[CentOS] PXE configuration
Hi guys, I have a Centos 7.9 TFTP/PXe server that I use to serve ISO installers. I can properly serve installers but not live CDs. But I want to add a live cd, I'm using this but is not working. Can someone suggest a fix? label 2 menu label ^2) Run Centos LiveCD 79 x64 kernel centos7_x64_livecd_genome/isolinux/vmlinuz0 append initrd=centos7_x64_livecd_genome/isolinux/initrd0.img rootfstype=auto ro rd.live.image method=http://192.168.1.83/centos7_live/LiveOS/squashfs.img devfs=nomount -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] guidance on enabling 2FA at Linux GUI level
Hi all, running a machine with Centos 7.6 that already has a 2FA PAM- enabled module for SSH logins. Is there a document that talks about configuring Centos 7.6 default GUI (Gnome) to use 2fa with PAM? thanks, -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using CentOS 7 to attempt recovery of failed disk
@tonymountifield Does this still hold true? https://superuser.com/a/1075837 On Sun, Sep 27, 2020 at 7:21 AM Tony Mountifield wrote: > In article , > Valeri Galtsev wrote: > > > > > > > On Sep 26, 2020, at 8:05 AM, Jerry Geis wrote: > > > > > > I have a disk that is flagging errors, attempting to rescue the data. > > > > > > I tried dd first - if gets about 117G of 320G disk and stops > incrementing > > > the save image any more. > > > > did you try > > > > dd conv=noerror … > > > > this flag makes dd not stop on input error. Whatever is irrecoverable is > irrecoverable, but this way you will get stuff > > beyond failure point. > > You need conv=noerror,sync so that unreadable sectors get replaced by > zeros instead of not being written out at all. > Without sync, the filesystem geometry on the destination image will be > wrong after the first error. > > You also need bs=4096 so that ONLY the bad sector(s) get zeroed, and not > the surrounding ones. If you have, say, > bs=1M, then you will get a megabyte of zeros if any block within that > megabyte is bad. > > I'm speaking from recent experience! > > Cheers > Tony > > -- > Tony Mountifield > Work: t...@softins.co.uk - http://www.softins.co.uk > Play: t...@mountifield.org - http://tony.mountifield.org > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using CentOS 7 to attempt recovery of failed disk
I will suggest using dmesg -w to monitor during dd the sector numbers that fail in order to skip them. Also, perhaps the timeout of each read error is killing you (default 30 seconds) and you may have thousands. On linux, /sys/block//device/timeout (such as /sys/block/sda/device/timeout) is the timeout setting in seconds, which currently defaults to 30. As root, echo 1 > /sys/block//device/timeout will change the timeout to 1 second. Perhaps this will help you achieve a DD without waiting for the read timeouts. Erick. On Sat, Sep 26, 2020, 2:27 PM Fred wrote: > Well, I'm not a noted expert on ddrescue, but my limited experience tells > me that when it hits bad spots (or a big cluster of them) it can go very > slowly as it tries multiple times to read each sector (or track, I'm not > sure which, in this case). It keeps a list of bad spots and goes back at > the end to try again to read something from them. Of course, if you've had, > eg. a head crash, there's probably nothing there to read. > > On Sat, Sep 26, 2020 at 1:41 PM Jerry Geis wrote: > > > Hello > > > > I did try the "dd conv=noerror …" > > The ddrescue - doesnt stop - it just doesnt "continue" past a certain > > point. Somewhere around the 117G mark - it just doesnt go past that . > > (same with dd, gets to 117G and just doesnt continue. > > I have let the dd run all night - did not go past the 117G. > > > > Thanks for any suggestions. > > > > Jerry > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] erasing a disk
what if you just dd the first 1GB of the disk and the last GB of the disk (the last because of RAID signatures of some controllers that write to the end of the disk) Look at this article and modify accordingly https://zedt.eu/tech/linux/using-dd-to-repeatedly-erase-a-specific-range-of-sectors-on-the-hard-disk/ Also, use wipefs -a (Gordon Messmer answered faster than me) On Mon, Sep 14, 2020 at 3:18 PM david wrote: > Folks > > I've encountered situations where I want to reuse a hard-drive. I do > not want to preserve anything on the drive, and I'm not concerned > about 'securely erasing' old content. I just want to be able to > define it as an Physical Volume (in a logical volume set), or make it > a ZFS disk, or sometimes make it a simple EXT3, ExFAT or NTFS > disk. However, old 'signatures' get in the way and Linux sometimes > refuses to let me proceed. I know that a fool-proof solution is to > use the "dd if=/dev/zero bs=32768 oflag=direct" on the disk, but when > we're talking USB-connected hard drives of 8 TB, that's an operation > that can take days. > > The disk in question might even have been corrupted. This would make > using 'zpool destroy' to clear out a ZFS disk, or > > I've tried erasing the first megabyte of the disk, but there are ZFS > or LVM structures that get in the way. So, does anyone have an > efficient way to erase structures from a disk such that it can be reused? > > Something like >-erase first N blocks (block defined as 4096) >- Erase blocks starting at block >- erase last blocks > > At least such an algorithm would be quicker than erasing 8 TB of data. > > David > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Opinions on storage options such as gateways or like-systems
Hi all, I'm looking for some comments regarding options related to storage. We have a number of Apache web servers (24) running on (24) Centos 7.x systems, fully patched running a sort of MySQL, Java and PHP applications. All as virtual machines on top of Vmware ESX. When the Apache/MySQL R/W data, Data storage is provided as a single NFS volume mounted across the VMs. That storage space is provided by an aging (and expensive) netapp unit. What we are looking for are ideas of scaling our storage. Shall we continue to add disks to the netapp so we can increase the NFS volume size? Shall we do Gluster? CEPH? Is there something like a storage gateway for Centos? where I can centralize several storage types and present them in a centralized way? NFS, SCSI, FC ? No Cloud solutions. As we cannot go cloud (business rules). All solutions have to be local. Not sure if it makes sense. -- - Erick Perez - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow terminal response Centos 7.7 1908
"si / software interrupts" value was 0.0 and right now with all working fine, continues to be 0.0 On Fri, Jul 3, 2020 at 11:23 AM Strahil Nikolov wrote: > Hi Erick, > > what was the value of 'si' in top ? > > Best Regards, > Strahil Nikolov > > На 3 юли 2020 г. 18:48:30 GMT+03:00, Erick Perez - Quadrian Enterprises < > epe...@quadrianweb.com> написа: > >It was found that the software NIC team created in Centos was having > >issues due to a failing network cable. The team was going berserk with > >up/down changes. > > > > > >On Fri, Jul 3, 2020 at 10:12 AM Erick Perez - Quadrian Enterprises < > >epe...@quadrianweb.com> wrote: > > > >> Hey! > >> I have a strange condition in one of the servers that I don't where > >to > >> start looking. > >> I login to the server via SSH (cant doit any other way) and anything > >that > >> I type is slow > >> HTTP sessions timeout waiting for screen redraw. So, the server is > >acting > >> "slow". > >> > >> server is bare metal. no virtual services. > >> no alarms in the disk raid > >> > >> note: server was restarted because of power failure. > >> > >> Some outputs from this server that is a mail server: > >> [root@correo ~]# top > >> top - 09:54:43 up 23:51, 2 users, load average: 0.18, 0.23, 0.28 > >> Tasks: 210 total, 1 running, 209 sleeping, 0 stopped, 0 zombie > >> %Cpu(s): 0.2 us, 0.1 sy, 0.0 ni, 99.8 id, 0.0 wa, 0.0 hi, 0.0 > >si, > >> 0.0 st > >> KiB Mem : 32606084 total, 25106412 free, 5932244 used, 1567428 > >buff/cache > >> KiB Swap: 16449532 total, 16449532 free,0 used. 26282624 > >avail Mem > >> > >> **iostat** > >> [root@correo ~]# iostat -y 5 > >> Linux 3.10.0-1062.12.1.el7.x86_64 (correo.binal.ac.pa) 07/03/2020 > >> _x86_64_(4 CPU) > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.050.000.050.050.00 99.85 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 0.00 0.00 0.00 0 > >0 > >> dm-0 0.00 0.00 0.00 0 > >0 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.050.000.050.050.00 99.85 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 21.40 0.00 169.60 0 > >848 > >> dm-0 21.40 0.00 169.60 0 > >848 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.600.000.050.450.00 98.90 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 1.2016.80 0.00 84 > >0 > >> dm-0 1.2016.80 0.00 84 > >0 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.050.000.000.050.00 99.90 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 8.00 0.00 100.20 0 > >501 > >> dm-0 9.00 0.00 100.20 0 > >501 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.450.000.350.050.00 99.15 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 1.00 0.80 3.20 4 > >16 > >> dm-0 1.00 0.80 3.20 4 > >16 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> > >> **dstop** > >> [root@correo ~]# dstat -cd --disk-util --disk-tps > >> total-cpu-usage -dsk/total- sda- -dsk/total- > >> usr sys idl wai hiq siq| read writ|util|reads writs > >> 1 0 99 0 0 0|
Re: [CentOS] Slow terminal response Centos 7.7 1908
It was found that the software NIC team created in Centos was having issues due to a failing network cable. The team was going berserk with up/down changes. On Fri, Jul 3, 2020 at 10:12 AM Erick Perez - Quadrian Enterprises < epe...@quadrianweb.com> wrote: > Hey! > I have a strange condition in one of the servers that I don't where to > start looking. > I login to the server via SSH (cant doit any other way) and anything that > I type is slow > HTTP sessions timeout waiting for screen redraw. So, the server is acting > "slow". > > server is bare metal. no virtual services. > no alarms in the disk raid > > note: server was restarted because of power failure. > > Some outputs from this server that is a mail server: > [root@correo ~]# top > top - 09:54:43 up 23:51, 2 users, load average: 0.18, 0.23, 0.28 > Tasks: 210 total, 1 running, 209 sleeping, 0 stopped, 0 zombie > %Cpu(s): 0.2 us, 0.1 sy, 0.0 ni, 99.8 id, 0.0 wa, 0.0 hi, 0.0 si, > 0.0 st > KiB Mem : 32606084 total, 25106412 free, 5932244 used, 1567428 buff/cache > KiB Swap: 16449532 total, 16449532 free,0 used. 26282624 avail Mem > > **iostat** > [root@correo ~]# iostat -y 5 > Linux 3.10.0-1062.12.1.el7.x86_64 (correo.binal.ac.pa) 07/03/2020 > _x86_64_(4 CPU) > > avg-cpu: %user %nice %system %iowait %steal %idle >0.050.000.050.050.00 99.85 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 0.00 0.00 0.00 0 0 > dm-0 0.00 0.00 0.00 0 0 > dm-1 0.00 0.00 0.00 0 0 > > avg-cpu: %user %nice %system %iowait %steal %idle >0.050.000.050.050.00 99.85 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 21.40 0.00 169.60 0848 > dm-0 21.40 0.00 169.60 0848 > dm-1 0.00 0.00 0.00 0 0 > > avg-cpu: %user %nice %system %iowait %steal %idle >0.600.000.050.450.00 98.90 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 1.2016.80 0.00 84 0 > dm-0 1.2016.80 0.00 84 0 > dm-1 0.00 0.00 0.00 0 0 > > avg-cpu: %user %nice %system %iowait %steal %idle >0.050.000.000.050.00 99.90 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 8.00 0.00 100.20 0501 > dm-0 9.00 0.00 100.20 0501 > dm-1 0.00 0.00 0.00 0 0 > > avg-cpu: %user %nice %system %iowait %steal %idle >0.450.000.350.050.00 99.15 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 1.00 0.80 3.20 4 16 > dm-0 1.00 0.80 3.20 4 16 > dm-1 0.00 0.00 0.00 0 0 > > > **dstop** > [root@correo ~]# dstat -cd --disk-util --disk-tps > total-cpu-usage -dsk/total- sda- -dsk/total- > usr sys idl wai hiq siq| read writ|util|reads writs > 1 0 99 0 0 0| 20k 17k|0.14| 1 1 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 4 0 84 11 0 0|2512k 228k|52.3| 123 2 > 31 4 58 7 0 0|1912k 1026k|38.1| 13223 > 0 0 99 0 0 0| 0 0 | 0| 0 0 > 1 0 99 1 0 0|4096B 3819k|22.5| 1 270 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 13 1 83 4 0 0| 148k 2304k|15.3| 18 214 > 1 0 98 1 0 0| 140k 499k|9.70| 14 8 > 26 5 69 0 0 0| 0 1260k|1.30| 046 > 56 7 38 0 0 0| 0 204k|0.30| 012 > 14 11 75 0 0 0| 0 0 | 0| 0 0 > 22 10 68 0 0 0| 0 0 | 0| 0 0 > 16 10 71 3 0 0| 192k 37k|14.0| 12 2 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 152k| 0| 0 2 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 1 1 98 1 0 0| 16k 2569k|14.8| 1 207 &g
[CentOS] Slow terminal response Centos 7.7 1908
Hey! I have a strange condition in one of the servers that I don't where to start looking. I login to the server via SSH (cant doit any other way) and anything that I type is slow HTTP sessions timeout waiting for screen redraw. So, the server is acting "slow". server is bare metal. no virtual services. no alarms in the disk raid note: server was restarted because of power failure. Some outputs from this server that is a mail server: [root@correo ~]# top top - 09:54:43 up 23:51, 2 users, load average: 0.18, 0.23, 0.28 Tasks: 210 total, 1 running, 209 sleeping, 0 stopped, 0 zombie %Cpu(s): 0.2 us, 0.1 sy, 0.0 ni, 99.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem : 32606084 total, 25106412 free, 5932244 used, 1567428 buff/cache KiB Swap: 16449532 total, 16449532 free,0 used. 26282624 avail Mem **iostat** [root@correo ~]# iostat -y 5 Linux 3.10.0-1062.12.1.el7.x86_64 (correo.binal.ac.pa) 07/03/2020 _x86_64_(4 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.050.000.050.050.00 99.85 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 0.00 0.00 0.00 0 0 dm-0 0.00 0.00 0.00 0 0 dm-1 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.050.000.050.050.00 99.85 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 21.40 0.00 169.60 0848 dm-0 21.40 0.00 169.60 0848 dm-1 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.600.000.050.450.00 98.90 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 1.2016.80 0.00 84 0 dm-0 1.2016.80 0.00 84 0 dm-1 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.050.000.000.050.00 99.90 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 8.00 0.00 100.20 0501 dm-0 9.00 0.00 100.20 0501 dm-1 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.450.000.350.050.00 99.15 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 1.00 0.80 3.20 4 16 dm-0 1.00 0.80 3.20 4 16 dm-1 0.00 0.00 0.00 0 0 **dstop** [root@correo ~]# dstat -cd --disk-util --disk-tps total-cpu-usage -dsk/total- sda- -dsk/total- usr sys idl wai hiq siq| read writ|util|reads writs 1 0 99 0 0 0| 20k 17k|0.14| 1 1 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 4 0 84 11 0 0|2512k 228k|52.3| 123 2 31 4 58 7 0 0|1912k 1026k|38.1| 13223 0 0 99 0 0 0| 0 0 | 0| 0 0 1 0 99 1 0 0|4096B 3819k|22.5| 1 270 0 0 100 0 0 0| 0 0 | 0| 0 0 13 1 83 4 0 0| 148k 2304k|15.3| 18 214 1 0 98 1 0 0| 140k 499k|9.70| 14 8 26 5 69 0 0 0| 0 1260k|1.30| 046 56 7 38 0 0 0| 0 204k|0.30| 012 14 11 75 0 0 0| 0 0 | 0| 0 0 22 10 68 0 0 0| 0 0 | 0| 0 0 16 10 71 3 0 0| 192k 37k|14.0| 12 2 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 152k| 0| 0 2 0 0 100 0 0 0| 0 0 | 0| 0 0 1 1 98 1 0 0| 16k 2569k|14.8| 1 207 1 1 98 0 0 0|4096B0 |1.10| 1 0 1 0 99 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 600k|1.30| 051 2 0 98 0 0 0| 0 0 | 0| 0 0 4 0 96 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 -- ----- Erick Perez - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewall questions
Please take a look at https://www.wireguard.com/quickstart/ we now reduced the attack vector to only the things offered to the public (https, smtp tls and imaps/s) On Sun, Jun 21, 2020 at 3:58 PM Pete Biggs wrote: > On Sun, 2020-06-21 at 16:47 -0400, mailist wrote: > > On 2020-06-21 15:33, Chuck Campbell wrote: > > > I'm running Centos 7.8.2003, with firewalld. > > > > > > I was getting huge numbers of ssh attempts per day from a few specific > > > ip blocks. > > > > If you can control the ssh clients, switch your port number to a > > non-standard > > port. Pick one in /etc/services that does not seem to be allocated. > > Then change > > "Port" in ssh_config and sshd_config; If other clients are being used > > (like Putty), > > it is easy to change it there. > > > > We used to get at least 50 probes per day on port 22. Now we get zero. > > > I used this technique for a number of years - then it got leaked to the > script kiddies the port that was used. We don't have anything > particularly valuable that they were looking for (I don't think!), but > there are lists of subnets & ports out there that the kiddies use so > once one found it, the flood gates opened. SSH is now protected behind > a VPN. > > It's a valid thing to do and makes things much saner, but don't assume > it is a forever solution and don't use it as an excuse to reduce other > protections you may have. > > P. > > > _______ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LUKS layer / best practice
Also, if you want to use deduplication (via VDO) then you must remember to "dedupe then encrypt" Storage > LUKS > VDO > LVM old but good reference to: https://access.redhat.com/articles/2106521 On Tue, Jun 16, 2020 at 3:00 PM Jason Edgecombe wrote: > > I recommend having LUKS be "under" LVM. the layers would be: > /dev/sda -> partition (/dev/sda1) -> LUKS (/dev/sda1_crypt) -> LVM physical > volume -> volume group -> logical volume -> filesystem > > The layers described above are how the Ubuntu installer sets up an > encrypted LVM filesystem. As far as I know, TRIM is passed through LUKS and > the LVM layers if it's available in the hardware. > > Sincerely, > Jason > > --- > Jason Edgecombe | Linux Administrator > UNC Charlotte | The William States Lee College of Engineering > 9201 University City Blvd. | Charlotte, NC 28223-0001 > Phone: 704-687-1943 > jwedg...@uncc.edu | http://engr.uncc.edu | Facebook > --- > If you are not the intended recipient of this transmission or a person > responsible for delivering it to the intended recipient, any disclosure, > copying, distribution, or other use of any of the information in this > transmission is strictly prohibited. If you have received this transmission > in error, please notify me immediately by reply e-mail or by telephone at > 704-687-1943. Thank you. > > > On Tue, Jun 16, 2020 at 1:42 PM Leon Fauster via CentOS > wrote: > > > Hi all, > > > > with regard to LUKS; should it placed before LVM or after? Any > > recommendations? TRIM command fully supported through all layers etc? > > > > -- > > Leon > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Jitsi Meet on CentOS 7 ?
Hi, see my answers below. On Tue, May 12, 2020 at 7:41 PM H wrote: > On 05/05/2020 04:43 AM, Erick Perez - Quadrian Enterprises wrote: > > Benson, no SELINUX was not enabled. The instance was selected without it > > just to make things easier. > > I do not have a pull request for the installation manual yet. > > > > On Tue, May 5, 2020 at 1:21 AM Benson Muite > > wrote: > > > >> On Mon, May 4, 2020, at 10:38 PM, Erick Perez - Quadrian Enterprises > wrote: > >>> Hi Centos friends. > >>> I had some time to write a spartan tutorial on running the latest > stable > >>> Jitsi Video Bridge and Jitsi Meet and Centos 7.7. > >>> I wrote it while testing it so this WORKS and I am currently using it > for > >>> fun with the kids. > >>> > >>> I do have the server currently running but blocked by my firewall. I am > >>> willing to allow a few of the people such a Kovacs and others to > connect > >> to > >>> my Jitsi server to test usability. But this is a 1CPU/2GBRAM VM in > >> vultr.com > >>> so we cannot expect premium video quality and maybe no more than 10 > >> people > >>> at the same time. > >>> > >>> Do note that in order to provide access, I need an IP and will open the > >>> server to connect from that IP. > >>> > >>> My Wordpress template is not the best so sorry for the formatting. I > Will > >>> work on that tomorrow. > >>> > >>> here is the tutorial > >>> https://www.nubeinterna.com/2020/05/03/centos-7-7-and-jitsi/ > >>> > >>> hope it helps. > >>> > >>> > >>> > >> Awesome will test it out. Was SE-Linux enabled? Default on Vultr is > >> usually disabled? Do you have a pull request open in Jitsi Github for > the > >> installation manual ( > >> https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md)? > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > > I started looking at installing Jitsi on my hosted CentOS 7 server and > have a few questions after reading your tutorial: > > - Why are you disabling IPv6? Is this required? > I do not need IPv6. It is not needed to disable it. I just wanted to make > it simpler. > > - I already have Apache running, should I install nginx in addition to > Apache? > No. You can adapt the rules to apache. > > - Where do I add the required Jitsi DNS entries? > in your domain dns provider such as GoDady, AWS, Azure,etc. > > Thank you. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Jitsi Meet on CentOS 7 ?
Benson, no SELINUX was not enabled. The instance was selected without it just to make things easier. I do not have a pull request for the installation manual yet. On Tue, May 5, 2020 at 1:21 AM Benson Muite wrote: > > On Mon, May 4, 2020, at 10:38 PM, Erick Perez - Quadrian Enterprises wrote: > > Hi Centos friends. > > I had some time to write a spartan tutorial on running the latest stable > > Jitsi Video Bridge and Jitsi Meet and Centos 7.7. > > I wrote it while testing it so this WORKS and I am currently using it for > > fun with the kids. > > > > I do have the server currently running but blocked by my firewall. I am > > willing to allow a few of the people such a Kovacs and others to connect > to > > my Jitsi server to test usability. But this is a 1CPU/2GBRAM VM in > vultr.com > > so we cannot expect premium video quality and maybe no more than 10 > people > > at the same time. > > > > Do note that in order to provide access, I need an IP and will open the > > server to connect from that IP. > > > > My Wordpress template is not the best so sorry for the formatting. I Will > > work on that tomorrow. > > > > here is the tutorial > > https://www.nubeinterna.com/2020/05/03/centos-7-7-and-jitsi/ > > > > hope it helps. > > > > > > > Awesome will test it out. Was SE-Linux enabled? Default on Vultr is > usually disabled? Do you have a pull request open in Jitsi Github for the > installation manual ( > https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md)? > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Jitsi Meet on CentOS 7 ?
Hi Centos friends. I had some time to write a spartan tutorial on running the latest stable Jitsi Video Bridge and Jitsi Meet and Centos 7.7. I wrote it while testing it so this WORKS and I am currently using it for fun with the kids. I do have the server currently running but blocked by my firewall. I am willing to allow a few of the people such a Kovacs and others to connect to my Jitsi server to test usability. But this is a 1CPU/2GBRAM VM in vultr.com so we cannot expect premium video quality and maybe no more than 10 people at the same time. Do note that in order to provide access, I need an IP and will open the server to connect from that IP. My Wordpress template is not the best so sorry for the formatting. I Will work on that tomorrow. here is the tutorial https://www.nubeinterna.com/2020/05/03/centos-7-7-and-jitsi/ hope it helps. On Sun, May 3, 2020 at 12:11 PM Nicolas Kovacs wrote: > Le 03/05/2020 à 18:07, H a écrit : > > I am also interested in installing Jitsi server on CentOS 7, as well as > > running the desktop app on C7. > > According to the Jitsi developers, you shouldn't even use that and prefer > using > a browser. > > Though I'd take that information with a grain of salt, because the > developer I > talked to yesterday on IRC called my browser (Firefox 68.7.0 ESR) > "hopelessly > obsolete". > > Have you ever tried to explain concepts like long term support and > Enterprise > Linux to a 20 year old Arch user ? > > Here in France we call that "pissing in a violin". :o) > > Cheers, > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > Mob. : 06 51 80 12 12 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding VDO vs ZFS
Strahil, I am using about 1012MB for the first ISO. I believe it's because of compression. From there vdostats --hu reports 5.0G usage and 12% in percentage. With savings of 89% for original + 9 copies of the same ISO. On Sun, May 3, 2020 at 1:17 AM Strahil Nikolov wrote: > On May 3, 2020 8:33:33 AM GMT+03:00, Erick Perez - Quadrian Enterprises < > epe...@quadrianweb.com> wrote: > >sorry corrections: > >For this test I created a 40GB lvm volume group with /dev/sdb and > >/dev/sdc > >then a 40GB LV > >then a 60GB VDO vol (for testing purposes) > > > >vdostats --verbose /dev/mapper/vdoas | grep -B6 'saving percent' > >output from just created vdoas > > > >[root@localhost ~]# vdostats --verbose /dev/mapper/vdoas | grep -B6 > >'saving > >percent' > >physical blocks : 10483712 > > logical blocks : 15728640 > > 1K-blocks : 41934848 > > 1K-blocks used : 4212024 > > 1K-blocks available : 37722824 > > used percent: 10 > > saving percent : 99 > >[root@localhost ~]# > > > >FIRST copy CentOS-7-x86_64-Minimal-2003.iso (1.1G) to vdoas from source > >outside vdo volume > >[root@localhost ~]# vdostats --verbose /dev/mapper/vdoas | grep -B6 > >'saving > >percent' > > 1K-blocks used : 4721348 > > 1K-blocks available : 37213500 > > used percent: 11 > > saving percent : 9 > > > >SECOND copy CentOS-7-x86_64-Minimal-2003.iso (1.1G) to vdoas form > >source > >outside vdo volume > >#cp /root/CentOS-7-x86_64-Minimal-2003.iso > >/mnt/vdomounts/CentOS-7-x86_64-Minimal-2003-version2.iso > > 1K-blocks used : 5239012 > > 1K-blocks available : 36695836 > > used percent: 12 > > saving percent : 52 > > > >THIRD copy CentOS-7-x86_64-Minimal-2003.iso (1.1G) to > >vdoas form inside vdo volume to inside vdo volume > > 1K-blocks used : 5248060 > > 1K-blocks available : 36686788 > > used percent: 12 > > saving percent : 67 > > > >Then I did this a total of 9 more times to have 10 ISOs copied. Total > >data > >copied 10.6GB. > > > > > >Do note this: > >When using DF, it will show the VDO size, in my case 60G > >when using vdostats it will show the size of the LV, in my case 40G > >Remeber dedupe AND compression are enabled. > > > >The df -hT output shows the logical space occupied by these iso files > >as > >seen by the filesystem on the VDO volume. > >Since VDO manages a logical to physical block map, df sees logical > >space > >consumed according to the file system that resides on top of the VDO > >volume. > >vdostats --hu is viewing the physical block device as managed by VDO. > >Physically a single .ISO image is residing on the disk, but logically > >the > >file system thinks there are 10 copies, occupying 10.6GB. > > > >So at the end I have 10 .ISOs of 1086 1MB blocks (total 10860 1MB > >blocks) > >that yield these results: > > 1K-blocks used : 5248212 > > 1K-blocks available : 36686636 > > used percent: 12 > > saving percent : 89 > > > >So at the end it is using 5248212 1K blocks minus 4212024 initial > >used 1K > >blocks, gives (5248212 - 4212024) = 1036188 1K blocks / 1024 = about > >1012MB > >total. > > > >Hope this helps understanding where the space goes. > > > >BTW: Testing system is CentOS Linux release 7.8.2003 stock. with only > >"yum > >install vdo kmod-kvdo" > > > >History of commands: > >[root@localhost vdomounts]# history > >2 pvcreate /dev/sdb > >3 pvcreate /dev/sdc > >8 vgcreate -v -A y vgvol01 /dev/sdb /dev/sdc > >9 vgdisplay > > 13 lvcreate -l 100%FREE -n lvvdo01 vgvol01 > > 14 yum install vdo kmod-kvdo > > 18 vdo create --name=vdoas --device=/dev/vgvol01/lvvdo01 > >--vdoLogicalSize=60G --writePolicy=async > > 19 mkfs.xfs -K /dev/mapper/vdoas > > 20 ls /mnt > > 21 mkdir /mnt/vdomounts > > 22 mount /dev/mapper/vdoas /mnt//vdomounts/ > > 26 vdostats --verbose /dev/mapper/vdoas | grep -B6 'saving percent' > > 28 cp /root/CentOS-7-x
Re: [CentOS] Understanding VDO vs ZFS
--hu 60 vdostats 61 vdostats --verbose /dev/mapper/vdoas | grep -B6 'saving percent' 62 cat /etc/centos-release 63 history [root@localhost vdomounts]# On Sat, May 2, 2020 at 10:07 PM Erick Perez - Quadrian Enterprises < epe...@quadrianweb.com> wrote: > My two cents: > 1- Do you have an encrypted filesystem on top of VDO? If yes, you will see > no benefit from dedupe. > 2- can you post the stats of vdostats –verbose /dev/mapper/x (replace > with your device) > > you can do something like: "vdostats -verbose /dev/mapper/ | grep > -B6 'save percentage' > > > > > On Sat, May 2, 2020 at 9:54 PM david wrote: > >> Folks >> >> I'm looking for a solution for backups because ZFS has failed on me >> too many times. In my environment, I have a large amount of data >> (around 2tb) that I periodically back up. I keep the last 5 >> "snapshots". I use rsync so that when I overwrite the oldest backup, >> most of the data is already there and the backup completes quickly, >> because only a small number of files have actually changed. >> >> Because of this low change rate, I have used ZFS with its >> deduplication feature to store the data. I started using a Centos-6 >> installation, and upgraded years ago to Centos7. Centos 8 is on my >> agenda. However, I've had several data-loss events with ZFS where >> because of a combination of errors and/or mistakes, the entire store >> was lost. I've also noticed that ZFS is maintained separately from >> Centos. At this moment, the Centos 8 update causes ZFS to >> fail. Looking for an alternate, I'm trying VDO. >> >> In the VDO installation, I created a logical volume containing two >> hard-drives, and defined VDO on top of that logical volume. It >> appears to be running, yet I find the deduplication numbers don't >> pass the smell test. I would expect that if the logical volume >> contains three copies of essentially identical data, I should see >> deduplication numbers close to 3.00, but instead I'm seeing numbers >> like 1.15. I compute the compression number as follows: >> Use df and extract the value for "1k blocks used" from the third column >> use vdostats --verbose and extract the number titled "1K-blocks used" >> >> Divide the first by the second. >> >> Can you provide any advice on my use of ZFS or VDO without telling me >> that I should be doing backups differently? >> >> Thanks >> >> David >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > > -- > > - > Erick Perez > > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding VDO vs ZFS
My two cents: 1- Do you have an encrypted filesystem on top of VDO? If yes, you will see no benefit from dedupe. 2- can you post the stats of vdostats –verbose /dev/mapper/x (replace with your device) you can do something like: "vdostats -verbose /dev/mapper/ | grep -B6 'save percentage' On Sat, May 2, 2020 at 9:54 PM david wrote: > Folks > > I'm looking for a solution for backups because ZFS has failed on me > too many times. In my environment, I have a large amount of data > (around 2tb) that I periodically back up. I keep the last 5 > "snapshots". I use rsync so that when I overwrite the oldest backup, > most of the data is already there and the backup completes quickly, > because only a small number of files have actually changed. > > Because of this low change rate, I have used ZFS with its > deduplication feature to store the data. I started using a Centos-6 > installation, and upgraded years ago to Centos7. Centos 8 is on my > agenda. However, I've had several data-loss events with ZFS where > because of a combination of errors and/or mistakes, the entire store > was lost. I've also noticed that ZFS is maintained separately from > Centos. At this moment, the Centos 8 update causes ZFS to > fail. Looking for an alternate, I'm trying VDO. > > In the VDO installation, I created a logical volume containing two > hard-drives, and defined VDO on top of that logical volume. It > appears to be running, yet I find the deduplication numbers don't > pass the smell test. I would expect that if the logical volume > contains three copies of essentially identical data, I should see > deduplication numbers close to 3.00, but instead I'm seeing numbers > like 1.15. I compute the compression number as follows: > Use df and extract the value for "1k blocks used" from the third column > use vdostats --verbose and extract the number titled "1K-blocks used" > > Divide the first by the second. > > Can you provide any advice on my use of ZFS or VDO without telling me > that I should be doing backups differently? > > Thanks > > David > > _______ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 on USB disk
That happened to me several times My USB was "burned" and never displayed new data copied to it. By "burned" I mean the flash drive was faulty up to a point where it always showed a phantom image of what WAS in the pen drive. But YMMV On Wed, Jan 29, 2020, 11:56 AM J Martin Rushton via CentOS < centos@centos.org> wrote: > What's your dd command? Are you sure you are writing to the raw disk > and not inside a partition? > > On 29/01/2020 16:30, Jerry Geis wrote: > > Well after a closer look - Seems like the OLD 8.0 iso image is still on > the > > USB. Not the new 8.1 > > > > I have tried to redo the dd command to copy the 8.1 iso - I get no > errors - > > but it still comes up with the 8.0 > > I then tried to remove the partitions, save and recopy. still same old > boot > > menu. > > > > Is there a trick to write over the UEFI stuff ? > > > > Jerry > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > -- > J Martin Rushton MBCS > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM Random Reboots AMD EPYC Server
I had issues with Supermicro and EPYC in the past year and it was isolated to a faulty 16GB ECC RAM module and the error was just showing in the log of the super micro web-based BMC and nowhere else. The fault was neither Supermicro nor AMD. The brand of the ECC module was Samsung.it failed after 1 year of use. the bad batch I assume because the other 25 pieces of ECC RAM from Samsung that we use in the other servers have no issue. The behavior was that randomly, the server suddenly rebooted with no message at all at Centos level. I realize that the BMC error log is far (very very far) from perfect but perhaps the error is in a strange message lying there. Hope this helps On Wed, Jan 1, 2020 at 10:09 AM Simon Matter via CentOS wrote: > > our new Server with AMD EPYC and super micro board reboots ramdonly. > > There is no error message before the reboot in /var/log/messages. > > Anything in the hardware logs of the server like memory error or so? Any > watchdog on the servers acting bad? > We run CentOS 7 and KVM on AMD Opteron and AMD EPYC servers without issues. > > Regards, > Simon > > > > > we are running 2 Server with VMWare workstation without any problem. > > > > The new server should run KVM. > > > > older servers with AMD (before EPYC) running KVM without any problem. > > > > any idea or recommendation? > > > > -- > > Viele Grüße > > Helmut Drodofsky > > > > Internet XS Service GmbH > > Heßbrühlstraße 15 > > 70565 Stuttgart > > > > Geschäftsführung > > Helmut Drodofsky > > HRB 21091 Stuttgart > > USt.ID: DE190582774 > > Fon: 0711 781941 0 > > Fax: 0711 781941 79 > > Mail: i...@internet-xs.de > > www.internet-xs.de > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Fixed It turns out that the gnutls library installed on the system was somehow damaged. It took the installation of gnutls-cli to list supperted protocols and ciphers. I had to yum reinstall gnutls to fix it. Now the ssl.conf has: [Service] Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, (NONE), Cipher is (NONE) Protocol : TLSv1.1 Cipher: [root@cockpit ~]# Thanks It was a pleasure working with you and it was a great learning experience! On Fri, Dec 27, 2019 at 6:43 PM Erick Perez - Quadrian Enterprises wrote: > > Sure did! > I am even playing with different options (including NONE) and it seems > to ignore the contents of ssl.conf > > I have tried > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA > Environment=G_TLS_GNUTLS_PRIORITY=PFS > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0: > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0 > Environment=G_TLS_GNUTLS_PRIORITY=SECURE192:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2 > > And my last one: > Environment=G_TLS_GNUTLS_PRIORITY=NONE:+SECURE128:-VERS-ALL:-SHA384:-SHA256 > systemctl daemon-reload > systemctl restart cockpit > > [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 > -tls1_1 2>&1 | grep -e Protocol -e Cipher > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA > Protocol : TLSv1.1 > Cipher: ECDHE-RSA-AES256-SHA > > > [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 > -tls1_2 2>&1 | grep -e Protocol -e Cipher > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > Protocol : TLSv1.2 > Cipher: ECDHE-RSA-AES256-GCM-SHA384 > [root@cockpit ~]# > > It is my understanding that -VERS-ALL will disable TLS at all and > produce no output from the above tests. This does not seem to be the > case. > Also, If I did -SHA384 and -SHA256 then why the cipher in TLS1_2 test > is ECDHE-RSA-AES256-GCM-SHA384 > > It seems it is completely ignoring the Environment variable. > > > On Fri, Dec 27, 2019 at 5:18 PM Jonathan Billings wrote: > > > > On Dec 27, 2019, at 16:28, Erick Perez - Quadrian Enterprises > > wrote: > > > > > > [root@cockpit ~]# cat /etc/systemd/system/cockpit.service.d/ssl.conf > > > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > > > > > [root@cockpit ~]# > > > [root@cockpit ~]# systemctl start cockpit > > > [root@cockpit ~]# systemctl status cockpit -l > > > > Did you run: > > > > # systemctl daemon-reload > > > > ... before starting cockpit? > > > > -- > > Jonathan Billings > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > -- > > - > Erick Perez > Quadrian Enterprises S.A. - Panama, Republica de Panama > Skype chat: eaperezh > WhatsApp IM: +507-6675-5083 > - -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Sure did! I am even playing with different options (including NONE) and it seems to ignore the contents of ssl.conf I have tried Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA Environment=G_TLS_GNUTLS_PRIORITY=PFS Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0: Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0 Environment=G_TLS_GNUTLS_PRIORITY=SECURE192:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2 And my last one: Environment=G_TLS_GNUTLS_PRIORITY=NONE:+SECURE128:-VERS-ALL:-SHA384:-SHA256 systemctl daemon-reload systemctl restart cockpit [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Protocol : TLSv1.1 Cipher: ECDHE-RSA-AES256-SHA [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_2 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 [root@cockpit ~]# It is my understanding that -VERS-ALL will disable TLS at all and produce no output from the above tests. This does not seem to be the case. Also, If I did -SHA384 and -SHA256 then why the cipher in TLS1_2 test is ECDHE-RSA-AES256-GCM-SHA384 It seems it is completely ignoring the Environment variable. On Fri, Dec 27, 2019 at 5:18 PM Jonathan Billings wrote: > > On Dec 27, 2019, at 16:28, Erick Perez - Quadrian Enterprises > wrote: > > > > [root@cockpit ~]# cat /etc/systemd/system/cockpit.service.d/ssl.conf > > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > > > [root@cockpit ~]# > > [root@cockpit ~]# systemctl start cockpit > > [root@cockpit ~]# systemctl status cockpit -l > > Did you run: > > # systemctl daemon-reload > > ... before starting cockpit? > > -- > Jonathan Billings > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Thanks, Randal for the response. But it did not work. Here the results: #yum info cockpit Name: cockpit Arch: x86_64 Version : 195.1 Release : 1.el7.centos.0.1 Size: 51 k Repo: installed From repo : extras Summary : Web Console for Linux servers URL : https://cockpit-project.org/ License : LGPLv2+ [root@cockpit ~]# cat /etc/systemd/system/cockpit.service.d/ssl.conf Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 [root@cockpit ~]# [root@cockpit ~]# systemctl start cockpit [root@cockpit ~]# systemctl status cockpit -l ● cockpit.service - Cockpit Web Service Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static; vendor preset: disabled) Drop-In: /etc/systemd/system/cockpit.service.d └─ssl.conf Active: active (running) since Fri 2019-12-27 16:23:21 EST; 1min 25s ago Docs: man:cockpit-ws(8) Process: 3564 ExecStartPre=/usr/sbin/remotectl certificate --ensure --user=root --group=cockpit-ws --selinux-type=etc_t (code=exited, status=0/SUCCESS) Main PID: 3573 (cockpit-ws) CGroup: /system.slice/cockpit.service └─3573 /usr/libexec/cockpit-ws Dec 27 16:23:21 cockpit.localdomain systemd[1]: Starting Cockpit Web Service... Dec 27 16:23:21 cockpit.localdomain systemd[1]: Started Cockpit Web Service. Dec 27 16:23:21 cockpit.localdomain cockpit-ws[3573]: Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert Dec 27 16:23:30 cockpit.localdomain cockpit-ws[3573]: received invalid HTTP request line [root@cockpit ~]# [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Protocol : TLSv1.1 Cipher: ECDHE-RSA-AES256-SHA On Fri, Dec 27, 2019 at 10:09 AM Randal, Phil wrote: > > Oops, excuse my typo > > Create /etc/systemd/system/cockpit.service.d/ssl.conf containing > > [Service] > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > Then > > systemctl daemon-reload > systemctl restart cockpit > > To verify that TLS 1.1 is disabled, > > echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e > Protocol -e Cipher > > The expected result is: > > New, (NONE), Cipher is (NONE) > Protocol : TLSv1.1 > Cipher: > > Cheers, > > Phil > > -Original Message- > From: Randal, Phil > Sent: 27 December 2019 15:04 > To: 'CentOS mailing list' > Subject: RE: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit > > Try creating /etc/system/system/cockpit.service.d/ssl.conf and putting this > in it: > > [Service] > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > Then > > systemctl daemon-reload > systemctl restart cockpit > > Cheers, > > Phil > > > -Original Message- > From: CentOS On Behalf Of Erick Perez - Quadrian > Enterprises > Sent: 27 December 2019 03:26 > To: centos@centos.org > Subject: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit > > CAUTION: This email originated from outside of the organisation. Do not click > links or open attachments unless you recognise the sender and know the > content is safe. > > Hi, I'm using cockpit in standard port 9090 in a Centos 7 system. > Due to a suggestion from management, they want TLS 1.1 disabled system-wide > in all Linux boxes and TLS 1.2 enabled. > > I have not found proper documentation on how to disable it for cockpit > (version 195.1 ships with Centos 7) > > So far I have tried (https://cockpit-project.org/guide/149/https.html): > > /usr/lib/systemd/system/cockpit.service > [Service] > Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 > > And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf > and added: > [Service] > Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 > > after that, I systemctl restart cockpit > > But if I do > #openssl s_client -connect localhost:9090 -tls1_1 I get a proper response (a > certificate), so TLS 1.1 is being accepted. > > Suggestions? > > Thanks. > > -- > > - > Erick Perez > - > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Hoople Ltd, Registered in England and Wales No. 7556595 > Registered office: Plough Lane, Hereford, HR4 0LE > > "Any opinion expressed in this e-mail or any attached files are those of the > individual and not necessarily those of Hoople Ltd. You should be aware that > Hoople Ltd. monitors its email service. This e-mail and any attached files > are c
[CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Hi, I'm using cockpit in standard port 9090 in a Centos 7 system. Due to a suggestion from management, they want TLS 1.1 disabled system-wide in all Linux boxes and TLS 1.2 enabled. I have not found proper documentation on how to disable it for cockpit (version 195.1 ships with Centos 7) So far I have tried (https://cockpit-project.org/guide/149/https.html): /usr/lib/systemd/system/cockpit.service [Service] Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf and added: [Service] Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 after that, I systemctl restart cockpit But if I do #openssl s_client -connect localhost:9090 -tls1_1 I get a proper response (a certificate), so TLS 1.1 is being accepted. Suggestions? Thanks. -- - Erick Perez - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Place to run script command for all user/sessions
Hi all, I would like to record user commands in terminal mode for remote supporters. I currently do that with the command "script - make typescript of terminal session". So far so good as long as I run a combo os screen/script at the command prompt, allow remote worker to control screen session and then at the end I do ctrl-d to save the script session. This however do not work (or at least is not practical) when I want to allow someone to login via SSH directly and unattended. What will be the place to insert "script" in order to call it for each login/logoff and sudo executions? As an alternative for my fellow coworkers I have setup a Windows 10 PC with putty and Teamviewer/AnyDesk on it. Remote supporters go into the Teamviewer/AnyDesk pc and then SSH using putty into the specified Linux box. Putty is setup as to record the entire session automatically. Linux boxes dont have GUI. Linux Boxes are Centos 7 x64 and only 3 are Centos 8 x64. Thanks for your comments. -- ----- Erick Perez - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C8: Wayland Session / Cut and Paste
I am going to check on that as well because I'm using Fedora 31/wayland as desktop and I experienced the same behavior On Thu, Nov 7, 2019, 3:13 PM Leon Fauster via CentOS wrote: > Is this the normal behavior now? Cutting text in gedit and pasting it > into the terminal needs that the source application stays running? > > -- > Leon > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] UEFI booting
On Thu, Sep 19, 2019 at 6:43 AM Jerry Geis wrote: > > I installed my first UEFI disk yesterday. Seemed to go fine. CentOS 7.6 > x86_64 > I then took that disk "out" of that machine and put it another machine - it > seems to not even boot. > I put the original disk back in that machine and it boots fine. > > I put the UEFI disk back in the machine I built it on and it works fine. > They are similar machines either and i3 and i7. > > Shouldn't that work? Build a UEFI disk on machine A - move it to machine B? > > Thanks > > Jerry > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Perhaps a silly question but 1- Does your new machine has EFI mode enabled on BIOS and not CSM? 2- is it at the same port/bay as the original one? 3- When do you say "not even boot" what do you mean? any messages on screen? past POST/BIOS/EFI does it gets to the linux bootloader? -- - Erick Perez ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] File server as host for a Windows Server VM?
I did that kind of in the past. Now I dont because I have plenty of resoruces available. But. So far you have not provided stats on server usage (cpu,ram) over a 24hour or 7 day 8am-5pm timeframe. So I will asume you have plenty of usage/performance to spare. I suggest you to -if possible- replicate the current server setup somewhere else and then install the KVM and dependencies via yum. That way you will spot potential problems if any library changes and its being used by samba. Unless using SSDs when creating the VM pleae do not use dynamic disk allocation. MS SQL may be very intensive and you are already sharing resources, lets not be the i/o intensity of the expanding disk one of them. remember SQL server is all about RAM, the more the merrier. is your partition aligned? - Erick Perez - On Sat, Sep 14, 2019 at 10:23 AM miguel medalha wrote: > > I hope that someone here can give some advice on the following: > > I have a Samba based Active Directory. A CentOS 7.6 machine runs as a > file server and hosts the Windows user profiles for all the Windows > workstations. > > Now management has decided that they need a Windows server for a couple > of administrative applications, which need MS SQL Server. That would be > the only role of this Windows. Since the above mentioned server has > enough resources (2x Quad Core Xeon 2.66 GHz with HT and 48 GB of RAM, a > dual port 10 Gb NIC) I thought of making it a host for a Windows virtual > machine using KVM. Given the resources and current setup we have, at the > moment it wouldn't be practical to implement both servers as VMs on top > of a bare metal hypervisor. > > According to your experience, is there any motive why I shouldn't use > such a setup? > > Thank you for any insights. > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS Server on Centos 7.6.1810 dying without reason
kernel: e820: BIOS-provided physical RAM map: ----- Erick Perez - On Fri, Aug 30, 2019 at 11:27 AM Erick Perez - Quadrian Enterprises wrote: > > Good morning, > in order to post proper documentation, what logs (or log level) do I > need to troubleshoot a Centos 7.6.1810 3.10.0-957.27.2.el7.x86_64 tha > tis running a NFS server on top LVM on top of XFS on top of VDO on top > of MDAM on a 6 SSD disk RAID6 ? > > This physical NFS server is servign 2 NFS v4.2 shares to 2 physical > KVM virtualization hosts. > > When remote NFS clients start doing intensive stuff (massive writes) , > the NFS server crashes and sometimes make the Linux server reboot. > > form KVM side this is all I get: hvm002 kernel: nfs: server 10.10.10.2 > not responding, timed out > > thanks > > - > Erick > - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] NFS Server on Centos 7.6.1810 dying without reason
Good morning, in order to post proper documentation, what logs (or log level) do I need to troubleshoot a Centos 7.6.1810 3.10.0-957.27.2.el7.x86_64 tha tis running a NFS server on top LVM on top of XFS on top of VDO on top of MDAM on a 6 SSD disk RAID6 ? This physical NFS server is servign 2 NFS v4.2 shares to 2 physical KVM virtualization hosts. When remote NFS clients start doing intensive stuff (massive writes) , the NFS server crashes and sometimes make the Linux server reboot. form KVM side this is all I get: hvm002 kernel: nfs: server 10.10.10.2 not responding, timed out thanks - Erick - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Virtualizing an existing Centos 5.x installation
Sorry for the late response. We got VMWARE converter from our local distributor and the conversion was actually quite fast. the raids were in hardware so no problems at all. Thanks Eugene, and thanks all. On Mon, Sep 7, 2009 at 8:06 PM, Eugene Vilensky evilen...@gmail.com wrote: VMware converter. In my environment, I have it root access over SSH, and it did it's thing with minimum fuss. For supported distributions, it's been wonderful. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Erick Perez Cel +(507) 6675-5083 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Virtualizing an existing Centos 5.x installation
Hi all, i want to virtualize an existing Centos 5.x machine (intel xeon, 64 bit OS, Qlogic HBA) into a vmware 3.X VM that will not be connected to the SAN (hence no need for the HBA drivers). So i googled a while and found this link: http://virtualaleph.blogspot.com/2007/05/virtualize-linux-server-with-vmware.html However the link is quite old and I wonder if anyone here has done such conversion for something like Centos 5.x/Redhat 5.x Thanks, -- Erick Perez Cel +(507) 6675-5083 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] connecting 2 servers using an FC card via iSCSI
Hi there, I have one server acting as a iscsi target running windows storage server r2 sp2 and the other server is running centos as an initiator. They are connected to a switch over a 1Gbit ethernet connection. the target is a Dell NF600 and the server running centos is a Poweredge R900. We want to move this configuration to a FC based installation using a Dell QLE2462 HBA (this is the hba we can get here). So, i would like to ask before i make a mistake. :) If I purchase an ethernet fiber switch and add a Dell QLE2462 HBA to both servers and connect the servers to this ethernet switch, will I be able to use this configuration as iscsi target/initiator? will i be able to add a new server (initiator) to this configuration? or the whole thing is totally impossible? -- Erick Perez Cel +(507) 6675-5083 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] connecting 2 servers using an FC card via iSCSI
Nate, Ross. Thanks for the information. I now understand the difference. Ross: I cant ditch MSSS since it is a government purchase, so I *must* use it until something breaks and budget is assigned and maybe in 2 years we can buy something else. the previous boss purchased this equipment and i guess an HP EVA, Netapp or some other sort of NAS/SAN equipment was better suited for the job...but go figure!. Nate: The whole idea is to use the MSSServer and connect serveral servers to it. it has 5 available slots so a bunch of cards can be placed there. I think (after reading your comments) that i can install 2 dual port 10gb netcards in the MSSS, configure it for jumbo frames (9k) and then put 10gb netcards on the servers that will connect to this MSSS and also enable 9k frames. All this of course, connected to a good 10gb switch with a good backplane. Im currently using 1Gb so switching to fiber at 1Gb will not provide a lot of gain. using IOMeter we saw that we will not incurr in IOWait due to slow hard disks. we just cant trash the MSSSsorry Ross. Erick Perez Cel +(507) 6675-5083 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: Suggestions for connecting a postfix to an sms box
Hi there, I would like to hear some hardware recomendations to connect our smtp server (postfix) to an external SMS box. Basically I am looking for a SMS box that takes messages via smtp and sends them via the SMS part. Has anyone here implemented a solution like this? I must use an in house sms box (GSM), I cannot use a service provider (such as internet smtp to sms providers). thanks, -- Erick Perez Cel +(507) 6675-5083 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: Managing change control in servers, LDAP, firewalls and switches question
Hi, being an off-topic questions with so many vendors involved I had no definitive place to go to ask but here. So maybe some of the list members have ideas in mind. Currently we manage several switches,firewalls and MS LDAP and Centos OpenLDAP installations. We are looking for a man in the middle or framework to manage change on our network devices and LDAP-based servers. So far, using Quest ActiveRoles/Intrust has filled the part of LDAP, where administrators log into ActiveRoles/Intrust system, generate changes (delete OU, users, change passwords, etc) then the request has to be approved by a staff member in Activeroles/intrust. When the approval is sent to the system, the ActiveRoles/Intrust (and not the sysadmin) logs into the LDAP systems and perform the changes. This has proven useful in tracking changes (who did what, when, who approved it). We are looking into a similar solution (Quest Software does not have that for devices) to perform change and control on the routers, switches and firewalls. Maybe someone can also point me to a mailing list where i can ask the same question? thanks, -- Erick Perez Cel +(507) 6675-5083 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: bash script for passwd and shadow manipulation
Hi, i need to extract some information from the /etc/passwd file to be used as a command input in a mail software. My /etc/passwd looks like: k.thomas:x:1918:100:Kimaura Thomas:/home/users/k.thomas:/bin/usersh My main issue here is that the fifth field contains spaces and spanish chars with accent. I currently do not posess the skill to understand how to use cut to extract all the field. So far, cut returns the name up to the space, so in this case it will return Kimaura and not Kimaura Thomas. Can you please point me to internet examples of tools (sed, awk, grep or cut) that will help me accomplish this, or maybe provide the code? And here is the code (not the best...im still learninng..) #!/bin/bash # Passwd to Zimbra import # This script modifies the displayName field in the Zimbra mailserver # This script will parse /etc/passwd and extracts field 1 and field 5 # field 1 is the username. # field 5 is the name in long format of the username # # domain=oj.gob.pa # file=zimbranames.file # x=0 # echo ''$file # # for linia in `cat /etc/passwd` # do #user=`echo $linia|cut -f1 -d:` #nombre=`echo $linia|cut -f5 -d:` #echo zmprov ma [EMAIL PROTECTED] displayName $nombre$file #x=$[x+1] # done # echo $x accounts exported to \$PWD/$file\ # sleep 5 Thanks in advance. -- Erick Perez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: bash script for passwd and shadow manipulation
You should be able to do this easily with awk. Look at the -F option for defining fields. The follow command line will pluck field 1 and field 5 from your example. $ echo k.thomas:x:1918:100:Kimaura Thomas:/home/users/k.thomas:/bin/usersh | awk -F : '{ print $1, $5 }' Or, in your script . . . user=echo $linea | awk -F : '{ print $1 }' nombre=echo $linea | awk -F : '{ print $5 }' . . . That's about as inelegant as it comes but it should be easy to understand. There is a fantastic (g)awk manual at http://www.gnu.org/software/gawk/manual/ presented in a number of formats. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos thanks Robert, If i do what you said for linia in `cat /etc/passwd` do user=echo $linea | awk -F : '{ print $1 }' nombre=echo $linea | awk -F : '{ print $5 }' echo the name is $nombre echo zmprov ma [EMAIL PROTECTED] displayName $nombre$file x=$[x+1] done then I have: the name is echo So it seems i have problems with quotes... either or ` goes somewhere now..on my way to reaad about escape sequences in echo. -- Erick Perez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: bash script for passwd and shadow manipulation
On Thu, Nov 27, 2008 at 2:37 PM, Stephen Harris [EMAIL PROTECTED] wrote: On Thu, Nov 27, 2008 at 01:56:11PM -0500, Erick Perez wrote: So far, cut returns the name up to the space, so in this case it will return Kimaura and not Kimaura Thomas. No, it doesn't. # for linia in `cat /etc/passwd` This is your mistake. Think about it for linia in `cat /etc/passwd` do echo Line just read: $linia done That shows what is going wrong; the in is splitting at the white space. What you should be doing cat /etc/passwd | while read linia instead. Even better would be while read linia do done /etc/passwd Or, to rewrite the whole program in a one line awk script: awk -F: '{printf(zmprov ma %s@'$domain' displayName %s\n,$1,$5)}' /etc/passwd $file -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Stephen, you are right. i learned a bit more about for cycles and the blank space was being stripped. Rainer, some backquotes as you said were missing. So the code ends like this, and it works :)) #while read linia #do #user=`echo $linia | awk -F : '{ print $1 }'` #nombre=`echo $linia | awk -F : '{ print $5 }'` #echo el nombre es $nombre #echo zmprov ma [EMAIL PROTECTED] displayName $nombre$file # #x=$[x+1] #done /etc/passwd Stephen, your single line awk command is wonderful. the while cycle takes about a minute (it is a very very long passwd file) the awk took less than 10 seconds .I have so much to learn -- Erick Perez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Help with a sun cobalt with sendmail and centos with postfix
Hi, I have a customer with a sun cobalt running Sendmail 8.10.2/8.10.2 and we are phasing out the sun cube due to some limitations. So we have installed a new centos 5.x server. the format of our current emails are [EMAIL PROTECTED] and the new format will be [EMAIL PROTECTED] We have 1600 accounts. Both server are in the LAN. The MX record that the world sees, point to our current AV/AntiSpam appliance, then our AV appliance forwards to the mail server (its a trendmicro IMSS) The AV appliance lets me define rules that emails for [EMAIL PROTECTED] should be sent to the mailserver with the cube, and it also let me define a rule for [EMAIL PROTECTED] to be sent to the centos machine, so I have covered the from internet inbound email issue. going out to the internet, both servers can send emails perfectly. However, Since both servers will answer to the same domain, i need some guidance as to how to 1- If user hosted on the Sun sendmail Cube sends emails to [EMAIL PROTECTED], make the Cube forward/send the email to the Centos machine. 2- If user hosted in centos, sends email to [EMAIL PROTECTED], make the POSTFIX forward/send the email to the Cube machine. Due to internal regulations i must say that: 1- users cannot be moved all at once. 2- centos machine must use postfix - not sendmail. I can however, install sendmail on centos and make it listen in another port other than 25 if some solution arises that needs sendmail in both sides. Anyways, any guidance as to how to solve this mess is welcomed Thanks, -- Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help with a sun cobalt with sendmail and centos with postfix
Hi bill. not sure what you want me to look there. The Cobalt will go away and will probably be used in other task. We are not trying to rescue it. On Fri, Oct 24, 2008 at 3:14 PM, Bill Campbell [EMAIL PROTECTED] wrote: Have you looked at the BlueQuartz project? It is specifically for the Cobalts, and I think is CentOS based. http://bluequartz.org/ On Fri, Oct 24, 2008, Erick Perez wrote: Hi, I have a customer with a sun cobalt running Sendmail 8.10.2/8.10.2 and we are phasing out the sun cube due to some limitations. So we have installed a new centos 5.x server. the format of our current emails are [EMAIL PROTECTED] and the new format will be [EMAIL PROTECTED] We have 1600 accounts. Both server are in the LAN. The MX record that the world sees, point to our current AV/AntiSpam appliance, then our AV appliance forwards to the mail server (its a trendmicro IMSS) The AV appliance lets me define rules that emails for [EMAIL PROTECTED] should be sent to the mailserver with the cube, and it also let me define a rule for [EMAIL PROTECTED] to be sent to the centos machine, so I have covered the from internet inbound email issue. going out to the internet, both servers can send emails perfectly. However, Since both servers will answer to the same domain, i need some guidance as to how to 1- If user hosted on the Sun sendmail Cube sends emails to [EMAIL PROTECTED], make the Cube forward/send the email to the Centos machine. 2- If user hosted in centos, sends email to [EMAIL PROTECTED], make the POSTFIX forward/send the email to the Cube machine. Due to internal regulations i must say that: 1- users cannot be moved all at once. 2- centos machine must use postfix - not sendmail. I can however, install sendmail on centos and make it listen in another port other than 25 if some solution arises that needs sendmail in both sides. Anyways, any guidance as to how to solve this mess is welcomed Thanks, -- Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax:(206) 232-9186 A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. Robert Heinlein ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help with a sun cobalt with sendmail and centos with postfix
On Fri, Oct 24, 2008 at 3:22 PM, mouss [EMAIL PROTECTED] wrote: Erick Perez a écrit : Hi, I have a customer with a sun cobalt running Sendmail 8.10.2/8.10.2 and we are phasing out the sun cube due to some limitations. So we have installed a new centos 5.x server. the format of our current emails are [EMAIL PROTECTED] and the new format will be [EMAIL PROTECTED] We have 1600 accounts. Both server are in the LAN. The MX record that the world sees, point to our current AV/AntiSpam appliance, then our AV appliance forwards to the mail server (its a trendmicro IMSS) The AV appliance lets me define rules that emails for [EMAIL PROTECTED] should be sent to the mailserver with the cube, and it also let me define a rule for [EMAIL PROTECTED] to be sent to the centos machine, so I have covered the from internet inbound email issue. going out to the internet, both servers can send emails perfectly. However, Since both servers will answer to the same domain, i need some guidance as to how to 1- If user hosted on the Sun sendmail Cube sends emails to [EMAIL PROTECTED], make the Cube forward/send the email to the Centos machine. 2- If user hosted in centos, sends email to [EMAIL PROTECTED], make the POSTFIX forward/send the email to the Cube machine. for the postfix side, use transport_maps: [EMAIL PROTECTED] relay:[remote.host.example] (use the brakets to avoid MX lookups). Due to internal regulations i must say that: 1- users cannot be moved all at once. 2- centos machine must use postfix - not sendmail. I can however, install sendmail on centos and make it listen in another port other than 25 if some solution arises that needs sendmail in both sides. Anyways, any guidance as to how to solve this mess is welcomed Thanks, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos i read about transport maps in postfix, just tried and worked perfectly. thanks, now i have to figure the sendmail part (i think virtusertable) Do you know how to make the sendmail part? -- Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: 4 dual cores agains 2 quad cores
On 9/1/07, Peter Arremann [EMAIL PROTECTED] wrote: On Friday 31 August 2007, Erick Perez wrote: Hi people, Do you have pointers to web documents that help me make comparisons between buying a server with two quad core 2.33 ghz or buying a 4 dual core 2ghz server? I am trying to answer a question of performance. It is not important the redundancy/failover or the price of the server. Just the performance. obviously all the hardware specs are the same, the question is the CPU. If you do pure IO workloads, the 4 dual cores are probably going to be as fast as the 2 quads because of the clock differences. For CPU bound workloads, the quad cores will beat the duals easily because of the higher clock speed (and more efficient caching in case of AMD). The only other things I would worry about is the number of memory slots. Usually boards that have 4 cpu sockets have a larger number of memory slots too. So if you need lots of ram, you're better off on that. Peter. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thanks Peter and thanks to all for the information. It turns out that the several HP Proliant DL380G5 the company is about to buy, will run SQL Server 2000, RHEL 5 w/Tomcat and Exchange 2003. So it seems that after reading several documents linked here and on the net, Two Xeon Quad Core at a little lower speed will be more efficient that 4 Dual Core Xeons at a little higher speed. And not to mention the benefit of using only two sockets instead of four. So, I guess i'll go for quad cores. If anyone is interested in benchmarks, please let me know offline at : eaperezh ((at)) gmail ((dot)) com Thanks, -- Erick Perez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How to size an email server to handle 5 million emails per day
I have no idea as to how to size an email server. I was approached by a customer that wanted a single server with RAID 1 disks to handle about 5 million emails a day. In general terms, what parameters should I take into account to size the hardware specs when the average email is about 10kb, the smalles email is 2kb and the largest email is about 5meg (with attachment) thanks, -- Erick Perez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Sybase and gfs in a cluster
Is there someone with experience in the following scenario? can it be done? Centos 5 in a two node active-passive scenario both nodes run centos 5 with gfs data is in a SAN Servers are HP DL 380 connected to a MSA 1000 san storage servers will run on top of centos 5, the ServiceGuard software from HP. Is sybase compatible with this structure? I contacted sales support with this question but so far i haven't received a response. I read somewhere that sybase didn't like GFS but i cannot be sure since the original document is no longer available on the web. since this is an idea and it has not been put to practice i am recolecting comments ideas and sybase compatibility issues. -- Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 4.x / RHEL AS 4.x Clustering documentation
Thanks for the link, I was looking at the redhat site. ;)) Question. Installing GFS 6.1 with a cluster means Cluster Suite *must* be installed too? On 7/4/07, Fabian Arrotin [EMAIL PROTECTED] wrote: On Wed, 2007-07-04 at 13:01 -0500, Erick Perez wrote: Hi, Can someone point me to documents as to how to install Redhat Enterprise AS 4.x Or Centos 4.x similar with a 1 active 3 passive clustering scenario? Thanks, Have you searched on the official documentation web page ? it contains several documents regarding Cluster suite/gfs etc ... : http://www.centos.org/docs/4/ -- Fabian Arrotin [EMAIL PROTECTED] Solution ? echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq' | dc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] web based vacation frontend
Hi, One customer has Centos 5 installed. He wants to have a web based frontend to the vacation program because he is in charge to enable the vacation msg for all the users in leave. I tried webmin but the webmin vacation module points to a nonexistant link. And the usermin module is very old and requires the user to do it by themselves. Suggestions? -- Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama, Republica de Panama Cel Panama. +(507) 6694-4780 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos