Re: [CentOS] OT:: Multiple PHP versions
On Tue, 2021-12-14 at 19:18 -0800, Kenneth Porter wrote: > > You might find that someone has packaged the version you desire in > the Yes, but you have to think about it's maintainance status, be it a SCL or packages in COPR or elsewhere. If it's unmaintained you might not want to use it, especially if Software weaknesses might be exploited remotely. Regarding the php SCLs by RedHat (which were rebuilt by a CentOS Sig): You will not get security updates for php < 7.3. Best Regards, Markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT:: Multiple PHP versions
On Tue, 2021-12-14 at 09:57 -0800, Kenneth Porter wrote: > On 12/14/2021 9:38 AM, TE Dukes wrote: > > Been trying to get multiple versions of PHP on a CentOS 7 machine, > > off and > > on for the past couple months. I have followed 5 or 6 different > > howtos but > > none work. They are very similar and they seems to be done on a > > fresh > > install as most do an apache install is the steps. I setup two > > virtualhosts > > one for PHP5.6 and one for PHP 7.4. When I create a file with > > phpinfo, it > > reports back 5.6.xxx on both sites. > > You should be using Software Collections to install additional > versions: > > https://www.softwarecollections.org/en/about/ What about support, i.e. security updates? When I have a look at https://access.redhat.com/support/policy/updates/rhscl-rhel7 The only php SCL on that page that isn't EOL yet is php 7.3 Supported multi php installations seems difficult with that (maybe there is more behind your www.softwarecollections.org link?), although it would be possible to have the original non SCL php 5.4 in addition to the SCL php 7.3. Best Regards, Markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] log4j cve
On Tue, 2021-12-14 at 14:31 +0100, Steve Meier wrote: > Hello Steve, > > Am 2021-12-14 14:14, schrieb Steve Clark: > > This is the standard version that comes with CentOS 7 and is the > > latest available as of a yum update just now. > > log4j-1.2.17-16.el7_4.noarch > > yes, that's correct, but it is abandoned nonetheless. > > According to the RPM's change log, Red Hat backported a fix for > CVE-2017-5645. > They have not done this for CVE-2019-17571 it seems. > I would be very surprised if they'd do so now. https://access.redhat.com/node/4677071According to that link CVE-2019-17571 is the same issue as CVE-2017- 5645 and both are listed as fixed in this errata: https://access.redhat.com/errata/RHSA-2017:2423 So I think it's fixed. Best regards, markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ruby on Cent OS 8
> On 15.11.2021, at 22:12, Gionatan Danti wrote: > > Il 2021-11-15 16:03 Simon Matter ha scritto: >> These figures are interesting but they can not be compared directly. >> Oracle has its own EPEL repo and therefore I guess that the number here >> shows only those who are using the official EPEL instead of the one >> provided by Oracle. That said, I expect that the true number of Oracle >> Linux installations is quite a bit higher than what we see here. > > Personal note: I am currently using Rocky, but I am very tempted by Oracle > Linux also. It has working secure boot and a proven update track record Rocky 8.5 has gained support for secure boot https://rockylinux.org/news/rocky-linux-8-5-ga-release/ Best Regards, Markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Boot time in wtmp is not correct
> On 12.10.2021, at 17:41, Hooton, Gerard wrote: > > When I do who -b; uptime I get > > system boot 2021-10-12 17:05 > 16:36:09 up 30 min, 1 user, load average: 0.00, 0.00, 0.00 > > As you can see the boot time reported by the last command is ahead. > I have noted it is one hour ahead after a reboot. > > I have checked the system time in the BIOS before booting Linux and it is > correct. What do you mean with “correct”? UTC or localtime? For me timedatectl gives me ``` $ timedatectl … RTC in local TZ: no … ``` Which means that RTC/BIOS clock is in UTC, so when booting the timezone offset is added. I heard that dual boot with Windows makes problems because Windows is setting RTC always with local time. In that case try "RTC in local TZ: yes" Do you dualboot? What is timedatectl telling you? Best Regards, Markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7: NM and changing MAC addresses
> On 11.10.2021, at 17:22, Simon Matter wrote: > > Hi, > >> On Mon, 11 Oct 2021, José María Terry Jiménez wrote: >> >>> El 11/10/21 a las 13:00, Tom Yates escribió: On Mon, 11 Oct 2021, José María Terry Jiménez wrote: > Hello > > Perhaps the solution is this: > > https://access.redhat.com/solutions/70215HWADDR= thanks, but either that link is broken, or the site requires a login, as i can't see anything and get redirected to a general search page. could i trouble you to check the link? >>> Uh oh! Some copypaste at the end >>> >>> Is this one >>> >>> https://access.redhat.com/solutions/70215 >> >> thank you very much for the suggestion! sadly, this has not worked. >> > > Are you even sure it's NetworkManager messing with your MAC addresses? I > have no idea why NM should ever mess with MAC addresses on a server and I > don't expect NM is doing so. > > I have another idea: Seems this is on a SuperMicro server, can it be that > the box in question has a shared lights out management, sharing the > management ethernet port with the first LAN port? If so, can it be that > the management port is not configured properly and does try to DHCP an > IPv4 address? If you don't need the management stuff then you may try to > simply disable it to get rid of the mess. Yeah, there is a default setting in the Firmware of “failover” which means “use dedicated IPMI port if connected otherwise use shared LAN port” This is under IPMI -> BMC Network Configuration see also https://serverfault.com/questions/361940/configuring-supermicro-ipmi-to-use-one-of-the-lan-interfaces-instead-of-the-ipmi But, is this kind of traffic supposed to be visible to the linux kernel? (or was the tcpdump made on another machine?) Best Regards, Markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to set a directory to system_u?
> On 03.10.2021, at 10:11, hw wrote: > > However, ejabberd says in it's log file: > > > [error] [...] Cannot store file [...] from [...] permission denied you are sure that selinux is causing this? you do have an AVC? > > At least it looks as if ejabberd tries to save the file right where it should > but > can't. > > So why and how can't and can I set the directory to system_u? Since there are > directories labled as that, there has to be way to do that. try -F ``` # restorecon -RF /srv/data/ejabberd/ ``` or the manual way ``` # chcon -R -u system_u /srv/data/ejabberd/ ``` best regards, markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to set a directory to system_u?
> On 02.10.2021, at 13:49, hw wrote:
>
>
> I'm trying to a lable a directory for ejabberd to store files
> that were uploaded with the http_upload module. Apparently
> I should set this to 'system_u:object_r:ejabberd_var_lib_t:s0'
> since all the files in /var/lib/ejabberd are. So:
>
>
> ls -laZ /srv/data/
> unconfined_u:object_r:ejabberd_var_lib_t:s0 320 Jul 29 23:55 ejabberd
> semanage fcontext -a -t ejabberd_var_lib_t -s system_u
> '/srv/data/ejabberd(/.*)?'
> restorecon -R /srv/data/ejabberd/
> ls -laZ /srv/data/
> unconfined_u:object_r:ejabberd_var_lib_t:s0 320 Jul 29 23:55 ejabberd
First you could try to create files manually in /srv/data/ejabberd and
verify if the files are correctly labeled, but above looks good to me.
Something like
# touch /srv/data/ejabberd/…
If that works, it could be the httpd_upload module that causes wrong labels
Just a shot in the dark:
Maybe the http_upload module does move the file from a temporary location
to /srv/data/ejabberd/ and the label from tmpdir is preserved?
I try to demonstrate what I mean (with httpd, not ejabberd):
```
# pwd
/var/www/html
# ls -Zd
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0
# touch /tmp/a.html
# touch /tmp/b.html
# ls -Z /tmp/{a,b}.html
-rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 /tmp/a.html
-rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 /tmp/b.html
# cp /tmp/a.html correct-1.html
# mv -Z /tmp/a.html correct-2.html
# mv /tmp/b.html incorrect.html
# ls -Z
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0
correct-1.html
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0
correct-2.html
-rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 incorrect.html
```
With copy the destination label is as wanted.
With mv you need to specify the -Z switch, otherwise the label is preserved.
kind regards, markus
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help with dracut install CentOS 8
On 29.11.19 17:06, Orion Poplawski wrote:
> On 11/29/19 6:55 AM, Jerry Geis wrote:
>> I am trying to specify a static IP on the new dracut format. I was using
>> this:
>> http://man7.org/linux/man-pages/man7/dracut.cmdline.7.html
>>
>> So my grub entry consists
>> menuentry "Install CentOS 8" {
>> linux /boot/vmlinuz noverifyssl ks=https://something
>> ip=192.168.1.3::192.168.1.1:255.255.255.0::eth0:on:192.168.1.1
>> biosdevname=0 net.ifnames=0 ksdevice=eth0 inst.sshd sshd=1
>> initrd /boot/initrd.img
>> }
>>
>>
>> This seems OK to me. But rebooting to start the install for CentOS 8 it
>> just stops and says
>> "system halted". the lines above that have no errors.
>> .3 is the IP I want to use
>> .1 is the GW and the Nameserver in this case.
>
> I'm guessing something with your kernel and/or initrd.img is incorrect.
My first thought is something is wrong with the kickstart file. But
without console output it is hard to tell. We do not know at what stage
the error occured.
maybe a text based install gives more output to gain insight.
> If it was just the interface not getting configured properly you should
> eventually get a bunch to dracut timeouts and then get dropped into the
> emergency shell where you could poke around, not "system halted".
I agree. But system halted before getting kickstart or after?
Besides console output, another simple thing to check: have a look at
web server logs at https://something
--
Kind Regards, Markus Falb
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] easy way to stop old ssl's
On 12.10.19 19:33, Warren Young wrote: > On Oct 12, 2019, at 4:06 AM, Markus Falb wrote: >> >> On 11.10.19 22:40, Warren Young wrote: >>> Just ship a new HTTPS configuration to each server. >> >> Instead of configuring every application separataly it would be nice if >> "accepted levels of security" could be set system wide. > > …which implies that there is some authority that defines “accepted level” the > way you’d do it if you could be bothered to think through all of the use > cases, combinations, and implications. > > Who is that central organization? Are you sure their notions match your own? You should have the authority discussion with OP who brought that thing with "accepted" up. On Oct 11, 2019, at 12:12 PM, Jerry Geis wrote: # # is there a script that is available that can be ran to bring # a box up to current "accepted" levels ? My post was about system wide configuration not about authorities. However, take a look at the subject of this thread. Who defines what is old ? What about best practices like disable SSLv3 or TLSv1? Could the authority be the community or some common knowledge? > >> With 8 it seems there is such a thing >> >> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening >> >> Although I believe that FIPS mode is also available in 7 > > That’s FIPS 140-2, a standard from 2001, which is three TLS standards ago. If I look at the comparison table from the link above FIPS mode does not look that bad. I guess that I would get A rating from ssllabs. > > FIPS 140-3 just barely became effective a few weeks ago, which means it won’t > be considered for inclusion in RHEL until 9, which I don’t expect to appear > until 3-4 years from now, by which time FIPS 140-2 will be around 21 years > old. > > So, we not only have a situation where adopting FIPS 140-2 requires that you > use badly outdated security technologies, it also means you might not be able > to communicate with those that do support modern standards, if they’ve > dropped compatibility with 2001 era tech sometime in the last 18 years. I read you saying that FIPS 140-2 is not good enough. Apart from age, why? -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] easy way to stop old ssl's
On 11.10.19 22:40, Warren Young wrote: > On Oct 11, 2019, at 12:12 PM, Jerry Geis wrote: >> >> is there a script that is available that can be ran to bring >> a box up to current "accepted" levels ? > > I don’t know why you’d use a script for this at all. Just ship a new HTTPS > configuration to each server. Apache loads all *.conf files in its > configuration directory, so you might be able to just add another file to the > existing config set. If not, then replace the existing config file instead. Instead of configuring every application separataly it would be nice if "accepted levels of security" could be set system wide. With 8 it seems there is such a thing https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening Although I believe that FIPS mode is also available in 7 I did not used neither system wide cryptographic policies nor FIPS mode so my post is more the theoretical one, but I thought it is on topic. -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C8 install libreoffice
On 28.09.19 00:39, Ulf Volmer wrote: > On 28.09.19 00:07, Jerry Geis wrote: >> How do you install libreoffice. yum install libreoffice did not do it, >> doing a search on "centos 8 install libreoffice" did not provide anything. > > There is no single package libreoffice in CentOS 8. Instead there are > several packages for each libreoffice component like libreoffice-calc, > libreoffice-draw and so on. > > You may like to install all of them by executing > > yum group install "Office Suite and Productivity" Alternatively you may like to learn how to use your package manager to get answers to your questions. ...snip # yum search libreoffice ... snap... -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Why is the branch c6 empty for every rpm packages?
On 27.08.19 11:10, Lange, Markus wrote: > I can't tell you why CentOS 6 isn't available an git.centos.org anymore > but I think your assumption is right. > You may find what you need on http://vault.centos.org/ . I don't think CentOS 6 reached it's end, at least RHEL 6 didn't. https://access.redhat.com/support/policy/updates/errata I see rpms for CentOS 6 http://mirror.centos.org/centos-6/ and Source Packages http://vault.centos.org/6.10/updates/Source/SPackages/ If I recall correctly the git-rpm integration was started with CentOS 7 and that could be the reason that no CentOS 6 content is found on git.centos.org. I am not an CentOS developer though. > On Tue, 2019-08-27 at 16:31 +0800, Qiying Wang wrote: >> Hi, >> >> I wan't to find the sqlite & python rpm packaging files in >> git.centos.org, >> but I found that the branch c6 for centos 6 are all empty. >> >> Is that because centos 6 reached its end? Or where can I find the >> packaging >> files? -- Kind Regards, Markus Falb signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart compat C7 -> C8
On 08.05.19 19:16, Leon Fauster via CentOS wrote: ... > I get a "device is too small for new format" error. Any hints? ...> part pv.0104 --fstype="lvmpv" --ondisk=sda --grow pv.0104 > volgroup ee --pesize=4096 pv.1974 pv.1974 mismatch! -- Kind Regards, Markus Falb signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Systemd, PHP-FPM, and /cgi-bin scripts
On 24.04.19 17:40, Benjamin Smith wrote: > On Wednesday, April 24, 2019 3:44:04 AM PDT Leon Fauster via CentOS wrote: >>> Am 24.04.2019 um 08:37 schrieb Benjamin Smith : ... >>> So I wrote a /cgi-bin script that works, takes the input, and even runs >>> the ... >> >> Why not implementing this directly as "PHP"-script >> that runs via php-fpm and not via "standard" CGI? > > Because "normal" php processes all of POST data in memory and is thereby > constrained to the limit of available memory. Typically in the range of a few > MB. This makes it impossible to upload LARGE files, EG 100s of MB or GBs in > size. I think it is possible, but has side effects. https://php.net/manual/en/ini.core.php#ini.enable-post-data-reading -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to install Xorg X11 libXss runtime library
On 16.04.19 11:28, Gianluca Cecchi wrote: > On Tue, Apr 16, 2019 at 11:02 AM qw wrote: >> >> How to install Xorg X11 libXss runtime library? >> >> >> Thanks! >> >> >> yum install libXScrnSaver > is your friend and provides that library > Gianluca > you can easily get information out of yum. in your case you could have done # yum search libxss Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.trouble-free.net * epel: mirror.layeronline.com * extras: mirror.jaleco.com * updates: mirror.wdc1.us.leaseweb.net === N/S matched: libxss libXScrnSaver.i686 : X.Org X11 libXss runtime library libXScrnSaver.x86_64 : X.Org X11 libXss runtime library Name and summary matches only, use "search all" for everything. there are other commands like yum provides or yum info that can be helpful with such questions. -- Kind Regards, Markus ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: Heads up: OpenSSH users (CentOS 7+)
On 14/01/16 17:54, Tony Mountifield wrote: > In article <5697cab8.6090...@wemoto.com>, Michael H > <michael-yc1br6qyvkfqt0dzr+a...@public.gmane.org> wrote: >> Probably worth a read... >> >> http://www.openssh.com/txt/release-7.1p2 >> >>> Important SSH patch coming soon. For now, everyone on all operating >>> systems, please do the following: >>> >>> Add undocumented "UseRoaming no" to ssh_config or use "-oUseRoaming=no" >>> to prevent upcoming #openssh client bug CVE-2016-0777. More later. >> >> echo "UseRoaming no" >> /etc/ssh/ssh_config > > It says this applies to OpenSSH 5.4 to 7.1. > > So it would only affect CentOS7 and up, as C6 uses openssh-5.3. https://access.redhat.com/articles/2123781 -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] reload /sbin/init
Hi, There was an update of glibc on CentOS 6 http://lists.centos.org/pipermail/centos-announce/2015-January/020863.html and now: # needs-restarting 1 : /sbin/init How do i tell /sbin/init to use the updated files from glibc without a reboot? -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart IPv6 Gateway
On 11.11.2014 17:44, anax wrote: Did you probably forget to provide the network prefix, when specifiying the ipv6 address? --ipv6=2001:123:abc::123/network-prefix doesn't it default to /64 ? suomi On 11/11/2014 09:44 AM, John Tall wrote: Hi. I'm installing CentOS 7 with Kickstart on a machine that has IPv6. The problem is that while it has an IPv6 address after installation it does not have the IPv6 gateway. I'm using NetworkManager and my network configuration is completely static, no autoconf or dhcpv6. My Kickstart configuration uses the following network configuration (actual values replaced but with the same format): network --device enp1s0 --bootproto=static --gateway=123.123.123.1 --ip=123.123.123.123 --nameserver=123.123.123.1 --netmask=255.255.255.0 --ipv6=2001:123:abc::123 --ipv6gateway=2001:123:abc::1 --activate network --hostname=test.example.org The Red Hat installation guide suggests that --ipv6gateway should be used but it looks like it's not picked up. Does anyone know why this doesn't work? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] v7 - /dev/shm mount options
Hi, There is no entry in fstab any more. Where can I change the mount options of /dev/shm in v7? -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slow i/o with a raid 50 on a 3ware controller
On 7.8.2014 03:04, John R Pierce wrote: On 8/6/2014 5:32 PM, Markus Falb wrote: Do you have barriers enabled? Just another shot in the dark, but 5 didn't have that. If you have battery backed Cache with your Controller, you can safely disable barriers anyway. are you sure about this? thats not my understanding. What I've been told is, the battery backed write cache just lets you enable writeback caching in the raid controller, write barriers at the various OS layers still have to be respected, as they ensure certain writes are completed in order. You mean there are other places besides the drive itself where I/O may be reordered? The I/O Scheduler maybe? Hmmm... -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] kickstart - dont wipe data
Hi, I am struggling with kickstart. What I want to achieve is a reinstall, but some data partitions should survive the install, i.e. they should not be formatted. With a single disk this works, here is the relevant part from the kickstart file (I shortened the name of the volume group) ... zerombr clearpart --none --initlabel part /boot --fstype=xfs --label=boot --onpart=vda1 part pv.00 --fstype=lvmpv --onpart=vda2 --noformat volgroup v --noformat logvol / --fstype=xfs --name=wurzel --vgname=v --useexisting logvol /home --fstype=ext4 --name=home --vgname=v --noformat ... you see, / will be reformatted, /boot will be reformatted, but /home will not. Now a machine with md raid 1. I tried the following. ... #zerombr #clearpart --none --initlabel part raid.01 --onpart vda1 --noformat part raid.02 --onpart vdb1 --noformat raid /boot --fstype xfs --label boot --level 1 --device md0 --noformat part raid.11 --onpart vda2 --noformat part raid.12 --onpart vdb2 --noformat raid pv.00 --level 1 --device md1 --noformat volgroup v --noformat logvol / --fstype=xfs --name=wurzel --vgname=v --useexisting logvol /home --fstype=ext4 --name=home --vgname=v --noformat ... But I get ... 02:54:21,069 ERR anaconda: storage configuration failed: The following problem occurred on line 6 of the kickstart file: No preexisting RAID device with the name 0 was found. ... What is wrong? I really want preserve data and only wipe system. -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart - dont wipe data
On 7.8.2014 12:10, Maxim Shpakov wrote: Hi! I think that your problem is here volgroup v pv.00 --noformat This gives another error ... Members may not be specified for preexisting volgroup ... This is not documented in the Installation Guide, but at http://fedoraproject.org/wiki/Anaconda it is stated ... --noformat Use an existing volume group. Do not specify partitions when using this option. ... Also note that this line works for the one disk install! Thanks anyways, Markus 2014-08-07 13:06 GMT+03:00 Markus Falb markus.f...@fasel.at: Hi, I am struggling with kickstart. What I want to achieve is a reinstall, but some data partitions should survive the install, i.e. they should not be formatted. With a single disk this works, here is the relevant part from the kickstart file (I shortened the name of the volume group) ... zerombr clearpart --none --initlabel part /boot --fstype=xfs --label=boot --onpart=vda1 part pv.00 --fstype=lvmpv --onpart=vda2 --noformat volgroup v --noformat logvol / --fstype=xfs --name=wurzel --vgname=v --useexisting logvol /home --fstype=ext4 --name=home --vgname=v --noformat ... you see, / will be reformatted, /boot will be reformatted, but /home will not. Now a machine with md raid 1. I tried the following. ... #zerombr #clearpart --none --initlabel part raid.01 --onpart vda1 --noformat part raid.02 --onpart vdb1 --noformat raid /boot --fstype xfs --label boot --level 1 --device md0 --noformat part raid.11 --onpart vda2 --noformat part raid.12 --onpart vdb2 --noformat raid pv.00 --level 1 --device md1 --noformat volgroup v --noformat logvol / --fstype=xfs --name=wurzel --vgname=v --useexisting logvol /home --fstype=ext4 --name=home --vgname=v --noformat ... But I get ... 02:54:21,069 ERR anaconda: storage configuration failed: The following problem occurred on line 6 of the kickstart file: No preexisting RAID device with the name 0 was found. ... What is wrong? I really want preserve data and only wipe system. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos7 - Terminal not blanking
On 7.8.2014 04:09, KevinO wrote: On 08/06/2014 05:47 PM, david wrote: Folks Apparently new in Centos 7 is that the terminal screen does not blank after a period of time. This is a server configuration, and no GUI is involved. Is there some magic setting I need to tweek? Have you tried: # setterm -blank 5 ?? (I've often had to do the opposite to be able to view scrolling logs) On version 5 I do # /usr/bin/setterm -powerdown 0 -blank 0 -term console to disable the blank screen. This looks more complicated than your setterm command and I do not know if the other parameters are relevant. On version 6 there is a consoleblank=0 kernel parameter to disable the blank. It is strange that you experience that. I am pretty sure I ran into a blanked CentOS 7 console last week. -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Automating the preparation of kernel sources
On 5.8.2014 03:24, BC wrote: I have a driver that requires installing the kernel sources (into my own rpmbuild tree, not the system) Why not define the kernel source as buildrequire? I can successfully compile and install the module from tarball after manually prepping the kernel sources, but I need to turn this into a proper RPM and am wondering if there are macros I'm not seeing for how to prep the kernel sources as part of a %prep or %build phase. I have looked at many real-world spec files and googled all afternoon and cannot find any info on this. Have a look at the %setup macro and it's parameters http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch09s04.html#id796983 -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] slow i/o with a raid 50 on a 3ware controller
On 6.8.2014 20:44, Chuck Campbell wrote: I have a raid 50 array on a 3ware controller. The box is running centos 6.5 and the file system is ext4. I'm going to try some other filesystems, but could anyone suggest any alternative raid setups as well as stripe sizes I should try? The old server uses the same controller on a centos 5.10 setup, using ext3, and it performs much faster i/o. The old 3ware setup is raid 5. Do you have barriers enabled? Just another shot in the dark, but 5 didn't have that. If you have battery backed Cache with your Controller, you can safely disable barriers anyway. -- Kind Regards, Markus Falb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] regarding Cent-OS patches
On 17.Jul.2014, at 09:03, Johnny Hughes joh...@centos.org wrote: On 07/16/2014 06:16 PM, Akemi Yagi wrote: On Wed, Jul 16, 2014 at 3:53 PM, Jim Perrin jper...@centos.org wrote: On 07/16/2014 04:36 AM, Taraka Ramakanth wrote: Can u please let me know where can I find this information related to Cent-OS. 1) I want to get the source patches for the rpms. So that I can be select the source while applying the source patch. The source for everything in centos is at git.centos.org For more information, see http://wiki.centos.org/Sources Except for the kernel -- if the OP is looking for the individual patches. The source is provided as a tar file. The actual patches are not available to the public (subscribers only). Right ... those individual kernel patches are not available to us (CentOS) either ... we just get the tarball too. In other words, if I understood correctly, kpatch is only functional with rhel but not with centos. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't verify gpg signature for the file with hashes for the CentOS 7
On 08.Jul.2014, at 22:45, Ulf Volmer u.vol...@u-v.de wrote: On 07/08/2014 04:07 PM, Rufe Glick wrote: Hello there. I've just downloaded the CentOS v7.0 via torrent and am trying to verify the gpg signature for the file with hashes. When I do gpg --verify sha256sum.txt.asc I get the key ID of F4A80EB5. Then I'm trying to get the public key with gpg --keyserver pgp.mit.edu --recv-keys F4A80EB5 command. The gpg returns error of no valid OpenPGP data found. Does anyone have an idea of why the public key isn't there? Is there another keyserver I should try? Yes, unfortunately the key is not available on the web or in the announcement mail. The only place i found the key was in the downloaded iso: sudo mount -o loop CentOS-7.0-1406-x86_64-DVD.iso /mnt gpg --import /mnt/RPM-GPG-KEY-CentOS-7 you will find them also online on http://mirror.centos.org/centos/ -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Moving sshd listen port SOLVED
On 09.Jul.2014, at 18:44, Liam O'Toole liam.p.oto...@gmail.com wrote: On 2014-07-09, Mike McCarthy, W1NR sy...@w1nr.net wrote: After installing the correct utilities and setting the port with semanage, it now works. Thanks to all for this one. Looks like I got some real work to do moving from 6 to 7 and understanding the massive management changes that were made. If I understand the problem (and its solution) correctly, this is not a 6-to-7 migration issue. The same SELinux fix would be required in CentOS 6. That was my thought too. Athough the error message presented to Mike is not very helpful and maybe worth a bugzilla. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] corruption of in-memory data detected (xfs)
On 07.Jul.2014, at 06:51, John R Pierce pie...@hogranch.com wrote: On 7/6/2014 9:09 PM, Alexandru Cardaniuc wrote: Yes, I run XFS on ~1T (900G) partition, so I don't think I need to consider inode64 for that. What is the official situation with XFS and CentOS 5? It was in technology preview in CentOS 5.4 I think? How about now? 5 is very close to EOL now. End of Production 3 (End of Production Phase) is on March 31 2017 [1] That's not that very close in my opinion. And regarding xfs from the Release Notes of 5.7 [2] Usage of XFS in conjunction with Red Hat Enterprise Linux 5.7 High Availability Add-On/Clustering as a file system resource is now fully supported. Whatever that means. [1] https://access.redhat.com/support/policy/updates/errata [2] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Release_Notes/filesystemstorage-management.html -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] block level changes at the file system level?
On 07.Jul.2014, at 14:53, Ljubomir Ljubojevic cen...@plnet.rs wrote: On 07/07/2014 02:35 PM, SilverTip257 wrote: On Thu, Jul 3, 2014 at 4:50 PM, Ljubomir Ljubojevic cen...@plnet.rs wrote: I am inclined to use xz utils as opposed to 7zip since 7zip comes from a 3rd party repo. check needs to be made if xz supports multitrheading like pk7zip. No, it think it does not. There is a threads option but in the manpage is stated ... Multithreaded compression and decompression are not implemented yet, so this option has no effect for now. ... -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
On 09.Apr.2014, at 22:12, Peter pe...@pajamian.dhs.org wrote: On 04/10/2014 03:09 AM, Markus Falb wrote: I am assuming that client certificates are handed out to staff. Basically you can't really control where people install client certificates and which client software is used. If one is tricked to do a SSL Handshake with a malicious server, the key of the client certificate is leaked. Reissue of the cert won't help because on the other day there would be another malicious handshake with another bad server... No, the server never sees a private client certificate, it only ever has access to the public certificate, which by its very nature of being public doesn't really matter if it gets leaked. I know. No vulnerability on the server can expose a private client certificate, only a vulnerability on the client can. With malicious server I did not meant one that was affected by heartbleed but a server which is run by bad people that want to exploit vulnerable clients. If it's easy to write a malicious client to read the server's ram, it's maybe easy to write a malicious server that can read the client's ram? Does heartbleed work in both directions? Assume that the client uses a vulnerable openssl, and it connects to a malicious server, can the server read the ram of the client? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS-announce] CVE-2014-0160 CentOS 6 openssl heartbleed workaround
On 09.Apr.2014, at 15:54, Johnny Hughes joh...@centos.org wrote: On 04/07/2014 08:30 PM, Always Learning wrote: Thank you. What will the temporary packages be called ? Since this is the first post about the openssl update, I want to answer a couple questions here: 1. The first susceptible version of openssl in a CentOS release was openssl-1.0.1e-15.el6, released on December 1, 2013. 2. The version of openssl that you should install to fix the issue is openssl-1.0.1e-16.el6_5.7, released on April 8, 2014. 3. Versions of CentOS-6.5 openssl that were affected are: openssl-1.0.1e-15.el6, openssl-1.0.1e-16.el6_5, openssl-1.0.1e-16.el6_5.1, openssl-1.0.1e-16.el6_5.4. 4. Only CentOS-6.5 was affected. CentOS-6 at versions 6.4 or earlier was not affected. No versions of CentOS-5 (or any other CentOS) were affected. Besides doing updates, things you should do include: 1. Besides doing the updates, you should replace any certificates using SSL or TLS that are openssl based. This includes VPN, HTTPD, etc. See http://heartbleed.com/ for more info on impacted keys. update openssl, reissue the certificates (with new key!), revoke the old certificates. So far so good, but it goes further, doesn't it? Not only the ssl key could have been leaked, but also other sensible data. session keys, passwords, ... to handle this bug consequently, not only the ssl key and certificate has to be replaced, but also passwords, etc., i.e. every piece of sensible data that could have been transported over tls encrypted connections. Am I correct? This was about server side certificates, and that's a controlled environment. After you fixed your server it is not vulnerable anymore. Another issue is client certificates, and I am quite unsure the implications on these. I am assuming that client certificates are handed out to staff. Basically you can't really control where people install client certificates and which client software is used. If one is tricked to do a SSL Handshake with a malicious server, the key of the client certificate is leaked. Reissue of the cert won't help because on the other day there would be another malicious handshake with another bad server... Does this bug render authentication with client certificates obsolete/insecure/useless ? How does you handle client certificates after this heartbleed thing? Your opinions and knowlegde or specific links about client certificates and heartbleed would be appreciated. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Software RAID1 Failure Help
On 08.Feb.2014, at 11:25, Mogens Kjaer wrote: On 02/07/2014 11:47 PM, Matt wrote: Having a single drive is slowing down reads as well, I think. This depends upon how the RAID is set up. No, mdraid 1 is mdraid 1. A standard Linux RAID1 setup does not give better reading performance when reading large files than a single disk. I don't know if the RAID system is cleaver enough to save some seek time. Process X is utilizing only one single disk, so no performance gain. But if you have 2 processes in parallel, then you potentially have a gain, because the process Y can read from another disk. process X - disk 0 process Y - disk 1 In order to get better read performance you'll have to set it up as RAID10 with far copies. Yes, mdraid 10 could be a solution for the 1 process should utilize more than one disk goal. I haven't tried it though, what a shame. Why is that far copies thing important? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] openswan and ipsec
# ipsec verify ... If you encounter network related SElinux errors, especially when using KLIPS, try disabling SElinux ... Well, it is not running KLIPS but netkey, anyways I feel not comfortable about disabling selinux on a ipsec router. I am not sure how to handle possible probems in this case, too. If I decide not to disable selinux, and I run into problems, should I a) report it to redhat as a bug, because it is b) disable selinux because ipsec is not meant to work with selinux Maybe just the verify script should be fixed? Maybe I should ask RedHat about this, hm. And finally, do you encounter network related SElinux errors with IPSec, both 5 and 6? -- Kind Regards, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Missing Announcement
Hi, I do see a kernel update to 2.6.18-371.4.1.el5 but I am missing the announcement. -- Kind Regards, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing Announcement
On 02.Feb.2014, at 04:27, Akemi Yagi wrote: On Sat, Feb 1, 2014 at 7:06 PM, Markus Falb wne...@gmail.com wrote: Hi, I do see a kernel update to 2.6.18-371.4.1.el5 but I am missing the announcement. CentOS devs are at FOSDEM in Belgium. You know Belgian beers are the world best, so this is just a consequence ... ;-) Oh, I am sorry about my ignorance, then. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] I want to ask about some Kernel level operations.
On 05.Jan.2014, at 16:08, Eliezer Croitoru wrote: On 04/01/14 18:37, Markus Falb wrote: An example: imagine a Makefile with a clean target $BUILDDIR=something clean: rm -rf $BUILDDIR/* a bug in the configure script could lead to an empty $BUILDDIR in the Makefile. What do you think happens when you type # make clean A script runs and do all sort of things on the way.. for example: makefile ##start install: echo Listing the dev directory with couple nice things in it ls -lh /dev/ clean: echo I would like to remove the dev directory but it seems pointless Please do not tell me that you haven't seen projects that do the build outside the source directory /dev/ Makefile build/ src/ I didn't meant to remove /dev, I am not dumb. to me rm -rI /dev/* ##end Will help me understand the meaning of this file. what can we do in order to prevent such actions? Would selinux would help in this specific case? Please remember that my example was not about removing /dev/* but about removing /* , so why just not building as root? usually I remember that chroot should help to prevent an issue with it. Hm, where to draw the line between prevention and mitigation? Anyways, do not build on the target machine, e.g. your production server. It does not really matter in many cases if your development environment is separated by a chroot or a virtual machine or a whole physical machine. Use software versioning software Make Backups Be prepared to recreate your development environment. Even if you easily can recreate the development environment, maybe diagnosis plus recreation takes still more work than not building as root in the first time. Anyways, looking at the Subject of this thread I have no clue what you are after. Even root can not do kernel level operations. Only the kernel can do that, can't it? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] I want to ask about some Kernel level operations.
On 03.Jan.2014, at 00:25, Eliezer Croitoru wrote: I am obligated to say: How would you expect a 100MB of code to be mocked? We are talking mock the software for building rpms in a chroot, aren't we? http://fedoraproject.org/wiki/Projects/Mock -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] I want to ask about some Kernel level operations.
On 02.Jan.2014, at 00:53, Eliezer Croitoru wrote: I want to make sure that while compiling as root nothing will break down inside the machine. I want to compile software on a Xeon SERVER. The basic issue is that there is a recommendation to not compile it as a root user. Actually I would go even further and not recommend to have a compiler installed on a server. I have compiled software as a root user more then once and I am not sure why would there is a need to run it as non-root user? I have taken a look at the /proc/ FS but I do not see anything that can harm anything yet. From my aspect it's just background of electricity noise. An example: imagine a Makefile with a clean target $BUILDDIR=something clean: rm -rf $BUILDDIR/* a bug in the configure script could lead to an empty $BUILDDIR in the Makefile. What do you think happens when you type # make clean -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help with spec file for Apache-2.4.7
On 03.Jan.2014, at 21:24, James B. Byrne wrote:
I am trying to build an RPM for Apache-2.4.7-1 on Centos-6.5-i86_64. I am
using mock.
The are three build dependencies that I am trying to resolve. One,
mod_socache_dc / distcache, I have simply removed from the spec file. The
other two are arp and apr-utils. Since httpd-2.4.7 needs arp = 1.4 I got the
two latter requirements from
http://www.apache.org/dist/httpd/httpd-2.4.7-deps.tar.bz2 and extracted them
into rpmbuild/SOURCES/httpd-2.4.7/srclib intending to use the
--with-included-arp configuration directive per
rpmbuild/SOURCES/httpd-2.4.7/INSTALL.
...
However, the build dies saying that it cannot find arp/arp-utils:
configure: Configuring Apache Portable Runtime library...
configure:
configure: error: Bundled APR requested but not found at ./srclib/. Download
and unpack the corresponding apr and apr-util packages to ./srclib/.
RPM build errors:
error: Bad exit status from /var/tmp/rpm-tmp.pXoIWK (%build)
Bad exit status from /var/tmp/rpm-tmp.pXoIWK (%build)
Child return code was: 1
Now, I added this in the Sources:
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: http://www.apache.org/dist/httpd/httpd-%{version}-deps.tar.bz2
You have to extract Source1 into the BUILDDIR...
You can verify if apr directory is present with
$ rpmbuild -bp httpd.spec
$ ls ../BUILD/httpd-2.4.7
--- rpmbuild/SPECS/httpd.spec
...
%prep
%setup -q
after that %setup macro your working directory should be
rpmbuild/BUILD/httpd-2.4.7
now something like
%setup -D -q -b 1
http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html-single/RPM_Guide/index.html#id853841
--
Markus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Found duplicate PV
On 04.Dez.2013, at 15:08, Nux! wrote: On 04.12.2013 13:43, Markus Falb wrote: What does this Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/sda2 not /dev/md1 message? Some logical volumes are virtual disks vor kvm guests. Are these guests using sda only and not the mdraid? Markus, I see /etc/lvm/lvm.conf has an option to ignore md members and seems on by default in EL6: md_component_detection = 1 If you run pvdisplay /dev/sda2 what does it show? Normally you should get a Failed to read physical volume /dev/sda2. Do you have such thing in your /etc/lvm/lvm.conf? ADditionally you can force a filter on the drives, smth like: filter = [r|/dev/sda2] (make sure you delete /etc/lvm/cache/.cache and regenerate it with vgscan so as not to contain old stuff) I removed the cache and that did the trick. I did not modify lvm.conf. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Found duplicate PV
Hey, (sorry for cross-posting, you will find this message also in centos-virt, maybe, but this was not intended and a mistake) I have a system with a mdraid 1 ... md1 : active raid1 sdb2[1] sda2[0] 1465031488 blocks [2/2] [UU] ... this raid partition has a lvm physical volume with one volume group and several logical volumes. This machine is running since years and I seldom touch the lvm config. The lvm commands are giving me strange warnings I am uncomfortable with ... # pvdisplay Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/sda2 not /dev/md1 --- Physical volume --- PV Name /dev/sda2 VG Name vg_sys PV Size 1.36 TB / not usable 6.81 MB Allocatable yes PE Size (KByte) 32768 Total PE 44709 Free PE 17701 Allocated PE 27008 PV UUID b79x0k-LXR9-mAC0-z0IZ-UxyJ-G1VC-24Crl7 ... What does this Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/sda2 not /dev/md1 message? Some logical volumes are virtual disks vor kvm guests. Are these guests using sda only and not the mdraid? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Found duplicate PV
On 04.Dez.2013, at 15:08, Nux! wrote: On 04.12.2013 13:43, Markus Falb wrote: What does this Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/sda2 not /dev/md1 message? Some logical volumes are virtual disks vor kvm guests. Are these guests using sda only and not the mdraid? Markus, I see /etc/lvm/lvm.conf has an option to ignore md members and seems on by default in EL6: md_component_detection = 1 This is a CentOS 5, but it also has this in lvm.conf, and it's value is 1. If you run pvdisplay /dev/sda2 what does it show? Normally you should get a Failed to read physical volume /dev/sda2. # pvs /dev/md1 Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/sda2 not /dev/md1 PV VG Fmt Attr PSize PFree /dev/sda2 vg_sys lvm2 a-- 1.36T 553.16G # pvs /dev/sda2 Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/md1 not /dev/sda2 PV VG Fmt Attr PSize PFree /dev/md1 vg_sys lvm2 a-- 1.36T 553.16G ADditionally you can force a filter on the drives, smth like: filter = [r|/dev/sda2] I might try that, but it is not necessary on other machines with the same setup. It was not necessary on *this* machine (running since several years) -- Thank You, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Found duplicate PV
On 04.Dez.2013, at 15:11, m.r...@5-cent.us wrote: Markus Falb wrote: ... # pvdisplay Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/sda2 not /dev/md1 --- Physical volume --- PV Name /dev/sda2 VG Name vg_sys PV Size 1.36 TB / not usable 6.81 MB snip smartctl -t short to start. And is there anything in your logfiles saying something like Device: /dev/sdb [SAT], 98 Currently unreadable (pending) sectors? Interesting, I have this in /etc/smartd.conf DEVICESCAN -n standby -a -m root -s (L/../../6/00|S/../.././00) but according to the selftest logs it seems it is only checking sdb but *not* sda. I'll have to check this out. A manual short test succeeded. However, a failing disk should not affect LVM, should it? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Found duplicate PV
On 04.Dez.2013, at 15:57, Markus Falb wrote: On 04.Dez.2013, at 15:11, m.r...@5-cent.us wrote: Markus Falb wrote: ... # pvdisplay Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/sda2 not /dev/md1 --- Physical volume --- PV Name /dev/sda2 VG Name vg_sys PV Size 1.36 TB / not usable 6.81 MB snip smartctl -t short to start. And is there anything in your logfiles saying something like Device: /dev/sdb [SAT], 98 Currently unreadable (pending) sectors? Interesting, I have this in /etc/smartd.conf DEVICESCAN -n standby -a -m root -s (L/../../6/00|S/../.././00) but according to the selftest logs it seems it is only checking sdb but *not* sda. I'll have to check this out. A manual short test succeeded. However, a failing disk should not affect LVM, should it? oh, ... # pvs /dev/sda2 Found duplicate PV b79x0kLXR9mAC0z0IZUxyJG1VC24Crl7: using /dev/md1 not /dev/sda2 PV VG Fmt Attr PSize PFree /dev/md1 vg_sys lvm2 a-- 1.36T 553.16G # pvs /dev/sdb2 Failed to read physical volume /dev/sdb2 ... smart status tells me ... 5 Reallocated_Sector_Ct 0x0033 001 001 036Pre-fail Always FAILING_NOW 4095 ... smartd did not send warning mail, selftests are successful, only in the logfiles is ... Device: /dev/sdb [SAT], FAILED SMART self-check. BACK UP DATA NOW! Device: /dev/sdb [SAT], Failed SMART usage Attribute: 5 Reallocated_Sector_Ct. ... I think I will replace sdb. -- Thank You, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kvm: vm root fs becomes ro
On 03.Dez.2013, at 00:29, Paul Heinlein wrote: I've a the following happen a couple times now, and my internet searches are failing to locate an answer to the problem. We've got a few servers that primarily house VMs using KVM. They've got E-3 cpus and 32 GB RAM, and they run stock CentOS 6.4, fully patched (not yet migrated to 6.5). The VM disk images are housed on an NFS server. None of the VMs is particularly resource-hungry. They run a variety of Linux distros: CentOS 5/6, Debian 6/7. I'll start to see the VMs fail to write files to their local filesytems. No machine in the chain has rebooted or been updated in any significant way, but the root filesystem is off-limits. (This will happen on just one of our servers; the other VM platforms run without issue.) In /var/log/messages, I'll see the following entry for each impacted VM: date host kernel: kvm: pid: cpu0 disabled perfctr wrmsr: 0xc1 data 0xabcd In /var/log/libvirt/qemu/vm-name.log, I'll see block I/O error in device 'drive-virtio-disk0': Stale file handle (116) Oddly, the underlying host might be running, say, five VMs, but only four of them will get the log messages, and show the read-only symptoms, while the fifth just keeps chugging along. Googling suggests that the disabled perfctr wrmsr message is harmless, but my experience suggests otherwise. Any hints, workarounds, or relevent information is very welcome. I have seen a non-root ext4 filesystem going read only while providing it to 2 virtual machines at the same time by mistake. I went read-only only on one virtual machine. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
On 23.Nov.2013, at 06:51, Digimer wrote: On 23/11/13 00:35, Mark LaPierre wrote: Hey Y'all, Does anyone know where I can look, please post a URL, where I can find out what the minimum system requirements are for CentOS 6.4? I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. CentOS is binary compatible to Red Hat Enterprise Linux, so it shares the same minimum requirements. http://www.redhat.com/resourcelibrary/articles/articles-red-hat-enterprise-linux-6-technology-capabilities-and-limits Plus, what is not mentioned in this link, it needs PAE. The kernel will not boot on a machine without PAE capability. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
On 23.Nov.2013, at 06:51, Cliff Pratt wrote: Wow! RH9 was discontinued in 2004! It is likely that a machine from that era has the ability to run CentOS 6.4 both in terms of resources and the availability of drivers. We have no second sight, do we? However, I would say that if the CPU can do PAE and there is enough RAM it is very likely indeed that CentOS 6.4 will work. Driver availability with Linux and especially with distributions like RHEL or CentOS is more an issue with *new* hardware. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
On 23.Nov.2013, at 14:37, Markus Falb wrote: On 23.Nov.2013, at 06:51, Digimer wrote: On 23/11/13 00:35, Mark LaPierre wrote: Hey Y'all, Does anyone know where I can look, please post a URL, where I can find out what the minimum system requirements are for CentOS 6.4? I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. CentOS is binary compatible to Red Hat Enterprise Linux, so it shares the same minimum requirements. http://www.redhat.com/resourcelibrary/articles/articles-red-hat-enterprise-linux-6-technology-capabilities-and-limits Plus, what is not mentioned in this link, it needs PAE. The kernel will not boot on a machine without PAE capability. Mark wrote that it is booting, so his machine is fine in this regard. I should have read more carefully. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAM Requirements
On 23.Nov.2013, at 08:41, Chris Geldenhuis wrote: On 11/23/2013 07:35 AM, Mark LaPierre wrote: Hey Y'all, Does anyone know where I can look, please post a URL, where I can find out what the minimum system requirements are for CentOS 6.4? I've searched the CentOS.org web site for this but I've come up empty. I've got an old machine that had RH9 on it. The HD died so I had to replace that. Now I'm thinking that I want to install CentOS 6.4 on it but the minimal install disk says that I don't have enough RAM for it to do the install. Hi Mark, I recently installed CentOS 6.4 on a 386 system with 512kb of memory. I had to use a kickstart file to achieve this as the text installer does not give you any opportunity to partition the disk to your specification. Another possible way could be with the live cd, have a look at the following links, especially the 2nd http://lists.centos.org/pipermail/centos-announce/2013-May/019739.html http://lists.centos.org/pipermail/centos/2011-July/115367.html -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using CentOS Wordpress rpms
On 12.Nov.2013, at 04:59, Max Pyziur wrote: On Tue, 12 Nov 2013, Keith wrote: On 12/11/13 10:46, Max Pyziur wrote: Greetings, Apologies for my seeming daft naivete. [...] I always install from the latest tarball from the WP site, as it's the latest at the time of installation. With regards to WP updates and versions, this is generally performed with it's own built in updating/upgrading mechanism which is the first thing you should check or do after install and on an ongoing basis - IMHO anyway. Makes sense. So what are the point of having RPMs if you can't apply it server-wide across multiple sites? The problem with wordpress AFAICS is that $WP_PLUGIN_DIR is not stackable, i.e. you either have central plugins or you have per installation plugins. In a central installation you want to install plugins in a central way. When doing a shared host you probably want to give your users the flexibility to install plugins themself. The algorithm would be look in the central plugindir first, if not found look in the local plugindir. Wordpress does not support this. You have have only *one* directory. For a shared environment the epel rpm seems to be pointless. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] qemu-kvm-rhev
On 11.Nov.2013, at 15:59, Sander Grendelman wrote: I recently ran into some problems using certain oVirt (3.3) features on CentOS 6.4 hosts. The solution was to use the qemu-kvm-rhev version from the EL6 RHEV repository: http://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHEV/SRPMS/qemu-kvm-rhev-0.12.1.2-2.355.el6_4.9.src.rpm It seems that this tree is not carried/built by CentOS. Are there any plans on the CentOS for carrying these packages? CentOSV ? This would be cool. Is all of RHEV open sourced? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ZFS on Linux in production?
On 24.Okt.2013, at 22:59, John R Pierce wrote: On 10/24/2013 1:41 PM, Lists wrote: Was wondering if anybody here could weigh in with real-life experience? Performance/scalability? I've only used ZFS on Solaris and FreeBSD.some general observations... ... 3) NEVER let a zpool fill up above about 70% full, or the performance really goes downhill. Why is it? It sounds cost intensive, if not ridiculous. Disk space not to used, forbidden land... Is the remaining 30% used by some ZFS internals? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3rd party repositories
On 19.Okt.2013, at 02:16, Andrew Holway wrote: I have never had any problems with EPEL: http://fedoraproject.org/wiki/EPEL Recently I used it to upgrade a kernel to 3.0.99 from the stock 2.6.32 and everything just worked apart from an obscure kernel module for hfsplus support. EPEL does not provide alternative kernels. EPEL packages should only enhance and never disturb the Enterprise Linux distributions they were build for http://fedoraproject.org/wiki/EPEL/GuidelinesAndPolicies -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 3rd party repositories
On 19.Okt.2013, at 05:05, John R Pierce wrote: On 10/18/2013 1:52 PM, isdtor wrote: Can anyone comment on the use of 3rd party repos for newer versions of software like php, python and mysql? Two I am aware of are puias and ius. note that there is now a php5.3 in the base repository, I believe it was part of the 6.4 update, its called php53. I would use this over a 3rd party packaged version unless there's an overriding reason you need a different build. Your are confusing 5 with 6? CentOS 5 has php 5.1.6 *and*, i.e. alternately php53 5.3.3 CentOS 6 always had php 5.3.3 php seems to be one of the things where upstreams backporting strategy did not fit anymore. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH login from user with empty password
On 11.Okt.2013, at 10:58, Rainer Traut wrote: Am 11.10.2013 09:27, schrieb Michael Schultz: Thanks everyone, secure log tells me exactly what the problem is: User username not allowed because account is locked Setting a password for that account unlocks it and ssh works as expected. I guess I have to work on my account creation routine. I haven't tried but maybe you could just try the obvious and unlock the account? I think it is passwd -u [user] from the usermod and passwd manual page ... This puts a ´!´ in front of the encrypted password ... ... by prefixing the encrypted string with an ! ... What I have as an example /etc/passwd:login:x:1:1::/home/login:/bin/bash /etc/shadow:login:!!:15546:0:9:7::: and ssh with keys works fine What is in Michaels passwd and shadow? Maybe he does not use shadow passwords and the behaviour is different ? Another thougt, are there any AVCs in /var/log/audit/audit.log, maybe it is a selinux issue? Michael? -- Markus Resident do not top post guerilla http://centos.org/modules/tinycontent/index.php?id=16 (The guidelines part) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mdraid strange surprises...
On 09.Okt.2013, at 16:55, John Doe wrote: Hey, I installed 2 new data servers with a big (12TB) RAID6 mdraid. ... Since my desktop is a RAID1 mdraid on 2 disks, I decided to have a look for fun... Apart from some low count mismatches, I did not have many problems... Did the whole check+repair+check on 3 mds and had a look at mdstat... I think there should not be any count mismatches with raid 6, but... md raid 1 is another beast. Such count mismatches can happen fairly easily. a page in the virtual memory is modified, eventually it sends it to both disks. One disk is a little bit slower, and you have your potential mismatch. As I understand, the raid check does not care about virtual memory but acts on physical disk sectors. If the raid check checks a block in the very moment where one disk has written it but the other disk *not yet* then..., well, you get it? I do not know exactly about md's raid 6, but I always thougt that this false positive mismatch count thing was raid 1 specific. Because of this all I also would tend to turn off the weekly raid check cronjob for md raid 1 And mdraid seems not alarmed about it... 1. Is there something to activate to get some kind of mdraid warnings? In /var/log/messages I cannot find any alarming message. $ chkconfig --list mdmonitor mdmonitor 0:off 1:off 2:on3:on4:on5:on6:off configure it with a working email address. And there *are* entries in /var/log/messages. Could it be that this happened a long time ago, you did not notice and the log files rotated out? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] remote sudo script
On 08.Okt.2013, at 04:51, Tim Dunphy wrote:
...
But more importantly, when I try to pop the above two working statements
from the command line into a script, the following occurs:
[tdunphy@MIAGRBISSH01V ~]$ for i in MIAGRBIORCA0{0..9}V MIAGRBIORCA1{0..2}V
do
ssh -q -t -t -t $i sudo -S 'cp -v /data/solr-4.3.1/zoe/etc/logback.xml
/tmp/logback.xml-${i}-$(date +%Y%m%d).bak' EOF
secret_sauce
EOF
ssh -q -t -t -t $i sudo -S 'ls -l /home/tdunphy/logback.xml-${i}-$(date
+%Y%m%d).bak' EOF
secret_sauce
EOF
done
tcgetattr: Inappropriate ioctl for device
`/data/solr-4.3.1/zoe/etc/logback.xml' - `/tmp/logback.xml--20131007.bak'
The cp did work, sudo accepted the password.
Note that ${i} was not interpolated into the file name.
tcgetattr: Inappropriate ioctl for device
-rw-r--r-- 1 root root 3372 Oct 7 22:07
/home/tdunphy/logback.xml--20131007.bak
the ls did work
tcgetattr: Inappropriate ioctl for device
[sudo] password for tdunphy:
But what's that?
Is the password the same on all hosts, i.e. it works for one host, but not the
other?
Or do you have another ssh in the for loop you did not tell us about?
Try do add some debugging output with the hostname into the loop.
--
Markus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php fopen ssl error
On 25.Sep.2013, at 13:57, Kai Schaetzl wrote: This should really be directed at a PHP forum. I would suspect that something with the server certificate is not ok. oh my, centos says it's php thing php says, what?, 5.1.6 is seven years old http://marc.info/?l=php-generalm=138011820514388 The backporting oath? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php fopen ssl error
On 24.Sep.2013, at 17:51, Markus Falb wrote: Hi, With CentOS php53 I get an SSL Error ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 This is wrong information. The error is only present with php 5.1.6, not php 5.3. I got this wrong. Sorry. But it it is a problem, I just do not know how to deal with it. https://bugs.php.net/bug.php?id=39039 -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php fopen ssl error
On 25.Sep.2013, at 20:22, Leon Fauster wrote: Am 25.09.2013 um 18:39 schrieb Markus Falb wne...@gmail.com: On 25.Sep.2013, at 13:57, Kai Schaetzl wrote: This should really be directed at a PHP forum. I would suspect that something with the server certificate is not ok. oh my, centos says it's php thing php says, what?, 5.1.6 is seven years old http://marc.info/?l=php-generalm=138011820514388 The backporting oath? You wrote on this list something about php53 package, right? Sorry, I messed it up. This thing is about php (not php53), i.e. php-5.1.6-40.el5_9 -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] php fopen ssl error
On 25.Sep.2013, at 19:58, Reindl Harald wrote: Am 25.09.2013 18:39, schrieb Markus Falb: On 25.Sep.2013, at 13:57, Kai Schaetzl wrote: This should really be directed at a PHP forum. I would suspect that something with the server certificate is not ok. oh my, centos says it's php thing php says, what?, 5.1.6 is seven years old http://marc.info/?l=php-generalm=138011820514388 The backporting oath? any why do you not update your crap? PHP 5.1 is irrelevant these days Now I am irritated. RHEL 5 is supported until 2017, so is CentOS 5, isn't it? It comes with php and it comes with php53. You tell me I am a crapper because I use php. I would have expected such things from the php mailing list, but on CentOS…. In other words, do not tell me on the CentOS Mailing List that I am dumb if I use a package provided by CentOS (that's silly) that's why CentOS/RHEL provides 5.3 packages without break environments rely on 5.1 It really doesn't break? I cant believe that. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] php fopen ssl error
Hi, With CentOS php53 I get an SSL Error ?php $handle = fopen(https://maps.google.com;, r); $contents = stream_get_contents($handle); fclose($handle); ? will result in something like Warning: stream_get_contents(): SSL: fatal protocol error in bla.php on line 3 Some https pages do not raise this error, e.g. https://www.redhat.com is fine What is wrong? How to debug? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grub command line
On 15.Sep.2013, at 11:37, Ahmad AlTwaijiry wrote: Hello Everyone I have a remote CentOS 6.4 server (with KVM access), when I received the server it was running with LVM on single disk (sda) I managed to remove LVM and install raid 1 in sda and sdb disks the mirroring is working fine, my only issue now is that everytime I reboot the server I got the grub command line and I have manually boot using comand ... I tried almost everything I can find in the internet. You did reinstall grub? Something like (or similar) $ grub-install /dev/sda $ grub-install /dev/sdb Note: each disk (sda sdb) is 2TB size, could this be the problem? No. I do not think so. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum problem
On 07.Sep.2013, at 18:41, Phil Dobbin wrote: On 07/09/13 15:07, Brian Miller wrote: On Sat, 2013-09-07 at 13:01 +0100, Phil Dobbin wrote: I'm experiencing a problem with Yum. When I call 'sudo yum update' it tells me that it can't find any mirrors after doing a 'sudo yum clean all' it just informs me it can't find any base repo quits. This is on a brand new installation of CentOS 6.2 x86_64. I suffered the same problem with Fedora 19 too. I have several Ubuntu Mac OS X machines that suffer no network connection problems I can connect to the InterWeb just fine (via two HP Procurve 2426s). But can you connect to the 'net via the newly-installed CentOS box? brian Yep, no problem at all. Ping all other network devices are working too. You have network connectivity but yum does not work. ping works, but yum does http. Maybe you need to configure a proxy? Have a look at a working Browser's Proxy Configuration. Another idea: check if you are able to resolve names via DNS. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] elrepo kmod-sk98lin.i686
On 02.Sep.2013, at 22:14, Steve Brooks wrote: [2] This motherboard has a Marvell 88E8052 as a second NIC, currently disbled in the BIOS. Problem is that the 88E8001 NIC has to be eth0 as it is the one used in a flexlm license server file. In Centos five how can you *force* a given NIC controller to always post at eth0 ? I think that setting HWADDR in ifcfg-eth0 should do the trick. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redirecting web requests from localhost
On 28.Aug.2013, at 21:49, Miguel González wrote: So, how can I redirect for instance 443 traffic to a specific IP to the local IP address of the local server? I have tried this: iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80 -j DNAT --to YYY.YYY.YYY.YYY I think you has to do POSTROUTING anyway, check the port, it is wrong at least in your post - 80 vs. 443 or dummy interface, in ifcfg-dummy, something similar to this: DEVICE=dummy BOOTPROTO=none ONBOOT=yes TYPE=Ethernet NETMASK=255.255.255.255 IPADDR=XXX.XXX.XXX.XXX -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redirecting web requests from localhost
On 29.Aug.2013, at 02:55, Markus Falb wrote: On 28.Aug.2013, at 21:49, Miguel González wrote: So, how can I redirect for instance 443 traffic to a specific IP to the local IP address of the local server? I have tried this: iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80 -j DNAT --to YYY.YYY.YYY.YYY I think you has to do POSTROUTING hmm, locally generated messages do not pass the PREROUTING AFAIK this was why I was suggesting POSTROUTING, but... POSTROUTING is wrong too according to the manpage for iptables DNAT: This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. If I read it correct, this rule should go into the OUTPUT chain. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] su logging
On 27.Aug.2013, at 21:02, Eero Volotinen wrote: Is there nice way to get more logging for all su - logins? pam? What exactly do you want to be logged? I get entries in /var/log/secure Aug 28 00:38:51 xxx su: pam_unix(su-l:session): session opened for user root ... Aug 28 00:39:23 xxx su: pam_unix(su-l:session): session closed for user root ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] su logging
On 28.Aug.2013, at 00:43, Markus Falb wrote: On 27.Aug.2013, at 21:02, Eero Volotinen wrote: Is there nice way to get more logging for all su - logins? pam? I get entries in /var/log/secure I also get entries in /var/log/audit/audit.log, these are probably more trustworthy. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6.4 problem with double spaced printing
On 26.Aug.2013, at 00:25, Billy Davis wrote: We have a Centos 5.8 32 bit server that has been printing fine since we installed it. Recently, we also installed a new server with 64 bit Centos 6.4. On both servers, we print all reports with a simple 'lp' command. The new server prints all reports with double spacing. We looked at the text file that is being printed and found that it contains both 'cr' and 'nl' characters. On the 5.8 server, this does not seem to be a problem, but on the 6.4 server, it is. Does anyone know of a fix for this problem? rfc 2822 says - CR and LF MUST only occur together as CRLF; they MUST NOT appear independently in the body. so in mail, a new line is \r\n In a unix environment, if you write text, a new line is only \n something has to convert \n to \r\n for mail But what to do if there is already \r\n ? sendmail accepts it as it is, it seems, \r\n is passed through postfix acts slightly different, it knows that the new line separator is \n and this \n is converted to \r\n, but the first \r remains, and rfc 2822 says , hey above quote, MUST NOT appear independently, so it makes the \r to \r\n, the end result is \r\n\r\n On UNIX the newline character is only \n per definition, and if you feed text to a unix binary that is supposed to convert the text to something rfc compliant, then your best strategy is probably to feed the text according to unix newline rules. On unix do not end text with \r\n. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a tutorial or manpage describing sysctl params
On 24.Aug.2013, at 11:57, adr...@pa0rda.nl wrote: Hi, I'm looking for a toturial or manpage describing all the thing that you can set with sysctl on RHEL 6 or CentOS 6. It apperas the the default /etc/sysctl.conf coming with the distribution gives a couple of errors on bridgen. $ sysctl -a gives you a list of all things you can set Besides google or similar, documentation for these things are in the documentation for the kernel install the kernel-doc package you can get a list of possibly interesting files (although this list may be not comprehensive, I do not know) with $ rpm -ql kernel-doc|grep sysctl -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL Subscriptions
On 19.Aug.2013, at 04:30, Anthony K wrote: I was recently approached by Dell stating that I HAVE TO renew my Red Hat Subscriptions. How does Dell know what OS your are running? Should they know what OS you are running? Dell provides the hardware only? I am confused about this. I do not have experiences with Dell, though. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firewall will not disable - stumped!
On 07.Jul.2013, at 14:57, Bob Metelsky wrote: very perplexed here - I need to turn off iptables. Ive tried … Yet - when I reboot iptables gets started - if I run ... Note -- 192.168.122.0/24 is NOT my network This could be the default network from libvirt. The kvm host does NAT from that network if the guest is configured to use it. You can undefine it with some virsh foo $ virsh net-destroy default $ virsh net-undefine default -- Markus Falb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] This isn't supposed to be difficult (how to nntp post to the Gmane Pan user group)
On 04.Jul.2013, at 10:34, Rock wrote: I realize this is (mostly) off topic, but I'm befuddled as to *how* one can post to the Gmane Pan Users' group (gmane.comp.gnome.apps.pan.user) using any nntp USENET client (e.g., Pan, on Centos). It is (fully) off topic That said, if you post the first time to a mailing list per gmane then gmane will send you a mail that you must answer. You post per nntp the first time gmane sends you a email per smtp you reply to that email you wait some time ... something like that, but as said, when you have problems with gmane, ask gmane. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] automatic import of rpm keys
On 14.Jun.2013, at 13:20, James Hogarth wrote: I think I am getting a little confused about these trust things. How am *I* supposed to verify the validity of those public keys. If you really want to be sure what you should do is compare them from your system to a trusted source such as the CentOS website, CentOS main repositories, CentOS IRC channel or here ;) So I hardcode the keys in my %post and compare them to what was installed, instead of blindly importing them …snip # import the pgp key cmp /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 - GUGU -BEGIN PGP PUBLIC KEY BLOCK- shiny KEY GOES HERE -END PGP PUBLIC KEY BLOCK- GUGU if [ $? == 0 ]; then rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 fi snap... still not quite sure what to do if the key does not match in the previous comparison. however, here are the keys I know of and if someone keys does not match she might raise her hands. (what is the RPM-GPG-KEY-CentOS-Security-6 key for?) # gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 pub 4096R/C105B9DE 2011-07-03 CentOS-6 Key (CentOS 6 Official Signing Key) centos-6-...@centos.org Key fingerprint = C1DA C52D 1664 E8A4 386D BA43 0946 FCA2 C105 B9DE # gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Debug-6 pub 4096R/D0FF3D16 2011-07-03 CentOS-6 Debuginfo Key (CentOS-6 Debuginfo Signing Key) centos-6-debug-...@centos.org Key fingerprint = 69B3 0F26 BA2B 3AA4 C27C E4F5 3B75 CF79 D0FF 3D16 # gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Security-6 pub 4096R/FE837F6F 2011-07-03 CentOS-6 Security Key (CentOS-6 Official Security Key) centos-6-security-...@centos.org Key fingerprint = 0830 F43C 928A A5A8 A6F1 AF97 0B13 2C3F FE83 7F6F # gpg --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Testing-6 pub 4096R/EF1D6DB8 2011-07-03 CentOS-6 Testing Key (CentOS-6 Test and Beta Signing Key) centos-6-testing-...@centos.org Key fingerprint = 4233 9C29 8BC4 352C A4F9 7504 119C 1A87 EF1D 6DB8 -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ipv6 only kickstart installs
Hi, I have a kvm host and I try to install a centos 6 guest with a static ip address. When I do a manual install I eventually get to the network configuration and if I enter IP, gateway and DNS Server I can ping6 the guest from the host and I can ping6 the guest from outside. I do not want to do manual installation, so I have to specify a url to a kickstart file, but to download it the network must be configured. I try some kernel options noipv4 ipv6=... gateway=... dns=... ks=http… This gets me so far that I can ping6 the guest from the host, but I can not reach it from outside. When I ping from outside I see the guest sending neighbor solicitation requests for the IP I ping from, but this IP is in another network. I think the guest does not get a gateway configured. At least the ipv6 option is working, because I can ping the guest from the host. How do I achieve such a ipv6 only with static network configuration kickstart install? How to specify ipv6 gateway (and possibly dns) -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] automatic import of rpm keys
On 13.Jun.2013, at 13:14, James Hogarth wrote: I am wondering why this import is not happening automatically at install time. There must be good reasons for that? Anaconda doesn't actually carry out gpg checks... I think it had that added during the fedora 18/19 rewrite so EL7 might cover that but certain EL5 and EL6 won't have that … It makes sense then. Since anaconda does not check the signature of the centos-release rpm it can not ensure that the contained public key is not faked and leaves this exercise to the user. I think I am getting a little confused about these trust things. How am *I* supposed to verify the validity of those public keys. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] automatic import of rpm keys
Hi, I read http://www.stigviewer.com/check/RHEL-06-08 The CentOS keys live in /etc/pki/rpm-gpg and when I run yum the first time I am asked if I want to accept the key. Alternatively I could import them manually with something like 'rpm --import /etc/pki/rpm-gpg/$key, maybe in the %post of a kickstart. I am wondering why this import is not happening automatically at install time. There must be good reasons for that? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Virtualization in RHEL
On 08.Jun.2013, at 14:03, Fidel Dominguez wrote: What I want to achieve is to install a virtual machine from a ks.cfg on RHEL 6 How would you do it with a bare metal machine? I do not think your question has anything to do with virtualization. That said, try virt-manager, while creating a new machine you can specify kernel and initrd *and* kernel parameters http://$whatever/centos/6/os/$arch/images/pxeboot/vmlinuz http://$whatever/centos/6/os/$arch/images/pxeboot/initrd.img ks=$url to your kickstart file -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Frustrated. Java on Centos 6 doesn't give an error message when downloading from a Samsung Galaxy S3
On 02.Jun.2013, at 04:57, Rock wrote: Thanks everyone for your help - and I hope someone with a Redhat subscription takes Ljubomir's advice of filing a bug report against MTP so that the proper solution is in place for the future. I did not read the whole thread, but I just wanted to add: You don't have to purchase a redhat subscription to file into their bugzilla. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Run multiple instance of apache
On 27.Mai.2013, at 10:15, HAJJ CHEHADE, Ahmad wrote: I am trying to run 2 instances of apache on centos since 2 weeks with no lucks :S, exactly on the same IP address but different port. I've set up two configuration as follow: /etc/httpd and /etc/httpd2, and I duplicated the httpd service, so now I have 2 httpd service each one run an httpd conf. Now when I am trying to restart the first httpd service, it give the following httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName but the status is OK. And when I try to restart the httpd2 service, it give the same error with a failed status. Some internet research told that I have to put a serverName in httpd.conf (server name was commented) so I change it with the hostname of my VM. Now when I try to restart httpd2 the error message disappear, but his status is always failed. selinux maybe? have a look at /var/log/audit/auditd.log while starting httpd2. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS source rpm repository setup
On 21.Mai.2013, at 15:53, Toralf Lund wrote: Hi. I thought I might set up my CentOS 6 system with a source rpm repository config, so that I'll be able to download srpm files via yumdownloader --source or similar. … The question is, what I specify as baseurl? The above does not actually work, as http://mirror.centos.org/ does not have SRPMS subdirectories, although I believe it did in the past for earlier versions. So, does anyone know of URLs I can use instead? They moved it into the vault some time ago. http://vault.centos.org -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best configuration for encrypted software RAID 1?
On 15.Mai.2013, at 18:22, Dave Johansen wrote: My main question is will it be better to encrypt the RAID itself or the two partitions used by the RAID? encrypt data once and let md mirror the encrypted stuff or let md mirror and encrypt data twice, once per raid member. Encryption is CPU hungry. Performance wise the winner seems clear. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a good nntp client for Centos 6 that handles SSL native?
On 05.Mai.2013, at 08:37, Rock wrote: On Fri, 03 May 2013 12:32:28 +0200, Markus Falb wrote: What exactly do you mean with that? When setting up Thunderbird for NNTP, TB asked questions like incoming and outgoing user name, which are meaningless for NNTP (AFAIK); and TB didn't give any place to add any other server than an SMTP server; and even then, it didn't allow for a port change to 563. I'm sure if I dug further into the TB setup I could set it up for NNTP, but it was extremely clear (like bright blinding sunlight), that either I was in the wrong setup or that TB wasn't meant for USENET news ease of use. I think that with thunderbird you get a kind of first start setup wizard. *skip that* (I think I'll configure my account later) Preferences (you *will* find that ;-) - Account Settings - Account Actions - Add Other Account - Newsgroup account Afterwards you can set SSL/TLS -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a good nntp client for Centos 6 that handles SSL native?
On Wed, 2013-05-01 at 18:20 +, Rock wrote: ... Q: What nntp client handles SSL native on Centos 6? evolution -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a good nntp client for Centos 6 that handles SSL native?
On 03.Mai.2013, at 08:12, Rock wrote: On Thu, 02 May 2013 20:36:53 -0500, Rex Dieter wrote: I like knode (in kdepim rpm) … So, looking for a Centos RPM repository: $ yum --noplugins --showduplicates --enablerepo \* --disablerepo c6- media,\*-source,\*debug\* provides */knode you likely missed it because of all the language rpms. $ yum -q provides /usr/bin/knode 6:kdepim-4.3.4-6.el6.x86_64 : PIM (Personal Information Manager) applications Repo: base Matched from: Filename: /usr/bin/knode As rex told us ;-) -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a good nntp client for Centos 6 that handles SSL native?
On 02.Mai.2013, at 00:54, Rock wrote: I also found out elsewhere that Thunderbird has native SSL support - but TB treats NNTP as SMTP which makes it difficult, if not unwieldy to use. What exactly do you mean with that? At times I use thunderbird with the gmane news to mail gateway and it seemed to worked great for me. I did not bother with ssl for that, though. -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart and volume group with a dash in the name
On 02.Mai.2013, at 18:13, Dennis Jacobfeuerborn wrote: The problem is that kickstart doesn't allow dashed in volume group names? It seems so. https://bugzilla.redhat.com/show_bug.cgi?id=186439 https://bugzilla.redhat.com/show_bug.cgi?id=407701 https://bugzilla.redhat.com/show_bug.cgi?id=430907 http://rhn.redhat.com/errata/RHBA-2009-0164.html If I understand it correct then it should have been fixed long ago. I tried it. CentOS 5 does *not* strip the dash Fedora 18 does *not* strip the dash but CentOS 6 *does strip* the dash It seems like a regression. You are using CentOS 6, aren't you? Would you mind filing a bugzilla? -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] repeat command
On 02.Mai.2013, at 23:37, Alfred von Campe wrote: On May 2, 2013, at 17:34, Michael Mol wrote: On 05/02/2013 05:05 PM, Matt wrote: There is a unix command called repeat. repeat 10 some_command Basically repeats some command ten times. Is it available on Centos 6 and what package provides it? # yum whatprovides *bin/repeat [snip] No Matches found I was going to post the same information about finding out with yum whatprovides. FWIW, repeat is a built-in command in tcsh. Maybe that's where you've seen it before. You could use that with CentOS $ csh -c repeat 10 ... $ tcsh -c repeat 10 … $ rpm -qf /bin/tcsh tcsh-6.17-24.el6.x86_64 -- Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] repeat command
On 03.Mai.2013, at 00:01, John R. Dennison wrote:
On Thu, May 02, 2013 at 04:26:06PM -0500, Matt wrote:
repeat 10 dig @server-ip-address +short +tries=1 +time=1 your-zone.com a
Can I do that with watch?
No. But you can do it with 'seq':
for x in $(seq 1 10); do dig @server-ip-address +short +tries=1 +time=1
your-zone.com a; done
this works but at least with bash you can do it with brace expansion
for x in {1..10}; do … ; done
it's a bashism but maybe more portable, e.g. OS-X has no seq
no fork (for the seq) is necessary as well
--
Regards, Markus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] repeat command
On 03.Mai.2013, at 01:45, John R. Dennison wrote:
On Fri, May 03, 2013 at 01:36:36AM +0200, Markus Falb wrote:
this works but at least with bash you can do it with brace expansion
for x in {1..10}; do … ; done
it's a bashism but maybe more portable, e.g. OS-X has no seq
no fork (for the seq) is necessary as well
True. Thing I like about seq is that it also takes an optional
increment value which can be very handy at times.
$ echo {1..10..2}
--
Markus
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] ovf conversion
On 29.3.2013 15:17, Van wrote: 29.03.2013, 16:08, Markus Falb markus.f...@fasel.at: ... $ virt-convert -i ovf -o virt-image path_to_image.ovf ERRORCouldn't convert disks: Disk conversion failed with exit status 1: qemu-img: Could not open 'path_to_image.vmdk' 1) convert VirtualBox img-file to raw The question was *how* to convert. Anyways, I tried the virt-convert/qemu-img from Fedora 18 and it worked. -- Kind Regards, Markus Falb ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] ovf conversion
I try do use one of the images available from [1] These images comes in two flavors, one vmx, one ovf. I do not know how to convert one of these to centos6-libvirt-kvm virt-convert gives me an error $ virt-convert -i ovf -o virt-image path_to_image.ovf ERRORCouldn't convert disks: Disk conversion failed with exit status 1: qemu-img: Could not open 'path_to_image.vmdk' The vmdk does exist. It seems that qemu-img can not handle this vmdk format. I am also not sure if v2v could do it. I think the essence of my post is the question Is it possible to use vmx or ovf images with kvm, possibly after converting them? [1] http://info.puppetlabs.com/download-learning-puppet-VM.html -- Kind Regards, Markus Falb ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] OT: A lightweight monitor software
On 15.Mär.2013, at 08:39, C. L. Martinez wrote: I have a test lab installed over an ESXi 5.1 host that contains 5 CentOS vm guests. I would like to monitor CPU, RAM and Network for these vm and ESXi host. Zabbix and Nagios are too to accomplish this task. Does anyone know any lightweight openosurce soft to do this?? you could use kSar to look at the stats collected by sar http://www.cyberciti.biz/tips/identifying-linux-bottlenecks-sar-graphs-with-ksar.html -- Kind Regards, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lockups with kernel-2.6.32-358.0.1.el6.i686
On 08.Mär.2013, at 19:28, Kwan Lowe wrote: On Fri, Mar 8, 2013 at 12:33 PM, SilverTip257 silvertip...@gmail.com wrote: If it's not memory related (test this memory in another system) then it is probably a motherboard failure. I've seen weird symptoms where the system will boot fine, but once the Linux kernel begins to build its cache it triggers a lock up/throws an exception. :) I've also swapped the motherboard. *Every* component except for the case and the SSD boot drive has been swapped. This is going on now for almost two weeks. I tell you of one very stable system that was not stable the other day. It was locking up in half hour frequency after running stable for years. It turned out that the temperature was not monitored on this system, the cpu fan got angry about this fact, stopped to work and it was getting hot. After replacing the fan you might think *problem solved* but nah. It kept locking up. It turned out that an adapter for the power supply had a loose contact. Do you think that think loose contact could have been introduced while fixing the fan? -- Kind Regards, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID MD10
On 04.Mär.2013, at 17:20, John Plemons wrote: Raid 10 is a mirrored stripped set of at least 4 driver. You can of course build a layered raid 0 above some raid1 arrays, but linux md raid10 is another beast. Actually you can build a raid10 with only 2 disks. The theoretical benefit is that is is striped, so even one single process benefits from it. If you use raid 1 a single process does use only 1 disk as far as I know. http://en.wikipedia.org/wiki/RAID#Non-standard_levels One disadvantage is that you can not grow or expand it easily, which means it is inflexible, which is why did not want to use it. -- Kind Regards, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RAID MD10
On 04.Mär.2013, at 17:39, m.r...@5-cent.us wrote: zGreenfelder wrote: On Mon, Mar 4, 2013 at 11:20 AM, John Plemons j...@mavin.com wrote: Raid 10 is a mirrored stripped set of at least 4 driver. You get the best of both worlds, data speed and data back up.. yeah, that's the industry standard. he's asking you to go find and read http://en.wikipedia.org/wiki/Raid10#Near_versus_far.2C_advantages_for_bootable_RAID wherein they mention that linux md devices can do what they call a raid 10 on 2 drives. and then details some of the reasons you might want to do such a thing. I can't see any reason to go with the sorta raid 10 on only 2 drives. from that article, I'd the only sane choice for raid 10 on 2 drives is the 'far' config on SSD drives. but that's just my opinion. I don't think I'd ever pick raid10 on 2. from the entry: ...copies of a block of data are near each other or at the same address on different devices or predictably offset: Each disk access is split into full-speed disk accesses to different drives, yielding read and write performance like RAID 0 but without necessarily guaranteeing that every stripe is on both drives which then some (and by murphy's rule will be the most critcal) will go from being raid 10 to raid0. and likely 0 on the drive that fails. AHHH! I didn't read closely enough, and missed that lack of guarantee. Thanks, *that's* the kind of discussion I was looking for. Note that you can do 2 copies to 3 disks, or 3 copies to 4 disks, … Of course not every stripe is on *every* disk in that case. If you have 2 copies, one disk may fail fail. If you have 2 copies on 2 disks, 1 disk may fail. That's how I read it. -- Kind Regards, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ssh debug
Hi, I try to understand the debug messages from ssh $ ssh -vv whateverhost ... debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received ... debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 … why are some log entries duplicated? Is it a bug? And how can I tell if it is telling me capabilities of the client or of the server? -- Kind Regards, Markus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
