Re: [CentOS-virt] Preferred method of provisioning VM images
Karanbir Singh mail-li...@karan.org writes: On 06/10/2014 05:21 PM, Lars Kurth wrote: == #4 Cloud Image from Cloud Image SIG == We could rely on pre-built cloud images from the Cloud Images SIG. People could just download the cloud image once it's done and customize it, rather than installing / building their own. Advantages: seems easy Disadvantages: coordination with Cloud Images SIG. May not be flexible enough We ship a test/devel grade CentOS-6-x86_64-pv image ( well, its a qcow2 image, should work for pvhvm as well, the fstab is label driven ).[1] The biggest problem in doing pre-baked images is the instance metadata. We need to find an easy way to get network settings into the instance and the root password ( or key ), and finally - in some cases, console redirection/setup, but i dont think the console is a deal breaker or a big deal. The network and access credentials however are. In a typical cloud environ this info would come from the cloud controller's metadata service; on a typical virtualised setup though this becomes an issue ( and isnt really Xen specific ). We could work around this by making some assumptions, we could 'own' dnsmasq and ensure that either libvirt is running and doing dhcp, otherwise we do the dhcp with some sane defaults, or we setup a script to 'instantiate image', which asks how the user wants to setup the instance ( pvhvm, hvm, pv ), the root password or key to use, and the network settings ( and if this is run on the dom0, we could even ask what bridge or device to connect with as well as the settings ).[2] Ofcourse, having these images pushed from here mean that clouds or virtualised environs that have metadata services are able to just-use the image as is, not needing any more tooling etc. And we can easily push monthly image updates and when things like heartbleed come around, there is a single place we need to update. Wouldn't you still need to configure the services running in each VM? -- Knowledge is volatile and fluid. Software is power. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Preferred method of provisioning VM images
On Mon, Jun 16, 2014 at 11:54 AM, Karanbir Singh mail-li...@karan.org wrote: On 06/10/2014 05:21 PM, Lars Kurth wrote: == #4 Cloud Image from Cloud Image SIG == We could rely on pre-built cloud images from the Cloud Images SIG. People could just download the cloud image once it's done and customize it, rather than installing / building their own. Advantages: seems easy Disadvantages: coordination with Cloud Images SIG. May not be flexible enough We ship a test/devel grade CentOS-6-x86_64-pv image ( well, its a qcow2 image, should work for pvhvm as well, the fstab is label driven ).[1] The biggest problem in doing pre-baked images is the instance metadata. We need to find an easy way to get network settings into the instance and the root password ( or key ), and finally - in some cases, console redirection/setup, but i dont think the console is a deal breaker or a big deal. The network and access credentials however are. In a typical cloud environ this info would come from the cloud controller's metadata service; on a typical virtualised setup though this becomes an issue ( and isnt really Xen specific ). We could work around this by making some assumptions, we could 'own' dnsmasq and ensure that either libvirt is running and doing dhcp, otherwise we do the dhcp with some sane defaults, or we setup a script to 'instantiate image', which asks how the user wants to setup the instance ( pvhvm, hvm, pv ), the root password or key to use, and the network settings ( and if this is run on the dom0, we could even ask what bridge or device to connect with as well as the settings ).[2] Ofcourse, having these images pushed from here mean that clouds or virtualised environs that have metadata services are able to just-use the image as is, not needing any more tooling etc. And we can easily push monthly image updates and when things like heartbleed come around, there is a single place we need to update. - KB [1]: http://cloud.centos.org/centos/6/devel/ [2] might need to pull in all of libguestfs to make the changes, which in turn has its own challenges if run inside a virtualised environ. I didn't follow this -- virt-builder seems to run fine in dom0 with qemu, albeit a bit slow. Upstream is open to having patches for Xen bindings for the utility VM. Or is there something else I'm missing? -George ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] [Xen-users] Can't get vnc connections to bind to 0.0.0.0
On Tue, Jun 17, 2014 at 7:47 AM, Ian Campbell ian.campb...@citrix.com wrote: On Tue, 2014-06-17 at 10:41 -0400, Phillip Susi wrote: On 6/17/2014 10:10 AM, Ian Campbell wrote: Which toolstack. xl This is a PVFB, not sure if they work for HVM or not. Seems to work just fine other than refusing to bind to 0.0.0.0 so I can access it from another machine on the network without setting up an ssh tunnel. You probably want a toplevel vnclisten=0.0.0.0:0 to cause the VNC associated with the emulated VGA to be bound to the address which you want. toplevel? I mean literally write: vnclisten=0.0.0.0:0 in your configuration file, not wrapped in a vfg = []. Ian ___ Xen-users mailing list xen-us...@lists.xen.org http://lists.xen.org/xen-users This is my settings: vfb = [ type=vnc,vnclisten=192.168.2.27,vncpasswd=XX,vncdisplay=1,keymap=en-us ] Hope this helps. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Centos 6.5 Xen Stock cannot run dom-u PCI: Fatal: - ipmi_si
On Mon, Jun 16, 2014 at 09:09:04PM -0700, Periko Support wrote: On Mon, Jun 16, 2014 at 11:34 AM, Periko Support pheriko.supp...@gmail.com wrote: On Mon, Jun 16, 2014 at 11:10 AM, Periko Support pheriko.supp...@gmail.com wrote: On Mon, Jun 16, 2014 at 10:55 AM, Konrad Rzeszutek Wilk konrad.w...@oracle.com wrote: On Mon, Jun 16, 2014 at 10:51:54AM -0700, Periko Support wrote: On Mon, Jun 16, 2014 at 10:46 AM, Periko Support pheriko.supp...@gmail.com wrote: On Mon, Jun 16, 2014 at 10:37 AM, Konrad Rzeszutek Wilk konrad.w...@oracle.com wrote: On Mon, Jun 16, 2014 at 10:21:45AM -0700, Periko Support wrote: --- So if I understand you correct - in 5.9 you did not see this, but in 6.5 you do? -- Yes, just with centos 6.5 dom-u. But none of both vm's run. Please do not top post. .. snip.. .. snip.. Loading xenblk.ko module XENBUS: Waiting for devices to initialise: 295s...290s...285s...280s...275s...270s...265s...260s...255s...250s...245s...240s...235s...230s...225s...220s...215s...210s...205s...200s...195s...190s...185s...180s...175s...170s...165s...160s...155s...150s...145s...140s...135s...130s...125s...120s...115s...110s...105s...100s...95s...90s...85s...80s...75s...70s...65s...60s...55s...50s...45s...40s...35s...30s...25s...20s...15s...10s...5s...0s... XENBUS: Timeout connecting to device: device/vbd/51712 (local state 3, remote state 1) Loading dm-mod.ko module device-mapper: uevent: version 1.0.3 device-mapper: ioctl: 4.11.6-ioctl (2011-02-18) initialised: dm-de...@redhat.com Loading dm-log.ko module Loading dm-mirror.ko module Loading dm-zero.ko module Loading dm-snapshot.ko module Loading dm-mem-cache.ko module Loading dm-region_hash.ko module Loading dm-message.ko module Loading dm-raid45.ko module device-mapper: dm-raid45: initialized v0.2594l Scanning and configuring dmraid supported devices Scanning logical volumes Reading all physical volumes. This may take a while... No volume groups found Activating logical volumes Volume group VolGroup00 not found Creating root device. Mounting root filesystem. mount: could not find filesystem '/dev/root' Setting up other filesystems. Setting up new root fs setuproot: moving /dev failed: No such file or directory no fstab.sys, mounting internal defaults setuproot: error mounting /proc: No such file or directory setuproot: error mounting /sys: No such file or directory Switching to new root and running init. unmounting old /dev unmounting old /proc unmounting old /sys switchroot: mount failed: No such file or directory Kernel panic - not syncing: Attempted to kill init! Ah, that is because you do not have xen-blkfront loaded in your initrd. Somehow it thinks it is called 'xenblk'. If you recreate your initrd (either dracut or mkinitrd) make sure you specify that you want to have the 'xen-blkfront' driver as part of it. The usual parameter is '--add' or such. How did you generate your initrd? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt No, I'm using the instructions from xen4centos project. Nothing manually. U mention 2 things: For centos6 is normal the error, I have to connect to my console using other methods and see if centos6 dom-u is running, I will let u know. 2nd u mention that we need a module xen-blkfront for centos5 dom-u, hope the developers read this and fix this asap. Thanks. If u need info from me, let me know, because this happen in both servers with different year of manufacturing. and different centos version 5.9/6.0. Huh? You do not need any developers. You just need to regenerate your initrd to have extra drivers. That is it. Thanks for your time!!! ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt Understand that, but if exist something to be done to have the fix for the whole community will be better, don't u think? Latest news, I connect to dom-u centos 6.5 x64 over vnc and is booting and got this after waiting: xl console oerp-server PCI: Fatal: No config space access function found ipmi_si: Could not set up I/O space ipmi_si: Could not set up I/O space ipmi_si: Could not set up I/O space Kernel panic - not syncing: Attempted to kill init! Pid: 1, comm: init Not tainted 2.6.32-431.el6.x86_64 #1 Call Trace: [815271fa] ? panic+0xa7/0x16f
Re: [CentOS-virt] Centos 6.5 Xen Stock cannot run dom-u PCI: Fatal: - ipmi_si
On Tue, Jun 17, 2014 at 8:19 AM, Konrad Rzeszutek Wilk konrad.w...@oracle.com wrote: On Mon, Jun 16, 2014 at 09:09:04PM -0700, Periko Support wrote: On Mon, Jun 16, 2014 at 11:34 AM, Periko Support pheriko.supp...@gmail.com wrote: On Mon, Jun 16, 2014 at 11:10 AM, Periko Support pheriko.supp...@gmail.com wrote: On Mon, Jun 16, 2014 at 10:55 AM, Konrad Rzeszutek Wilk konrad.w...@oracle.com wrote: On Mon, Jun 16, 2014 at 10:51:54AM -0700, Periko Support wrote: On Mon, Jun 16, 2014 at 10:46 AM, Periko Support pheriko.supp...@gmail.com wrote: On Mon, Jun 16, 2014 at 10:37 AM, Konrad Rzeszutek Wilk konrad.w...@oracle.com wrote: On Mon, Jun 16, 2014 at 10:21:45AM -0700, Periko Support wrote: --- So if I understand you correct - in 5.9 you did not see this, but in 6.5 you do? -- Yes, just with centos 6.5 dom-u. But none of both vm's run. Please do not top post. .. snip.. .. snip.. Loading xenblk.ko module XENBUS: Waiting for devices to initialise: 295s...290s...285s...280s...275s...270s...265s...260s...255s...250s...245s...240s...235s...230s...225s...220s...215s...210s...205s...200s...195s...190s...185s...180s...175s...170s...165s...160s...155s...150s...145s...140s...135s...130s...125s...120s...115s...110s...105s...100s...95s...90s...85s...80s...75s...70s...65s...60s...55s...50s...45s...40s...35s...30s...25s...20s...15s...10s...5s...0s... XENBUS: Timeout connecting to device: device/vbd/51712 (local state 3, remote state 1) Loading dm-mod.ko module device-mapper: uevent: version 1.0.3 device-mapper: ioctl: 4.11.6-ioctl (2011-02-18) initialised: dm-de...@redhat.com Loading dm-log.ko module Loading dm-mirror.ko module Loading dm-zero.ko module Loading dm-snapshot.ko module Loading dm-mem-cache.ko module Loading dm-region_hash.ko module Loading dm-message.ko module Loading dm-raid45.ko module device-mapper: dm-raid45: initialized v0.2594l Scanning and configuring dmraid supported devices Scanning logical volumes Reading all physical volumes. This may take a while... No volume groups found Activating logical volumes Volume group VolGroup00 not found Creating root device. Mounting root filesystem. mount: could not find filesystem '/dev/root' Setting up other filesystems. Setting up new root fs setuproot: moving /dev failed: No such file or directory no fstab.sys, mounting internal defaults setuproot: error mounting /proc: No such file or directory setuproot: error mounting /sys: No such file or directory Switching to new root and running init. unmounting old /dev unmounting old /proc unmounting old /sys switchroot: mount failed: No such file or directory Kernel panic - not syncing: Attempted to kill init! Ah, that is because you do not have xen-blkfront loaded in your initrd. Somehow it thinks it is called 'xenblk'. If you recreate your initrd (either dracut or mkinitrd) make sure you specify that you want to have the 'xen-blkfront' driver as part of it. The usual parameter is '--add' or such. How did you generate your initrd? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt No, I'm using the instructions from xen4centos project. Nothing manually. U mention 2 things: For centos6 is normal the error, I have to connect to my console using other methods and see if centos6 dom-u is running, I will let u know. 2nd u mention that we need a module xen-blkfront for centos5 dom-u, hope the developers read this and fix this asap. Thanks. If u need info from me, let me know, because this happen in both servers with different year of manufacturing. and different centos version 5.9/6.0. Huh? You do not need any developers. You just need to regenerate your initrd to have extra drivers. That is it. Thanks for your time!!! ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt Understand that, but if exist something to be done to have the fix for the whole community will be better, don't u think? Latest news, I connect to dom-u centos 6.5 x64 over vnc and is booting and got this after waiting: xl console oerp-server PCI: Fatal: No config space access function found ipmi_si: Could not set up I/O space ipmi_si: Could not set up I/O space ipmi_si: Could not set up I/O space Kernel panic - not syncing: Attempted to kill init! Pid: 1, comm: init Not
Re: [CentOS-virt] Centos 6.5 Xen Stock cannot run dom-u PCI: Fatal: - ipmi_si
.snip.. I add the module to initrd, didn't fix the issue. Can you post the full dmesg output please? Do you see 'xen-blkfront' being loaded on it? The issue is that I cannot connect to the dom-u to get the output, exist a way for this? You did it before didn't you? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Centos 6.5 Xen Stock cannot run dom-u PCI: Fatal: - ipmi_si
On Tue, Jun 17, 2014 at 8:45 AM, Konrad Rzeszutek Wilk konrad.w...@oracle.com wrote: .snip.. I add the module to initrd, didn't fix the issue. Can you post the full dmesg output please? Do you see 'xen-blkfront' being loaded on it? The issue is that I cannot connect to the dom-u to get the output, exist a way for this? You did it before didn't you? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt The output u see was from dom-u Centos5, that one show us a different message: (SMP-)alternatives turned off Brought up 1 CPUs checking if image is initramfs... it is Grant table initialized NET: Registered protocol family 16 Brought up 1 CPUs PCI: setting up Xen PCI frontend stub ACPI: Interpreter disabled. Linux Plug and Play Support v0.97 (c) Adam Belay pnp: PnP ACPI: disabled xen_mem: Initialising balloon driver. usbcore: registered new driver usbfs usbcore: registered new driver hub PCI: System does not support PCI PCI: System does not support PCI NetLabel: Initializing NetLabel: domain hash size = 128 NetLabel: protocols = UNLABELED CIPSOv4 NetLabel: unlabeled traffic allowed by default NET: Registered protocol family 2 IP route cache hash table entries: 65536 (order: 7, 524288 bytes) TCP established hash table entries: 262144 (order: 10, 4194304 bytes) TCP bind hash table entries: 65536 (order: 8, 1048576 bytes) TCP: Hash tables configured (established 262144 bind 65536) TCP reno registered audit: initializing netlink socket (disabled) type=2000 audit(1403020147.615:1): initialized VFS: Disk quotas dquot_6.5.1 Dquot-cache hash table entries: 512 (order 0, 4096 bytes) Initializing Cryptographic API alg: No test for crc32c (crc32c-generic) ksign: Installing public key data Loading keyring - Added public key 691B840A64868995 - User ID: CentOS (Kernel Module GPG key) io scheduler noop registered io scheduler anticipatory registered io scheduler deadline registered io scheduler cfq registered (default) pci_hotplug: PCI Hot Plug PCI Core version: 0.5 rtc: IRQ 8 is not free. Non-volatile memory driver v1.2 Linux agpgart interface v0.101 (c) Dave Jones brd: module loaded Xen virtual console successfully installed as xvc0 Event-channel device installed. Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2 ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx ide-floppy driver 0.99.newide usbcore: registered new driver hiddev usbcore: registered new driver usbhid drivers/usb/input/hid-core.c: v2.6:USB HID core driver PNP: No PS/2 controller found. Probing ports directly. i8042.c: No controller found. mice: PS/2 mouse device common for all mice md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27 md: bitmap version 4.39 TCP bic registered Initializing IPsec netlink socket NET: Registered protocol family 1 NET: Registered protocol family 17 XENBUS: Device with no driver: device/vbd/51712 XENBUS: Device with no driver: device/vif/0 XENBUS: Device with no driver: device/console/0 Initalizing network drop monitor service Write protecting the kernel read-only data: 506k Red Hat nash version 5.1.19.6 starting Mounting proc filesystem Mounting sysfs filesystem Creating /dev Creating initial device nodes Setting up hotplug. Creating block device nodes. Loading ehci-hcd.ko module Loading ohci-hcd.ko module Loading uhci-hcd.ko module USB Universal Host Controller Interface driver v3.0 Loading jbd.ko module Loading ext3.ko module Loading xenblk.ko module XENBUS: Waiting for devices to initialise: 295s...290s...285s...280s...275s...270s...265s.. 240s...235s...230s...225s...220s...215s...210s...205s...200s...195s...190s...185s...180s...175s...170s...165s...160s...155s...150s...145s...140s...135s...130s...125s...120s...115s...110s...105s...100s...95s...90s...85s...80s...75s...70s...65s...60s...55s...50s...45s...40s...35s...30s...25s...20s...15s...10s...5s...0s... XENBUS: Timeout connecting to device: device/vbd/51712 (local state 3, remote state 1) Loading dm-mod.ko module device-mapper: uevent: version 1.0.3 device-mapper: ioctl: 4.11.6-ioctl (2011-02-18) initialised: dm-de...@redhat.com Loading dm-log.ko module Loading dm-mirror.ko module Loading dm-zero.ko module Loading dm-snapshot.ko module Loading dm-mem-cache.ko module Loading dm-region_hash.ko module Loading dm-message.ko module Loading dm-raid45.ko module device-mapper: dm-raid45: initialized v0.2594l Scanning and configuring dmraid supported devices Scanning logical volumes Reading all physical volumes. This may take a while... No volume groups found Activating logical volumes Volume group VolGroup00 not found Creating root device. Mounting root filesystem. mount: could not find filesystem '/dev/root' Setting up other filesystems. Setting up new root fs setuproot: moving /dev failed: No such file or directory no fstab.sys, mounting internal defaults setuproot: error mounting /proc: No such file or directory
Re: [CentOS-virt] Are xen and centos incompatible?
Konrad Rzeszutek Wilk konrad.w...@oracle.com writes: On Sat, Jun 14, 2014 at 09:07:51AM +0200, lee wrote: Konrad Rzeszutek Wilk konrad.w...@oracle.com writes: I am wondering if you are using an older kernel. The xen-acpi-processor driver should be loaded which would give the C and P states to the hypervisor. Which in turn would result in those above commands providing the right data. Linux heimdall 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3+deb7u2 x86_64 GNU/Linux This is what comes in Debian. Unfortunately, this kernel crashes when I'm copying data to a domU NFS server over the network :(( I need to find out how to get some useful information out of it to make a bug report. How do I know whether the xen-acpi-processor driver is loaded or not? lsmod Well, yes, I didn't know what the name of this module exactly is. There's also the processor module. But it looks like v3.4 and later were the kernels that started having this driver. That would explain why it does not exist as you are using 3.2. Because of the crashes, I've upgraded to a 3.14.5-1~bpo70+1 kernel from Debian backports. That one does have the xen-acpi-processor module, and it's working. I don't know yet if it'll crash, though. -- Knowledge is volatile and fluid. Software is power. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Preferred method of provisioning VM images
SilverTip257 silvertip...@gmail.com writes: On Tue, Jun 17, 2014 at 6:11 AM, lee l...@yun.yagibdah.de wrote: Karanbir Singh mail-li...@karan.org writes: Ofcourse, having these images pushed from here mean that clouds or virtualised environs that have metadata services are able to just-use the image as is, not needing any more tooling etc. And we can easily push monthly image updates and when things like heartbleed come around, there is a single place we need to update. Wouldn't you still need to configure the services running in each VM? Yes. I believe the idea here is to pre-configure as much as possible and complete the remaining configuration via network connectivity (ie: SSH). How about some sort of package management that lets you define and configure the VM? This is currently done from the inside, i. e. when the VM is running, with whatever installer and package manager a distribution comes with. Why not do it from the outside, i. e. before the VM even exists, creating it in the process? Define some sort of API so that the same VM creator tool could be used with different distributions. -- Knowledge is volatile and fluid. Software is power. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] How to create an OpenVZ OS Template for CentOS 7 Public QA
Greetings,
First start of by working on a physical system, virtual machine, or container
that matches the OS Template you are wanting to build. I used my CentOS 7
Public QA OS OpenVZ container to build it.
You must of course have a working yum. Once we are beyond Public QA and there
is stuff in /etc/yum.repos.d/ this won't be a problem. One thing to note is
that the --enablerepo= must refer to a repo your build host has and viewable
via yum repolist. That repo should point to the desired CentOS 7 build tree
directory.
A note about the package list. Yes, listed out every individual packcage is
tedious. Perhaps some package groups could be used but they typically drag in
a lot of unwanted additional packages. Suggestions welcome.
Here is a simple script and please don't nag at me because I'm a scripting
novice. I hope email client word wrapping and screen sizes don't butcher it too
bad:
- - - - -
# To get a package list without version numbers from a target system
# rpm -qa --qf %{n} packages.txt
# Put contents of packages.txt after -y install \ line below
mkdir /ostemplate
yum \
--installroot /ostemplate \
--nogpg \
--releasever=7 \
--enablerepo=centos7pubqa \
-y install \
centos-release filesystem ncurses-base mailcap tzdata glibc-common xz-libs \
ncurses-libs pcre libselinux info libdb popt sed libcom_err libuuid expat \
libacl libgpg-error dbus-libs gawk lua libxml2 glib2 shared-mime-info apr cpio \
gmp p11-kit tcp_wrappers-libs perl-parent perl-podlators perl-Text-ParseWords \
perl-Pod-Escapes perl-libs perl-threads perl-constant perl-Filter \
perl-Time-Local perl-threads-shared perl-File-Path perl-Scalar-List-Utils \
perl-Getopt-Long libcap-ng nss-softokn libassuan libunistring diffutils
gpm-libs \
libnfnetlink keyutils-libs gettext-libs p11-kit-trust nettle \
gobject-introspection vim-minimal pinentry make libselinux-utils ncurses \
libverto libsemanage krb5-libs openldap cracklib libmount systemd-libs libuser \
pam libblkid util-linux python-libs dhcp-libs libcurl python-urlgrabber
rpm-libs \
dhcp-common libselinux-python python-iniparse python-chardet
yum-metadata-parser \
python-backports-ssl_match_hostname newt-python pyxattr binutils logrotate \
procps-ng mariadb-libs fipscheck-lib openssh libmnl iptables json-c \
device-mapper cryptsetup-libs dbus iputils cronie-anacron crontabs libestr \
gnupg2 rpm-python pygpgme libnl3 yum-utils man-db dhclient audit openssh-server
\
libgudev1 net-tools elinks python-pyudev policycoreutils python-configobj \
pygobject3-base sudo wget file tar which psmisc libpcap libsysfs libdaemon lzo \
libgcc setup basesystem kbd-misc bind-license nss-softokn-freebl glibc
libstdc++ \
bash libsepol zlib audit-libs nspr chkconfig bzip2-libs nss-util grep libattr \
libcap elfutils-libelf libgcrypt readline libidn libffi pkgconfig sqlite \
groff-base file-libs libtasn1 slang gdbm perl-HTTP-Tiny perl-Pod-Perldoc \
perl-Encode perl-Pod-Usage perl-macros perl-Storable perl-Carp perl-Exporter \
perl-Socket perl-File-Temp perl-PathTools perl-Pod-Simple perl apr-util
libcroco \
cyrus-sasl-lib libgomp kmod-libs libedit hostname js newt ca-certificates less \
dbus-glib acl libdb-utils findutils xz sysvinit-tools ustr nss-tools \
openssl-libs gzip cracklib-dicts nss libpwquality coreutils shadow-utils \
libutempter nss-sysinit python libssh2 python-pycurl curl rpm python-decorator \
python-slip dbus-python python-kitchen python-backports python-setuptools \
pyliblzma centos-logos kmod openssl nss_compat_ossl bind-libs-lite fipscheck \
httpd-tools libnetfilter_conntrack iproute qrencode-libs device-mapper-libs \
systemd systemd-sysv initscripts cronie libpipeline pth rpm-build-libs gpgme
yum \
libnl3-cli rsyslog mlocate kbd postfix httpd ebtables openssh-clients
authconfig \
python-slip-dbus mc gettext screen passwd gnutls elfutils-libs libss nano
snappy \
libndp ethtool hardlink rootfiles
ln -sf /proc/mounts /ostemplate/etc/mtab
# I want Mountain time to be the default
ln -sf /usr/share/zoneinfo/America/Denver /ostemplate/etc/localtime
# Now compress that sucker
cd /ostemplate ; tar -cvJf /root/centos-7-x86_64-viayum.tar.xz . ; cd
ls -lh /root/centos-7-x86_64-viayum.tar.xz
echo Done building OS Template. Now test it.
- - - - -
TYL,
--
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-es] Livecd de Centos-7 con livecd-tools da error
gracias por tu rápida respuesta! copie tal cual esta en github por eso me extraña este fallo, creía que era la versión del livecd-tools pero tampoco... mirare lo que me comentas del grub a ver si encuentro algo :) Gracias! El 17/06/14 02:49, Jorge Sanchez escribió: Yo pase por esto en algun momento haciendo kickstarts, no recuerdo exactamente que hice, pero si recuerdo que mi sintaxis de parametros era lo que estaba mal. No te aseguro que sea esto, pero una buena manera es iniciar GRUB, y editar la linea de kernel desde grub mismo hasta que encuentres el correcto. Cuando entre a Grub, apreta la Edit, y Boot para bootear. El 16 de junio de 2014, 19:00, Alex ( Servtelecom ) alex.and...@servtelecom.com escribió: Hola compañeros! estoy intentando hacer pruebas con la beta de CentOS 7, con CentOS 6 no he tenido nunca problemas de compilar la ISO con sus cfg pero con CentOS 7 me da error al iniciar la iso. - Utilizo los cfg de https://github.com/CentOS/sig-core-livemedia/tree/master/kickstarts El error que me da; --- dracut: FATAL: Don't know to handle 'root=live:CDLABEL=livecd-x68_64-centos7' dracut: Refusing to continue System halted. -- Utilizo el comando : livecd-creator --config=/usr/share/spin-2.0/centos-7-live-gnome.cfg --fslabel=livecd-x68_64-centos7 --cache=/var/cache/live/ Las pruebas las estoy haciendo con virtualbox Alguna idea?? alguien ha conseguido crear ISO? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Centos 6 x64 Xen no puedo correr mis maquinas virtuales.
El 16/06/2014 18:20, Periko Support escribió: Hola gente. Miren, ando triste, me llego mi servidor nuevo un supermicro SuperServer 1027R-WRF4+, el plan es correr varios servicios virtualizados con Xen ya que le tenemos mucha confianza a ambos, ya tenemos otros servidores con Xen sobre Centos 5.x sin problemas. Ahora con el soporte que tiene centos 6 con mayor razon deseamos movernos ahi, pero estos ultimos dias he tenido problemas delicados. Despues de haber hecho la instalacion de centos 6x64, segui con la parte de instalar Xen y sus utilerias, les quiero recordar que yo en lo personal no tengo en mi servidores nada relacionado el modo grafico, todo es en consola. Ya Xen corriendo, segui creando mis MV's(Maquinas Virtuales), la 1ra Centos 6.5, ya hecha la instalacion, al momento de prenderla y conectarme a la consola me sale este mensaje y ahi se queda colgada: xm console oerp-server PCI: Fatal: No config space access function found ipmi_si: Could not set up I/O space ipmi_si: Could not set up I/O space ipmi_si: Could not set up I/O space Relacionado con ipmi del servidor, el cual lo tiene habilitado de fabrica en el BIOS? No se aun, bueno de ahi me fui a probar con centos 5.9x64, ya instalado a ejecutarlo, este sale con otro error: Brought up 1 CPUs [...] Asi como que no encuentra el disco, algo totalmente distinto a dom-u para centos 6. Algo que me llama la atencion es que en la version 6.5 sin xen usan el kernel 2.6.x, pero con Xen usan el 3.x. Tal como comenta Ernesto, Red Hat 6 no soporta Xen: http://wiki.centos.org/QaWiki/Xen4 Esto me pasa con mi servidor nuevo como con mi viejo lobo de un Dell PowerEdge 2950. Alguien mas con ese problema? Aquí un HowTo bien explicadito. Prueba a ver que tal: http://www.howtoforge.com/virtualization-with-xen-on-centos-6.2-x86_64-paravirtualization-and-hardware-virtualization Saludos. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Francesc Guitart ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Configuración Mail
El 16/06/2014 19:23, jorge saul sanchez molina escribió:
Buen Dia Lista
Solicito de su apoyo, me están solicitando configurar mi servidor centos
que envié notificaciones por correo al servidor de correo de la empresa,
tengo la duda si es necesario instalar el postfix y el bind, o si solo con
el comando mail es suficiente
Me pudieran guiar en la configuración del servidor
Solo con el comando mail o mailx es suficiente:
man mail
Tambien puedes hacerlo atacando directamente al puerto 25 (con telnet o
netcat) en un script. Yo uso esta función en mis scripts:
function send_mail ()
{
subject=$1
sender=sen...@tudominio.com
rcpt=recipi...@tudominio.com
domaine=$(dnsdomainname)
ehlo=${HOSTNAME}.${domaine}
mailserver=smtp.tudominio.com
{
echo EHLO $ehlo
sleep 1
echo MAIL FROM:${sender}
sleep 1
echo RCPT TO:${rcpt}
sleep 1
echo 'DATA'
sleep 1
echo Subject: $subject
echo -e To:${rcpt}\n
cat /ruta/al/fichero/que/quieres/enviar
echo Escribe aquí lo que quieres enviar
echo '.'
} | nc $mailserver 25
}
send_mail Asunto del mensaje
--
Francesc Guitart
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Livecd de Centos-7 con livecd-tools da error
gracias por tu rápida respuesta! copie tal cual esta en github por eso me extraña este fallo, creía que era la versión del livecd-tools pero tampoco... mirare lo que me comentas del grub a ver si encuentro algo :) Gracias! -- Técnico Informático Servtelecom Alexandre Andreu Cases La Selva del Camp Avd. President companys nº5 Local 1 Tel: 977850338 http://www.servtelecom.com Linux para todos http://www.serv-os.net Prueba el mundo de GNU/Linux con nuestra distribución gratuita! -- El 17/06/14 02:49, Jorge Sanchez escribió: Yo pase por esto en algun momento haciendo kickstarts, no recuerdo exactamente que hice, pero si recuerdo que mi sintaxis de parametros era lo que estaba mal. No te aseguro que sea esto, pero una buena manera es iniciar GRUB, y editar la linea de kernel desde grub mismo hasta que encuentres el correcto. Cuando entre a Grub, apreta la Edit, y Boot para bootear. El 16 de junio de 2014, 19:00, Alex ( Servtelecom ) alex.and...@servtelecom.com escribió: Hola compañeros! estoy intentando hacer pruebas con la beta de CentOS 7, con CentOS 6 no he tenido nunca problemas de compilar la ISO con sus cfg pero con CentOS 7 me da error al iniciar la iso. - Utilizo los cfg de https://github.com/CentOS/sig-core-livemedia/tree/master/kickstarts El error que me da; --- dracut: FATAL: Don't know to handle 'root=live:CDLABEL=livecd-x68_64-centos7' dracut: Refusing to continue System halted. -- Utilizo el comando : livecd-creator --config=/usr/share/spin-2.0/centos-7-live-gnome.cfg --fslabel=livecd-x68_64-centos7 --cache=/var/cache/live/ Las pruebas las estoy haciendo con virtualbox Alguna idea?? alguien ha conseguido crear ISO? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Centos 6 x64 Xen no puedo correr mis maquinas virtuales.
2014-06-17 6:49 GMT-07:00 Francesc Guitart fguit...@gmx.com: El 16/06/2014 18:20, Periko Support escribió: Hola gente. Miren, ando triste, me llego mi servidor nuevo un supermicro SuperServer 1027R-WRF4+, el plan es correr varios servicios virtualizados con Xen ya que le tenemos mucha confianza a ambos, ya tenemos otros servidores con Xen sobre Centos 5.x sin problemas. Ahora con el soporte que tiene centos 6 con mayor razon deseamos movernos ahi, pero estos ultimos dias he tenido problemas delicados. Despues de haber hecho la instalacion de centos 6x64, segui con la parte de instalar Xen y sus utilerias, les quiero recordar que yo en lo personal no tengo en mi servidores nada relacionado el modo grafico, todo es en consola. Ya Xen corriendo, segui creando mis MV's(Maquinas Virtuales), la 1ra Centos 6.5, ya hecha la instalacion, al momento de prenderla y conectarme a la consola me sale este mensaje y ahi se queda colgada: xm console oerp-server PCI: Fatal: No config space access function found ipmi_si: Could not set up I/O space ipmi_si: Could not set up I/O space ipmi_si: Could not set up I/O space Relacionado con ipmi del servidor, el cual lo tiene habilitado de fabrica en el BIOS? No se aun, bueno de ahi me fui a probar con centos 5.9x64, ya instalado a ejecutarlo, este sale con otro error: Brought up 1 CPUs [...] Asi como que no encuentra el disco, algo totalmente distinto a dom-u para centos 6. Algo que me llama la atencion es que en la version 6.5 sin xen usan el kernel 2.6.x, pero con Xen usan el 3.x. Tal como comenta Ernesto, Red Hat 6 no soporta Xen: http://wiki.centos.org/QaWiki/Xen4 Esto me pasa con mi servidor nuevo como con mi viejo lobo de un Dell PowerEdge 2950. Alguien mas con ese problema? Aquí un HowTo bien explicadito. Prueba a ver que tal: http://www.howtoforge.com/virtualization-with-xen-on-centos-6.2-x86_64-paravirtualization-and-hardware-virtualization Saludos. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Francesc Guitart ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Hola. http://wiki.centos.org/HowTos/Xen/Xen4QuickStart Hace tiempo que se juntaron y volvieron a darle fuerza a la union entre Centos+Xen en la rama 6/4 posteriormente, nada tiene que ver con RedHat, esto ya es puramente Centos. Poner un servidor con Centos6 y Xen en linea solo nos lleva unos minutos no es nada complicado. Les agradezco sus comentarios y tiempo, saludos. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Configuración Mail
El 17/06/2014 17:12, Periko Support escribió:
2014-06-17 6:59 GMT-07:00 Francesc Guitart fguit...@gmx.com:
El 16/06/2014 19:23, jorge saul sanchez molina escribió:
Buen Dia Lista
Solicito de su apoyo, me están solicitando configurar mi servidor centos
que envié notificaciones por correo al servidor de correo de la empresa,
tengo la duda si es necesario instalar el postfix y el bind, o si solo con
el comando mail es suficiente
Me pudieran guiar en la configuración del servidor
Solo con el comando mail o mailx es suficiente:
man mail
Tambien puedes hacerlo atacando directamente al puerto 25 (con telnet o
netcat) en un script. Yo uso esta función en mis scripts:
function send_mail ()
{
subject=$1
sender=sen...@tudominio.com
rcpt=recipi...@tudominio.com
domaine=$(dnsdomainname)
ehlo=${HOSTNAME}.${domaine}
mailserver=smtp.tudominio.com
{
echo EHLO $ehlo
sleep 1
echo MAIL FROM:${sender}
sleep 1
echo RCPT TO:${rcpt}
sleep 1
echo 'DATA'
sleep 1
echo Subject: $subject
echo -e To:${rcpt}\n
cat /ruta/al/fichero/que/quieres/enviar
echo Escribe aquí lo que quieres enviar
echo '.'
} | nc $mailserver 25
}
send_mail Asunto del mensaje
--
Francesc Guitart
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es
Hola.
Se me hace mas complejo, trata ssmtp Francesc, solo configuras el
archivo de configuracion de ssmtp, remplazas el mail command interno y
listo, no hay necesidad de tener que poner un script como ese que de
verlo me da miedo.
Es una función. Una vez la has creado solo tienes que copiar/pegar de
script a script.
A veces prefiero pasar un rato largo haciendo algo a priori más complejo
pero sin usar utilidades extras. Aunque esto sería otra discusión, a mi
esto me parece más simple.
Y el servidor todos mensajes los arrojara solito a tu bandeja, claro
una vez configurado:
root=r...@mydominio.com
mailhub=mail.midominio.com
RewriteDomain=midominio.com
Hostname=mbx-paloma
FromLineOverride=YES
Simples parametros para apuntar a mi servidor de correo, remplazas el
mail interno y listo a probar y recibir los correos a la bandeja.
Por trucos no paramos, un saludos amigos!!!
Exacto! De eso se trata :)
--
Francesc Guitart
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Configuración Mail
2014-06-17 6:59 GMT-07:00 Francesc Guitart fguit...@gmx.com:
El 16/06/2014 19:23, jorge saul sanchez molina escribió:
Buen Dia Lista
Solicito de su apoyo, me están solicitando configurar mi servidor centos
que envié notificaciones por correo al servidor de correo de la empresa,
tengo la duda si es necesario instalar el postfix y el bind, o si solo con
el comando mail es suficiente
Me pudieran guiar en la configuración del servidor
Solo con el comando mail o mailx es suficiente:
man mail
Tambien puedes hacerlo atacando directamente al puerto 25 (con telnet o
netcat) en un script. Yo uso esta función en mis scripts:
function send_mail ()
{
subject=$1
sender=sen...@tudominio.com
rcpt=recipi...@tudominio.com
domaine=$(dnsdomainname)
ehlo=${HOSTNAME}.${domaine}
mailserver=smtp.tudominio.com
{
echo EHLO $ehlo
sleep 1
echo MAIL FROM:${sender}
sleep 1
echo RCPT TO:${rcpt}
sleep 1
echo 'DATA'
sleep 1
echo Subject: $subject
echo -e To:${rcpt}\n
cat /ruta/al/fichero/que/quieres/enviar
echo Escribe aquí lo que quieres enviar
echo '.'
} | nc $mailserver 25
}
send_mail Asunto del mensaje
--
Francesc Guitart
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es
Hola.
Se me hace mas complejo, trata ssmtp Francesc, solo configuras el
archivo de configuracion de ssmtp, remplazas el mail command interno y
listo, no hay necesidad de tener que poner un script como ese que de
verlo me da miedo.
Y el servidor todos mensajes los arrojara solito a tu bandeja, claro
una vez configurado:
root=r...@mydominio.com
mailhub=mail.midominio.com
RewriteDomain=midominio.com
Hostname=mbx-paloma
FromLineOverride=YES
Simples parametros para apuntar a mi servidor de correo, remplazas el
mail interno y listo a probar y recibir los correos a la bandeja.
Por trucos no paramos, un saludos amigos!!!
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Hola
Necesito un repo de donde pueda obtener los paquetes del paquete estadístico R. -- Envejecer es todavía el único medio que se ha encontrado para vivir mucho tiempo. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
Hola, te arrojo algo google? 2014-06-17 15:01 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Necesito un repo de donde pueda obtener los paquetes del paquete estadístico R. -- Envejecer es todavía el único medio que se ha encontrado para vivir mucho tiempo. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
No en google lo que encuentro es como instalar el paquete base, pero para las librerias no encontre nada. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 18:21:26 Asunto: Re: [CentOS-es] Hola Hola, te arrojo algo google? 2014-06-17 15:01 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Necesito un repo de donde pueda obtener los paquetes del paquete estadístico R. -- Envejecer es todavía el único medio que se ha encontrado para vivir mucho tiempo. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
2014-06-17 15:30 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: No en google lo que encuentro es como instalar el paquete base, pero para las librerias no encontre nada. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 18:21:26 Asunto: Re: [CentOS-es] Hola Hola, te arrojo algo google? 2014-06-17 15:01 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Necesito un repo de donde pueda obtener los paquetes del paquete estadístico R. -- Envejecer es todavía el único medio que se ha encontrado para vivir mucho tiempo. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es cual es la pagina del programa? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
cran.r-project.org hay estan los repos de redhat y fedora pero no se actualizan desde 2009. Por eso averiguo como instalar sus paquetes. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 18:48:15 Asunto: Re: [CentOS-es] Hola 2014-06-17 15:30 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: No en google lo que encuentro es como instalar el paquete base, pero para las librerias no encontre nada. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 18:21:26 Asunto: Re: [CentOS-es] Hola Hola, te arrojo algo google? 2014-06-17 15:01 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Necesito un repo de donde pueda obtener los paquetes del paquete estadístico R. -- Envejecer es todavía el único medio que se ha encontrado para vivir mucho tiempo. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es cual es la pagina del programa? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
2014-06-17 15:52 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: cran.r-project.org hay estan los repos de redhat y fedora pero no se actualizan desde 2009. Por eso averiguo como instalar sus paquetes. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 18:48:15 Asunto: Re: [CentOS-es] Hola 2014-06-17 15:30 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: No en google lo que encuentro es como instalar el paquete base, pero para las librerias no encontre nada. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 18:21:26 Asunto: Re: [CentOS-es] Hola Hola, te arrojo algo google? 2014-06-17 15:01 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Necesito un repo de donde pueda obtener los paquetes del paquete estadístico R. -- Envejecer es todavía el único medio que se ha encontrado para vivir mucho tiempo. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es cual es la pagina del programa? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Oyes, veo todo ahi, te marca error o que pasa cuando los instalas? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
Mira lo que pasa es lo siguiente, me piden los RPM y lo que hay ahi son los paquetes básicos, las librerias no estan, por ejemplo la libreria, forecast, rcpp, y asi. Lo que hay son los tar.gz, y eso no los quieren. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
2014-06-17 16:12 GMT-7:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Mira lo que pasa es lo siguiente, me piden los RPM y lo que hay ahi son los paquetes básicos, las librerias no estan, por ejemplo la libreria, forecast, rcpp, y asi. Lo que hay son los tar.gz, y eso no los quieren. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Yo veo estos, ya los probastes? R-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 14K R-core-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 31M R-devel-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 87K ReadMe 31-Aug-2009 09:30 262 libRmath-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 102K libRmath-devel-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 148K ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
Mira esos paquetes son del paquete base de R, pero las librerias, que este incluye no estan ahi, si vez ahi no hay casi paquetes. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 19:18:25 Asunto: Re: [CentOS-es] Hola 2014-06-17 16:12 GMT-7:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Mira lo que pasa es lo siguiente, me piden los RPM y lo que hay ahi son los paquetes básicos, las librerias no estan, por ejemplo la libreria, forecast, rcpp, y asi. Lo que hay son los tar.gz, y eso no los quieren. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Yo veo estos, ya los probastes? R-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 14K R-core-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 31M R-devel-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 87K ReadMe 31-Aug-2009 09:30 262 libRmath-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 102K libRmath-devel-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 148K ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
7 2014-06-17 16:23 GMT-07:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Mira esos paquetes son del paquete base de R, pero las librerias, que este incluye no estan ahi, si vez ahi no hay casi paquetes. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 19:18:25 Asunto: Re: [CentOS-es] Hola 2014-06-17 16:12 GMT-7:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Mira lo que pasa es lo siguiente, me piden los RPM y lo que hay ahi son los paquetes básicos, las librerias no estan, por ejemplo la libreria, forecast, rcpp, y asi. Lo que hay son los tar.gz, y eso no los quieren. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Yo veo estos, ya los probastes? R-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 14K R-core-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 31M R-devel-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 87K ReadMe 31-Aug-2009 09:30 262 libRmath-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 102K libRmath-devel-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 148K ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Pero ya intentastes instalarlo? ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
Ya esos los tengo instalados. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
On Tue, Jun 17, 2014 at 4:37 PM, Julio Edel Salas Diaz jesa...@estudiantes.uci.cu wrote: Ya esos los tengo instalados. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es En este caso, yo bajaria las fuentes, leer las notas y tratar de instalarlo, ahi van a salir todas las librerias faltantes. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
Packages provide a mechanism for loading optional code, data and documentation as needed. The R distribution itself includes about 30 packages. In the following, we assume that you know the library() command, including its lib.loc argument, and we also assume basic knowledge of the R CMD INSTALL utility. Otherwise, please look at R’s help pages on ?library ?INSTALL before reading on. --- http://www.stat.berkeley.edu/~paciorek/computingTips/Libraries_in_R.html Julio, no buscaste lo suficiente, me llevo 3 minutos encontrar que tienen su propio sistema de instalar librerias o 'paquetes'. El 17 de junio de 2014, 20:23, Julio Edel Salas Diaz jesa...@estudiantes.uci.cu escribió: Mira esos paquetes son del paquete base de R, pero las librerias, que este incluye no estan ahi, si vez ahi no hay casi paquetes. - Mensaje original - De: Periko Support pheriko.supp...@gmail.com Para: centos-es@centos.org Enviados: Martes, 17 de Junio 2014 19:18:25 Asunto: Re: [CentOS-es] Hola 2014-06-17 16:12 GMT-7:00 Julio Edel Salas Diaz jesa...@estudiantes.uci.cu: Mira lo que pasa es lo siguiente, me piden los RPM y lo que hay ahi son los paquetes básicos, las librerias no estan, por ejemplo la libreria, forecast, rcpp, y asi. Lo que hay son los tar.gz, y eso no los quieren. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Yo veo estos, ya los probastes? R-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 14K R-core-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 31M R-devel-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 87K ReadMe 31-Aug-2009 09:30 262 libRmath-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 102K libRmath-devel-2.10.0-2.el5.x86_64.rpm 09-Nov-2009 09:45 148K ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- Sólo aquellos que se arriesgan a ir demasiado lejos pueden descubrir hasta dónde se puede llegar. UCI VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Hola
Pero no conoces ningun otro repo donde pueda encontrar eso?, porque es lo que necesito. VII Escuela Internacional de Verano en la UCI del 30 de junio al 11 de julio de 2014. Ver www.uci.cu ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS] CentOS-announce Digest, Vol 112, Issue 7
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than Re: Contents of CentOS-announce digest...
Today's Topics:
1. CEBA-2014:0755 CentOS 6 less FASTTRACK Update (Johnny Hughes)
2. CEBA-2014:0757 CentOS 6 dnsmasq FASTTRACK Update (Johnny Hughes)
3. CESA-2014:X008 Moderate: Xen4CentOS xen Security Update
(Johnny Hughes)
4. CESA-2014:X009 Important: Xen4CentOS kernel Security Update
(Johnny Hughes)
--
Message: 1
Date: Mon, 16 Jun 2014 15:51:35 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CEBA-2014:0755 CentOS 6 less FASTTRACK
Update
To: centos-annou...@centos.org
Message-ID: 20140616155135.ga27...@n04.lon1.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2014:0755
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0755.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
ac7bc80bcad24e573be8441a3854b71caa93efcdcc5ba20e42348a636db9af57
less-436-13.el6.i686.rpm
x86_64:
7bf9bb5d1143ca6390215d9aa9477d367f3e0c09ac3bd5da3af846215522
less-436-13.el6.x86_64.rpm
Source:
02f5363b8f82f4df9a4d359de686314fae3bf988c57401cac9eea641bbe2e0af
less-436-13.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Mon, 16 Jun 2014 15:51:51 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CEBA-2014:0757 CentOS 6 dnsmasq FASTTRACK
Update
To: centos-annou...@centos.org
Message-ID: 20140616155151.ga27...@n04.lon1.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2014:0757
Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0757.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6a65c4723db14b7cbde8227815bd546a2d4ce3c01f223e49bb50465beb6b9955
dnsmasq-2.48-14.el6.i686.rpm
360f60ebdc924e755e6e3a83fe45fa343746e712f7c7fb8c7a426bec3f118177
dnsmasq-utils-2.48-14.el6.i686.rpm
x86_64:
aa2ed48fc51ccbfc4e00196a1253e3e12b1056a0fe19c3e32c2a7e3e3404c4a1
dnsmasq-2.48-14.el6.x86_64.rpm
d4c5d4f9fd5eaa3f82a5e3395934033793c7317123bef83559173742846bafc3
dnsmasq-utils-2.48-14.el6.x86_64.rpm
Source:
0e55257a4fb830325e6fbc761212c112cf6e2d37ca1ac03327eeb65cb9b3f531
dnsmasq-2.48-14.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 3
Date: Mon, 16 Jun 2014 22:14:47 +
From: Johnny Hughes joh...@centos.org
Subject: [CentOS-announce] CESA-2014:X008 Moderate: Xen4CentOS xen
SecurityUpdate
To: centos-annou...@centos.org
Message-ID: 20140616221447.ga37...@n04.lon1.karan.org
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2014:X008 (Xen4CentOS)
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
-
X86_64
-
58469d64c897d1deb6832b2cc69d1d28c83162075835d256ff56996aecb8d145
xen-4.2.4-33.el6.centos.alt.x86_64.rpm
638a23de4472d3ded206c72359d4080826561e958e2b2e2560cf1937491c3c42
xen-devel-4.2.4-33.el6.centos.alt.x86_64.rpm
19c75d460905acd5a16e97c1775ba40c26ee10b413bb52510afb1e3fab594426
xen-doc-4.2.4-33.el6.centos.alt.x86_64.rpm
7906b1282cbe24e123e777271f88d978912edb056dd0c9424396359a4a939d6f
xen-hypervisor-4.2.4-33.el6.centos.alt.x86_64.rpm
12ca64fef26338932ed2dda1d155f29dbb3224f076fd41d14ba56344d454ce40
xen-libs-4.2.4-33.el6.centos.alt.x86_64.rpm
20b5ccd7c84c310f76d0d25513fd510fc5704199168c42a1ce22e2de073ec2e0
xen-licenses-4.2.4-33.el6.centos.alt.x86_64.rpm
b35e9eb7f784d34a671e44b6b795ace02857d06a597973f22f9712e7c2ddaae6
xen-ocaml-4.2.4-33.el6.centos.alt.x86_64.rpm
4730853e1c2846a1374ba650722f92ab385a3e8ea2b2c0bebd2d9ec6f1985759
xen-ocaml-devel-4.2.4-33.el6.centos.alt.x86_64.rpm
8c9bb14dd42a17632826a00d8523b188c53ea34da18c147c474c60b79c314a37
xen-runtime-4.2.4-33.el6.centos.alt.x86_64.rpm
-
Source:
-
d2083203e161753a5a6668b41af7b70a856d312afd8cd656f0331511fd9b17d3
xen-4.2.4-33.el6.centos.alt.src.rpm
=
xen Changelog info from the SPEC file:
* Mon Jun 16 2014 Johnny Hughes joh...@centos.org - 4.2.4-33.el6.centos
-
Re: [CentOS] Thunderbird bug, anyone else have seen it?
On 06/15/2014 06:33 PM, Eliezer Croitoru wrote: Before I file a bug, anyone else is having the same issue? anyone has the patch from the bug-report? I see this bug occasionally, most recently being a couple of days ago. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question about clustering
-Original Message- From: Digimer [mailto:li...@alteeve.ca] Sent: Monday, June 16, 2014 3:20 PM To: CentOS mailing list Subject: Re: [CentOS] Question about clustering On 16/06/14 02:55 PM, m.r...@5-cent.us wrote: SNIP One can also set the cluster nodes to failover, and when the failed node comes up, to *not* try to take back the services, leaving it in a state for you to fix it. mark, first work on h/a clusters 1997-2001 Failover and recovery are secondary to fencing. The surviving node(s) can't begin recovery until the lost node is in a known state. To make an assumption about the node's state (by, for example, assuming that no access to the node is sufficient to determine it is off) is to risk a split-brain. Even something as relatively minor as a floating IP can potentially cause problems with ARP, for example. Cheers Having operated a file serving cluster for a few years (~2001-2006) without ANY fencing device, I can tell you that it causes split-brain in the admins too, i.e., I AGREE. Earlier, Alessandro Baggi wrote: there is a chance to make fencing without hardware, but only software? To which Digimer, answered: No. SNIP info about fence device independence However, there is an *Almost* software only fence. Unfortunately for me I learned about (or at least understood) the stonith devices late in the above system's life. I expect even meatware stonith[1] could have saved me considerable pain five or six times. Understand that I am not recommending meatware stonith to be a good operational stonith device, see [2] for how much subtle understanding the meat has to have, but it would be much better than NO operational stonith device. [1] http://clusterlabs.org/doc/crm_fencing.html#_meatware [2] http://oss.clusterlabs.org/pipermail/pacemaker/2011-June/010693.html Even when this disclaimer is not here: I am not a contracting officer. I do not have authority to make or modify the terms of any contract. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question about clustering
On 17/06/14 10:23 AM, Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote: -Original Message- From: Digimer [mailto:li...@alteeve.ca] Sent: Monday, June 16, 2014 3:20 PM To: CentOS mailing list Subject: Re: [CentOS] Question about clustering On 16/06/14 02:55 PM, m.r...@5-cent.us wrote: SNIP One can also set the cluster nodes to failover, and when the failed node comes up, to *not* try to take back the services, leaving it in a state for you to fix it. mark, first work on h/a clusters 1997-2001 Failover and recovery are secondary to fencing. The surviving node(s) can't begin recovery until the lost node is in a known state. To make an assumption about the node's state (by, for example, assuming that no access to the node is sufficient to determine it is off) is to risk a split-brain. Even something as relatively minor as a floating IP can potentially cause problems with ARP, for example. Cheers Having operated a file serving cluster for a few years (~2001-2006) without ANY fencing device, I can tell you that it causes split-brain in the admins too, i.e., I AGREE. To which I can use the analogy that in the 18 years I've driven a car, I've never needed my seat belt or airbags. I still put my seatbelt on every time I go anywhere though, and I won't buy a car without airbags. ;) Earlier, Alessandro Baggi wrote: there is a chance to make fencing without hardware, but only software? To which Digimer, answered: No. SNIP info about fence device independence However, there is an *Almost* software only fence. If you goal is high-availability, there is a strong argument that almost isn't enough. Unfortunately for me I learned about (or at least understood) the stonith devices late in the above system's life. I expect even meatware stonith[1] could have saved me considerable pain five or six times. Manual fencing was dropped as a supported fence method in RHEL 6 because it was too prone to human mistakes. When an HA cluster is hung and an admin who might not have touched the cluster in months has users and managers yelling at them, mistakes with potentially massive consequences happen. Manual fencing is just not safe. Understand that I am not recommending meatware stonith to be a good operational stonith device, see [2] for how much subtle understanding the meat has to have, but it would be much better than NO operational stonith device. Bingo on the meat, disagree on no stonith at all. A cluster must have fencing. [1] http://clusterlabs.org/doc/crm_fencing.html#_meatware [2] http://oss.clusterlabs.org/pipermail/pacemaker/2011-June/010693.html Even when this disclaimer is not here: I am not a contracting officer. I do not have authority to make or modify the terms of any contract. Cheers -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On Mon, June 16, 2014 23:34, Chuck Campbell wrote: I appreciate you restating this. I'll try to go make sense of iptables, given the insight, Keep in mind that there are three default chains, INPUT, OUTPUT and FORWARD that are used to initiate the packet path through IPTABLES and that they are mutually exclusive. INPUT deals ONLY with packets that arrive from off of AND are destined for the host running IPTABLES. OUTPUT deals only with packets that originate from the host running IPTABLES regardless of where they are destined. And FORWARD deals only with packets that arrive from and are destined off of the host running IPTABLES. A packet starts in only one of these based solely on its origin/destination pairing and it does not cross over automatically into either of the others. For example, if a forwarded packet is detected then the INPUT and OUTPUT chains are not used at all. I have seen chain misconfiguration where IPTABLES rules evidently assume that a packet is to pass from the INPUT chain or the OUTPUT chain to the FORWARD chain automatically. In some cases it seems that the rules writer has implicitly assumed that INPUT - FORWARD - OUTPUT is the default routing of all packet paths. This is not the case and it does not happen unless the other chain is specifically called from within the originating chain. My practice is to place general rules that I wish to apply to all packets, regardless of source or destination, into a chain called GENERAL and simply call that chain as the last instruction in each of the default chains. Actually I put very little else in the default chains and route from the GENERAL chain to other chains dedicated to specific rule sets, like for port knocking (FWKNOP_ALLOW); or for assured access (ALWAYS_ALLOW); or for blacklists: ALWAYS_DENY and FAIL2BAN_DENY for example. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] KVM oom-killer
CENTOS-6.5 I had a kvm guest shutdown by oom-killer this morning. I have the syslog entries that pertain to this but they tell me little beyond that it happened. What must I look at to determine the root cause of this issue? How is it prevented? -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Thunderbird bug, anyone else have seen it?
Lamar Owen wrote: On 06/15/2014 06:33 PM, Eliezer Croitoru wrote: Before I file a bug, anyone else is having the same issue? anyone has the patch from the bug-report? I see this bug occasionally, most recently being a couple of days ago. I see it most days. It's annoying. Glad to know that it's listed as a bug; anyone know if it's actually been assigned? mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On 06/17/2014 10:41 AM, James B. Byrne wrote: On Mon, June 16, 2014 23:34, Chuck Campbell wrote: I appreciate you restating this. I'll try to go make sense of iptables, given the insight, Keep in mind that there are three default chains, INPUT, OUTPUT and FORWARD that are used to initiate the packet path through IPTABLES and that they are mutually exclusive. INPUT deals ONLY with packets that arrive from off of AND are destined for the host running IPTABLES. OUTPUT deals only with packets that originate from the host running IPTABLES regardless of where they are destined. And FORWARD deals only with packets that arrive from and are destined off of the host running IPTABLES. A packet starts in only one of these based solely on its origin/destination pairing and it does not cross over automatically into either of the others. For example, if a forwarded packet is detected then the INPUT and OUTPUT chains are not used at all. I have seen chain misconfiguration where IPTABLES rules evidently assume that a packet is to pass from the INPUT chain or the OUTPUT chain to the FORWARD chain automatically. In some cases it seems that the rules writer has implicitly assumed that INPUT - FORWARD - OUTPUT is the default routing of all packet paths. This is not the case and it does not happen unless the other chain is specifically called from within the originating chain. My practice is to place general rules that I wish to apply to all packets, regardless of source or destination, into a chain called GENERAL and simply call that chain as the last instruction in each of the default chains. Actually I put very little else in the default chains and route from the GENERAL chain to other chains dedicated to specific rule sets, like for port knocking (FWKNOP_ALLOW); or for assured access (ALWAYS_ALLOW); or for blacklists: ALWAYS_DENY and FAIL2BAN_DENY for example. Hi, Here is a reasonable diagram that show the packet flow. http://xkr47.outerspace.dyndns.org/netfilter/packet_flow/packet_flow10.png -- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On 6/16/2014 11:08 PM, John R Pierce wrote: On 6/16/2014 8:52 PM, Chuck Campbell wrote: I ran a script after fail2ban was started. It looks like this: #!/bin/sh iptables -A INPUT -s 116.10.191.0/24 -j DROP iptables -A INPUT -s 183.136.220.0/24 -j DROP iptables -A INPUT -s 183.136.221.0/24 -j DROP iptables -A INPUT -s 183.136.222.0/24 -j DROP iptables -A INPUT -s 183.136.223.0/24 -j DROP iptables -A INPUT -s 122.224.11.0/24 -j DROP iptables -A INPUT -s 219.138.0.0/16 -j DROP so, how do I get them in front of the RH-Firewall-1-INPUT, or do I add them to that chain? use -I (insert) rather than -A (append). OR specify chain RH-Firewall-1-INPUT rather than INPUT I used the RH-Firewall-1-INPUT chain, and -I, defaulting to position 1, and all is working as I had anticipated. It is working as expected, killing all of those rolling ip attempts. I was loathe to use system-config-firewall, because I wasn't sure it wouldn't drop something I needed, or forgot to include, and it would have wiped out the existong ruleset. I'll experiment with that when I am physically in front of the server, instead of remote from it. I would have had no quick remedy if I messed it up. Thanks you for the clear concise explanation. -chuck -- ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph. | and Integrated Interpretation | (713)993-0608 fax 448 W. 19th St. #325|Since 1992 | (713)306-5794 cell Houston, TX, 77008 | Chuck Campbell | campb...@accelinc.com | President Senior Geoscientist | Integration means more than having all the maps at the same scale! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On 6/17/2014 2:14 PM, Chuck Campbell wrote: I'll experiment with that when I am physically in front of the server, instead of remote from it. I would have had no quick remedy if I messed it up. thats why all my servers have remote consoles :) -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 - Ethernet Bond Errors, 1 per frame
# modinfo ixgbe filename: /lib/modules/2.6.32-431.el6.x86_64/kernel/drivers/net/ixgbe/ixgbe.ko version:3.15.1-k license:GPL description:Intel(R) 10 Gigabit PCI Express Network Driver author: Intel Corporation, linux.n...@intel.com srcversion: B390E9D9904338B52C2E361 I have updated this to 3.18.7-1 as well, same results # ifconfig bond1 |grep error RX packets:4476995 errors:6940 dropped:0 overruns:0 frame:6940 TX packets:2130564 errors:0 dropped:0 overruns:0 carrier:0 # cat /proc/net/bonding/bond1 Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009) Bonding Mode: adaptive load balancing Primary Slave: None Currently Active Slave: p6p1 MII Status: up MII Polling Interval (ms): 100 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: p6p1 MII Status: up Speed: 1 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 90:e2:ba:1e:12:5c Slave queue ID: 0 Slave Interface: p6p2 MII Status: up Speed: 1 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 90:e2:ba:1e:12:5d Slave queue ID: 0 Any suggestions and help are much appreciated! Thanks! Nick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On 6/16/2014 15:58, Chuck Campbell wrote: If they keep going through this ip block, they will still get 255 attempts at the root password and 1020 attempts at other login/password combinations before they are blocked by fail2ban. I'm glad you got your firewall problem sorted out, but I can't let this comment slide. If removing a thousand possibilities from the pool of available credentials puts your servers at significant risk, your passwords are too weak. Let's say you're using 12-character alphanumeric passwords, mixed case, no symbols, 3/4 alphabetic. That gives a search space of 3.28 x 10^21 possible passwords.[1] Knocking off 1,000 passwords on each pass means you need 3.28 x 10^18 passes to explore all options. Since there are only 3.7 x 10^9 public IPv4 addresses, total,[2] that means if every single public machine (or NAT) on the Internet were gathered into a massive zombie net, the chance of them cracking one of your passwords is 1 in a billion. My state lottery offers better odds. And we haven't even added symbols yet. But, I hear you say, fail2ban doesn't ban an IP forever. True. What it does is greatly stretch out the time between hammer blows, above that of ssh's own attack mitigation timers. Let's say you set the ban expiration time to 5 minutes. Let's also say you really annoyed someone, so they rent time on a 1 million machine zombie net, just to try and break into your server. Let's also say they focus their entire attack on a single account, rather than guess user names as well as passwords, as is common for SSH crackbots. The zombie net factor drops the 10^18 pass count magnitude above to the order of 10^12. 10^12 * 5 minutes is about 10 million years. If you start using pre-shared keys and configure sshd to accept keys only,[3] you turn lottery odds into astronomical odds. The twelve character passwords above have about 71 bits of entropy, if you pick them randomly. A generated SSH key is as close to random as you're likely to get, and it will have a *minimum* of 1,024 bits of entropy. Every bit of entropy doubles the required attack time, so you turn 10^9 into 10^ridiculous. (Well known exponent in number theory, that.) What if we're willing to settle for human time scales, rather than astronomical ones? Using the information above, I have come to the realization that if I can hold off the crackbot hordes for just another 100 years, I can stop caring about the risks, on account of the fact that I expect someone else will be taking care of my remaining CentOS 3 servers by then, and they will change the passwords shortly after handover. It turns out that 8 random lowercase letters is sufficient to buy me those 100 years. I can then go play Tetris in my centenarian dotage without a care for the security of my old Linux boxen. So, unless your passwords are weaker than 8 lowercase random letters, you're literally wasting time manually banning IPs. Let fail2ban do its job, while you go off and do something a dumb computer can't. I've used fail2ban myself, but only to cut down on log noise, not because it adds any real security. In the end, I've found that moving ssh to a nonstandard port is just as effective at reducing log noise. [1] https://www.grc.com/haystack.htm [2] http://goo.gl/7LtFvE [3] http://goo.gl/02oksG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On 6/17/2014 6:39 PM, Warren Young wrote: On 6/16/2014 15:58, Chuck Campbell wrote: If they keep going through this ip block, they will still get 255 attempts at the root password and 1020 attempts at other login/password combinations before they are blocked by fail2ban. I'm glad you got your firewall problem sorted out, but I can't let this comment slide. If removing a thousand possibilities from the pool of available credentials puts your servers at significant risk, your passwords are too weak. Let's say you're using 12-character alphanumeric passwords, mixed case, no symbols, 3/4 alphabetic. That gives a search space of 3.28 x 10^21 possible passwords.[1] Knocking off 1,000 passwords on each pass means you need 3.28 x 10^18 passes to explore all options. Since there are only 3.7 x 10^9 public IPv4 addresses, total,[2] that means if every single public machine (or NAT) on the Internet were gathered into a massive zombie net, the chance of them cracking one of your passwords is 1 in a billion. My state lottery offers better odds. And we haven't even added symbols yet. But, I hear you say, fail2ban doesn't ban an IP forever. True. What it does is greatly stretch out the time between hammer blows, above that of ssh's own attack mitigation timers. Let's say you set the ban expiration time to 5 minutes. Let's also say you really annoyed someone, so they rent time on a 1 million machine zombie net, just to try and break into your server. Let's also say they focus their entire attack on a single account, rather than guess user names as well as passwords, as is common for SSH crackbots. The zombie net factor drops the 10^18 pass count magnitude above to the order of 10^12. 10^12 * 5 minutes is about 10 million years. If you start using pre-shared keys and configure sshd to accept keys only,[3] you turn lottery odds into astronomical odds. The twelve character passwords above have about 71 bits of entropy, if you pick them randomly. A generated SSH key is as close to random as you're likely to get, and it will have a *minimum* of 1,024 bits of entropy. Every bit of entropy doubles the required attack time, so you turn 10^9 into 10^ridiculous. (Well known exponent in number theory, that.) What if we're willing to settle for human time scales, rather than astronomical ones? Using the information above, I have come to the realization that if I can hold off the crackbot hordes for just another 100 years, I can stop caring about the risks, on account of the fact that I expect someone else will be taking care of my remaining CentOS 3 servers by then, and they will change the passwords shortly after handover. It turns out that 8 random lowercase letters is sufficient to buy me those 100 years. I can then go play Tetris in my centenarian dotage without a care for the security of my old Linux boxen. So, unless your passwords are weaker than 8 lowercase random letters, you're literally wasting time manually banning IPs. Let fail2ban do its job, while you go off and do something a dumb computer can't. I've used fail2ban myself, but only to cut down on log noise, not because it adds any real security. In the end, I've found that moving ssh to a nonstandard port is just as effective at reducing log noise. [1] https://www.grc.com/haystack.htm [2] http://goo.gl/7LtFvE [3] http://goo.gl/02oksG ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I concur with all you've said, and I haven't done the load stats, but it appears to me that a hundred of these crackers hitting my machine at these rates is likely to deny my legit users some resources. That is still a concern, but I've already seen that 20 banned ip ranges out of china has dropped the incidence from about 100 to 3. That's worth the effort to gain a better understanding of iptables in managing my servers anyway. I've noticed (unquantified) a bit better login response and interactive response without the resource drain, unless I'm just imagining it... Besides, just because the odds are against you, sometimes luck is all it takes. I'm looking into the shared keys approach, so I can do away with passwords. thanks, -chuck -- ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph. | and Integrated Interpretation | (713)993-0608 fax 448 W. 19th St. #325|Since 1992 | (713)306-5794 cell Houston, TX, 77008 | Chuck Campbell | campb...@accelinc.com | President Senior Geoscientist | Integration means more than having all the maps at the same scale! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables question
On 6/17/2014 19:35, Chuck Campbell wrote: I haven't done the load stats, but it appears to me that a hundred of these crackers hitting my machine at these rates is likely to deny my legit users some resources. So increase the fail2ban time from the default (5 minutes, as I recall) to 1 hour, or 1 day. Besides, just because the odds are against you, sometimes luck is all it takes. That sort of thinking is why governments have started to levy taxes on people who are bad at math. (i.e. lotteries) Some risks simply aren't worth worrying about. Go play with the haystack calculator I linked from my previous email. If 8 random printable ASCII characters doesn't make you sleep well at night, make it nine. Now the attack space is about 2 orders of magnitude larger. If the risk with 8 was sometime in my career, which cannot stand a single breach, the risk with 9 becomes sometime after I have shuffled off this mortal coil. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] problem with centos.org whois
It looks like someone pooched a domain transfer, and the whois entry for centos.org is missing its NS records. I've sent an email to the whois tech contact @redhat, but I'm sending this to the list to hopefully bring it to someone else's attention, as well. Hopefully it gets gets out before my mailserver expires its DNS cache for centos.org. Expect centos.org to be offline for a bit ... Devin -- I wish there was a knob on the TV to turn up the intelligence. There's a knob called `brightness', but it doesn't work. - Gallagher ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem with centos.org whois
I meant to also say that I've sent an email on the matter to the whois technical contact @redhat. Devin -- I wish there was a knob on the TV to turn up the intelligence. There's a knob called `brightness', but it doesn't work. - Gallagher ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] problem with centos.org whois
On 6/17/2014 9:36 PM, Devin Reade wrote: It looks like someone pooched a domain transfer, and the whois entry for centos.org is missing its NS records. I've sent an email to the whois tech contact @redhat, but I'm sending this to the list to hopefully bring it to someone else's attention, as well. Hopefully it gets gets out before my mailserver expires its DNS cache for centos.org. Expect centos.org to be offline for a bit ... oh, effin' great. # host -t NS centos.org centos.org has no NS record -- john r pierce 37N 122W somewhere on the middle of the left coast ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
