 11:53 AM, Karanbir Singh mail-li...@karan.org wrote: On 04/12/2011 04:01 PM, Les Mikesell wrote: The process is not the product. Exactly, and I don't see anyone complaining about the product - just wondering if some number of months could be shaved off the process. Fixing the timing of release is something we get from getting the process into the right place. And not the other way around. There seems to be a feeling of 'do whatever' to get packages out faster. And that's where I have an issue with things. Doing the right thing, would mean we get packages in the right state out faster. The 'right state' bit is not really optional, imho. This kind of response indicates an almost willful misreading of what pretty much everyone has said on the topic, and I can't believe we are still hearing it. NO ONE IS SAYING TO PUSH CRAP OUT THE DOOR JUST FOR THE SAKE OF GETTING IT OUT. EVERYONE IS SAYING TO OPEN THE PROCESS SO THEY CAN HELP GET THE HIGH QUALITY STUFF OUT THE DOOR FASTER. It's completely irresponsible to continue making this argument, so stop it. Please read http://en.wikipedia.org/wiki/Straw_man for a complete explanation of what you are doing here and why it is completely disrespectful against logic to continue using it. Exactly, which is where the idea of 'ownership' comes through. So far it isn't clear where the months of process can accumulate. If it There are many things, eg. not having the right amount of kit in the same place is a bottleneck. Not being able to run the right sort of tests automatically is another. Upstream not releasing packages in time is yet another. There are plenty of things that are harder to solve. On the other hand, there are things that we can do stuff about : find and promote people who have expertise in specific functionality to help come together and solve the not-enough-eyes issues. And being able to do that within a model that also promotes the persons visibility in the community and therefore have some level of a trust build up in the peer group, is a clear win! And to be clear, its not about expertise with rpm or packaging as a whole, its expertise in a functional set that is more relevant. Regards, - KB This is another area where the project needs to be brought into the 21st century. find and promote people who have expertise in specific functionality. This is how closed-source corporations run their projects. Open source allows you to tap into the long tail of people who might have time to contribute 1 or 2 things, but not become a complete owner of a subsystem. With many people contributing like this, the main project committers would vet and incorporate changes, maintaining the level of trust while reducing their workload. Every open source project in the past 20 years has figured this out; I fail to see why it's so hard for CentOS. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How can a company help, officially?
On Tue, Apr 12, 2011 at 4:07 PM, Karanbir Singh mail-li...@karan.org wrote: On 04/12/2011 07:53 PM, Radu Gheorghiu wrote: 2. Why do you always have to end with you must be clueless, you must be new to CentOS, you must be new to Open Source. How can you tell? You can tell all this just by reading one email? thats a good question, I was asking myself the same thing. End of the day, it comes down to the fact that I feel we go over the same thing again and again all the time. And when people offer to help, I try and create a mechanism for them to do so, but there is little or no real feedback on that, and traction is even harder to get. We go over the same things because the issues are clear and the suggestions seem to fall on deaf ears over and over again. Most of the responses rely on logical fallacies or things that can obviously be resolved with just an ounce of thought, creativity, or discussion. As for offers of help, I don't see any of the recent offers as offers of *real* help to get people involved. Real steps to open things are: - bug tracker with up to date status of the R6 packages and all outstanding issues - git repo with the scripts being used to do things and the patch files required to be applied to SRPMS - web pages with procedures on how to do things using those scripts and anything else that is not/cannot be scripted All of these need to be done by the dev team first. Maybe someone can setup the git repo and have it prepped for the devs to use. Johnny mentioned some internal names that can't be released for security reasons. This seems dubious, but still can be handled quite easily on the trusted final build servers. suspect this is, at least in some part, down to the fact that we don't have a wiki or a web page that could perhaps accumulate some/much of whats been said already and point people at that - so if they are new to the process, they have a single resource to look at and perhaps get 'upto speed' as it were. - KB in some part...?! I would say that is the ENTIRE part, as everyone except for the chosen few is new to the process. I have seen a few postings from Devs saying how they helped some other people to build packages, etc... but how? From the tone of the messages it seems like it was either via IRC or personal email, which effectively counts for zero in this context as we are talking about things that take place in public. Those things need to go into the wiki, with updated pages. Not on blog posts, twitter, or email archives. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How can a company help, officially?
On Tue, Apr 12, 2011 at 6:39 PM, R P Herrold herr...@owlriver.com wrote: On Tue, 12 Apr 2011, Brian Mathis wrote: packages, etc... but how? From the tone of the messages it seems like it was either via IRC or personal email, which effectively counts for zero in this context as we are talking about things that take place in public. Those things need to go into the wiki, with updated pages. Not on blog posts, twitter, or email archives. You can beat a cow, but it rarely gives more milk I've written repeated private email to reply to civil inquiry to help people through build problems. I would have blogged about it, but then, if a person thought enough to write to me, it seems I should give them a personal reply Sure, give them a personal reply, but then also update the public documentation with the same information so you can save yourself answering the same question again later. The outline I posted earlier today will end up at github, and I'll decorate it with scripts; I'll also blog about it -- but you know, as no-one will pay for that content, it will happen to scratch my itches and on my timeline Don't you find it at least a ironic via email to carp that an email archive is not where answers should reside No, it's not at all ironic because I understand that different types of communications occur in different contexts. Email is a medium used for discussion, while web pages and git are mediums used for documentation and code management. Thanks for handing me a ready-made example that upholds my statement Most of the responses rely on logical fallacies or things that can obviously be resolved with just an ounce of thought, creativity, or discussion. with kind regards, -- Russ herrold // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How can a company help, officially?
On Mon, Apr 11, 2011 at 2:49 PM, Tru Huynh t...@centos.org wrote: On Mon, Apr 11, 2011 at 08:19:22PM +0200, Dag Wieers wrote: Considering you follow the it's released when it's ready mantra, what [ ... ] I no longer expect any change. Then why are you always coming back here to voice your concerns if you don't expect any change? Tru I for one am glad about it as it is obvious that it needs to be addressed. The constant retorts against anyone asking is just unbelievable. Maybe if the questions can be read as: I know you release when ready, so how can I help it be ready faster? It really is an achievement to have alienated such a luminary as Dag, especially when KB specifically mentions that the project only wants to deal with such luminaries in the FLOSS interview. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how is binary compatibility determined?
On Fri, Apr 8, 2011 at 12:59 PM, Dvorkin, Asya dvork...@umdnj.edu wrote: Thanks Keith, good question, that should have been on my list of Questions to ask about CentOS building process, and thanks to Akemi for a quick answer :) Given that its answered in a FAQ one could argue that it was not a good question. You know, there is a famous saying.. If you have nothing nice to say, don't say anything at all. Yes, and not to mention the giant warning on the top of that page: Comment from Karanbir Singh: Just want to point out that CentOS does not use anything from that page - and details / scripts on that page have nothing to do with the CentOS process. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
On Thu, Apr 7, 2011 at 9:47 AM, Sorin Srbu sorin.s...@orgfarm.uu.se wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of David Sommerseth Sent: Thursday, April 07, 2011 3:42 PM To: centos@centos.org Subject: Re: [CentOS] Centos 6 Update? Which is why I'm investigating a migration to Scientific Linux. [Lurking on the sideline and watching the argument(s)]: Funny how these discussions come up just in time for each new release... -- /Sorin Yes, stating the obvious. When there's nothing new the project should be focusing on improving things to become stronger to withstand the storm of the next release cycle. It only becomes obvious that has not been done at times like this when the storm has arrived. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 Update?
On Thu, Apr 7, 2011 at 11:23 AM, Brunner, Brian T. bbrun...@gai-tronics.com wrote: centos-boun...@centos.org wrote: On 7.4.2011 16:58, Les Mikesell wrote: While SL and other distributions are perfectly fine for almost all uses, there's a certain irony in the fact the single advantage of CentOS is the ease of converting from it to a paid/supported RHEL installation, and the RH changes that make the rebuild difficult are driving people away. This sounds as if RH is responsible for not yet released CentOS 6 ? What did I miss ? What changes do you talking about ? AIUI: In previous releases, RH distributed source + patches. Starting 6.0 RH releases patched source. This makes backing out a patch, or backporting patches from future development in Fedora (e.g.) far more nightmarish than before. Also AIUI, it appears the (undisclosed) RH build environment changed significantly, such that generating bit-for-bit identical binaries (a CentOS objective) requires mind-reading RH folks by CentOS folks (aka reverse-engineering the undisclosed RH build environment). These two square wheels make the CentOS wagon a bit slower than before. Insert spiffy .sig here: Life is complex: it has both real and imaginary parts. //me It's already been said dozens of times by the developers that this change does not impact projects like CentOS that just repackage the Redhat source. It only affects companies who try to provide commercial support and need to know exactly what each kernel patch does separately. // Brian Mathis ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding yum automatic upgrades
On Tue, Apr 5, 2011 at 6:14 PM, email builder emailbuilde...@yahoo.com wrote: Sorry if this is somewhat naive, but I'm a little confused as to what the criteria is for that which will get upgraded automatically by yum and what will not. I see in our logwatch messages from time to time that yum upgraded a bunch of stuff, but I also notice that yum will not upgrade other packages at all (easy example is clamav, but there are others). Can someone explain or point me to where I can read about the distinction between what is and is not subjected to automatic upgrade? More info: yum-updatesd is running and I do not have yum-cron. yum-updatesd does a fine job from what I can tell, but I still cannot understand what criteria it applies to know which packages get upgraded and which do not. (?) The yum-updatesd configuration file is ultra-simple, so that doesn't seem to be where the update choice/distinction is being made. There seem to be people posting in various places that they prefer to use yum-cron, but I have no problems with yum-updatesd and I suspect yum-cron wouldn't address/answer my question anyway. Help? Yum-updatesd does not automatically install packages (unless you configure it to), it only notifies you of ones that need updating. If no one is manually doing it, and you don't have do_update = yes in /etc/yum/yum-updatesd.conf, then you have installed something else that is performing the updates automatically. Are you sure the updates are actually getting installed, and it's not just noise in the log from yum-updatesd? // Brian Mathis P.S. The yum log doesn't have the year in the timestamp, and if it's not active it might not get rotated by logrotate. This can cause false messages sent from logwatch about packages that were installed last year. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
