Re: [CentOS] Fwd: HA cluster - strange communication between nodes
On 13-01-14 14:52, Martin Moravcik wrote: Hi, For a testing purposes I'm trying to create two node HA environment for running some service (openvpn and haproxy). I installed two CentOS 6.4 KVM guests. Iirc CentOS 6.5 came with several updates to cluster related packages so you may want to investigate and update to 6.5. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to inject a kmod driver from elrepo into kickstart
On 12/07/2013 05:15 AM, psavoie1783 wrote: On 06/12/13 09:37 PM, Patrick Lists wrote: On 12/07/2013 02:39 AM, psavoie1783 wrote: Hi All, I have a marvel chipset for my wired laptop connection. It uses the kmod-sk98lin-10.93.3.3-1.el6.elrepo.x86_64.rpm driver at elrepo. I would like to use this driver to activate the wired connection to kickstart my laptop as I have pxe booting set upon my home network. Could anyone please enlighten me as to how to get the drivers/firmware from this package loaded on my laqptop so I can use kickstart to load the OS, please? Add a local apache/httpd powered repo to your kickstart: repo --name=sk98 repo --baseurl=http://myrepo/CentOS/6/x86_64/kmod-sk98lin-10.93.3.3-1.el6.elrepo.x86_64.rpm; 'myrepo' is the pxe/kickstart server hostname and the kmod-sk98lin rpm driver has been copied to /var/www/html/CentOS/6/x86_64. Make sure httpd is running # service httpd start Run createrepo: # cd /var/www/html/CentOS/6/x86_64/ # createrepo -v -d . Fire up laptop and kickstart it. Regards, Patrick Thank you Patrick, I am pxe booting off the marvel card and in order to be able to do what you suggest, I think I need the driver to be installed to get the kickstart file first. Otherwise, how would the installer get it? Sorry, misread the question. I guess you need to create a driver disk. Google how to create them or check these links: http://serverfault.com/questions/374870/how-to-build-a-driver-disk-for-an-anaconda-install-centos-6 http://www.ruizs.org/archives/49 And when booting you need something like linux dd=url_to_driver.img Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to inject a kmod driver from elrepo into kickstart
On 12/07/2013 02:39 AM, psavoie1783 wrote: Hi All, I have a marvel chipset for my wired laptop connection. It uses the kmod-sk98lin-10.93.3.3-1.el6.elrepo.x86_64.rpm driver at elrepo. I would like to use this driver to activate the wired connection to kickstart my laptop as I have pxe booting set upon my home network. Could anyone please enlighten me as to how to get the drivers/firmware from this package loaded on my laqptop so I can use kickstart to load the OS, please? Add a local apache/httpd powered repo to your kickstart: repo --name=sk98 repo --baseurl=http://myrepo/CentOS/6/x86_64/kmod-sk98lin-10.93.3.3-1.el6.elrepo.x86_64.rpm; 'myrepo' is the pxe/kickstart server hostname and the kmod-sk98lin rpm driver has been copied to /var/www/html/CentOS/6/x86_64. Make sure httpd is running # service httpd start Run createrepo: # cd /var/www/html/CentOS/6/x86_64/ # createrepo -v -d . Fire up laptop and kickstart it. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] died again
On 12/03/2013 10:16 PM, Michael Hennebry wrote: I found my fans and am about to get some thermal Make sure you make a note in which direction all the fans in the PC are blowing. Usually there is an arrow on them which tells you which way they blow but you can also feel it by holding your hand in front of them. The replacement fans need to blow in the same direction so think about that when putting them in. grease and a megohm resistor for static discharge. Sometime today or tomorrow I will likely open the case with fear and trepidation. Don't worry. It's nothing like it was in the eighties when stuff fell apart by merely looking at it (except for the IBM keyboards). The sides and top of the case are metal, but painted with an insulator. The front is plastic. The back is metal. I expect I should touch that before opening the case. As far as I know touching something that's properly grounded should do it. Maybe something like gas/water/heating pipes (unpainted bare metal). Stating the obvious but please do disconnect the power cord before doing anything and wait a minute. If the power supply itself has an on/off switch (usually at the back) then leave the switch on and disconnect the power cord. If it also has a light you can see it go dark. Even after the power supply has been disconnected it can still have a charge so don't go poking any metal objects in there unless you want smoke coming out of your ears. What about after? Is there something else I should touch before trying to edit its guts? Don't think so but refrain from touching the actual chips. And do it near a lamp with a lot of light. If thermal grease is the problem, how do I find out and how do I clean off the old stuff? There are a lot of instructions here: http://www.arcticsilver.com/intel_application_method.html# I've read that just adding more is not a good idea. Correct. You only need a really small amount of it. It's only needed to fill any air pockets (=lot's of heat getting trapped) with thermal paste between the cpu and the heatsink so the heat is guided away through the heatsink instead of getting stuck and frying your cpu. Clean both the heatsink and the cpu so the old stuff is removed. Only then you apply thermal paste only on the cpu (not on the heatsink). Read the instructions at the link I gave you earlier. If I add to much thermal paste, what do I do about it? Remove it with a credit card or something non-metallic similar. Read through the instructions at the link I gave you earlier. I usually remove dust with a vacuumcleaner where I can without touching anything in the PC. If you want to do it the fancy way get a can of compressed air and blow the dust straight out. Good luck. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Story of an email
On 11/28/2013 10:34 PM, Timothy Murphy wrote: I'm running postfix + dovecot on my CentOS server, together with amavisd, clamd and spamassassin, following the instructions in http://wiki.centos.org/HowTos/postfix. As far as I can see it is all working, but I must admit I'm not clear exactly what path an incoming email travels along. I asked this question before, and someone suggested a document I should read, but unfortunately I've mislaid the note I made at the time. So if someone could enlighten me - or point to a source of enlightenment - I should be most grateful. http://www.postfix.org/OVERVIEW.html Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Machine check events
On 11/26/2013 03:11 PM, Glenn Eychaner wrote: [snip] The current kernel I am running is 2.6.32-358.23.2, but I can't tell whether it has CONFIG_X86_MCE enabled. How can I find this out? $ grep CONFIG_X86_MCE /boot/config-2.6.32-358.23.2.el6.x86_64 CONFIG_X86_MCE=y CONFIG_X86_MCE_INTEL=y CONFIG_X86_MCE_AMD=y CONFIG_X86_MCE_THRESHOLD=y CONFIG_X86_MCE_INJECT=m Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A last, desperate hope - video modes
On 10/24/2013 04:42 PM, m.r...@5-cent.us wrote: Hi, folks. This is, in fact, off-topic: I'm fighting a user's FC19 box. I updated him, rebooted... and his ATI video card seems to not be supported any more (and it's *not* that old - an RV620). Google says it's from 2007 which make it ancient in Internet years :) Afaict it's a FirePro / Radeon HD 3000 series and one solution is to use the proprietary Catalyst *Legacy* driver ( 13.1). The good folks over at elrepo.org have created kmod-fglrx-legacy for these old cards. I don't know if that's EL6 only or that they have one for F19 too. Alternatively check rpmfusion.org. Looking at the output of modinfo radeon the RV620 is mentioned. That suggests that it should work with the radeon.ko kernel driver. Is the PCI address of your card listed in the output of modinfo radeon? You can find it with 'lspci'. The thing that drives me crazy is, when I reinstalled the whole system, whatever video driver the installer used for graphical install *worked*. So: does anyone have any idea a) what driver that uses, and b) how to force grub2 to use it (or do I also need to do this to the initrd)? Maybe it was using the vesa video driver. Iirc you can force that by booting the kernel with 'xdriver=vesa'. Or you could try 'xdriver=radeon'. For more info see: http://docs.fedoraproject.org/en-US/Fedora/19/html/Installation_Guide/ch10s02.html#idm43623936 If the vesa driver works fine, if necessary, you could create an xorg.conf which uses the vesa driver. Maybe you also need to blacklist the radeon kernel module if that gets in the way. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] A last, desperate hope - video modes
On 10/24/2013 07:03 PM, m.r...@5-cent.us wrote: Btw, one more note: taking out all kernel lines, blacklist, and just a *real* basic xorg.conf, in Xorg.0.log, the very first thing I see is X.Org X Server 1.14.3 Release Date: 2013-09-12 [56.756] X Protocol Version 11, Revision 0 [56.756] Build Operating System: 3.10.9-200.fc19.x86_64 ^^ [56.756] Current Operating System: Linux ... 3.11.6-200.fc19.x86_64 #1 SMP Fri Oct 18 22:34:18 UTC 2013 x86_64 ^^ So it's obviously not good. FWIW the latest kernel available in my local Fedora repos is also 3.11.6-200. What happens when you remove the xorg.conf and blacklisting and all other tweaks you tried and reboot? What does the Xorg.log say if something fails? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting up postfix under CentOS-6
On 09/13/2013 12:56 PM, Timothy Murphy wrote: Ned Slider wrote: I didn't find anything wrong in the document in question (http://wiki.centos.org/HowTos/postfix), except that a couple of packages mentioned (ystem-change-mail*) don't seem to exist in CentOS-6. That was for switching the default MTA in EL5. As Postfix is already the default in EL6 it is simply not needed. That's not the case. If you upgrade from CentOS-5 to CentOS-6, which I imagine the vast majority of people did, In my experience, in an enterprise environment, servers do not get upgraded (note up*g*raded, not updated). Instead new servers are installed with EL6 and the old ones with EL5 are phased out. This makes sense not only because you do not want to impact operations with a potentially hazardous upgrade but also because it is an opportunity to deploy the latest version of any apps that will be running on top of the shiny new EL6 instance (think Oracle, SAP, etc.). If I understand your situation correctly than maybe it it's easier to install EL6 on a spare box or as a VM, get postfix going, document it, and then do the move from sendmail to postfix. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting up postfix under CentOS-6
On 09/12/2013 12:03 PM, Timothy Murphy wrote: I recently, perhaps foolishly, changed over a remote server from sendmail/procmail to postfix/amavis/spamassassin/clamd , and I'm finding it difficult to configure this setup. The CentOS document http://wiki.centos.org/HowTos/postfix explicitly says that its instructions may not work in CentOS-6. Does anyone know of reasonably simple postfix documentation for CentOS-6? Read Postfix: The Definitive Guide or The Book of Postfix. Years ago I read the first and used it to setup multiple domains with virtual accounts. Works perfectly to this day. Also heard good things about the 2nd book. Both should give you ample knowledge how to setup Postfix. I've been amazed how bad the postfix documentation is. It actually seems to be worse that sendmail documentation, which I thought established a record for this sort of thing. The official documentation at http://www.postfix.org/documentation.html is ludicrously wordy, with every conceivable option listed in random order. Imho the Postfix documentation is excellent. Admittedly it does not do any handholding but once you are familiar with it, it's very helpful to have such an elaborate overview of all possible options. I would suggest to start with a basic Postfix setup without all the bells and whistles, get that going and then slowly add things like anti-spam rules, amavis etc. Using git for your configs helps reverting if something blows up. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Red Hat Software Collections on CentOS?
On 08/17/2013 06:17 PM, Ljubomir Ljubojevic wrote: Does anyone have info if Red Hat Software Collections will be available for CentOS to recompile them (src.rpms)? http://developerblog.redhat.com/2013/06/05/red-hat-software-collections-1-0-beta-now-available/ AFAIK Red Hat has not released the srpms (yet). There are various repos with beta versions of SCL enabled srpms listed here: https://fedorahosted.org/SoftwareCollections/ Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Back to gspca - semi-[SOLVED]
Hi Mark, On 07/17/2013 03:24 PM, m.r...@5-cent.us wrote: Ok, following myself up (I've not seen any responses - is anyone listening?)... Yes, I've read every email you have sent on the subject. Unfortunatly I have no clue. yesterday, right before I left, I got the camera working. However... it only works in 320x240 mode. In 640x480, it's still mostly green. Based on this, I've decided my previous analysis was wrong, and the real clue were the error messages about not enough bandwidth. What I now think is that someone made a change to the USB driver for the oldest, 1.0 and 1.1 specs, and it only hits with certain onboard chips - nothing else can explain why it runs on similar but not identical hardware, running the same version of the o/s. I only have a gspca webcam in my laptop and it's broken so I can't really be of much help. The only thing I recall is that it did not work very well with Fedora. Usually I had to grab the upstream gspca driver, mess with some defines to get the colors right, compile it and keep fingers crossed when inserting the module and starting cheese. The laptop's USB version is USB1 and it has a NM10/ICH7 chipset. FWIW, maybe try every older kernel you can get your hands on and see where the issue no longer occurs. Then get the kernel's src.rpm and try to figure out which patch could possibly be the culprit. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Back to gspca - semi-[SOLVED]
Hi Mark, On 07/17/2013 05:11 PM, m.r...@5-cent.us wrote: Hi, Patrick, Patrick Lists wrote: On 07/17/2013 03:24 PM, m.r...@5-cent.us wrote: Ok, following myself up (I've not seen any responses - is anyone listening?)... Yes, I've read every email you have sent on the subject. Unfortunatly I have no clue. Thanks for listening, at least. Weeks of googling and screwing around gets *really* tiring and frustrating. I can imagine. yesterday, right before I left, I got the camera working. However... it only works in 320x240 mode. In 640x480, it's still mostly green. Based on this, I've decided my previous analysis was wrong, and the real clue were the error messages about not enough bandwidth. What I now think is that someone made a change to the USB driver for the oldest, 1.0 and 1.1 specs, and it only hits with certain onboard chips - nothing else can explain why it runs on similar but not identical hardware, running the same version of the o/s. I only have a gspca webcam in my laptop and it's broken so I can't really be of much help. The only thing I recall is that it did not work Ah. Y'know, you can pick up the things really cheaply - I think we got a bunch of these little cameras a few years before I started here, and *then* they were something like $10 or $20 each. This built-in gspca webcam is the only one I've had problems with. The more expensive Logitech ones always worked fine for me. very well with Fedora. Usually I had to grab the upstream gspca driver, mess with some defines to get the colors right, compile it and keep fingers crossed when inserting the module and starting cheese. The laptop's USB version is USB1 and it has a NM10/ICH7 chipset. Have you tried playing with the parms in your viewer? You might not need to recompile. And we're really trying *not* to build our own packages. The laptop just got a fresh F19 install. I just wiggled the webcam after starting Cheese and to my astonishment the green led lit up and Cheese showed something. The pic was very bad, interlaced and it seems to copy everything 3 times horizontally while overlapping those images. I set it to 320x240 and no change. So also in F19 at least my gspca webcam is not working very well. FWIW, maybe try every older kernel you can get your hands on and see where the issue no longer occurs. Then get the kernel's src.rpm and try to figure out which patch could possibly be the culprit. Can't do things like that, not without a show stopper: these are servers here at work, and they *must* stay up as much as possible. Understand. The only reason I suggested it is that if you figure out which patch causes the issue that you could then file a BZ so that it might get fixed. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Back to gspca - semi-[SOLVED]
On 07/17/2013 05:40 PM, m.r...@5-cent.us wrote:
[snip]
Which gspca driver is installed (lsmod | grep gspca)? And it might require
exporting LD_PRELOAD with v4lcompat.so or v4l2convert.so.
It's the gspca_vc032x module. LD_PRELOADING either lib did not make a
difference and Cheese spits out an internal data flow error when started
from the CLI.
From digging in my mail archives the error in /var/log/messages was:
Jan 3 17:37:10 luna kernel: [ 7358.087971] gspca: ISOC data error: [62]
len=0, status=-71
That was on Fedora 14 with kernel 2.6.35.10-74.fc14.x86_64 and the id of
the webcam is: Logitech Orbicam 046d:0896
The patch that fixed it is:
$ cat gspca-sensor.patch
diff -uNr gspca-2.13.3.org/build/vc032x.c gspca-2.13.3/build/vc032x.c
--- gspca-2.13.3.org/build/vc032x.c 2011-01-15 09:46:40.0 +0100
+++ gspca-2.13.3/build/vc032x.c 2011-07-28 18:16:41.138640918 +0200
@@ -3716,9 +3716,9 @@
sensor = vc032x_probe_sensor(gspca_dev);
//vish
-// if (sd-sensor == SENSOR_PO
-// sensor == SENSOR_PO3130NC)
-// sensor = sd-sensor;
+ if (sd-sensor == SENSOR_PO
+ sensor == SENSOR_PO3130NC)
+ sensor = sd-sensor;
switch (sensor) {
case -1:
Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Back to gspca - semi-[SOLVED]
On 07/17/2013 06:54 PM, m.r...@5-cent.us wrote:
[snip]
Have you tried with mplayer? Do the export, then:
mplayer tv:// -tv driver=v4l2:device=/dev/video0:width=320:height=240
Mplayer complained about some missing vdpau lib so that did not work out
but I tried svv from moinejf.free.fr and got the same results as
previously described.
and see what you see. The idea is to try a different viewer.
From digging in my mail archives the error in /var/log/messages was:
Jan 3 17:37:10 luna kernel: [ 7358.087971] gspca: ISOC data error: [62]
len=0, status=-71
That was on Fedora 14 with kernel 2.6.35.10-74.fc14.x86_64 and the id of
the webcam is: Logitech Orbicam 046d:0896
The patch that fixed it is:
$ cat gspca-sensor.patch
diff -uNr gspca-2.13.3.org/build/vc032x.c gspca-2.13.3/build/vc032x.c
--- gspca-2.13.3.org/build/vc032x.c 2011-01-15 09:46:40.0 +0100
+++ gspca-2.13.3/build/vc032x.c 2011-07-28 18:16:41.138640918 +0200
@@ -3716,9 +3716,9 @@
sensor = vc032x_probe_sensor(gspca_dev);
//vish
-// if (sd-sensor == SENSOR_PO
-//sensor == SENSOR_PO3130NC)
-// sensor = sd-sensor;
+if (sd-sensor == SENSOR_PO
+ sensor == SENSOR_PO3130NC)
+sensor = sd-sensor;
switch (sensor) {
case -1:
H, I'm a bit confused: it looks as though the commented out lines are
identical to the new lines; and as there's no + in front of it, it looks
as though the statement to set sensor was there before... so I don't get
the difference.
I can see the plusses fine but maybe something got mangled so here's
what is prepended with a +:
if (sd-sensor == SENSOR_PO
sensor == SENSOR_PO3130NC)
sensor = sd-sensor;
Just checked git.linuxtv.org where the latest vc032x.c code lives and it
has changed such that this patch no longer applies. My C foo is not at
kernel driver level so I'll leave it at that and just use one of the
webcams in my bag.
Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] web collaboration packages.
On 04/12/2013 05:14 PM, j.witvl...@mindef.nl wrote: [snip] Can anyone suggest a good setup for e-mails erving, calendaring, web mail? Web mail is particularly important for my wife so she can check e-mail when she is at work. Try Zarafa plus Z-Push for phone sync. The web mail app is very nice. RPMs are in the Fedora and EPEL repos, the docs are at zarafa.com. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to make a network interface come up automatically on link up?
On 24-03-13 08:03, Joakim Ziegler wrote: How do I do that? I've not used network manager to set it up, I just made the ifcfg-eth2 file from scratch. Besides the other two suggestions you may also want to set a proper SELinux label on the ifcfg-eth2 file with something like: /sbin/restorecon -v -F /etc/sysconfig/network-scripts/ifcfg-eth2 The SELinux label I have on my ifcfg-eth0 is: -rw-r--r--. root root system_u:object_r:net_conf_t:s0 ifcfg-eth0 Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos6 ipsec troubles
On 03/04/2013 04:45 PM, Riccardo Veraldi wrote: [snip] I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 I don't have experience with the Kame implementation. Maybe have a look at Libreswan which was forked from Openswan 2.6.38. It has a ton of bugfixes and patches over Openswan and there is an EL6 repo which should work on CentOS6 too. More info: http://libreswan.org https://download.libreswan.org/ https://github.com/libreswan https://lists.libreswan.org/mailman/listinfo https://twitter.com/libreswan #swan IRC channel on FreeNode AFAIK one the of the main developers and driving forces behind Libreswan is employed by Red Hat so it would not surprise me if Libreswan were to replace Openswan in EL7. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mixing MX and CNAME
On 02/25/2013 06:24 PM, Les Mikesell wrote: [snip] I think the only clean approach is to give domain.com an A record pointing to something that can run a web server that does a client redirect to www.domain.com. And even then https will show an invalid cert before the redirect unless you have one specifically for domain.com. Afaik that can be solved by adding a subjectAltName to the cert so it's valid for domain.com and www.domain.com and it's FQDN. Or maybe get a wildcard cert. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: memory brands?
On 02/20/2013 02:57 PM, m.r...@5-cent.us wrote: So, I'm rebuilding my system at home. Any recommendations or warnings about brands of memory? Googling around, I see brands I've never *heard* of I like Crucial. Quality stuff, never had a memory stick failing and good service. Once I had an unopened box with some Crucial memory (purchased almost a year before) and asked if I could exchange it for a different set. They responded quickly and allowed me to exchange the memory no questions asked. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 6 rpmbuild
On 02/12/2013 02:20 AM, Larry Brigman wrote: [snip] %doc /usr/share/man/man5/captureProxy.conf.5 %doc /usr/share/man/man8/captureProxy.8 Try to change those entries in the %files section to: %doc /usr/share/man/man5/captureProxy.conf.5* %doc /usr/share/man/man8/captureProxy.8* Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos as l2tp/ipsec-Client
On 02/01/2013 10:55 AM, sebastian wrote: Hello, i need to configure a centos 6.3 - server as an l2tp/ipsec-client. I have no idea how I there previous or if this is even possible. Where one might find appropriate instructions? Google is not very helpful, without any idea. CentOS 6.3 comes with Openswan which allows you to setup IPsec connections. More info on the Openswan website: https://www.openswan.org/projects/openswan/ There is also Libreswan which is a recent fork of Openswan. Current release is 3.0 and it has a long list of fixes over the latest Openswan release (2.6.38) so might be interesting to look at too: http://www.libreswan.org For L2TP there is xl2tpd: https://github.com/xelerance/xl2tpd which iirc is available from the EPEL repo. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux policy for nginx
On 01/29/2013 12:32 AM, Eero Volotinen wrote: Hi list, any working selinux policy for nginx on centos 6.3 ? this is not working on centos: http://sourceforge.net/projects/selinuxnginx/ Dan Walsh (the Red Hat SELinux guru) has a yum repo with the latest and greatest SElinux policies which includes stuff for nginx. I believe it only makes nginx a non-confined domain. On bugzilla.redhat.com there's a bug discussing it and iirc the need to create a confined domain policy (targeted) for nginx similar to the one for Apache's httpd. Not sure what the status is. http://people.redhat.com/dwalsh/SELinux/RHEL6/noarch/ https://bugzilla.redhat.com/show_bug.cgi?id=888740 Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Playing mp4's on centos httpd
On 11/28/2012 01:04 AM, James Pifer wrote: Sorry for the off topic, but hoping someone here can point me in a direction and end my endless googling... I have some mp4 training videos that our users need to be able to download or stream directly to their browser. I have the h.264 module loaded on httpd on centos (using http://swimminginthought.com/streaming-mp4-video-webserver-solved/#). So I think I have most of the infrastructure in place, but I'm not sure how to setup the streaming for all browsers. Do I need to embed some type of player? Like a flash player? Do browsers, Firefox and IE,. already have a player I can make use of? It seems with the info/code from http://videojs.com/ you should be able to offer streaming videos to your users. Another popular option is flowplayer: http://flowplayer.org/ Either way I guess you will need to create a web page that offers the training videos. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux AVC problem postfix - dspam
Hi,
I guess this is a bit OT but perhaps someone has encountered this issue
before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam
from EPEL. Dspam is configured to listen on port 10026. After having
configured dspam and postfix I start dspam and then postfix and I see
the following AVC message in audit.log:
type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind } for
pid=19971 comm=master src=10026
scontext=unconfined_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:postfix_master_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1350920492.936:400): arch=c03e syscall=49
success=no exit=-13 a0=5b a1=7f015fa63b30 a2=10 a3=7fff6b2bf89c items=0
ppid=1 pid=19971 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4 comm=master
exe=/usr/libexec/postfix/master
subj=unconfined_u:system_r:postfix_master_t:s0 key=(null)
When I run sudo grep 1350920492 /var/log/audit/audit.log | audit2allow
-M postfix-dspam I get:
$ cat postfix-dspam.te
module pf 1.0;
require {
type postfix_master_t;
class tcp_socket name_bind;
}
#= postfix_master_t ==
allow postfix_master_t self:tcp_socket name_bind;
To fix this issue activate the postfix-dspam policy with:
# semodule -i postfix-dspam.pp
Can anyone confirm this is the correct way to fix this problem?
Should I file a bug?
Thanks and regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux AVC problem postfix - dspam
On 10/22/2012 06:06 PM, Patrick Lists wrote:
[snip]
Solved with:
# semanage port -a -t smtp_port_t -p tcp 10026
Now trying to wrap my head around the next AVC which occurs when postfix
wants to pass an incoming email via lmtp to dspam via
/var/run/dspam/dspam.sock:
type=AVC msg=audit(1350931969.438:436): avc: denied { write } for
pid=20266 comm=lmtp name=dspam.sock dev=vda2 ino=9935
scontext=unconfined_u:system_r:postfix_smtp_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1350931969.438:436): arch=c03e syscall=42
success=no exit=-13 a0=c a1=78b66760 a2=6e a3=78b66410 items=0
ppid=20258 pid=20266 auid=500 uid=89 gid=89 euid=89 suid=89 fsuid=89
egid=89 sgid=89 fsgid=89 tty=(none) ses=4 comm=lmtp
exe=/usr/libexec/postfix/lmtp
subj=unconfined_u:system_r:postfix_smtp_t:s0 key=(null)
Which could be solved with the following policy:
module pf 1.0;
require {
type var_run_t;
type postfix_smtp_t;
class sock_file write;
}
#= postfix_smtp_t ==
allow postfix_smtp_t var_run_t:sock_file write;
Suggestions what the proper fix would be are most appreciated.
Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 NFS mmap I/O bug?
On 10/22/2012 11:31 PM, Tom McDonald wrote: I'm working with a company who is running into an issue occasionally with their app running CentOS 6 on an NFS mount. The problem is essentially that, from a single CentOS 6 client, the client sometimes gets the wrong file size back from a stat() call. Just a thought: could this be related to 32bit clients accessing a 64bit NFS server? Recently there was some discussion about this on the list. Iirc the solution was to use 32bit inodes on the NFS server. Search the list for Mount options for NFS posted on Oct 9. Here's a comment by James Person: I would suspect the inode64 option is the problem. We had similar issues running 32 bit apps on a 64 bit clients accessing 'large' NFS servers (non-Linux NFS servers) - the 'fix' was to make sure the file systems were exported/mounted with 32 bit inode compatibility. I believe in our case the 32 bit apps in question were not compiled with large file support (they are/were 3rd party apps). I think if they were compiled with large file support, then they would work OK. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenLDAP on CentOS 6.3
On 10/19/2012 08:28 PM, Hugh E Cruickshank wrote: From: Keith Keller Sent: October 16, 2012 22:33 On 2012-10-17, Patrick Lists centos-l...@puzzled.xs4all.nl wrote: On the mailing list it was recommended by several subscribers to upgrade to the latest openldap release (2.4.33) due to the many fixes in the dynamic config backend and the logic that can transform an slapd.conf into a cn=config version. I could be wrong, but I think this logic already exists in the latest OpenLDAP package in CentOS 6.3. At least, I tried it myself last week-- According to the OpenLDAP devs there are quite a few bugs in that release so YMMV. it's basically -f /path/to/old/slapd.conf -F /etc/openldap/slapd.d/ or something like that. It seemed to work (though I've done only basic testing on it so far). Thank you but without having a working slapd.conf (or for that mater any slapd.conf) file I will not be able to take advantage of this. You need to create the slapd.conf yourself tailored to your needs. However there is an example in /usr/share/openldap-servers/. Also have a look in the openldap RPM in the %post section where you can see the steps it does when creating the dynamic backend config (you can easily open an RPM with mc). Since you would migrate a slapd.conf into a cn=config version you might as well start with a slapd-config type of config which is aimed at cn=config setups. Both the man pages and the Admin Guide have all the info. Iirc there are also some examples in the openldap sources so you may want to get those and check it out. Hang in there. I found all this cn=config stuff completely confusing but eventually figured out a basic setup with the help of the man pages, Admin Guide, Google and sheer luck no doubt :) Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OpenLDAP on CentOS 6.3
On 10/17/2012 02:51 AM, Hugh E Cruickshank wrote: Hi All: I am attempting to setup OpenLDAP on c CentOS 6.3 platform. I have been able to locate numerous online how to documents but none seem to work correctly on CentOS 6.3. I believe that the reason is the new dynamic configuration (AKA cn=config). Can someone provide me with a pointer or two in the right direction I would greatly appreciated it. I have been fighting with this off and on for the couple of weeks and it is driving me up the wall! The Admin Guide on the OpenLDAP website has a lot of information about the new cn=config backend and how to set it up. On the mailing list it was recommended by several subscribers to upgrade to the latest openldap release (2.4.33) due to the many fixes in the dynamic config backend and the logic that can transform an slapd.conf into a cn=config version. With a few changes (replace systemd stuff with the original CentOS openldap init scripts) the F17 openldap SRPM should build ok on CentOS 6.3. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5 and php53
On 10/15/2012 07:18 AM, John R Pierce wrote: so whats the scoop on PHP53 for CentOS 5? I have a long running webserver, runs a bunch of mostly php+postgresql stuff, mostly hobby sites (clubs and local scout troops and such). has latest updates to php 5.2.10-xx but I want to install something thats insisting on php53. If I try and yum install php53, it says it conflicts with php-5.2.10 ... ok, do I remove the old PHP and install the one one? does that stand a reasonable chance of not blowing up in my face? Iirc the php 5.3 packages from the IUS repo are the ones you need. Not sure if it's an update or parallel install (I just went to CentOS 6). There might be security and other implications when going from 5.2 to 5.3. Iirc php.net has some docs on this subject. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM as a desktop
On 29-08-12 15:22, Johnny Hughes wrote: http://wiki.centos.org/HowTos/FreeNX Also look into spice: http://wiki.centos.org/HowTos/Spice-libvirt I do several Windows desktops with spice Yesterday I tried both spice and FreeRDP connecting to a Win7 x64 VM on an F17 laptop. FreeRDP feels much more responsive and even the Big Buck Bunny video (h.264 854x480) played smooth with video sound in sync. On F17 you will need to rebuild FreeRDP with alsa and ffmpeg support enabled. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Oracle UEK kernel on CentOS
On 19-07-12 00:34, Fernando Cassia wrote: On Wed, Jul 18, 2012 at 7:09 PM, John R. Dennison j...@gerdesas.com wrote: Perhaps if they were actually putting out their _own_ distribution instead of leeching off Redhat's work and then _making money off of it_ it perchance might be a different story. It's called free market competition. No it's not. It's called leeching. It brings down costs for the consumer. Thanks for a good laugh. The only thing that will happen when companies switch from RHEL to Oracle's EOL is that they will get up-sold like there's no tomorrow and Larry minions will take them for every penny first born they got. Sun took Novell's SuSE Enterprise Desktop for its short-lived Java Desktop System (JDS) Linux. Iirc there was a commercial arrangement. You know the free market kind where money is paid for goods and services as in the opposite from leeching. As long as they comply with the GPL rules, it's all fair game. Larry is that you? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 6.3: service not starting?
On 17-07-12 19:38, m.r...@5-cent.us wrote: Before I roll it out to users for their workstations, I updated my own system to 6.3, just did an update a few minutes ago, then rebooted. Came up... but when I went to use my PIV card for credentials to certain other machines, it didn't read the card. I found that pcscd was not running - when I did a service restart, it said failed on shutdown, then ok on startup. chkconfig --list tells me it's supposed to be on. Now, I'm pretty sure I saw this behavior with motion on a server I did a week or so ago, also: same thing, chkconfig says it should be on, but it was never turned up. This is a reboot after update, not a new install, and selinux is permissive in both cases. Has anyone else seen this, with optional services? There was also an issue with PostgreSQL not starting after installing the latest updates. The culprit seems to be the sudo update: https://bugzilla.redhat.com/show_bug.cgi?id=818585 So try this first: # restorecon /etc/nsswitch.conf Then try to start the pcscd service again to see if that fixes it. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to find all the kernel modules needed for my machine using shell script
On 13-07-12 19:48, Aft nix wrote: I know how yum works. i'm a long time centos user. I'm talking about the centos specific patches for the kernel. Afaik they are not CentOS specific patches. They are Red Hat patches (unless CentOS add additional patches). if i roll these patches over vanilla kernel, it will become the kernel source where kernel rpms are built. Now centos distributes its kernel sources through src-rpms(srpms). Which is already patched kernel source. What i want is just the patches. so i that i can roll it over vanilla kernel and get identical source as those distributed through srpms. Afaik you can't get the individual patches since that is not how Red Hat distributes their kernel src rpm which CentOS rebuilds. So you could ask Red Hat for the individual patches. Good luck with that. They started distributing pre-patched kernel sources to make competitors live (not necessarily CentOS) a bit more difficult. There's a long discussion about this on the Intertubes. Don't have the link anymore so Google is your friend. If all else fails, you could do a diff between the vanilla kernel and the one distributed by Red Hat. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM: PV on 2 external USB drives
On 04/23/2012 09:21 AM, Mihamina Rakotomandimby wrote: How to get the USB external drives to be detected in always the same order, so that they always get the same name? /dev/sdX fixed to them? That way, the LVM wont be messed... Perhaps you can use UUIDs for that like Fedora is already doing. See man uuidgen for more info about a UUID. Assign each USB drive a unique UUID and use those UUIDs (instead of /dev/sdX) in /etc/fstab. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Changing Python Version
On 04/15/2012 11:11 AM, Quincey Robertson wrote: Apparently I need to install apache2-dev. Apparently there isn't such available from yum. I can't even figure out where to download a tarball to do it from source. Ideas? Try installing httpd-devel. for searchin package names use yum search. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 6.2 md0 boot - no boot actually
On 04/12/2012 12:46 AM, aurfalien wrote: Hi all, Taken from this link; https://www.centos.org/modules/newbb/print.php?form=1topic_id=34988forum=55order=ASCstart=0 Seems like I am having the same issue. I assigned my boot loader to be on /dev/md0 rather then the default of /dev/sda1 Not sure if this is valid for CentOS but on Fedora 15 I had to set the metadata to version 0.90 when creating the /boot array. Without it (so using metadata version 1.0 on /dev/md0 aka /boot) it would not boot. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSEC How To?
On 04/06/2012 03:35 PM, Ross Walker wrote: On Apr 6, 2012, at 9:34 AM, Ross Walkerrswwal...@gmail.com wrote: Here is a how-to on openswan l2tp. Seems PSKs are also supported so no PKI is necessary. Oops forgot the link: http://www.jacco2.dds.nl/networking/openswan-l2tp.html Here's another one: https://www.openswan.org/projects/openswan/wiki/L2TPIPsec_configuration_using_openswan_and_xl2tpd Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSEC How To?
On 04/05/2012 04:55 PM, Helmut Drodofsky wrote: Hello, now I have spent many hours to configure openswan for VPN connections without any success. My goal: VPN Server CentOS 6 with public IPv4 VPN Client (= road warrier) from private site with NAT router or from mobile cell with Linux, Windows 7, Mac, iPhone or Android Is there any how to in the net? When I read file:///usr/share/doc/openswan-doc-2.6.32/config.html then I belive, there is no solution. It is written, that I have to reconfigure the NAT router of the mobile provider or the hardware NAT router of the private dsl uplink. Both is impossible. Maybe you get better luck on the Openswan mailing list but I would not get my hopes up. One of the Openswan developers has repeatedly mentioned that IPsec does not like NAT. Les' suggestion to try OpenVPN is what I did and it works well assuming you can find the tun.ko kernel module for your Android phone. I don't know if there is an OpenVPN client for Windows phone or iPhone. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSL plugin not enabled - CentOS 6.2
On 04/04/2012 02:27 PM, Prabhpal S. Mavi wrote: [snip] Log: in /var/log/messages Apr 4 10:23:15 jet qpidd[2265]: 2012-04-04 10:23:15 notice SSL plugin not enabled, you must set --ssl-cert-db to enable it. yum search qpid gives you a hint what qpid is. I'm not familiar with it but the message seems to suggest you need to configure SSL certificates in qpid's configuration to enable secure SSL communication between qpid and its clients (of whatever they are called in the AMQP world). If you don't use qpid then I guess you could remove it. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Grails 1.3.x (S)RPM for CentOS 6?
On 04/02/2012 01:59 PM, Ljubomir Ljubojevic wrote: On 03/15/2012 02:13 PM, Patrick Lists wrote: Hi, My Google foo came up empty. Does anyone know where I can find a Grails 1.3.x (S)RPM? I do not see any rpm past history of once existing 1.0.4 version back in 2008. Thanks Ljubomir. I saw the same and gave up looking for something up-to-date. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2ban problem
On 03/18/2012 12:17 PM, Timothy Murphy wrote: If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban cannot connect to the internet. Just a wild guess but could it be that fail2ban is trying to resolve all the IP addresses in it's database? Iirc there is a config option called use_dns. Try setting it to no or warn. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fail2ban problem
On 03/18/2012 02:08 PM, Timothy Murphy wrote: Patrick Lists wrote: If there is a serious power failure, eg during an electric storm, and the internet goes down then my CentOS-6.2 server seems to take an inordinate time, maybe forever, to get past fail2ban. It is as though there is an extremely long - maybe an hour - timeout if fail2ban cannot connect to the internet. Just a wild guess but could it be that fail2ban is trying to resolve all the IP addresses in it's database? Iirc there is a config option called use_dns. Try setting it to no or warn. Thanks for the suggestion. But I couldn't find any option like that anywhere below /etc/fail2ban in fail2ban-0.8.4-28.el6 . More info on the wiki: http://www.fail2ban.org/wiki/index.php/Hostnames_or_IP_Addresses Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Grails 1.3.x (S)RPM for CentOS 6?
Hi, My Google foo came up empty. Does anyone know where I can find a Grails 1.3.x (S)RPM? Thanks! Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] postfix and spam, I am impressed
On 12-03-12 22:12, Bob Hoffman wrote: [snip] Not sure if this setup is perfect, but it is working quite well. Yes, the mail takes a few seconds longer and there is probably more I could do, but this ROCKS!!! Totally agree. I'm definitely not a postfix expert but below I have listed some rules I have in my config. smtpd_delay_reject = yes smtpd_helo_required = yes I also have: disable_vrfy_command = yes strict_rfc821_envelopes = yes smtpd_client_restrictions = permit_mynetworks,permit In smtpd_client_restrictions I have: smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname, check_client_access pcre:/etc/postfix/dynamic_ip_client_block, reject_rbl_client bl.spameatingmonkey.net, reject_rhsbl_sender uribl.spameatingmonkey.net, reject_rhsbl_client uribl.spameatingmonkey.net, reject_rhsbl_sender urired.spameatingmonkey.net, reject_rhsbl_client urired.spameatingmonkey.net, reject_rbl_client zen.spamhaus.org The dynamic IP client list is quite effective. You can get the file: wget -v http://www.hardwarefreak.com/fqrdns.pcre smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, permit smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, permit In smtpd_sender_restrictions I also use reject_rhsbl_sender fresh15.spameatingmonkey.net smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_hostname, reject_unauth_pipelining, reject_rbl_client zen.spamhaus.org, reject_rbl_client truncate.gbudb.net, reject_rbl_client dnsbl.njabl.org reject_rbl_client cbl.abuseat.org reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, sleep 1, permit smtpd_data_restrictions = permit_mynetworks, reject_multi_recipient_bounce, permit Not sure if these rules are correct. I only have smtpd_data_restrictions = reject_unauth_pipelining On my CentOS 5 box I don't user permit at all. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ViSpan
On 15-02-12 19:08, John R. Dennison wrote: On Wed, Feb 15, 2012 at 12:58:56PM -0500, Steve Campbell wrote: The link seems broken, I had tried this earlier. Please don't top-post. The link is fine now as I was just there. Another alternative is mailgraph, which EPEL packages. Mailgraph graphs various metrics for postfix and sendmail installations. Last time I looked mailgraph caused SELinux AVCs and the bugreport seems to be gathering dust. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ViSpan
On 15-02-12 20:00, John R. Dennison wrote: On Wed, Feb 15, 2012 at 07:54:57PM +0100, Patrick Lists wrote: Last time I looked mailgraph caused SELinux AVCs and the bugreport seems to be gathering dust. There is an adjunct mailgraph-selinux package in epel as well, whether this will address that concern or not is unknown by me. Good one. I forgot to mention that mailgraph-selinux was installed too. This was on CentOS 6.2 and the version I tried was 1.14-8: http://koji.fedoraproject.org/koji/buildinfo?buildID=198543 Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Anyone already tried to backport the latest ASPM kernel patch to 6.2?
On 12-02-12 23:57, Michael Lampe wrote: After going from CentOS 5.7 to 6.2, a lot of things turned out to be much better, but there are also quite some regressions. The most obvious one is power consumption on my notebook. It was notably lower before. The ASPM issue introduced in 2.6.38 was widely reported and discussed, and the 6.2 kernel has exacatly this code as a backport. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f671e2dbff6eb5ef4e2600adbec550c13b8fe72 So I started to experiment with the upstream patch: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=commitdiff;h=3c076351c4027a56d5005a39a0b518a4ba393ce2;hp=69166fbf02c7a21745013f2de037bf7af26e4279 To make it apply, one needs to change 'pci_is_pcie(pdev)' into 'pdev-is_pcie'. One also needs to fiddle a little with the first chunk. I came up with the patch attached, but unfortunately the new kernel showed no improvement. Most probably I got something wrong. Anyone else here who tried this or is interested in sorting this out? Iirc to enable ASPM on Fedora the kernel must be booted with pcie_aspm=force. Maybe you need to use that option too? For more info see: http://www.phoronix.com/scan.php?page=articleitem=linux_aspm_solutionnum=1 Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] my notes on bond, bridge, network, kvm, host and virtual so far
On 07-02-12 04:28, Bob Hoffman wrote: I put this page together just so I won't spam the board anymore begging for help..lol http://bobhoffman.com/vmissue.html According to http://wiki.centos.org/TipsAndTricks/BondingInterfaces there should not be a HWADDR=mac_address in ifcfg-eth0. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Machine becoming irresponsive
On 23-01-12 16:13, Dotan Cohen wrote: Thanks. There are a lot of very specific software on that server that precludes it from being updated. I believe that 5.2 still is seeing security updates, no? 5.2 does not get security updates. My guess is your box has been compromised. Boot the box with a live CD/DVD and get an image of the harddisk(s) so you can analyze what happened to it. In any case, a complete reinstall with either 5.2 or a latter version is pretty much out of the question for now, though I will try to see what needs to be done in that direction. In the meantime, where should I concentrate my efforts? There is no other option than to reinstall the box with 5.7 (or whatever the latest is) and *always* update the box. I would also throw out that specific software. Vendors who force you to stay with a version of an OS that no longer gets security updates should be avoided at all cost. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 (G)parted re-aligning existing partitions?
On 16-01-12 22:25, Ljubomir Ljubojevic wrote: I used Hiren Boot CD (Some tool on it) to create 8 partitions for Windows XP and CentOS 6. Now, CentOS6 Disk Utility reports for first partition: Warning: The partition is misaligned by 512 bytes. This may result in very poor performances. Repartitioning is suggested., and similar warnings almost all other partitions. Since I already have both Windows (NTFS) and CentOS 6 installed, I was wondering is there any easy way of re-alligning them, maybe via parted? Can someone write short to-the-point howto for repartitioning ext4 partitions (/boot especially)? NTFS partitions I can ghost without a problem and resize them when I returnin it on the HDD. It would be nice to experiment, but I am out of time. I did fdisk -l /dev/sda file and I can do dd to image file, but how about resizing/repartitioning? I read somewhere that it is good to leave 1MB free before first partition, so it can be aligned? Here's how my partitions look like on a box with F16. Afaik the anaconda in F16 properly aligns partitions. Note the initial start at 2048. $ sudo fdisk -l Disk /dev/sda: 2000.4 GB, 2000398934016 bytes 255 heads, 63 sectors/track, 243201 cylinders, total 3907029168 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x0003778c Device Boot Start End Blocks Id System /dev/sda1 *2048 411647 204800 fd Linux raid autodetect /dev/sda2 411648 3890251953 1944920153 fd Linux raid autodetect /dev/sda3 3890251954 3907029167 8388607 fd Linux raid autodetect Maybe you could get an F16 CD/DVD and create the partitions with it? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.2 progress.
On 12-12-11 17:25, Lamar Owen wrote: For those who don't follow the QA RSS, see: http://qaweb.dev.centos.org/qa/node/120 to get the latest info on the status of 6.2. Looks good so far! Wow that is amazing progress. You guys are doing a great job! Kudos to all involved! Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iSCSI best practices
On 12-12-11 22:11, Drew wrote: no, its done with replication over a private channel between the storage controllers. standard feature on all redundant controller hardware/appliance storage controllers such as IBM DS series, HP MSA, etc etc. EMC Clariion CX/CX3/CX4 and VNX, also. Ditto D-Link's DSN-5110 series. Isn't that D-Link DSN-5110 series a rebadged Dot Hill box? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] duqu
On 30-11-11 20:01, John Hinton wrote: On 11/30/2011 1:55 PM, Benjamin Donnachie wrote: On 30 Nov 2011, at 18:51, Les Mikeselllesmikes...@gmail.com wrote: Ssh is mostly about being able to log in. I've always adopted the policy of disabling root logins, making admins use a separate account with public/private key authentication and then requiring them to use su to elevate privileges. Has the advantage that your logs will tell you who logged in and performed an action rather than the vague 'root'. Ben How would you automate daily logins from another server to do something like rsync the entire /etc directory to a backup system? Maybe the sshd_config option PermitRootLogin forced-commands-only could help? This allows root logins but limits which command(s) can be executed. There is a description of how this works here: http://troy.jdmz.net/rsync/index.html Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix mail server procedure
On 11/09/2011 10:10 AM, Marius Vaitiekunas wrote: Hi, Maybe, somebody could recommend any good books about complete mail server open source solution? Sorry for OT. I found the Postfix: the Definitive Guide book by Kyle D. Dent very useful to learn about Postfix. There is also The Book of Postfix by Ralf Hildebrandt and Patrick Koetter. Do a search on Amazon to find more references to Postfix. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.1 QA status update.
On 11/09/2011 11:05 PM, Lamar Owen wrote: Posted, in case you haven't seen it already: http://qaweb.dev.centos.org/qa/node/116 Good news. Thanks for the update. That is good news indeed. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't run fail2ban 0.8.4 [CentOS 6]
On 11/04/2011 12:48 PM, Kévin GASPARD wrote: The output of service fail2ban start in root (that's in french) : Démarrage de fail2ban :[ÉCHOUÉ] The docs on the fail2ban website also say how you can start fail2ban manually (at http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Usage): $ fail2ban-client start Maybe starting it that way gives you more information why it fails. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't run fail2ban 0.8.4 [CentOS 6]
On 11/04/2011 01:24 PM, Kévin GASPARD wrote: [snip] $ fail2ban-client start Maybe starting it that way gives you more information why it fails. Hi, [root@turing lighttpd]# fail2ban-client start WARNING 'action' not defined in 'php-url-fopen'. Using default value WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value ERROR Error in action definition ERROR Errors in jail 'lighttpd-fastcgi'. Skipping... It seems you have errors in those 2 configs. Fix those 2 configs. If you don't know how to then check the manual on the fail2ban website. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] redhat vs centos
On 11/02/2011 11:02 AM, Tony Mountifield wrote: What is a socket in their pricing model? The word can mean so many different things... Afaik it refers to a physical cpu socket. So they count actual cpu's, not the amount of cores in each cpu. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What happened to 6.1
On 10/28/2011 06:53 PM, Les Mikesell wrote: On Fri, Oct 28, 2011 at 11:13 AM, Lamar Owenlo...@pari.edu wrote: Even GPL only requires redistribution by upstream to its customers. With _no additional restrictions_ on subsequent redistribution. Losing access to RHN does not in any way restrict my redistribution of source I already have in my possession. Errr, what? What _is_ a restriction if not a penalty applied as a consequence of doing the restricted thing? Disclaimer: IANAL It seems the GPL requirements are met so then there is no GPL related restriction. If you exercise your GPL induced rights and redistribute the RHN src then there is nothing wrong with Red Hat deciding to no longer want you as a customer. You still got to exercise your rights. But once you are no longer a customer and thus no longer receiving RHN binaries from Red Hat then Red Hat is under no obligation to share with you anything from RHN anymore. How is, say, being required to pay a license fee as a consequence different from losing something you have already contracted and paid for? It would surprise me if Red Hat would not refund the customer or let them ride out the term of what they have already paid for. And didn't the customer agree to Red Hat's terms (AUP) when they signed the contract? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssd quandry
On 10/23/2011 09:48 AM, John R Pierce wrote: On 10/23/11 12:23 AM, Ken godee wrote: Maybe try to partition it to see what happens. with parted at least, I'm stuck with a vicious circle that won't let me align the data right? Didn't parted have issues with alignment? Here are two links with info about alignment of SSDs which I found helpful in the past: http://www.ocztechnologyforum.com/forum/showthread.php?54379-Linux-Tips-tweaks-and-alignmentp=373226viewfull=1#post373226 http://www.linux-mag.com/id/8397/ Hope this helps. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C6 compatible wireless printers?
On 10/19/2011 09:40 PM, n...@li.nux.ro wrote: Hi, Any success stories with C6 and wireless printers? Or maybe horror stories and what products to avoid? I'm looking at some HPs on amazon right now, some quite cheap, ~ £50, not bad. Ideally they should have easy to refill cartridges. I have an HP OfficeJet Pro L7780 which works fine (wirelessly via Ethernet) with CentOS 5 so I would assume it should work with CentOS 6 too. It's definitely not in the 50 pound range though. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's up with the mailing list?
On 10/16/2011 10:39 AM, Lorenzo Martínez Rodríguez wrote: I had no trouble with panics booting new CR kernel either, but detecting my PCI-e parallel port http://www.spinics.net/lists/centos/msg119673.html. The worst is nobody has given even any clue related to it. I have not seen a parallel port in years or a device needing a parallel port. I did not even know a PCI-e parallel card existed. Perhaps people just don't know what the problem is or can be bothered with technology from the eighties. If you need it for a printer then why not get a usb-parallel cable: http://www.lindy.co.uk/usb-to-parallel-printer-port-adapter-cable-15m/42882.html Maybe this is the difference between RHEL and CentOS. If I was a RHEL licensed user, RedHat support staff at least would answer saying anything. If everybody who does *not* know the answer to a question would answer saying anything as you suggested then this mailing list would generate a gazillion messages per day and become completely useless because of the gazillion I don't know answers. If that parallel card is so important to you then why don't you buy a Red Hat subscription? At the end of the day you get what you pay for... Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's up with the mailing list?
On 10/16/2011 03:57 PM, Lorenzo Martínez Rodríguez wrote: [snip] If you need it for a printer then why not get a usb-parallel cable: http://www.lindy.co.uk/usb-to-parallel-printer-port-adapter-cable-15m/42882.html Maybe this is the difference Following your link I only see Compatible with Windows ME/2000/XP/Vista/7 Are you sure it will work with CentOS 6? I don't use it for print anything, but just to switch on my own home alarm as I wrote here: http://www.securitybydefault.com/2011/04/trasteando-con-una-alarma-de-securitas.html Sorry, it is in spanish, that's my language :) Give it a try with some online translation service. Nope I don't know if it will work with CentOS 6. I looked at your page. I don't speak Spanish but got the idea. Pretty neat. [snip] If you don't expect anything from somebody, and you receive anything,... it would be very pleasant. Since I belong to this list, the only topic with 0 answers was my question. Is it so difficult? Well now at least you got 2 :) Have you tried getting the latest Fedora 15 live cd (or maybe even the latest Fedora 16 beta/TC live cd) and boot that on your server and see if your card is recognized? That should give you some more info. Then file a bug at the CentOS website or maybe directly on the Red Hat bugzilla: https://bugzilla.redhat.com If your card is not recognized in the latest CentOS CR kernel and in F15 (or F16) then you could file the bug twice (under RHEL6 and F15/F16). Hopefully that should get the kernel devs attention. If you can find such a usb-parallel cable at a local computer store perhaps you could try it and return it if it does not work? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problems with Intel Ethernet and module e1000e
On 09/23/2011 12:54 PM, Volker Poplawski wrote: Hi all, I'm facing a serious problem with the e100e kernel module for Intel 82574L gigabit nics on Centos 6. I have also had problems with an Intel Gbit nic in a Dell Optiplex 760 using the e1000 module. If it would come up it would come up at 100Mbit speed. Only unplugging the LAN cable en reinserting it in the switch would sometimes result in the proper 1Gb speed. After replacing the 3Com Gbit switch with a DLink Gbit switch things started to work ok. As suggested, you could try out the e1000 kernel module form elrepo (if it works, good for you) but you may want to look into the switch too. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On 08/21/2011 02:34 PM, Craig White wrote: Maybe SELinux blocks Apache from writing to /etc/sysconfig/iptables? Have you looked at fail2ban and denyhosts? These apps seem to offer a similar solution. fail2ban and denyhosts center on failed logins - I don't think this is what he is dealing with. Afaik both are configurable for what you want them to listen for and how you want them to react to. Agree that their popular use is for listening for failed logins and then blocking the originating IP address. But with a little regex creativity, perhaps Paul could use them for his purpose. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache Changing IPtables C 5.6 via Apache
On 08/21/2011 01:09 AM, Always Learning wrote: When a web site is attacked, so far by unsuccessful hackers, my error routine adds the attackers IP address, prefixed by 'deny', to that web site's .htaccess file. It works and the attacker, on second and subsequent attacks, gets a 403 error response. I want to extend the exclusion ability to every web site hosted on a server. My preferred method is iptables. However, when breaking-out of a PHP script on a web page and running a normal iptables command, for example: iptables -A 3temp -s 1.2.3.4 -j DROP iptables responds with: iptables v1.3.5: can't initialize iptables table `filter': Permission denied (you must be root) Executing 'whoami' confirms Apache is the user. Giving Apache group rw on the /etc/sysconfig/iptables and ensuring the /sbin/iptables is executable by all, fails to resolve the problem. Is there any method of running iptables from an Apache originated process ? Maybe SELinux blocks Apache from writing to /etc/sysconfig/iptables? Have you looked at fail2ban and denyhosts? These apps seem to offer a similar solution. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which firewall to automatically block bandwidth abusers?
On 08/18/2011 08:45 PM, Rudi Ahlers wrote: And you obviously think I didn't do my homework? Did you see my specific requirement? Or did you just see how and firewall and assumed google ? I was not referring to you Rudi. Merely pointing out the lmgtfy concept which imho seemed lost on Paul. And yes I did look at your requirements but don't have the answer for you. Maybe a combination of iptables and tc perhaps with connection tracking thrown in? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] which firewall to automatically block bandwidth abusers?
On 08/18/2011 09:31 PM, Rudi Ahlers wrote: [snip] I have read through that document link on http://lartc.org/lartc.html#AEN1393 and the closest I could get is rate limiting, but that doesn't actually block the IP if it goes over a certain threshold, it just slows everything down. How about the netfilter quota, fuzzy and iplimit extensions? http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.4 http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.5 http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.13 Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM , virt-manager , USB-devices
On 08/09/2011 04:06 PM, Timothy Kesten wrote: Hi Folks, Using CentOS 6 x86_64. I've installed a WIN-XP guest successful (conversion from a VMWare-Image) Everything works fine - expect USB-Devices. I've installed connected USB-Stick with virt-manager but in the WIN-XP guest no device accessible. What goes wrong? More information needed? Recently I tried the same with a Win7 guest on Fedora 15 and it did not work either. Then I tried VirtualBox with the proprietary parts added and that worked fine. Have not looked into why it does not work with KVM. Will revisit that when I have more time. You need to make sure that your USB stick is not grabbed by the host system. Iirc there is more information in the Virtualization Guide: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/index.html Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Will QA site also have 6.1 info/updates?
Hi, Just wondering if the QA site will also have info updates on the progress of 6.1? Thanks! Parick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] additional fonts on centos 6
On 08/04/2011 03:48 PM, Jerry Geis wrote: Hi all, I have additional TTF fonts I purchased and added to CentOS 5.6. I used the commands chkfontpath and ttmkfdir to do that . These dont seem to be in CentOS 6 . How do I add fonts to openoffice for CentOS 6? You could get the msttcorefonts spec file to see how it installs the fonts. Afaik that should work for C6. http://corefonts.sourceforge.net/msttcorefonts-2.0-1.spec Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] libpri rpm version 1.4.12 for CentOS 5.6
On 07/27/2011 03:44 AM, Tadashi Jokagi wrote: Hi Kaushal, libpri is not in CentOS. I think that it is in EPEL. Please see following field of Repo.. I think he installed from the Asterisk/Digium repo. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] libpri rpm version 1.4.12 for CentOS 5.6
On 07/27/2011 03:03 AM, Kaushal Shriyan wrote: Hi, Is libpri rpm version 1.4.12 for CentOS 5.6 made available ? [root@ ~]# rpm -qa | grep libpri libpri-1.4.11.5-1_centos5 [root@ ~]# cat /etc/redhat-release CentOS release 5.6 (Final) [root@ ~]# [root@ ~]# yum list updates | grep libpri [root@ ~]# Please suggest/guide further. I think you installed from the Digium Asterisk repo so you should ask there. To give you a hint: if the Digium Asterisk regular repo and the Digium Asterisk beta repo do not give any results then the package simply is not there. Either create it yourself or kindly ask the maintainer. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] gconftool-2 scripted customizations (was Re: running X as root in centos 6)
On 07/27/2011 05:34 PM, 夜神 岩男 wrote: PS: If anyone knows anything better than the above sort of commands, please pipe up. I've been doing a *lot* of gconftool-2 scripted customizations lately and some of the options are pretty hard to research. Things like setting default colors for gnome-terminal or changing icons defaults, etc. are a fruitful source of irritating mistakes. Any better ideas are welcome -- thanks in advance. Welcome to the config wasteland created by the Gnome devs. Why have a gui when you can remove options or the entire gui and hide the good stuff in the darkest deepest Gnome basement only to be seen when singing magical gconf incantations? :) I am not sure if there is any appreciation for pre-configured mass deployment of Gnome based desktops. Afaik there is no other way then to venture into gconf/dconf land. I have been trying to figure out how to make Gnome 3 on Fedora 15 less annoying and return some of the Gnome 2 goodness. Some of the config options only seem to show up in gconf while others only show up in dconf. It's a config hell probably only surpassed by Window's DLL hell. Some of the gnome-terminal color stuff I have been using for F14: # gnome-terminal: don't use theme colors gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-terminal/profiles/Default/use_theme_colors false # gnome-terminal: set background color to black gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-terminal/profiles/Default/background_color # # gnome-terminal: set foreground color to white gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-terminal/profiles/Default/foreground_color # # gnome-terminal: unlimited scrollback gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-terminal/profiles/Default/scrollback_unlimited true # gnome-terminal: disable F10 so you can quit mc gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-terminal/global/use_menu_accelerators false Hope this helps. Good luck. We will need it :) Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gconftool-2 scripted customizations (was Re: running X as root in centos 6)
On 07/27/2011 08:58 PM, 夜神 岩男 wrote: Some of the gnome-terminal color stuff I have been using for F14: Very helpful -- splitting it up makes more sense I was trying recently to get things done through the /blah/blahblah/Default/palette key for gnome-terminal and its behaving oddly. Do I need to be escaping any characters or making more use of quotes for the color indicators? Not sure. I don't recall having to escape anything. If you use gconf-editor and go to apps/gnome-terminal/profiles/Default and click on background_color then at the bottom there is an explanation. It seems to suggest that text needs to be quoted (red) but hex values for the color not. I quoted the hex values in F14 and they all worked. I think there is also some gconf info on freedesktop.org. Maybe it has the answer. Or just do it by trial-and-error :) PS: As far as Gnome2 goes... there was so much promise with the gconf system (customize *everything* in a script, if you just learn the incantations) that I am really frustrated that Gnome3 didn't turn out to be a refactoring effort instead of a let's make everyone's multi-head systems into a huge iPad disaster. Meh... That argument has been had elsewhere enough that I am actually pretty eager to see how 3.2 or so turns out. Agreed. I am looking forward to 3.2 too. Hopefully gconf/dconf will be more unified. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading from CentOS 5.6 to 6.0
On 07/25/2011 06:07 PM, Lanny Marcus wrote: On Sun, Jul 24, 2011 at 10:52 PM, Craig Whitecraigwh...@azapple.com wrote: On Sun, 2011-07-24 at 19:51 -0500, Lanny Marcus wrote: Installing non RPM software on an RPM Distro like CentOS is frowned upon. That is the worst way to do it. why? you made a vacuous argument. @Craig: I retract that. Probably something that is discouraged, rather than frowned upon Lanny In the RHEL environments where I have worked, installing non RPM software was more than frowned upon. It was strictly forbidden and cause for immediate public flogging. If someone could not (or did not want to) understand why installing non RPM software was a bad idea then that person would have been removed from his duties. It's like using imperial units or US customary units (so non-metric) in Satellite design. It's just not an option. And if you insist then you can use it but it will be in your own basement and not at a vendor creating a Satellite. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading from CentOS 5.6 to 6.0
On 07/25/2011 07:26 PM, Les Mikesell wrote: [snip] My condition in that case was that you couldn't count on the RPM to work anyway once the distribution changes. So you'll likely be repeating that extra effort anyway. Not sure what you mean with once the distribution changes but within a major CentOS/RHEL version (e.g. 5 or 6) there is a stable ABI so an update to the distro should not introduce issues. In my experience apps deployed on RHEL 5.1 work equally on 5.7. If they work crappy, hire better developers :) And of course your next install may be on a non-RPM based system, making any rpm-packaging effort moot. So do people in the Windows world decide to *not* build msi packages because their PHB might decide to replace all Windows with RHEL/CentOS? I have never seen that (the not building msi packages that is). And neither the reverse. I build versioned packages so (amongst other things) I can create a controlled and predictable environment. Are you going to install from source on thousands of servers or do you push *one* tested rpm? I know what I will be doing. Anything else just does not make sense to me. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading from CentOS 5.6 to 6.0
On 07/25/2011 10:49 PM, Les Mikesell wrote: The context for the issue was someone moving from 5.x to 6.x. Still normal procedures apply: port to the new platform and/or rebuild for the new platform, test on the new platform, rinse repeat, verify, give seal of approval, package and finally deploy the RPM(s). So do people in the Windows world decide to *not* build msi packages because their PHB might decide to replace all Windows with RHEL/CentOS? But wouldn't it be better if they actually did that instead of locking themselves into a single vendors system? Really? No. I wish you good luck with the DLL hell caused by your non-versioned, non-packaged, non-controllable, non-manageable source install on a few thousand servers. You don't get freedom or not-being-locked-in from not using best practices like versioned packaging. The choice for a certain platform was made. Deal with it. I have never seen that (the not building msi packages that is). And neither the reverse. How do you deal with java apps in cross platform environments? RHEL5 life cycle ends on 31/03/2017 so for now I don't. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] package recommendation for video conferencing
On 07/22/2011 03:02 PM, Les Mikesell wrote: On 7/22/11 2:19 AM, Geoff Galitz wrote: Hi. We have a need for a video conferencing package with the following specs: - cross platform client support (Linux, Mac, Win) - server side runs on Centos 5 and later with easy package installation routine (e.g. RPM) - can host a teleconfernce with no users connected (IOW, it can wait for users to connect at any time) - supports mulitple users per video conference Recommendations? Don't think this one has group video conferencing yet, but it might be close: http://www.jitsi.org/ For a WebEx-like environment check out BigBlueButton (not easy to install though). Or use Gtalk which supports video and does not require you to host a server. Hosting a teleconference (not sure about support for video) is supported by FreeSWITCH (for small to large environments) and Asterisk (would not bet the farm on this for large environments). Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 PXE boot:Unable to download the kickstart file
On 07/20/2011 05:18 PM, John Hodrien wrote: On Wed, 20 Jul 2011, Ole Holm Nielsen wrote: I fail to see how your repository problem is related to my Kickstart PXE/NFS problem. We can install CentOS 6 (no Kickstart) without problems using PXE. It's the NFS-mounting of the Kickstart-file which fails. What I'd love to learn is how others have made NFS/Kickstart work... Is CentOS 6 assuming NFSv4 by default perhaps? According to the RHEL 6.0 Release Notes it is: Mounting a file system via NFS now defaults to NFSv4. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] managing a rack full of centos servers
On 07/20/2011 06:11 PM, Iain Morris wrote: Spacewalk is great, but be prepared for some significant configuration time and energy. Also, it requires Oracle (postgres is in progress last I checked). From what I read the PostgreSQL support is functional for regular usage and has been improving significantly the last few releases. Worth a try if you don't want to fund Larry's next superyacht. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 PXE boot: Unable to download the kickstart file
On 07/20/2011 09:49 PM, Ole Holm Nielsen wrote: Mounting a file system via NFS now defaults to NFSv4. Yes, this sounds like the correct explanation! Our RHEL5.6 PXE/TFTP/NFS server is certainly configured for NFSv3. I haven't explored the NFSv4 approach though. How can we tweak the CentOS6 Kickstart installation to explicitly request an NFSv3 service in the PXE config file: If there is such an option then I could not find it. Maybe someone else knows how to force NFSv3. kernel CentOS-6-i386/vmlinuz append load_ramdisk=1 initrd=CentOS-6-i386/initrd.img network ks=nfs:130.226.86.4:/u/rpm/kickstart/ks-centos-6-clean-i386.cfg To rephrase my question: Where do we find documentation for the vmlinuz append flags shown above, in particular documentation of the ks=... flags? Try the Installation Guide: https://access.redhat.com/knowledge/docs/ Hopefully there'll be some way to force an NFSv3 mount in stead of the default NFSv4?Or perhaps we need to use http: and stop using nfs: with CentOS6? I have used NFS (v3 v4) and HTTP and for me HTTP was faster so I continued to use HTTP. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cannot start virt-manager in centos 6
On 07/19/2011 05:25 AM, 赵小强 wrote: I just upgrade from centos 5.6 to centos 6.0 on a x86_64 box. But when I try to create a new virtual guest, virt-manager give: Error: internal error cannot parse /usr/bin/qemu-system-x86_64 version number in 'QEMU emulator version 0.14.0, Copyright (c) 2003-2008 Fabrice Bellard'. I have googled it ,but got nothing help. Any help? Thanks first :-) So you did an upgrade from 5.6 to 6.0 and not a fresh install of 6.0? I do not know what is causing this error but it suggests that some RPM packages were not (properly) upgraded. I do know that upgrading from 5.6 to 6.0 is *not* supported. This is to prevent errors, perhaps like yours. If nobody else on the list can help you, I suggest that you backup your data and you do a clean install of 6.0. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] managing a rack full of centos servers
On 07/20/2011 02:03 AM, Fajar Priyanto wrote: Redhat satellite can handle it. Too bad I don't know if there is foss alternative for it. There is http://spacewalk.redhat.com/ Or check out: http://pulpproject.org/ https://fedorahosted.org/candlepin/ http://theforeman.org/ (or look at https://fedorahosted.org/cobbler/ ) The above managed from: http://www.katello.org/ And then there's also for the Cloud: https://www.aeolusproject.org/ And off course the workhorse: http://www.puppetlabs.com/ Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommended mailing list manager for CentOS 5.6
On 07/20/2011 02:17 AM, Dave Stevens wrote: On Tuesday, July 19, 2011 05:07:16 PM John J. Boyer wrote: Does CentOS 5.6 have a mailing list manager like ecartis or majordomo? I want to set up mailing lists for my server in the cloud for three domains that I own. What mailing list managers do yourecommend, and where can they be found? I don't ming compiling source code. Thanks, mailman has always worked well for me, easy to use, reasonable defaults, mail archived by default. In addition to Dave's fine suggestion, there is also Sympa: http://www.sympa.org/ Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SPAM on the List
On 07/17/2011 11:24 PM, Always Learning wrote: *almost* correct. In Linux, like Unix and the pre-Microsoft days, uppercase letters have a different numerical value to lowercase letters. Uppercase 'COM' is definitely not the same as lowercase 'com'. Please correct me if I am wrong but afaik upper-/lowercase does not matter in DNS. Also, I am not aware of e.g. Postfix actually rejecting (with reject_unknown_client_hostname) a FQDN with capitals when a FQDN in lowercase was expected. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gnome 3 on CentOS
On 07/15/2011 07:15 PM, Nguyen Vu Hung wrote: Hi all, How can I install gnome 3 to CentOS 5.6 or CentOS 6.0? Afaik you can't. I don't think there is Gnome 3 for CentOS 5.6 or 6.x. Why not just use Fedora 15 (in a VM)? Fedora 15 has Gnome 3 out of the box. I have no idea if it's possible at all to build Gnome 3 on CentOS but I guess you could try the JHBuild tool or, if you want to use proper RPMs, rebuild all Gnome3 SRPMs and all dependency SRPMs on your CentOS box. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Howto create a VPN connection on desktop (CentOS 6)
On 07/13/2011 02:09 PM, Tommy E Craddock Jr wrote: I also do the same with my R2D2 Droid ie connect thru VPN. Would you mind sharing your CentOS IPSec configs? I got nowhere googling how to setup a L2TP/IPSec PSK VPN between my Nexus S and CentOS 5.6 (soon 6) box. Thanks and regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Where can I download centos 6
On 07/10/2011 03:10 PM, Hal Davison wrote: What innovations will Cent 6 bring to the party in your opinion? http://www.redhat.com/about/news/prarchive/2010/new-standard.html Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Config file semantics.
On 06/15/2011 10:41 PM, Mike A. Harris wrote: Personally, I find that indenting config files by 3 spaces has a lot of advantages to indenting them by 4 spaces although conventional wisdom might suggest otherwise. Who's with me on this? Three is evil, four even more. Two spaces and what do they say? It will keep sanity close and evil at bay. Three won't work, we all know she's a jerk. Four is a fail, it's missing a two so can never be the grail. Just two FTW! Anything more is just a deadly sin. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Revisor
On 06/06/2011 02:58 PM, Deivison Moraes wrote: [snip] But which version does it work? The revisor is of paramount importance to what I'mdoing, does not operate in EL5 have to settle for another version ! thanks ! Maybe I missed the reason why you want to use revisor on EL5 but why don't you just install Fedora 14 or 15 in a VM and use revisor that comes with either distro? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Revisor
On 06/06/2011 03:16 PM, Deivison Moraes wrote: Myintentionis tobuildacustom platformCentOS, turnedtothephoneso we choseCentOS.actuallyin thefedorais more likelytowork? Hope I understand you correctly. You can use Revisor on Fedora 14 or 15 and can then build custom CentOS media. More information about Revisor is here: https://fedorahosted.org/revisor/wiki/Introduction#Introduction Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to set selinux policy allow httpd_t unconfined_t:shm { unix_read unix_write }; using an seboolean? (How to get a new seboolean?)
On 06/03/2011 08:41 PM, Daniel J Walsh wrote: [snip] Not sure what OTRS is but it looks like you are running it as a user? (unconfined_t), Does this usually run as a service started at boot time? It is Help Desk/Ticket software similar to Bugzilla. http://otrs.org/ It is started at boot through init. The RPMs currently available at otrs.org do not have any SELinux policies and seem to install everything under /opt/otrs. Hope this helps. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] Co-location center in Holland
On 05/12/2011 12:48 AM, Craig White wrote: Anyone have recommendations for a highly reliable datacenter located in Holland? Global Switch is a good one. Lots of carriers too. Contact info here: http://www.globalswitch.com/en/locations/amsterdam-data-center If you need 100% uptime and got the cash contact these guys: http://www.schubergphilis.com/ Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Gnome Notification Applet
On 04/16/2011 06:34 AM, Ron Blizzard wrote: [snip] the clock). I spent most of my trial time with SL 6 trying to figure out how to separate these two applets from the Notification Applet -- without success. Is there a configuration file I can change or a configuration program I can run to customize this? Afaik there is no way to make Gnome applets that make use of the Notification Area by design to do something outside of the Notification Area. I realize it's not a huge deal, but it's an irritant. Why does Gnome want to limit the ability to customize? If you want the ability to customize everything have a look at KDE. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot %include in CentOS 5.5 kickstart
On 03/10/2011 08:14 AM, whitivery wrote: # This does not work %include /tmp/drvdisk # This works #driverdisk --source=nfs:10.0.4.157:/srv/cobbler/RHEL5.5_x86_402_409_410_DD.img %packages @base @core %pre --erroronfail echo driverdisk --source=nfs:10.0.4.157:/srv/cobbler/RHEL5.5_x86_402_409_410_DD.img /tmp/drvdisk Although lacking a good caffeine fix the only difference I notice with some examples is that they do this: %include /tmp/drvdisk.sh . . . %pre echo driverdisk --source=nfs:10.1.2.3:/foo/image.img /tmp/drvdisk.sh Notice the usage of .sh in the drvdisk.sh filename? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: grep regex pointer appreciated
On 03/07/2011 12:23 PM, Robert Grasso wrote: Hello, On my opinion, grep is not powerful enough in order to achieve what you want. It would be preferable to use at least some (old but powerful) tools such sed, awk, or even better : perl. Actually, what you need is a tool providing a capture buffer (this is perl jargon - back references in sed jargon) in which you can get the string you want to extract, rather than trying to build up a positive matching regex, as the string boundaries seem to be easy enough to describe with regexs. Thank you for your advice. After much fiddling I came up with something that seems to work. I have never dabbled with perl but will dig up my sed/awk book and see if there's a more elegant way to do this. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: grep regex pointer appreciated
Hi,
My grep regex foo is not very good and googling is getting me nowhere so
hopefully someone is kind enough to give me some pointers.
Goal: grep (non .dbg) filenames and versions from a ftp dir listing and
a raw html file:
$ wget --no-remove-listing -O ftp-index.txt ftp://127.0.0.1/test/
$ wget --no-remove-listing -O index.html http://127.0.0.1/test/
The relevant parts of the files above (first one is ftp listing, second
part is the html file, both copied to test_regex.txt) are:
2011 Jan 28 21:25 File a
href=ftp://127.0.0.1/bar-4.5.6.i686.dbg.tgz;bar-4.5.6.i686.dbg.tgz/a
(5551274 bytes)
2011 Jan 28 21:25 File a
href=ftp://127.0.0.1/bar-4.5.6.i686.tgz;bar-4.5.6.i686.tgz/a
(5551274 bytes)
2011 Jan 28 21:25 File a
href=ftp://127.0.0.1/bar-4.5.6.x86_64.dbg.tgz;bar-4.5.6.x86_64.dbg.tgz/a
(5551274 bytes)
2011 Jan 28 21:25 File a
href=ftp://127.0.0.1/bar-4.5.6.x86_64.tgz;bar-4.5.6.x86_64.tgz/a
(5551274 bytes)
trtda
href=foo-bar-1.2.3+1.2.3.tar.gzfoo-bar-1.2.3+1.2.3.tar.gz/td/tr
This is what I now have (improvements most welcome):
$ egrep -o
([A-Za-z_-]+)([[:digit:]]{1,3}(\.[[:digit:]]{1,3})*).+(.|t)gz
./test_regex.txt | grep -v .dbg | tr -d ''
Output:
foo-bar-1.2.3+1.2.3.tar.gz
baz-4.5.6.i686.tgz
baz-4.5.6.x86_64.tgz
So far so good but now I also want to get the version numbers which I
can't figure out. Anyone have a pointer how to get the version number
from these filenames (1.2.3+1.2.3 and 4.5.6)?
Thanks!
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSH Automatic Log-on Failure - Centos 5.5
On 01/27/2011 04:57 PM, m.r...@5-cent.us wrote: [snip] Here too and from my own systems those 'scriptkiddies' are exposed to the world using http://twitter.com/fail2ban :) So, where's most of your hits from? The most I see is China, followed by Brazil, then Korea (not sure which), then, a lot lower, Russia, Italy, and various others. I see most hits come from India and China (218.0.0.0/16 - 223.0.0.0/16 seems rather popular) followed at quite a distance by the likes of Brazil, South Korea, Russia, Romania and Bulgaria. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
