Re: [CentOS] printing on C8S

[John Call]

Hi Fred, can you share a little bit more information? For example, are you
using the default Gnome desktop environment? What kind of printer do you
have? How is it connected to C8S (USB, Wi-Fi, Ethernet...?)

I use Gnome, and it's been a long time since I had to poke around with
CUPS. My Brother printer (MFC-9340CDW) is pretty old these days, but still
works after I download and install the "Driver Install Tool" RPM from the
brother.com website...

On Thu, Jan 6, 2022 at 9:16 PM Fred  wrote:

> OK, I give up. How do I configure a printer on Centos 8 Stream? I can't
> find any tools for doing that.
>
> further, there doesn't seem to be a cups executable (which should allow
> setting up a printer) though there ARE a bunch of cups packages installed.
>
> Anyone got any clues for me?
>
> Thanks in advance!
>
> Fred
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to clear out /var/cache?

[Stephen John Smoogen]

On Thu, 30 Dec 2021 at 18:21, Fred  wrote:

> Is it safe to just remove files from /var/cache on a running system, or is
> there a correct procedure for doing that?
>
> Mine has hit over 3 gigs, making it one of the larger directories in /,
> which is running low on space. I've hit all the low-hanging fruit I can
> find and now I come to things like /var/cache, and I don't know what to do
> about such.
>
>
The first step is to find out what is using it. It is probably dnf but
could be other utilities which are trying and failing to do something. I
start off with

```
$ sudo -i
# cd /var/cache
# du -sch | sort -h
0   ./PackageKit
0   ./app-info
0   ./bpf
0   ./fwupd
0   ./httpd
0   ./krb5rcache
0   ./libX11
0   ./libvirt
0   ./private
0   ./realmd
36K ./ldconfig
1.7M./man
29M ./dnf
31M total

while on a different system:
4.0K./abrt-di
4.0K./bpf
4.0K./foomatic
4.0K./krb5rcache
4.0K./private
4.0K./realmd
8.0K./httpd
8.0K./libX11
8.0K./powertop
96K ./ldconfig
300K./ibus
520K./libvirt
3.5M./man
4.2M./fwupd
38M ./app-info
59M ./cups
213M./PackageKit
332M./dnf
2.1G./mock
2.7Gtotal

```

As others have noted, dnf is probably the most used tool here, but it could
be mock or some other utility (I had cups because I misconfigured something
once)

dnf is a tricky tool because sometimes a command will create a
'not-so-temporary' cached tree which can't be cleaned because `dnf clean
all` doesn't know it. What I do is a `dnf clean all` and then go into
/var/cache/dnf and see what else might be still there. In my case I found a
large trove of packages from when I had enabled testing at one point and
then turned it off before doing a clean. I normally just delete all the
directories and do a `dnf update` to see if it reports errors.

Hope this helps.



Thanks in advance!
>
> Fred
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 9-stream "CRB" repo

[Stephen John Smoogen]

On Tue, 14 Dec 2021 at 18:26, Leon Fauster via CentOS  wrote:
>
> Am 15.12.21 um 00:24 schrieb Chris Adams:
> > I'm starting to look at CentOS 9-stream... what is the CRB repo?  It
> > appears to be a lot of development libraries and such, but I didn't see
> > a definition or "CRB" anywhere.
>
> https://developers.redhat.com/blog/2018/11/15/introducing-codeready-linux-builder

It is what in C8 is called PowerTools.


-- 
Stephen J Smoogen.
Let us be kind to one another, for most of us are fighting a hard
battle. -- Ian MacClaren
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS8 Docker: "repomd.xml parser error: Parse error at line" after enabling /etc/yum.repos.d/CentOS-Linux-ContinuousRelease.repo

[John Pfuntner -X (jpfuntne - EASI LLC at Cisco) via CentOS]

I'm having trouble with dnf repos in a centos:8 Docker container after I enable 
the continuous release repo:


  1.  docker pull centos:8
  2.  docker run -it centos:8 bash -i
  3.  From Docker container:
 *   dnf install -y 'dnf-command(config-manager)' && dnf config-manager 
--enable cr
 *   dnf update

The update results in:

Failed to set locale, defaulting to C.UTF-8
CentOS Linux 8 - ContinuousRelease  

  43 kB/s | 8.3 kB 00:00
Error: Failed to download metadata for repo 'cr': repomd.xml parser error: 
Parse error at line: 66 (Opening and ending tag mismatch: meta line 0 and head
)

/etc/yum.repos.d/CentOS-Linux-ContinuousRelease.repo contains:

mirrorlist=http://mirrorlist.centos.org/?release=$releasever=$basearch=cr=$infra
#baseurl=http://mirror.centos.org/$contentdir/$releasever/cr/$basearch/os/

If I switch these around by commenting out mirrorlist and uncommenting baseurl, 
it works.

Is this a problem with a repo mirror?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos and ModemManager

[Stephen John Smoogen]

Without knowing what kind of network, what kind of workload etc.. the
answer is 'no idea'. In most cases, you are going to have to make this
sort of judgement yourself and in the end, if it is off and you needed
it because some weird network or bluetooth keyboard acts like a
modem.. then you can turn it on. [well if you have a plugged in
keyboard.]

On Thu, 18 Nov 2021 at 10:00, Jay Hart  wrote:
>
> Any answers here?
>
> Jay
>
> > For a hard wired only server, does ModemManger need to be enabled?
> >
> > The only thing that ever might be hooked up to this server would be an 
> > external USB DVD drive.
> >
> > Thanks in Advance,
> >
> > Jay
> >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
Let us be kind to one another, for most of us are fighting a hard
battle. -- Ian MacClaren
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ruby on Cent OS 8

[Stephen John Smoogen]

On Mon, 15 Nov 2021 at 10:04, Simon Matter  wrote:
>
> > On Mon, 15 Nov 2021 at 09:18, Nikolaos Milas  wrote:
> >>
> >> Another option is to migrate to an RHEL 8 -compatible OS, like Rocky
> >> Linux, AlmaLinux, Oracle Linux, Springdale Linux.
> >>
> >> (I remind that CentOS Stream is no more a RHEL 8 twin.)
> >>
> >> I have already migrated successfully all my CentOS 8 boxes to Rocky. (I
> >> am informed that in Academic Institutions in Greece -at least-, SysAdmin
> >> teams have also selected Rocky to migrate from CentOS 8.)
> >>
> >> Rocky seems to be gaining momentum as the main CentOS 8 successor.
> >>
> >
> > Going off of EPEL8 client use meters, it is still a fair tie between
> > Rocky usage and Alma usage.
> >
> > Date | OS Name | Number of systems longer than 2 weeks old (so
> > probably not CI/Containers)
> > 2021-11-01 | Red Hat Enterprise Linux | 119625
> > 2021-11-01 | CentOS Linux | 461424
> > 2021-11-01 | CentOS Stream | 56902
> > 2021-11-01 | Oracle Linux | 20683
> > 2021-11-01 | AlmaLinux | 25880
> > 2021-11-01 | Rocky | 28167
>
> These figures are interesting but they can not be compared directly.
> Oracle has its own EPEL repo and therefore I guess that the number here
> shows only those who are using the official EPEL instead of the one
> provided by Oracle. That said, I expect that the true number of Oracle
> Linux installations is quite a bit higher than what we see here.
>

Correct and my deepest apologies for not saying so. I usually list the
Oracle caveat and I forgot to do so. The Oracle numbers are a lower
bound at best as it requires someone to install and/or convert to
Oracle and then use an upstream epel-release. Most Oracle users will
be using their rebuild of EPEL.


> Even more interesting and worrying is the still growing number of CentOS
> Linux 8 installations ;)
>
> Regards,
> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
Let us be kind to one another, for most of us are fighting a hard
battle. -- Ian MacClaren
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Ruby on Cent OS 8

[Stephen John Smoogen]

On Mon, 15 Nov 2021 at 09:18, Nikolaos Milas  wrote:
>
> Another option is to migrate to an RHEL 8 -compatible OS, like Rocky
> Linux, AlmaLinux, Oracle Linux, Springdale Linux.
>
> (I remind that CentOS Stream is no more a RHEL 8 twin.)
>
> I have already migrated successfully all my CentOS 8 boxes to Rocky. (I
> am informed that in Academic Institutions in Greece -at least-, SysAdmin
> teams have also selected Rocky to migrate from CentOS 8.)
>
> Rocky seems to be gaining momentum as the main CentOS 8 successor.
>

Going off of EPEL8 client use meters, it is still a fair tie between
Rocky usage and Alma usage.

Date | OS Name | Number of systems longer than 2 weeks old (so
probably not CI/Containers)
2021-11-01 | Red Hat Enterprise Linux | 119625
2021-11-01 | CentOS Linux | 461424
2021-11-01 | CentOS Stream | 56902
2021-11-01 | Oracle Linux | 20683
2021-11-01 | AlmaLinux | 25880
2021-11-01 | Rocky | 28167

The Rocky and Alma numbers trade places a couple of times over the
weeks so I won't say either one is the successor. Instead as you said
each one has a regional selection where certain groups of people flock
to the same choice via word of mouth.  The number of Alma

It will be interesting to see how the CentOS Linux 8 number change.
Since the announcement of EOL of CentOS 8 a year ago, they have gone
up steadily from 200k to 460k. I am expecting that even after the EOL,
they will continue to go up in the same way that CentOS-6 went up
after it was EOL.

> You may check earlier threads in this mailing list for more info.
>
> Cheers,
> Nick
>
> On 8/11/2021 5:06 μ.μ., Josh Boyer wrote:
>
> > However, CentOS Linux 8 will be going EOL on December 31, 2021.  Users
> > are strongly encouraged to migrate to CentOS Stream 8.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
Let us be kind to one another, for most of us are fighting a hard
battle. -- Ian MacClaren
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 9-stream modules?

[Stephen John Smoogen]

On Sun, 14 Nov 2021 at 17:48, Chris Adams  wrote:
>
> I started looking at 9-stream a bit... and I notice there are no package
> modules.  All the things that were modules in 8/8-stream appear to have
> been folded back into the base OS, with no variants included (like
> different versions of MariaDB and php for example).  Is this expected to
> be the way forward, or are modules just still to be filled out?
>

Modules will probably occur later in time. Made up example follows
which bears no resemblance to reality: Perl-5.400 comes out and it is
a good candidate for use, then it will be added as a module which
would replace regular packages.  Same with PHP, IDM and other
'fast-but-useful' tool-sets.



> --
> Chris Adams 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
Let us be kind to one another, for most of us are fighting a hard
battle. -- Ian MacClaren
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Version of curl does not support session resumption

[Stephen John Smoogen]

On Thu, 28 Oct 2021 at 10:28, Joscha Knobloch  wrote:
>
> Hi,
>
> we have a CentOS7 Server running that pushes some Backups via FTP onto 
> another server. We switches the FTP-Server for a new one that works very 
> well. One new thing is that FTPS session resumption is now mandetory and 
> cannot be turned off since it is an important security feature.
>
> Unfortunately the version of curl on the system does not yet support it. This 
> is the version installed on the system:
> curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.53.1 zlib/1.2.7 
> libidn/1.28 libssh2/1.8.0
>
> I have discussed this on the curl mailing list and they said the version is 
> from 2013 and we should update to a new version of curl.
>
> Is curl going to be updated to support ftps session resumption in the near 
> future? If not: What would be the best way to get a newer version onto the 
> system?

Enterprise Linux and other Long Time Support distributions are usually
very strict on updating packages which are in scripts. CentOS-7 is
based on Red Hat Enterprise Linux 7 which was released in 2014 and had
its last package set updated in 2020 with the release of 7.9. All
changes til its end of life in 2024 will be security fixes or other
critical fixes.

Normally to get a newer package like this you will want to compile the
version you want in /usr/local/ or some /opt/ tree directory to a)
make sure it doesn't break existing tools but b) is available for
scripts.



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on a BBS...
time to shutdown -h now.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Infiniband

[Stephen John Smoogen]

On Fri, 8 Oct 2021 at 23:15, Gordon Messmer  wrote:
>
> On 10/8/21 10:51, Mark Woolfson wrote:
> > I have a large server cluster running CentOS 6.4 and CentOS 6.6 using 10GbE.
> > I want to upgrade to Infiniband.
>
>
> CentOS 6 hasn't received any feature updates since May 2017, so any
> compatible hardware would have had to be released and supported before
> that date (possibly substantially before then).
>
> CentOS 6 has been EOL for almost a year, and isn't receiving any
> security updates.  You *really* should upgrade.
>

The versions of CentOS 6 this cluster is running are from 2013 and
2014 so they are looking at 10 year old infiniband. Going from that, I
think the best they can hope for is a Mellanox ConnectX-3 which seems
to have some caveats https://access.redhat.com/solutions/302543. The
ConnectX-4 came out in late 2014 early 2015 so i don't know if its
drivers ever were set to EL-6

I agree with Gordon that you need to plan on upgrading more than just
the backbone network since you are probably looking at significant
downtime to do that AND are in a high risk for security problems.


-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on a BBS...
time to shutdown -h now.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Find out which process consumed Network bandwidth

[Stephen John Smoogen]

On Mon, 6 Sept 2021 at 14:24, Anand Buddhdev  wrote:
>
> On 06/09/2021 19:35, Kaushal Shriyan wrote:
>
> Hi Kaushal,
>
> > I am running CentOS Linux release 7.9.2009 (Core). Is there a way to find
> > out which process consumed network bandwidth during a specific time period?
> >
> > For example, the Nginx process consumed how much network traffic on Sept
> > 01, 2021.
>
> As far as I know, such accounting isn't done in a standard CentOS
> system, so there's no way to determine such information about a past event.
>

Agreed. The best at this point is looking at the nginx logs and hope
they are set up to show bits transferred or something similar to see
what ip addresses and files were being used.


> Regards,
> Anand
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on a BBS...
time to shutdown -h now.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Troubles expanding file system.

[Stephen John Smoogen]

On Wed, 1 Sept 2021 at 12:42, Jeff Boyce  wrote:
>
> Greetings -
>
>  I have tried posting this four times now, from two different email
> addresses (on the 25th, 27th, 30th, and 31st) and it never appeared.  I
> don't see it in the archives, so it appears to be getting dropped in
> transition for some reason.  I am not getting messages from the email
> system saying it is undeliverable, or is bounced; I am sending as plain
> text, not HTML, I stripped off my signature.  If this makes it through,
> someone please give me a clue why the others might not have.  But that
> is not as important as the real issue that I am trying to get addressed
> below.  Thanks for any assistance.
>
>  I have a Dell PowerEdge server with a CentOS KVM host (Earth) with
> one CentOS guest (Sequoia) that I am trying to expand the partition and
> filesystem on.  I have LVM logical volumes on the host system (Earth),
> which are used as devices/partitions on the guest system (Sequoia).  In
> this particular situation I have successfully extended the logical
> volume (lv_SeqEco) on Earth from 500GB to 700GB.
>
> 1.  Checking the disk information (lsblk) on Earth shows that the
> logical volume (lv_SeqEco) is now listed as 700GB.
>
> 2.  Checking disk information (lsblk) on Sequoia shows that the disk
> /dev/vde is still listed as 500GB, and partition /dev/vde1 where the
> mount point /ecosystem is located is also listed as 500GB.
>
> 3.  I had tried using the resize2fs command to expand the filesystem on
> /dev/vde1, but it returned with the result that there was nothing to
> do.  Which makes sense now after I checked the disk information, since
> /dev/vde on Sequoia has not increased from 500GB to 700GB.
>

Thanks for the long list of items of what you have done. In Fedora
Infrastructure, we used this method to resize images in the past
https://pagure.io/infra-docs/blob/main/f/docs/sysadmin-guide/sops/guestdisk.rst

The guest system usually needs to have the `fdisk` , `gdisk` or
`parted` commands rerun to resize the disk to its new size.


> 4.  On previous occasions when I have done this task, I would just start
> GParted on Sequoia and use the GUI to expand the partition and
> filesystem.  A real quick and simple solution.
>
> 5.  The problem I have now is that the VGA adapter on my server has died
> and I have no graphical output to the attached monitor, nor to the iDrac
> console display.  So I am stuck doing this entirely by the command line
> while logged into the system remotely.
>
> 6.  I suspect that I need to rescan the devices on Sequoia so that it
> recognizes the increased space that has been allocated from the extended
> the logical volume.  But when I did that (command below) it came back
> with a no such file or directory.
>
> echo 1 > /sys/class/block/vde1/device/rescan
>

Not sure that would do anything.


> 7.  This server is being retired in the next few months, but I need this
> additional space prior to migrating to the new system. Can someone give
> me some guidance on what I am missing in this sequence?
>
> Let me know if I haven't been clear enough in the explanation of my
> systems and objective.  Thanks.
>
> Jeff
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on a BBS...
time to shutdown -h now.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to update Google products on CentOS 7

[Stephen John Smoogen]

On Wed, 1 Sept 2021 at 10:34, Frank Bures  wrote:
>
> Hi,
>
> I have Google rpm repository enabled.
>
> However, running "yum update" returns
>
> https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml:
> [Errno 14] HTTPS Error 404 - Not Found
>

It works for me and can be tested with:

$ curl https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml

http://linux.duke.edu/metadata/repo;
xmlns:rpm="http://linux.duke.edu/metadata/rpm;>
 1630438383

  72bd1120db31564215cde423e900596e2fd9cc583850782355aaf7c283aa1c54
  028e855817d7529b77f5a197460250178e2251c8d97f4b1042549f4b698da63a
  
  1630438384
  1823
  19397


  e2475ced0fbc6c2b3ea79e7a549c3de637734bf8b93a8c2d8c0b87b278f244ae
  ac55966bc79fdb3ca5152fad6ba96f0ffbe52a9e55c5dbfa651cef2b6f447a2e
  
  1630438384
  368
  690


  692f4b277acda5a9e039dca2758d79de6f0c35b65677ff71015722037b87b0f6
  d39a3502be6913450d4cdaa70cb22abedea7c23c77988364c6f494927f14231e
  
  1630438384
  1801
  17371


$ host dl.google.com
dl.google.com has address 172.217.2.110
dl.google.com has IPv6 address 2607:f8b0:4004:80a::200e

If it doesn't work for you then compare if the ips are blocked somewhere.


> It worked OK just a couple of days ago.
>
> Is anyone aware of any recent changes in Google repositories?
>
> Thanks
> Frank
>
>
> --
>
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on a BBS...
time to shutdown -h now.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Minimising a CentOS installation

[Stephen John Smoogen]

On Fri, 20 Aug 2021 at 10:25, Anand Buddhdev  wrote:
>
> Hi folks,
>
> After doing a minimal CentOS 8.4 installation, I found the following
> packages to be useful for a simple server, so I removed them:
>
> cronie-anacron (replaced with cronie-noanacron)
> alsa-firmware
> ivtv-firmware
> iwl*-firmware
> sssd-common (along with all packages that depended on it)
>
> What other things do folk usually remove to make their installation smaller?
>

Usually it breaks down at this point because everyone has different
things they want for their minimal install. Getting 3 people to agree
on a minimal working set seems to be harder than doing a three body
physics problem :).



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] A Blast from the past

[Stephen John Smoogen]

On Tue, 17 Aug 2021 at 12:02, Mark Woolfson  wrote:
>
> Thank you for your feedback.
>
> Unfortunately the manufacturer of our application software will only support
> it on RHEL/CentOS 7.0. I have asked and that is all they say.
> When the CentOS 7.0 boots it does not recognise the CPU ID, flags it as a
> soft error then continues.
> The Haswell and the Ice Lake both have 28 cores but different frequencies.
> A couple of clues. At the boot prompt the server cooling fans are running
> slowly. When it hangs, after a short delay, the fans run faster and this is
> repeated.
> Also, when it hangs the keyboard is unresponsive and the server status LED's
> state that all is okay.
> If Intel adhere to the x86_64 standard for their processors then surely the
> only difference would be the addition functionality.
> I am trying to find a resolution as this particular application is perfect
> for our requirements.

You will either need an older computer or a different application. A
company which only supports a .0 version of an OS usually means they
aren't really supporting their customers. They are expecting you to
run an application on an OS without any security updates or
improvements. There are 7 years of CVE's in the kernel, libraries and
other parts the customer has to live with if they want the
application. Good luck.



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hosts.deny, fail2ban etc.

[Stephen John Smoogen]

On Tue, 27 Jul 2021 at 17:17, Pete Biggs  wrote:
>
> On Tue, 2021-07-27 at 16:43 -0400, H wrote:
> > > Running CentOS 7. I was under the impression - seemingly mistaken -
> > > that by adding a rule to /etc/hosts.deny such as ALL: aaa.bbb.ccc.*
> > > would ban all attempts from that network segment to connect to the
> > > server, ie before fail2ban would (eventually) ban connection
> > > attempts.
> >
> > This, however, does not seem correct and I could use a pointer to
> > correct my misunderstanding. How is hosts.deny used and what have I
> > missed?
>
> hosts.deny is only used by specific programs that use TCP wrappers. It
> is not a general "deny this host access".
>
> Also note that fail2ban operates on individual hosts, not subnets.
>

[I should have waited and read all my email before responding. Peter
covered parts I did not.]


-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hosts.deny, fail2ban etc.

[Stephen John Smoogen]

On Tue, 27 Jul 2021 at 16:43, H  wrote:
>
> |Running CentOS 7. I was under the impression - seemingly mistaken - that by 
> adding a rule to /etc/hosts.deny such as ALL: aaa.bbb.ccc.* would ban all 
> attempts from that network segment to connect to the server, ie before 
> fail2ban would (eventually) ban connection attempts.
>
> This, however, does not seem correct and I could use a pointer to correct my 
> misunderstanding. How is hosts.deny used and what have I missed?
>
> Is it necessary to run:
>
>  iptables -I INPUT -s aaa.bbb.ccc.0/24 -j DROP
>

yes. iptables is one of the first things which will see the packets
coming to the server as it is implemented in kernel space. hosts.deny
only comes in for specific services which are compiled to use it.

[Internet] <-> [iptables] <-> [systemd if used] <-> [xinetd w/tcp-wrappers]

In the above example, a packet coming from the internet gets
interpreted and dealt with multiple tools and hosts.deny is only used
in the last section where xinetd and similar programs compiled with
tcp-wrappers look at hosts.deny file.


> to drop incoming connection attempts from that subnet?
>
> Thank you!
> |
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: firefox question

[Stephen John Smoogen]

On Fri, 23 Jul 2021 at 11:43, Valeri Galtsev  wrote:
>
> Dear Experts,
>
> My question is OT, as it is related to firefox, not CentOS system per
> se. Even more: my firefox runs on FreeBSD workstation. But I figured
> this list have largest likelihood of having experts in firefox (as well
> as on other things), so...
>
> My firefox behavior changed after one of recent updates..
>
> When one logs in to website that is locked using web password (e.g., set
> in .htacess/.htpasswd in apache), one gives username/password once. Then
> firefox remembers that while firefox is running, and you don't have to
> give credentials (though authentication does happen behind the scenes
> all the time since). But not anymore for me at least on my (FreeBSD)
> workstation: in the morning I discover firefox (though it had not been
> restarted) asks yet again credentials to websites I have been logged to.
> As if firefox purges credentials to websites after some period of time
> (or inactivity on those websites).
>

Not happening for me on any of my platforms (though I don't have BSD
beyond Mac) so the usual suspects need to be checked:

1. Have the websites you log into changed their policies. A lot of
places are being required to shorten login credentials.
2. Is something causing your ip address for the workstation to change.
This can cause the server to see the existing login transaction as
invalid and requires reauthentication.
3. Is it something with that profile. Corruptions happen and sometimes
you either have to restore from before it happened or start over with
a new profile. The best way is to create a new profile and test but
you can also just mv .firefox to .firefox-broke and start over too.
Then log into some sites and then see if it happens.

-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [External] Re: Microsoft Teams on CentOS 7. Does the latest version work?

[Stephen John Smoogen]

On Thu, 15 Jul 2021 at 05:30, Toralf Lund  wrote:
>
> On 15/07/2021 09:37, Gianluca Cecchi wrote:
> > On Tue, Jul 13, 2021 at 2:03 PM Toralf Lund  wrote:
> >
> >> Does anyone else run Microsoft Teams on CentOS 7?
> >>
> >> I've used it for a while now, and it's generally worked reasonably well.
> >> However, after upgrading to the latest version from the Microsoft repos,
> >> it doesn't start up properly. Processes start and remain active until I
> >> give up and kill them, but I can't see a window or a tray icon or anything.
> >>
> >> Has anyone else seen this? Is there anything I can do to make the GUI
> >> appear?
> >>
> >> This is not a big deal as everything just works fine if I revert to the
> >> previous release, but it would be interesting to know if this is a
> >> general problem with the software, or I have some weird issue with my
> >> system.
> >>
> >> The release that doesn't work is 1.4.00.13653. The one that does is
> >> 1.4.00.7556.
> >>
> >> - Toralf
> >>
> >>
> >>
> > At the end I think you have something broken with your repo config or you
> > installed forcing something.
>
> Like I said elsewhere, it turns out that it's a little more complicated
> than that. The libraries are actually "provided", but they're not on the
> library path.
>

That isn't provided.. that is a private copy that chrome bundles
itself to use. It may or may not have all of the library calls in it
(the chrome upstream may only turn on things it knows it wants), and
it may have changes which the team doesn't expect.

Also teams is looking for `rpm -q --whatprovides
'libstdc++.so.6(GLIBCXX_3.4.20)(64bit)'` and you typed
`rpm -q --whatprovides 'libstdc++.so.6(GLIBCXX_3.4.22)(64bit)'`

Basically Microsoft teams will need to bundle this newer version of
glibc they are using to make your software work.

-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Auditing all Linux clients with centralised server

[Stephen John Smoogen]

On Fri, 9 Jul 2021 at 08:14, mario juliano grande-balletta
 wrote:
>
> This is what I remember about evil
> Microsoft...
> In 1992, Microsoft released Windows NT, and advertised it as the
> greatest operating system and began giving away free licenses to

This is drifting off of being anywhere on-topic for this list.


-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with CentOS 8 kickstart

[Stephen John Smoogen]

On Wed, 7 Jul 2021 at 08:29, Hooton, Gerard  wrote:
>
> I put nvme_core.multipath=N in the grub.cfg as follows
> linuxefi /Centos8/images/pxeboot/vmlinuz 
> inst.stage2=hd:LABEL=CentOS-8-x86_64-dvd nvme_core.multipath=N rd.live.check 
> inst.ks=http://192.168.1.10/kickstart/ks.cfg<http://143.239.132.208/kickstart/ks.cfg>
>
> This did not solve the problem.
>

OK remove that suggestion and try the following from
https://docs.fedoraproject.org/en-US/Fedora/24/html/Installation_Guide/sect-kickstart-commands-ignoredisk.html

try adding the following to the kickstart

ignoredisk --only-use=nvme0n1



> -Original Message-
> From: Stephen John Smoogen 
> mailto:stephen%20john%20smoogen%20%3csmo...@gmail.com%3e>>
> Reply-To: CentOS mailing list 
> mailto:centos%20mailing%20list%20%3ccen...@centos.org%3e>>
> To: CentOS mailing list 
> mailto:centos%20mailing%20list%20%3ccen...@centos.org%3e>>
> Subject: Re: [CentOS] Problems with CentOS 8 kickstart
> Date: Tue, 06 Jul 2021 06:49:24 -0400
>
>
> [EXTERNAL] This email was sent from outside of UCC.
>
>
> On Mon, 5 Jul 2021 at 07:57, Hooton, Gerard <
>
> <mailto:g.hoo...@ucc.ie>
>
> g.hoo...@ucc.ie
>
> > wrote:
>
>
> The computer is Lenovo Thinkstation p620
>
> From df command I see:
>
> Filesystem   Size  Used Avail Use% Mounted on
>
> devtmpfs  16G 0   16G   0% /dev
>
> tmpfs 16G 0   16G   0% /dev/shm
>
> tmpfs 16G   26M   16G   1% /run
>
> tmpfs 16G 0   16G   0% /sys/fs/cgroup
>
> /dev/mapper/cs_uews027-root   70G  7.1G   63G  11% /
>
> /dev/nvme0n1p2  1014M  386M  629M  39% /boot
>
> /dev/nvme0n1p1   599M  7.3M  592M   2% /boot/efi
>
> /dev/mapper/cs_uews027-home  390G  2.8G  387G   1% /home
>
> tmpfs3.2G  8.0K  3.2G   1% /run/user/42
>
> tmpfs3.2G 0  3.2G   0% /run/user/0
>
>
>
> I am not familiar with this hardware, and a quick looks shows that
>
> there are a lot of variations on the p620. However I did find
>
> <https://download.lenovo.com/pccbbs/thinkcentre_pdf/ts_p620_redhat_enterprise_linux_8_installation_v1.0.pdf>
>
> https://download.lenovo.com/pccbbs/thinkcentre_pdf/ts_p620_redhat_enterprise_linux_8_installation_v1.0.pdf
>
>
> and
>
> <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/pdf/configuring_device_mapper_multipath/Red_Hat_Enterprise_Linux-8-Configuring_device_mapper_multipath-en-US.pdf>
>
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/pdf/configuring_device_mapper_multipath/Red_Hat_Enterprise_Linux-8-Configuring_device_mapper_multipath-en-US.pdf
>
>
>
> I haven't used multipath and hope some people who have better ideas
>
> will chime in, but at this point I would see if passing the PXE kernel
>
> boot a  `nvme_core.multipath=N` helps any.
>
>
>
> See attached files for more info.
>
> -Original Message-
>
> From: Stephen John Smoogen <
>
> <mailto:smo...@gmail.com>
>
> smo...@gmail.com
>
> 
> <mailto:stephen%20john%20smoogen%20%3csmo...@gmail.com>
>
> stephen%20john%20smoogen%20%3csmo...@gmail.com
>
> %3e>>
>
> Reply-To: CentOS mailing list <
>
> <mailto:centos@centos.org>
>
> centos@centos.org
>
> 
> <mailto:centos%20mailing%20list%20%3ccen...@centos.org>
>
> centos%20mailing%20list%20%3ccen...@centos.org
>
> %3e>>
>
> To: CentOS mailing list <
>
> <mailto:centos@centos.org>
>
> centos@centos.org
>
> 
> <mailto:centos%20mailing%20list%20%3ccen...@centos.org>
>
> centos%20mailing%20list%20%3ccen...@centos.org
>
> %3e>>
>
> Subject: Re: [CentOS] Problems with CentOS 8 kickstart
>
> Date: Mon, 05 Jul 2021 07:28:05 -0400
>
>
>
> [EXTERNAL] This email was sent from outside of UCC.
>
>
>
> On Mon, 5 Jul 2021 at 07:15, Hooton, Gerard <
>
>
> 
> <mailto:g.hoo...@ucc.ie>
>
> g.hoo...@ucc.ie
>
> >
>
>
> <mailto:g.hoo...@ucc.ie>
>
> g.hoo...@ucc.ie
>
>
>
> wrote:
>
>
>
> Hi All,
>
>
> I am having problems with a kickstart install of CentOS 8
>
>
> When I try to do a completely automated install  using PXE/UEFI  it get to 
> the point where it reads the kickstart config file.
>
>
> Then I see the following message
>
>
> "kickstart install Started cancel waiting for multipath siblings for nvme0n1"
>
>
>
>
> The above says that the sy

Re: [CentOS] Problems with CentOS 8 kickstart

[Stephen John Smoogen]

On Mon, 5 Jul 2021 at 07:57, Hooton, Gerard  wrote:
>
> The computer is Lenovo Thinkstation p620
> From df command I see:
> Filesystem   Size  Used Avail Use% Mounted on
> devtmpfs  16G 0   16G   0% /dev
> tmpfs 16G 0   16G   0% /dev/shm
> tmpfs 16G   26M   16G   1% /run
> tmpfs 16G 0   16G   0% /sys/fs/cgroup
> /dev/mapper/cs_uews027-root   70G  7.1G   63G  11% /
> /dev/nvme0n1p2  1014M  386M  629M  39% /boot
> /dev/nvme0n1p1   599M  7.3M  592M   2% /boot/efi
> /dev/mapper/cs_uews027-home  390G  2.8G  387G   1% /home
> tmpfs3.2G  8.0K  3.2G   1% /run/user/42
> tmpfs3.2G 0  3.2G   0% /run/user/0
>

I am not familiar with this hardware, and a quick looks shows that
there are a lot of variations on the p620. However I did find
https://download.lenovo.com/pccbbs/thinkcentre_pdf/ts_p620_redhat_enterprise_linux_8_installation_v1.0.pdf
and 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/pdf/configuring_device_mapper_multipath/Red_Hat_Enterprise_Linux-8-Configuring_device_mapper_multipath-en-US.pdf

I haven't used multipath and hope some people who have better ideas
will chime in, but at this point I would see if passing the PXE kernel
boot a  `nvme_core.multipath=N` helps any.


> See attached files for more info.
> -Original Message-
> From: Stephen John Smoogen 
> mailto:stephen%20john%20smoogen%20%3csmo...@gmail.com%3e>>
> Reply-To: CentOS mailing list 
> mailto:centos%20mailing%20list%20%3ccen...@centos.org%3e>>
> To: CentOS mailing list 
> mailto:centos%20mailing%20list%20%3ccen...@centos.org%3e>>
> Subject: Re: [CentOS] Problems with CentOS 8 kickstart
> Date: Mon, 05 Jul 2021 07:28:05 -0400
>
>
> [EXTERNAL] This email was sent from outside of UCC.
>
>
> On Mon, 5 Jul 2021 at 07:15, Hooton, Gerard <
>
> <mailto:g.hoo...@ucc.ie>
>
> g.hoo...@ucc.ie
>
> > wrote:
>
>
> Hi All,
>
> I am having problems with a kickstart install of CentOS 8
>
> When I try to do a completely automated install  using PXE/UEFI  it get to 
> the point where it reads the kickstart config file.
>
> Then I see the following message
>
> "kickstart install Started cancel waiting for multipath siblings for nvme0n1"
>
>
>
> The above says that the system thinks your box is multipath but the
>
> other drives are not showing up correctly. You will need to provide a
>
> lot more information for anyone to be able to help diagnosis this for
>
> you:
>
>
> 1. What is the build system
>
> 2. What kind of drives/drive controller is it
>
> 3. What is the rest of the kickstart that might tell it that it is multipath?
>
> 4. What are the pxe/uefi boot options in case that is telling it to
>
> try and probe for multipath that doesn't exist.
>
>
>
> This is what I have in the kickstart file
>
>
> # Clear the Master Boot Record
>
> zerombr
>
> # Partition clearing information
>
> clearpart --all --initlabel
>
> autopart --nohome --type=lvm --fstype=xfs
>
>  
>
>
> When I install from a USB drive it works OK and I have the following in  
> /dev/disk/by-id
>
>
> lrwxrwxrwx. 1 root root  13 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810 -> ../../nvme0n1
>
> lrwxrwxrwx. 1 root root  13 Jul  5 10:28 nvme-eui.002538b11102f46d -> 
> ../../nvme0n1
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part3 -> 
> ../../nvme0n1p3
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part3 -> ../../nvme0n1p3
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part3 -> 
> ../../nvme0n1p3
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> lvm-pv-uuid-5Dg4mg-saHa-hJJ6-n5a8-MxBS-gdFi-5jPoNn -> ../../nvme0n1p3
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part2 
> UNG_MZVL2512HCJQ-0-> ../../nvme0n1p2
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part2 -> ../../nvme0n1p2
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part2 -> 
> ../../nvme0n1p2
>
> drwxr-xr-x. 2 root root 400 Jul  5 10:28 .
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part1 -> 
> ../../nvme0n1p1
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part1 -> ../../nvme0n1p1
>
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part1 -> 
>

Re: [CentOS] Problems with CentOS 8 kickstart

[Stephen John Smoogen]

On Mon, 5 Jul 2021 at 07:15, Hooton, Gerard  wrote:
>
> Hi All,
> I am having problems with a kickstart install of CentOS 8
> When I try to do a completely automated install  using PXE/UEFI  it get to 
> the point where it reads the kickstart config file.
> Then I see the following message
> "kickstart install Started cancel waiting for multipath siblings for nvme0n1"
>

The above says that the system thinks your box is multipath but the
other drives are not showing up correctly. You will need to provide a
lot more information for anyone to be able to help diagnosis this for
you:

1. What is the build system
2. What kind of drives/drive controller is it
3. What is the rest of the kickstart that might tell it that it is multipath?
4. What are the pxe/uefi boot options in case that is telling it to
try and probe for multipath that doesn't exist.


> This is what I have in the kickstart file
>
> # Clear the Master Boot Record
> zerombr
> # Partition clearing information
> clearpart --all --initlabel
> autopart --nohome --type=lvm --fstype=xfs
>  
>
> When I install from a USB drive it works OK and I have the following in  
> /dev/disk/by-id
>
> lrwxrwxrwx. 1 root root  13 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810 -> ../../nvme0n1
> lrwxrwxrwx. 1 root root  13 Jul  5 10:28 nvme-eui.002538b11102f46d -> 
> ../../nvme0n1
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part3 -> 
> ../../nvme0n1p3
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part3 -> ../../nvme0n1p3
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part3 -> 
> ../../nvme0n1p3
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> lvm-pv-uuid-5Dg4mg-saHa-hJJ6-n5a8-MxBS-gdFi-5jPoNn -> ../../nvme0n1p3
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part2 
> UNG_MZVL2512HCJQ-0-> ../../nvme0n1p2
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part2 -> ../../nvme0n1p2
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part2 -> 
> ../../nvme0n1p2
> drwxr-xr-x. 2 root root 400 Jul  5 10:28 .
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 wwn-eui.002538b11102f46d-part1 -> 
> ../../nvme0n1p1
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 
> nvme-SAMSUNG_MZVL2512HCJQ-00BL7_S64KNE0R161810-part1 -> ../../nvme0n1p1
> lrwxrwxrwx. 1 root root  15 Jul  5 10:28 nvme-eui.002538b11102f46d-part1 -> 
> ../../nvme0n1p1
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
> dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkKtEdtLjwJQyIdxJcSvPv8TEAjwYGMv6yU 
> -> ../../dm-0
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
> dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkKAooqrczySYJyiHvUAUji9oScPN2cVi7J 
> -> ../../dm-1
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-swap -> ../../dm-1
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-root -> ../../dm-0
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 
> dm-uuid-LVM-qQok4M7AOo1TxZZ42GwZcbuVNBs0hnkK5HZXbR2ow5xKGuD7jVe4UPzZm2qRLLXI 
> -> ../../dm-2
> lrwxrwxrwx. 1 root root  10 Jul  5 11:07 dm-name-cs_uews027-home -> ../../dm-2
>
>
> It's looks like that I am not doing the disk drive stuff in the config file 
> correctly.
>
>
> --
>
> Gerard Hooton.
> Senior Technical Officer
> School of Engineering.
> University College Cork.
> College Road.
> Cork.
> Ireland.
> Loc8: WDR-04-60G
> Tel: +353 21 4902296
> Mobile: +353 852813491
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help with default shell

[Stephen John Smoogen]

On Thu, 24 Jun 2021 at 06:22, Hooton, Gerard  wrote:
>
> Thanks Stephen,
> Where will I find the attribute mapping?
> Today I only have remote access via ssh and RDP.
>
>

The various pages on this were rather 'vague' on where it might be. I
would try with

find /etc -type f -print0 | xargs grep -il 'map.*passwd.*shell'

and see if it comes up with anything. After that I really don't know.
I haven't used openldap in 15 years and I have not used csh in 20.


-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help with default shell

[Stephen John Smoogen]

On Wed, 23 Jun 2021 at 09:13, Hooton, Gerard  wrote:
>
> Hi all,
> I have a computer with CentOS 7.
> The users are authenticated using OpenLDAP.
> On LDAP the default shell is csh.
> When  ssh to login it works, i.e. $SHELL = /bin/csh
> Also, when using xrdp it works.
> However, a login from the  keyboard and screen attached computer we get 
> $SHELL = /bin/bash
>

So my first thing I would try to do would be to see if `getent passwd
` showed different configs when a person logged in different
ways. Aka
```
$ ssh foobaz
$ getent passwd ssmoogen
ssmoogen:x:14353:14353:Stephen Smoogen:/home/ssmoogen:/bin/csh
$ exit

login: ssmoogen
passwd:
$ getent passwd
ssmoogen:x:14353:14353:Stephen Smoogen:/home/ssmoogen:/bin/bash
$ exit
```

In either case, I think from going down the rabbithole of bugs/etc
that something in your system is using attribute mapping to force a
shell but only for console logins. The general way this is done is
sticking

map passwd loginShell "/bin/bash"
map passwd shell "/bin/bash"

Beyond that I do not have any openldap systems to confirm how this
would be done.

> Any help is welcome.
> Regards,
>
> Ger.
>
>
>
> --
>
> Gerard Hooton.
> Senior Technical Officer
> School of Engineering.
> University College Cork.
> College Road.
> Cork.
> Ireland.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] pass on CentOS 7

[Stephen John Smoogen]

On Wed, 16 Jun 2021 at 09:39, wwp  wrote:
>
> Hello,
>
>
> I read here and there that `pass` is available for CentOS 7 through the
> EPEL repository. In which I cannot find it :-). I see it available for
> C8 but not C7. Was it removed?
>

Packages in EPEL are made available by the volunteer who maintains it.
https://koji.fedoraproject.org/koji/packageinfo?packageID=14675 shows
that the maintainer of pass seems to have stopped maintaining it in
EL7 a long time ago and it is currently 'orphaned' in it.


>
>
> Regards,
>
> --
> wwp
> https://useplaintext.email/
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's
Law. All those moments will be lost in time... like posts on  BBS...
time to reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] getssl was working stopped

[Stephen John Smoogen]

On Fri, 14 May 2021 at 13:43, Jerry Geis  wrote:

> On Fri, May 14, 2021 at 11:52 AM Jerry Geis  wrote:
>
> > Hi All  - I am using getssl on CentOS 7.
> > It have been working fine since  Feb 17th and just stopped.
> >
> > My script:
> > getssl -u -a -q
> > getssl: for some reason could not reach
> >
> http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
> > - please check it manually
> >
> > So I did check it manually from another machine - it works fine:
> > curl
> >
> http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
> >
> >
> >
> lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI
> >
> > So it works fine.
> >
> > I then thought perhaps a firewall issue. So I "systemctl stop firewalld",
> > redid the getssl -u -a -q command above - and I get the same error.
> >
> > How do I see/tell what its not liking ?
> >
> > Thanks,
> >
> > Jerry
> >
>
> I took off the -q as requested - doesnt say much more.
>
>
> Redirecting to /bin/systemctl stop httpd.service
> Check all certificates
> MY_NAME: no certificate obtained from host
> Registering account
> Verify each domain
> Verifying MY_NAME
> copying challenge token to
>
> /var/www/html/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
> getssl: for some reason could not reach
>
> http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
> - please check it manually
> Redirecting to /bin/systemctl start httpd.service
>
>
>
> I thought the -u does the automatic upgrade -
>
> getssl -v
> getssl V2.36
>
>
I would check the getssl.cfg file and see if it is asking for version 1
acme certs.  [ I do not use this software and am just going from
https://github.com/srvrco/getssl where it has the certificate server it
wants to use in the latest version to be

CA="https://acme-v02.api.letsencrypt.org;


-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law.
All those moments will be lost in time... like posts on  BBS... time to
reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] getssl was working stopped

[Stephen John Smoogen]

On Fri, 14 May 2021 at 11:52, Jerry Geis  wrote:

> Hi All  - I am using getssl on CentOS 7.
>

which getssl are you using? I could assume https://github.com/srvrco/getssl
but it could be all numbers of things.

If it is that one, then it is written in bash so it should work via bash -x
and removing the -q to get more data on what might be broken.


It have been working fine since  Feb 17th and just stopped.
>
> My script:
> getssl -u -a -q
> getssl: for some reason could not reach
>
> http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
> - please check it manually
>
> So I did check it manually from another machine - it works fine:
> curl
>
> http://MY_NAME/.well-known/acme-challenge/lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM
>
>
> lL_ublhWh3fnmbXhhh3BR3bdnjHoMFAgTimTvZUTLQM.tIS27xF0xtz7YHES31MATofXyCeyfqttq7B_YBYZetI
>
> So it works fine.
>
> I then thought perhaps a firewall issue. So I "systemctl stop firewalld",
> redid the getssl -u -a -q command above - and I get the same error.
>
> How do I see/tell what its not liking ?
>
> Thanks,
>
> Jerry
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
I've seen things you people wouldn't believe. Flame wars in
sci.astro.orion. I have seen SPAM filters overload because of Godwin's Law.
All those moments will be lost in time... like posts on  BBS... time to
reboot.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos versions in the future?

[Stephen John Smoogen]

On Wed, 28 Apr 2021 at 04:09, Nikolaos Milas  wrote:

> On 28/4/2021 10:35 π.μ., Nikolaos Milas wrote:
>
> > All that, in turn, are very much dependent on community involvement
> > and project management & financing.
>
> By the way, I think that CentOS, before it was "absorbed" by Redhat,
> could/might have addressed the community for fund raising, rather than
> abandoning the project to RH, which, as others have mentioned, was an
> unmistakable sign of upcoming CentOS EOL as we had come to know it.
>
>
So CentOS when it was brought into Red Hat was not a company or
organization. It was much more like some sort of libertarian anarchy where
a group of people came together in an IRC channel and did what they wanted
to get an OS out. Many of these people were consultants who had daily
clients and did this as a night gig to help those clients and others but it
wasn't a single company which could accept funding. Things like the domain
name, trademark, etc were in the name of one person due to a past
historical problem.

That problem was that CentOS did once have an organization to collect
funds, but it had been mismanaged. This caused all kinds of problems with
the community and groups which had given funding  and there were legal and
tax problems due to it. In those cases, it is better to 'walk' away from
the organization as resetting it up usually triggers audits and additional
paperwork to show the people involved now are no way the same ones before.
So instead things were set up with most of the items owned by individuals.


> If the financing need was communicated correctly, I am very confident
> that financing would have been secured, e.g. by using a public fund
> raising platform, due to CentOS huge install base and community.
>
> Any of those current (or future) projects that might prove successful
> enough to become CentOS successor (as a RHEL binary twin, and not as
> Stream), should use the community financing model, in order to avoid
> CentOS fate.
>
> My 0.01$ :)
>
> Nick
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Proxmox Backup Server equivalent for the RHEL/CentOS world ?

[Stephen John Smoogen]

On Tue, 13 Apr 2021 at 08:24, Simon Matter  wrote:

> > On 13.04.21 12:33, Simon Matter wrote:
> >>> Once upon a time, Nicolas Kovacs  said:
>  Both PVE and PBS are based on Debian, and now I wonder if RHEL-based
>  systems
>  have something similar to offer.
> >>>
> >>> I believe Red Hat Virtualization, and its open upstream oVirt, are
> >>> comparable to Proxmox.  I have used oVirt for a number of years.  oVirt
> >>> itself doesn't include backup software (it supports VM snapshots and
> >>> clones), but there are several third-party backup tools (both free and
> >>> commercial) compatible with oVirt/RHV, like Storeware's vProtect (I
> >>> haven't used it but seen others mention it).
> >>
> >> I haven't followed oVirt/RHV but I'm wondering how free it is? Is it as
> >> "free" as RHEL or as CentOS/Alma/Rocky/Navy/Oracle Linux?
> >
> > Upstream -> Product
> >
> > Fedora -> RHEL
> > oVirt  -> RHV
>
> Thanks for the confirmation.
>
> In other words, we'll soon have four or more almost 100% identical
> rebuilds of RHEL but only 1 very lacking EPEL and 0 RHV clones ;-)
>
>
Those all depend on committed volunteers to do the work. That takes up a
lot of time and effort from people who are in short supply because doing
those things are more like a job than a 'weekend fun project'. This would
normally be where people would pay for a product but there are not a lot of
paying customers and a larger number of people who either expect it there
or would rather go without than pay for it.



> Regards,
> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8

[Stephen John Smoogen]

On Fri, 9 Apr 2021 at 12:40, Valeri Galtsev 
wrote:

>
>
> On 4/9/21 11:23 AM, Stephen John Smoogen wrote:
> > On Fri, 9 Apr 2021 at 12:19, Stephen John Smoogen 
> wrote:
> >
> >>
> >>
> >> On Fri, 9 Apr 2021 at 12:02, Valeri Galtsev 
> >> wrote:
> >>
> >>>
> >>>
> >>> On 4/9/21 10:47 AM, Binet, Valere (NIH/NIA/IRP) [C] wrote:
> >>>> The NIST and CIS baselines don't allow su, we have to use sudo on
> >>> government computers.
> >>>>
> >>>
> >>> Could you enlighten me on the rationale behind that restriction? As, as
> >>> you already noticed, my [ancient, maybe] reasoning makes me arrive at
> an
> >>> opposite conclusion. (but mine is pure security consideration with full
> >>> trust vested into sysadmin, see below...)
> >>>
> >>> On a second guess: it is just for a separation of privileges, and
> >>> accounting of who did what which sudo brings to the table... Right?
> >>>
> >>>
> >> sudo brings into accounting and the ability to restrict a person to a
> >> single command. [That is hard to do well but it is possible.] It also
> >> allows for an easily auditable configuration file set so that you can
> see
> >> what should have been allowed and what shouldn't. Versus the usual 'oh
> lets
> >> make it setgid blah or setuid foo but restricted to this group..' and
> >> people forgetting it was done that way or why.
> >>
> >> That said it is like any tool can be used as a hammer when it should
> have
> >> remained a phillips head.
> >>
> >>
> > Finally sudo can allow for better RBAC rules where if that is needed you
> > had to have multiple su commands that were aligned to each role so that
> > people could not escape their jail. [My understanding is that this is
> where
> > your chosen OS shines
>
>
that should have been written as

your chosen OS, FreeBSD, shines ...

my apology for dropping the packets as I thought i typed it but didn't



> Which one OS would be that?
>
> Valeri
>
> > with sudo and this was lifted to other os's laster.]
> > By 2005 most .gov/.mil baselines required su to be no longer allowed
> > because of this.
> >
> >
>
> --
> 
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8

[Stephen John Smoogen]

On Fri, 9 Apr 2021 at 12:19, Stephen John Smoogen  wrote:

>
>
> On Fri, 9 Apr 2021 at 12:02, Valeri Galtsev 
> wrote:
>
>>
>>
>> On 4/9/21 10:47 AM, Binet, Valere (NIH/NIA/IRP) [C] wrote:
>> > The NIST and CIS baselines don't allow su, we have to use sudo on
>> government computers.
>> >
>>
>> Could you enlighten me on the rationale behind that restriction? As, as
>> you already noticed, my [ancient, maybe] reasoning makes me arrive at an
>> opposite conclusion. (but mine is pure security consideration with full
>> trust vested into sysadmin, see below...)
>>
>> On a second guess: it is just for a separation of privileges, and
>> accounting of who did what which sudo brings to the table... Right?
>>
>>
> sudo brings into accounting and the ability to restrict a person to a
> single command. [That is hard to do well but it is possible.] It also
> allows for an easily auditable configuration file set so that you can see
> what should have been allowed and what shouldn't. Versus the usual 'oh lets
> make it setgid blah or setuid foo but restricted to this group..' and
> people forgetting it was done that way or why.
>
> That said it is like any tool can be used as a hammer when it should have
> remained a phillips head.
>
>
Finally sudo can allow for better RBAC rules where if that is needed you
had to have multiple su commands that were aligned to each role so that
people could not escape their jail. [My understanding is that this is where
your chosen OS shines with sudo and this was lifted to other os's laster.]
By 2005 most .gov/.mil baselines required su to be no longer allowed
because of this.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8

[Stephen John Smoogen]

On Fri, 9 Apr 2021 at 12:02, Valeri Galtsev 
wrote:

>
>
> On 4/9/21 10:47 AM, Binet, Valere (NIH/NIA/IRP) [C] wrote:
> > The NIST and CIS baselines don't allow su, we have to use sudo on
> government computers.
> >
>
> Could you enlighten me on the rationale behind that restriction? As, as
> you already noticed, my [ancient, maybe] reasoning makes me arrive at an
> opposite conclusion. (but mine is pure security consideration with full
> trust vested into sysadmin, see below...)
>
> On a second guess: it is just for a separation of privileges, and
> accounting of who did what which sudo brings to the table... Right?
>
>
sudo brings into accounting and the ability to restrict a person to a
single command. [That is hard to do well but it is possible.] It also
allows for an easily auditable configuration file set so that you can see
what should have been allowed and what shouldn't. Versus the usual 'oh lets
make it setgid blah or setuid foo but restricted to this group..' and
people forgetting it was done that way or why.

That said it is like any tool can be used as a hammer when it should have
remained a phillips head.

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can't upgrade sssd-*

[Stephen John Smoogen]

On Mon, 5 Apr 2021 at 13:05, Warren Young  wrote:

> On Apr 5, 2021, at 8:32 AM, Johnny Hughes  wrote:
> >
> > wrt private keys .. we don't want any to live on machines we
> > don't physically own.
>
> Yeah, I get that.
>
> What I don’t get is why, if DNF goes to http://foo.centos.org to pull
> metadata, and it tells DNF to go to https://bar.qux.example.edu to
> download the packages specified by that metadata, why must there be any
> private keys for *.centos.org involved on example.edu’s servers?
>
>
I don't think they do require it unless that node is supposed to look like
a part of mirror.centos.org. The issue is that various tools fail when a
mirrorlist sends them data which is not the same as 'requested'. So if you
send over a http link and get an https, the tool may crash or try to talk
HTTP to the TLS port etc.

```
$ curl 'http://mirrorlist.centos.org/?release=8=x86_64=BaseOS'
http://mirror.us.oneandone.net/linux/distributions/centos/8.3.2011/BaseOS/x86_64/os/
http://mirror.cs.vt.edu/pub/CentOS/8.3.2011/BaseOS/x86_64/os/
http://distro.ibiblio.org/centos/8.3.2011/BaseOS/x86_64/os/
http://ftpmirror.your.org/pub/centos/8.3.2011/BaseOS/x86_64/os/
http://mirrors.rit.edu/centos/8.3.2011/BaseOS/x86_64/os/
http://mirror.atl.genesisadaptive.com/centos/8.3.2011/BaseOS/x86_64/os/
http://atl.mirrors.clouvider.net/CentOS/8.3.2011/BaseOS/x86_64/os/
http://repos-va.psychz.net/centos/8.3.2011/BaseOS/x86_64/os/
http://centos-distro.cavecreek.net/centos/8.3.2011/BaseOS/x86_64/os/
http://mirror.vtti.vt.edu/centos/8.3.2011/BaseOS/x86_64/os/
```

A metalink system provides different data which would allow for these
'transfers' but it has other problems which are mitigated with TLS
connections

```
http://www.metalinker.org/; type="dynamic"
pubdate="Mon, 05 Apr 2021 17:20:24 GMT" generator="mirrormanager"
xmlns:mm0="http://fedorahosted.org/mirrormanager;>
 
  
   1603150039
   6282
   
7de20cbe8e7ef87b4fc1b35191277ab4
7d0c65c0daf1677eda2152e25e39a3dc4f3be027
7a75be2ebd56e44c9d33252a12158c8b7079331e9c73aa62c609414299dabf06
dfcc30a274b140d3ff65c3b3c9987a7c057a30e89880b13472f61be5fdd8829761653e11309d25680dc89d1af91d015ea0ca6992bbabec60d8b472f3e81ebba2
   
   

http://download-ib01.fedoraproject.org/pub/fedora/linux/releases/33/Everything/x86_64/os/repodata/repomd.xml

rsync://
download-ib01.fedoraproject.org/fedora-enchilada/linux/releases/33/Everything/x86_64/os/repodata/repomd.xml


https://download-ib01.fedoraproject.org/pub/fedora/linux/releases/33/Everything/x86_64/os/repodata/repomd.xml

   
  
 

```

In this way the tool can know and choose the version of TLS or download
protocol (rsync) which it can deal with.

I don't present this as a better way, just a different way. Both systems
make different security and availability choices to meet different
requirements. [The Fedora system is known to be fragile in TLS bringup
during the thundering bison rush of several million EPEL systems updating
caches at 04:00 while the CentOS system doesn't have this issue.]




> Surely the sysadmin of bar.qux.example.edu obtains a TLS key pair from
> some trusted CA that certifies that bar.qux.example.edu is valid
> according to the worldwide TLS public PKI.
>
> If we’re talking about package signing keys, surely that all happens on
> centos.org servers, and the resulting RPM packages are distributed as-is,
> not re-signed on each mirror server.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] KVM vs. incremental remote backups

[Stephen John Smoogen]

On Wed, 31 Mar 2021 at 08:41, Nicolas Kovacs  wrote:

> Hi,
>
> Up until recently I've hosted all my stuff (web & mail) on a handful of
> bare
> metal servers. Web applications (WordPress, OwnCloud, Dolibarr, GEPI,
> Roundcube) as well as mail and a few other things were hosted mostly on
> one big
> machine.
>
> Backups for this setup were done using Rsnapshot, a nifty utility that
> combines
> Rsync over SSH and hard links to make incremental backups.
>
> This approach has become problematic, for several reasons. First, web
> applications have increasingly specific and sometimes mutually exclusive
> requirements. And second, last month I had a server crash, and even though
> I
> had backups for everything, this meant quite some offline time.
>
> So I've opted to go for KVM-based solutions, with everything split up over
> a
> series of KVM guests. I wrapped my head around KVM, played around with it
> (a
> lot) and now I'm more or less ready to go.
>
> One detail is nagging me though: backups.
>
> Let's say I have one VM that handles only DNS (base installation + BIND)
> and
> one other VM that handles mail (base installation + Postfix + Dovecot).
>
> Under the hood that's two QCOW2 images stored in /var/lib/libvirt/images.
>
> With the old "bare metal" approach I could perform remote backups using
> Rsync,
> so only the difference between two backups would get transferred over the
> network. Now with KVM images it looks like every day I have to transfer the
> whole image again. As soon as some images have lots of data on them (say,
> 100
> GB for a small OwnCloud server), this quickly becomes unmanageable.
>
> I googled around quite some time for "KVM backup best practices" and was a
> bit
> puzzled to find many folks asking the same question and no real answer, at
> least not without having to jump through burning loops.
>
> Any suggestions ?
>
>
For Fedora Infrastructure we use a three prong approach
1. Kickstarts for the basic system
2. Ansible for the deployment and 'general configuration management'
3. rdiff-backup of things which ansible would not be able to bring back.

So most of our infrastructure is KVM only and the only systems we have to
kickstart by 'hand' are the bare metal. The guests are then fired off with
an ansible playbook which uses libvirt to fire up the initial guest and
kickstart from known data. Then the playbook continues and builds out the
system for the rest of the deployment. [Our guests are also usually lvm
partitions so we can use LVM tools to snapshot the system in different
ways.]

After it is done there are usually scripts which do things like do ascii
dumps of databases and such.

As you pointed out this isn't the only way to do so. Other sites have a
master qemu image for all their guests on a machine and clone that instead
of doing kickstarts for each. They also do snapshots of the images via lvm
or some other tool in order to make backups that way.

hope this helps.



> Niki
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : i...@microlinux.fr
> Tél. : 04 66 63 10 32
> Mob. : 06 51 80 12 12
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Prevent Anaconda from switching root and swap partition

[Stephen John Smoogen]

On Wed, 31 Mar 2021 at 05:11, Nicolas Kovacs  wrote:

> Hi,
>
> More often than not, when installing CentOS, I choose manual partitioning
> and
> then apply the KISS principle, with a very simple partitioning scheme that
> looks more or less like this:
>
>   * /boot partition: 500 MB, ext2
>   * swap partition: equivalent to amount of RAM
>   * root partition: available space, ext4
>
> Now when I do this, Anaconda insists on switching my swap and root
> partitions,
> so instead of this:
>
>   * /dev/sda1: boot partition
>   * /dev/sda2: swap partition
>   * /dev/sda3: root partition
>
> ... I get this:
>
>   * /dev/sda1: boot partition
>   * /dev/sda2: root partition
>   * /dev/sda3: swap partition
>
> Up until now this hasn't bothered me much. But for my needs right now it
> does,
> because I need my root partition to be at the end of the disk, so it can be
> expanded later on.
>
> Anyone knows how I can prevent Anaconda from switching my root and swap
> partitions? What I'm doing right now is switching to a text console with
> Ctrl-Alt-F5, manually partition using fdisk, switch back to Anaconda and
> then
> rescan the disk, but it's quite a PITA.
>
> These are the moments where I miss the good old bone-headed Slackware
> installer. :o)
>
> Cheers,
>
>
Since you are doing manual vs kickstart, you need to do additional steps
Before you go into the disk system in the UI

Control-Alt-F2
fdisk (or gfdisk  or parted depending on your prefs and needs)
clear the disk and set it up how you want it with the types set on each
partition.
go back into the UI and do the things you wanted. have it reread the disks
and have it use the existing partitions versus anything else

Option 2 is to go into the advanced partitioning tool blivet and see if it
can be done through that.. but I think you still need to do a
'slackware/arch' setup first

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.3

[Stephen John Smoogen]

On Thu, 18 Mar 2021 at 12:44, Mark Woolfson  wrote:

> Hello,
>
>
>
> I wonder if you could help.
>
>
>
> I have a requirement to load CentOS 7.3 on to a server. I have the
> distribution on a bootable USB key.
>
>
>
What kind of server? This is a hardware issue and is going to need to know
what kind of CPU and what the firmware on the system is. My uninformed
guess is that the kernel is finding a large number of CPUs (either virtual
or real) and it is probably only fixed by the kernel/software in 7.4. [A
test would be to see if 7.2 also has this issue and if not then walk
through the kernels until it does.. then look at the change logs for when
it starts working again.]

Or I would try installing with a smaller number of CPUs with a command line
entry like

maxcpus=16 (if this system has 82+?)


>
> CentOS boots to the first menu but when I select the option to install
> almost immediately I get the error below:
>
>
>
> NMI watchdog: BUG: soft lockup - CPU#82 stuck for 23s! [system-udevd:1221]
>
>
>
> The above error is output every 23s
>
>
>
> This is a repeatable error condition.
>
>
>
> When I load CentOS 7.4 on to the server I get no problems.
>
>
>
> When I load the above CentOS 7.3 distribution on to an older server I get
> no
> problems.
>
>
>
> Has anyone every seen the NMI watchdog error and found a resolution.
>
>
>
> Thank you in advance,
>
> Mark
>
>
>
>
>
> --
> This email has been checked for viruses by AVG.
> https://www.avg.com
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks

[Stephen John Smoogen]

On Thu, 18 Mar 2021 at 10:56, Lamar Owen  wrote:

> On 3/18/21 10:23 AM, Stephen John Smoogen wrote:
> > [what can be done] I am guessing
> > someone could make an unofficial set of spins which cut out some
> packages to try and make it fit in single density.
> >
> This is probably the solution at this point for the 'Full' DVD. In the
> interim, older machines such as this should just use the 'Minimal' DVD,
> since it fits on single-layer nicely.  (I hear or read single-density
> and think FM encoding, 128 bytes per sector, 77-track IBM 3740 format 8
> inch floppies..which are still in use in certain places...)  Same
> for 8.x or 8 Stream -- oh, wait, there is no 'Minimal' ISO, so net
> install or USB is it, can't use optical media at all.
>
>
https://mirrors.edge.kernel.org/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-2009.iso

There is a 7.9 minimal. There was no 8 minimal because composing is harder
and the 'minimum' set of packages did not shave off a lot of disk space.


> You're right; we're rabbit-holing.  Being at a non-profit, I have to
> rabbit hole a lot, since I tend to use much older hardware than 'normal.'
>

Understood. This is where the modern OS assumptions of  'you should be in
the cloud' and/or the 'your hardware must be only this old to be used'
cause a hard fork with parts of the community.


> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks

[Stephen John Smoogen]

On Thu, 18 Mar 2021 at 09:36, Lamar Owen  wrote:

> On 3/18/21 1:24 AM, John R. Dennison wrote:
> > It's not realistic to expect server-class machines not to be able to
> > boot from dual-layer or USB media in 2021.
> There are environments where USB or other writeable media are not
> allowed on premises.
>
> While all DVD-ROM drives are supposed to read DL media, in practice the
> compatibility has not proven to be 100%.
> ___
>

I think we are rabbit-holing on a bunch of related issues:


1. "How old hardware should be expected to work." Again this is not the
core issue the original person was asking.

Upstream (RHEL) usually expects hardware that is confirmed to work to be
usable through the release time. This hardware is usually on the year of
release to 4 years afterwards. So RHEL-7 was released in 2014, so tested
hardware configurations from 2014-2018 should work. Outside of that there
are some work to make it work but the rules from online docs seem to be
that if the hardware was from before 2012 and not a tested configuration,
it should stick to RHEL-6. [This is mostly about a level of support that
would be given point of view.. sure you could get it to work on a 2004
computer.. but if it breaks support is not going to spend hours/days/weeks
trying to make it work. Consulting services are for that..]

CentOS has no support levels so if it works cool. if it doesn't then sorry.
That goes for any dot release. If something is not caught in testing when
various dot releases are being built.. that's too bad. [This isn't a new
thing.. we didn't respin 5 releases when something wasn't caught until
months later.] Also this is not really related to the original person's
problem. It worked for them for many different releases and doesn't now.

2. "What are expected release results?" This is what the original question
falls into. They have been running under the assumption that one set of
DVD's would fall under a limit size for the single density drives. It has
worked for multiple releases before 7.9 and then it didn't. However that
expectation does not seem to have been in the testing procedures as a
'halt' level problem (i.e. measured in testing and then sent back if
failed.) I will be honest on my part, I have only done a 'looks' good
enough as I don't have single density DVD's to test if it worked or not. I
use USB sticks and virtual machines. I am expecting the other testers to
have done the same thing.

3. "What can be done". This is what the original question needs answered.

This was not caught in the release of 7.9 and that was a while ago. There
are not going to be any more dot releases for 7.. there is no planned 7.10
so this is the final set of DVD's until 2024. At this moment, I don't know
if a respin will make the images small enough and what would have to be
dropped to make it fit. Respinning 'official images'  now will also cause
problems for a lot of mirrors and users who will ask 'did these images get
hacked? why did it change now?' [And in either case, the original person
needed this fixed yesterday, not in the 2+ weeks to do this.] I am guessing
someone could make an unofficial set of spins which cut out some packages
to try and make it fit in single density.

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks

[John R. Dennison]

On Wed, Mar 17, 2021 at 11:42:40PM -0500, Robert G. (Doc) Savage via CentOS 
wrote:
> 
> I'm sure it would, but I thought I made it clear that DL or BluRay have
> never been options in this case. I'm disappointed that the DVD iso was
> released without any release notes advising it was oversized

The size issue with single-layer media has been a known issue since the
CentOS-6 days and the release notes very much do mention it, or at least
they did at one point.

It's not realistic to expect server-class machines not to be able to
boot from dual-layer or USB media in 2021.






John
-- 
Certitude is not the test of certainty.  We have been
cocksure of many things that were not so.

-- Oliver Wendell Holmes, Jr. (1841-1935), American jurist and Supreme
   Court Justice, "Natural Law", 32 Harvard Law Review 40, 41 (1918)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks

[John R. Dennison]

On Mon, Mar 15, 2021 at 05:04:41PM -0400, Stephen John Smoogen wrote:
> Well I am batting 0 for 1000 today. I am clearly not a good resource at the
> moment :). Thanks Lamar for checking the real source.

It's ok, smooge...

It's First Monday, you've got 4 more of 'em to go :)





    John

-- 
It's a hurtful place, the world, in and of itself.  We don't need to add to it.
And we're in a place now where we all need one another, and it's going to get
rougher.

-- Prince Rogers Nelson (7 June 1958 - 21 April 2016), funk/rock/pop/R singer,
   songwriter, and actor, Tavis Smiley Show, PBS (27 April 2009)


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks

[Stephen John Smoogen]

On Mon, 15 Mar 2021 at 16:26, Lamar Owen  wrote:

> On 3/15/21 8:51 AM, Stephen John Smoogen wrote:
> > Exactly that. Upstream Fedora and RHEL went to require dual density
> around
> > Fedora 18, RHEL-7 because the amount of data was too much.
> Well, what's odd is that the actual upstream RHEL 7.9 DVD WILL fit on a
> single-layer DVD.  Just burned one.
>
>
Well I am batting 0 for 1000 today. I am clearly not a good resource at the
moment :). Thanks Lamar for checking the real source.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks

[Stephen John Smoogen]

On Mon, 15 Mar 2021 at 08:19, Robert Heller  wrote:

> At Sun, 14 Mar 2021 21:49:40 -0500 "Robert G. \(Doc\) Savage" <
> dsav...@peaknet.net>, CentOS mailing list  wrote:
>
> >
> > On Sun, 2021-03-14 at 21:31 -0400, John Plemons wrote:
> > > Sounds like you need to use a dual layer DVD disc, it is double the
> > > capacity.
> >
> > John,
> >
> > Wrong answer. The server's optical drive doesn't support double-layer
> > disks. The CentOS developers made a mistake on their DVD iso, and they
> > need to fix it.
>
> Actually not -- the CentOS ISOs have not been meant for optical media
> since
> CentOS 6 -- they have been meant for thumb drives (>= 8G).
>
>
Exactly that. Upstream Fedora and RHEL went to require dual density around
Fedora 18, RHEL-7 because the amount of data was too much. The CentOS
developers have tried to their best to keep a single density working but
there has been a constant race of problems with various 'important'
packages having to be dropped from this ISO every time. For the final
EL-7.x series, there were too many packages to do this with. The
alternatives you have are:

1. Use CentOS-7.8 (or 7.7, or... ) as the boot media and then network
update
2. Use CentOS-7.9 minimal and network update
3. Use CentOS-7.9 netiso and network install.
4. Use some mixture of the above with a USB disk of all the data and a
kickstart to point to it so it gets there.
5. Look for a completely different alternative.


> You are going to have to something different.  Is it possible to do a
> network
> install on this machine.  I believe the netboot ISO should be small enough
> to
> fit on a CD or DVD.
>
> >
> > --Doc
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> >
> >
>
> --
> Robert Heller -- Cell: 413-658-7953 GV: 978-633-5364
> Deepwoods Software-- Custom Software Services
> http://www.deepsoft.com/  -- Linux Administration Services
> hel...@deepsoft.com   -- Webhosting Services
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks

[John Plemons]

Sounds like you need to use a dual layer DVD disc, it is double the 
capacity.


john


On 3/14/2021 9:13 PM, Robert G. (Doc) Savage via CentOS wrote:

I need help from someone experienced with the CentOS bug tracking
system. I gotta say it is one of the most complicated and imposing
front ends I've ever seen. Could anyone familiar with it please file a
bug on my behalf? Particulars:

"CentOS 7.9.2009 DVD iso image too large"

ISO image: CentOS-7-x86_64-DVD-2009.iso 4.7GB raw CD image
Wed Nov  4 05:37:25 2020
Burners: Both K3B and Brasero
Media: Both DVD-R and DVD+R single-layer disks

iso image: 4,712,300,544 bytes
User Anthony F McInerney advises Wikipedia says
DVD-R capacity: 4,707,319,808 bytes (max)

I have tried burning this same iso image on two different machines: a
CentOS 7.9 server and a Fedora 33 laptop. Same failure on both.

We need to ask the developers to make a re-spin that's about 5MB
smaller. And before someone suggests it, the 2010-vintage server I'm
trying to install CentOS on does not support booting from a thumb
drive, so that option is not available.

Thanks,

--Doc Savage
     Fairview Heights, IL

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



--
This email has been checked for viruses by AVG.
https://www.avg.com

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] qemu-kvm images of old Windows XP SP3

[Stephen John Smoogen]

On Sat, 13 Mar 2021 at 10:04, David McGuffey  wrote:

> I have a Nikon slide scanner (very high quality) for which the software
> has not been updated. It last ran on WinXP SP3 and I was not able to
> get it to run under Win 7 and certainly not Win 10.
>
> Anyone know where I can obtain images of this old OS to run in CentOS 7
> under kvm?
>
>
Even if the Windows XP was running in a VM, you would need to have the
underlying OS able to 'recognize' the device somewhat to pass it to the VM.
That can take enough work that you will find it easier to buy off of ebay
someone selling a laptop or computer from that era and run Windows XP
native.



> Dave McGuffey
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] R730xd & SD card identfication

[Stephen John Smoogen]

On Sun, 7 Mar 2021 at 18:39, Pete Biggs  wrote:

> On Sun, 2021-03-07 at 11:17 -0600, Gregory P. Ennis wrote:
> > Everyone,
> >
> > We have migrated a platform to a Centos 8 host using kvm guest machines
> >
> > Recently I tried to copy one of the guests to the external SD card on
> > the back of the Dell R730xd, but I have not been able to get the Centos
> > 8 host to recognize the SD card.
> >
> > I can use DRAC interface of the R730xd to see that the SD card is being
> > recognized and the status of the external SD slot is turned from
> > inactive to active when the card is inserted.
> >
>
> I have a nagging feeling at the back of my mind that that slot is
> associated with the iDrac system and not the main board.
>
> In any case doesn't that need a vFlash card not a standard SD/SDHC
> card? From Wikipedia:
>
>
I think the SD card on the back of the IDRAC7 systems on the Dell 730xd are
similar to this. They are accessible by the IDrac and dell software and are
primarily there for emergency install of the hardware from known good
media. I believe that vmware has a module which talks to the card so you
can install software in vm's from said known good media.




-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Koji packages

[Stephen John Smoogen]

On Wed, 3 Mar 2021 at 12:40, Frederick  wrote:

> Thank you!
>
> I am specifically looking for the dlm package that seems to be missing
> from the repos in 8.  I went to https://git.centos.org/rpms/dlm but I
> cannot find the source.  Is there anywhere I can get the source to
> build this package?  Without it I cannot set up a gfs2 cluster on
> centos8.  I've seen many discussions about RedHat having it but its
> not available for centos, so I just need the source so I can move
> forward.  Any help would be greatly appreciated!
>
>
I followed the directions in https://wiki.centos.org/Sources
```
$ mkdir centos-sources; cd centos-sources
$ git clone https://git.centos.org/centos-git-common.git
$ git clone https://git.centos.org/rpms/dlm.git -b c8
$ cd dlm
$ ../centos-git-common/get_sources.sh
Retrieving
https://git.centos.org/sources/dlm/c8/3655865fa215e6b50e6b82ba66cb13f2d8005f67
  % Total% Received % Xferd  Average Speed   TimeTime Time
 Current
 Dload  Upload   Total   SpentLeft
 Speed
100  124k  100  124k0 0   443k  0 --:--:-- --:--:-- --:--:--
 443k
$ ls
SOURCES/  SPECS/
$ ls SOURCES/
dlm-4.0.9.tar.gz
$ ls SPECS/
dlm.spec


```

On Mon, Mar 1, 2021 at 9:41 AM Johnny Hughes  wrote:
> >
> > On 2/28/21 10:24 AM, Frederick wrote:
> > > Good Day All!
> > >
> > > I am trying to grab some packages from the Koji site.  Any idea why it
> > > seems to be down and if/when it will be back?
> > >
> > > 403 Forbidden
> > > Request forbidden by administrative rules.
> > >
> > > https://koji.mbox.centos.org/pkgs/packages/
> >
> > Access is limited to only developers for now .. it is the only
> > 'bandwidth' we have for development.
> >
> > There are plans to mirror the content and make it all available in the
> > future.
> >
> > For now all the source code is available on git.centos.org.  It is where
> > all the content is built from.
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Tar of files

[Stephen John Smoogen]

On Wed, 3 Mar 2021 at 09:54, Jerry Geis  wrote:

> When I "tar" up an archive the files have an owner bob,
> when I extract that to another machine bob is there also but user number is
> different.
> So when I extract bob is no longer the owner of the files but someone else.
>
> Is there a good way to account for this ?
> User ID on one box being different to the next box ?
>
> I was expecting to untar and bob still be the owner .
>
>
The system has no way of knowing that bob:uid1 and bob:uid2 are the same
person and in fact on a lot of systems they are not (aka if you downloaded
a tar ball from my box and it had the user bob on it.. it definitely is not
your bob).

The ways to do this are any of the following or a list of ones not there.
1. find ./tree_you_untarred -uid  -print0 | xargs -0 chown bob2
2. su bob2 (cd /tree_place_to_untar; tar xzvf )
3. use gnu tar's many options to create the tar file with the correct
uid/gid you wanted using --owner --group (or a map if there are multiple).



> Thanks,
>
> Jerry
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommendations for webmail client on EL8

[Stephen John Smoogen]

On Mon, 1 Mar 2021 at 20:41, Gordon Messmer 
wrote:

> On 3/1/21 4:31 PM, Joshua Kramer wrote:
> > Do those scripts also handle the building of Objective-C, which is
> > needed to build SOGo?  I have been toying with this off and on,
> > there's an independent repo somewhere that has the EL8 builds of Obj-C
> > and SOGo, but I haven't had time to get everything set up.
>
>
> I'm still running on 7, where gnustep is available from EPEL.  I think
> you'd need to manually rebuild gnustep for CentOS 8.
>
>
You may need to rebuild gcc from different source rpms to get Objective-C
in EL-8.  The RHEL gcc source rpms did not produce Objective-C rpms or
binaries when I looked at it in 2019.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommendations for webmail client on EL8

[Stephen John Smoogen]

On Mon, 1 Mar 2021 at 14:21, Simon Matter  wrote:

> > On Mon, 1 Mar 2021 at 12:46, Simon Matter 
> wrote:
> >
>
> > EPEL has always been in the need of more people who can volunteer time to
> > help maintain and package things. However for the last 5 years (so even
> > before EL8) the need has gotten worse:
> > 1) The core maintainers who pushed EL6 and EL7 have been increasingly
> > 'retired to management' at their respective jobs.
>
> Are they Red Hat paid people? If so it confirms my impression that EPEL is
> not seen very important by Red Hat.
>
>
I am pretty sure that whatever I will say would confirm your impression :).

In this case, most of the people I am talking about have been outside of
Red Hat volunteers versus Red Hat employees. Many of the original people
involved have become VP's, CIO's and other places in upper management in
their companies. Others have not but found that real life in other ways got
in the way. It happens with any volunteer activity.

Does that mean Red Hat never took EPEL seriously? Maybe. But the same can
be said of the EPEL users. Most of the rules for package inclusion and the
retirement problem I have said are public knowledge brought up over and
over through the years and yet most people only 'see' them when EPEL is
'broken' to them.  There is a continual forgetting that for the first 2
years of EPEL-7 we didn't have as many packages as we did in EPEL-6.. and
that 'EPEL is so broke'. There is an expectation that someone is paid to
work on this when no one is.

Anyway this rant has had to be revised multiple times so I am ending it
here.



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommendations for webmail client on EL8

[Stephen John Smoogen]

On Mon, 1 Mar 2021 at 12:46, Simon Matter  wrote:

> > On Mon, 1 Mar 2021 at 10:42, Simon Matter 
> wrote:
> >
> >> > Am 01.03.21 um 15:56 schrieb Simon Matter:
> >>
> >> >> Thanks for your suggestion. No, I'm not really thinking about
> >> >> docker/podman. I prefer having clean system installs, even if I have
> >> to
> >> >> create RPMs myself. This has worked fine for the last two decades but
> >> >> yes,
> >> >> I'm afraid, this is considered old school these days :-)
> >> >>
> >> >
> >> > Hey Simon, take a look at Remi's repository ...
> >> >
> >> > --
> >> > Leon
> >>
> >> Hi Leon, thanks.
> >> I'm wondering why these things are not in EPEL?
> >>
> >>
> > Because building with modules in EPEL is very limited. I think
> > https://pagure.io/epel/issue/75 covers many of the issues and the
> > frustration of dealing with them.
> >
>
> I found this link last Saturday but didn't want to give up too quickly.
>
> I wasn't aware that the situation with EPEL8 is so bad because a) we just
> started migrating systems to CentOS 8 when the bad news came some weeks
> ago about CentOS, and b) because we mostly built our own RPMs and didn't
> depend on EPEL in the past.
>
> Now that building became more difficult with the new modularity, it seemed
> a good thing to rely more on EPEL - just to discover that EPEL is also
> lacking so much in 8.
>
>
EPEL has always been in the need of more people who can volunteer time to
help maintain and package things. However for the last 5 years (so even
before EL8) the need has gotten worse:
1) The core maintainers who pushed EL6 and EL7 have been increasingly
'retired to management' at their respective jobs.
2) Usage has grown greatly with the expectation that what is in EL6 will be
in EL7 will be in EL8.
3) Package complexity has grown exponentially. You need more and more
packages in the repo as 'buildrequires' or 'install' but are not 'leaf
nodes' like say squirrelmail.
4) Most people who 'maintain' the package in Fedora see that as a full time
job already and dealing with EPEL issues/complaints is added unpaid work
they don't care less for. [For some reason a good many people who open bugs
for EPEL packages expect the same level of support as they would for a paid
for enterprise product.. and feel like being jerks is the way to get that
from EPEL.]
5) Many upstreams have gone whole-hog into containers and will only work
with/deal with the set of tools in their container versus in RPMs or debs.
They are especially that way for laggard operating systems like Enterprise
Linux or LTS versions.
6) Building *good rpms is hard. Building *good modules is harder. However
building *good containers makes modularity look easy. So it is easier to
just grab someone elses and YOLO.

*good = a package which is reproducible, upgradable, secure, debugable,
maintainable and probably 10 other features everyone silently expects from
EPEL packages versus some one who did a tar2rpm


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommendations for webmail client on EL8

[Stephen John Smoogen]

On Mon, 1 Mar 2021 at 10:42, Simon Matter  wrote:

> > Am 01.03.21 um 15:56 schrieb Simon Matter:
>
> >> Thanks for your suggestion. No, I'm not really thinking about
> >> docker/podman. I prefer having clean system installs, even if I have to
> >> create RPMs myself. This has worked fine for the last two decades but
> >> yes,
> >> I'm afraid, this is considered old school these days :-)
> >>
> >
> > Hey Simon, take a look at Remi's repository ...
> >
> > --
> > Leon
>
> Hi Leon, thanks.
> I'm wondering why these things are not in EPEL?
>
>
Because building with modules in EPEL is very limited. I think
https://pagure.io/epel/issue/75 covers many of the issues and the
frustration of dealing with them.




> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 25 Feb 2021 at 17:26, Gionatan Danti  wrote:

> Il 2021-02-25 22:35 Stephen John Smoogen ha scritto:
> > Mainly because customers don't want to pay for that work which is
> > considerable. If Red Hat builds it, it is expected to have all kinds of
> > 'promises' equivalent to its other products and that is expensive in
> > terms
> > of QA, engineering, documentation, various certifications, etc. Package
> > growth goes up quickly so if people are complaining about the cost of a
> > RHEL license for 4000 src rpms, then what would it be at 20,000 to
> > 30,000.
> > It is easier to allow the community to choose to do the work it wants
> > and
> > then 'consumers' of said repository get what they can.
>
> [Including Valeri] I doubt it. Price is mainly defined by offer and
> demand (which is, in turn, driven by how much value the customer put
> behind the product). While production/support cost can put a lower bound
> on it, I don't think this is the case for Red Hat.
>

The fun part about this doubt is that anyone should be able to prove it
right or wrong easily. All it takes is to set up a build system, recompile
all the code from Fedora wanted in it, and then offer support contracts to
cover work on it. If there is a market for it then they can set the price
to cover all 20,000 packages and then find out what is expected by the
customer for the prices charged.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 25 Feb 2021 at 16:10, Gionatan Danti  wrote:

> Il 2021-02-25 14:27 Simon Matter ha scritto:
> > EL on the other side has a very limited, supported package set and
> > therefore a lot of packages needed to build a lot of packages are just
> > missing.
>
> Yeah, same impressions here. EPEL really is a key package repository for
> RHEL - and I always wondered why they did not invest into maintaining
> (and extending) this excellent repo.
>
>
Mainly because customers don't want to pay for that work which is
considerable. If Red Hat builds it, it is expected to have all kinds of
'promises' equivalent to its other products and that is expensive in terms
of QA, engineering, documentation, various certifications, etc. Package
growth goes up quickly so if people are complaining about the cost of a
RHEL license for 4000 src rpms, then what would it be at 20,000 to 30,000.
It is easier to allow the community to choose to do the work it wants and
then 'consumers' of said repository get what they can.


> I think RH now is extremely focused on cloud and SaaS platform, which
> leave us "normal" sysadmin in an uncomfortable situation...
>
>
I think the industry is entering another crux point where 'classical'
system administration will be in the same class as mainframe/miniframe
system administration were in the late 1980's and early 1990's with Unix
systems and then Linux. Our wor will remain incredibly important to various
industries but it will increasingly be a smaller amount of 'total
deployments'.  Which is why so many of our conversations echo so much of
the USEnet in the early-1990s, where mainframes/miniframes admins wondered
why companies were not focusing on their industries anymore.



> Regards.
>
> --
> Danti Gionatan
> Supporto Tecnico
> Assyoma S.r.l. - www.assyoma.it
> email: g.da...@assyoma.it - i...@assyoma.it
> GPG public key ID: FF5F32A8
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 25 Feb 2021 at 10:07, J Martin Rushton <
martinrushto...@btinternet.com> wrote:

>
>
> On 25/02/2021 14:49, Stephen John Smoogen wrote:
> >
> >
> > On Thu, 25 Feb 2021 at 09:13, J Martin Rushton via CentOS
> > mailto:centos@centos.org>> wrote:
> >
> >
> >
> > On 25/02/2021 13:37, Stephen John Smoogen wrote:
> >
> > I was recently looking at Raymond's book "The Art of UNIX
> Programming"
> > from 2003.  He, along with contributors Thompson (inventor of UNIX),
> > Kernigham (C and AWK), Korn and others of that callibre, espouse
> > creating "little tools" that do one job reliably and well.  The
> > likes of
> > Gnome or systemd certainly would never fit into this philosophy.  I
> > really think we have lost a lot of maintainability and ease of
> > management over the last 20 years as applications are stretched to do
> > ever more.
> >
> >
> > Maybe but everytime someone says "I think these are too complex" they
> > then turn around and say "but I really need this to do this one more
> > thing." Also the complexity of tools is generational. The oldschool
> > 1970's Unix people were screaming that the 1980's software was too
> > complex because various flags had been added to central commands. The
> > 1980's people complained that even early Linux was too complex because
> > it had so much more software that depended on each other. And so forth.
> >
> > In the X11 world, there were as many people saying FVWM was way too
> > complex when twm was all you needed and it was making software too hard
> > to build. BUT could you get twm to work on our new monitor which has a
> > different view screen feature that made the fonts look like crap.
> >
> > The counter argument I heard from a 1970's Unix era person was "Software
> > gets more complicated over time as we find that more problems need to be
> > solved. You either keep up with it, or get out of software." He was
> > working in software until his death a short while ago in his 80's.
> >
> > --
> > J Martin Rushton MBCS
> > ___
> > CentOS mailing list
> > CentOS@centos.org <mailto:CentOS@centos.org>
> > https://lists.centos.org/mailman/listinfo/centos
> > <https://lists.centos.org/mailman/listinfo/centos>
> >
> >
> >
> > --
> > Stephen J Smoogen.
> >
> The irony being that moving to UNIX I had it drummed into me that the
> one tool-one job ethos was a great advance upon the rigidly defined and
> integrated monolith of VMS.  Oh, and that was in the 1990s.
> --
> J Martin Rushton MBCS
>

And everyone I worked with told me that Unix was a poor reinvention of
TSX-11 where you could get real work done. But since VMS came out over a
decade after Unix, I can't say Unix is an advance over VMS.

In any case this is devolving into the 4 Yorkshiremen skit so I am done
here.

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 25 Feb 2021 at 09:13, J Martin Rushton via CentOS 
wrote:

>
>
> On 25/02/2021 13:37, Stephen John Smoogen wrote:
>
> I was recently looking at Raymond's book "The Art of UNIX Programming"
> from 2003.  He, along with contributors Thompson (inventor of UNIX),
> Kernigham (C and AWK), Korn and others of that callibre, espouse
> creating "little tools" that do one job reliably and well.  The likes of
> Gnome or systemd certainly would never fit into this philosophy.  I
> really think we have lost a lot of maintainability and ease of
> management over the last 20 years as applications are stretched to do
> ever more.
>

Maybe but everytime someone says "I think these are too complex" they then
turn around and say "but I really need this to do this one more thing."
Also the complexity of tools is generational. The oldschool 1970's Unix
people were screaming that the 1980's software was too complex because
various flags had been added to central commands. The 1980's people
complained that even early Linux was too complex because it had so much
more software that depended on each other. And so forth.

In the X11 world, there were as many people saying FVWM was way too complex
when twm was all you needed and it was making software too hard to build.
BUT could you get twm to work on our new monitor which has a different view
screen feature that made the fonts look like crap.

The counter argument I heard from a 1970's Unix era person was "Software
gets more complicated over time as we find that more problems need to be
solved. You either keep up with it, or get out of software." He was working
in software until his death a short while ago in his 80's.


> --
> J Martin Rushton MBCS
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 25 Feb 2021 at 08:18, Tony Schreiner 
wrote:

> On Thu, Feb 25, 2021 at 7:31 AM Stephen John Smoogen 
> wrote:
>
> > On Thu, 25 Feb 2021 at 02:11, Simon Matter 
> wrote:
> >
> > > >>
> > > >> Smooge, you know I feel your pain, but becoming a maintainer in EPEL
> > has
> > > >> a pretty high bar (lots of new tools and methods to work with,
> amongst
> > > >> other things) -- as it SHOULD, given that it's intended as an addon
> to
> > > >> EL and needs to be very tightly controlled.  It's just more
> difficult
> > to
> > > >> get started these days relative to when anyone could build an rpm as
> > > >> long as they had a copy of Maximum RPM and knew how to drive 'rpm
> -ba'
> > > >>  back when building as root in a non-reproducible buildroot
> > wasn't a
> > > >> cardinal sin.
> > > >>
> > > >
> > > > Not that it matters .. BUT .. EL8 is much harder to build for.  There
> > > > are modular components, not all the Devel files exist, etc.
> > > >
> > > > It is much harder than EL7.
> > >
> > > Thanks Johnny for reminding. I was wondering why the situation for EL8
> is
> > > so much worse than for EL7 and that was true before CentOS Stream came
> > up.
> > >
> > > In the end I have never been happy with the new modules system and how
> it
> > > makes packaging much more difficult than it was and than it should be.
> > >
> > > IMHO the hurdles to build high quality packages should be as simple as
> > > possible but the difficulties to do so went in the wrong direction. The
> > > result we see now. Today we have an unstable distribution (Fedora)
> with a
> > > quite good and comprehensive package set, and we have stable (EL) with
> an
> > > unstable and lacking package set.
> > >
> > >
> > Even without modules (A person wrote a program which undid some of those
> > problems for us in EPEL), EL8 is not easy to build. Packages and software
> > themselves have gotten more interdependent and complex. This leads to a
> > larger and larger chain of 'buildrequires' and 'requires' for each
> package.
> > To get some of the XFCE packages into EPEL you need to bring into EPEL
> all
> > kinds of quaternary packages so you can build the tertiary packages which
> > are needed for the secondary packages which allow you to get something
> like
> > xfce4-cpufreq-plugin-1.2.1-7.fc33.src.rpm built. Each of those packages
> > needs a maintainer who wants to deal with them in EPEL which requires
> them
> > to run an EL to test.
> >
> > I tried an experiment during the RHEL-8 beta to see what it would take to
> > get EPEL-8 1:1 with EPEL-7.. I gave up after adding nearly a thousand
> > packages to the 'build chain' which were not in EPEL-7 nor even in the
> > RHEL-8 beta or its 'buildroot'. These were mainly packages that are in
> > Fedora already and would need to be maintained in EPEL and no one wants
> to
> > do that.
> >
> > This was supposed to be a problem modularity was to fix.. so you need 100
> > packages not in EPEL for your 1 application set, and you don't  want to
> > maintain those extra packages? Just put them inside your module build
> chain
> > and deliver what you wanted. Of course that is still a monumental task
> and
> > most packagers would say 'meh I got better things to do, like do a root
> > canal without anesthesia.'
> >
>
> Does package building for debian and derivatives not run into this same
> issue of interdependency? Is it because they have more packages to begin
> with?
> Not judging, I'm curious.
>
>
They run into the same interdependency.. but because they have organically
grown their distro every day, those dependencies grew 1 at a time.

For EPEL and other EL repos you have to jump multiple Fedora releases to
catch up. So in EL6 we were Fedora Linux 12. In EL7.0 we had to jump and
rebuild from scratch a lot of Fedora Linux 18 and Fedora Linux 19 and then
progressed up to about Fedora 24 as various parts got rebased and upgraded
to 7.9. For EL8, we have to jump to Fedora Linux 28 and then each dot
release rebase parts while keeping other parts back because rebasing is
focused. [This means that if something needs glibc-2.32 you can't put it in
EL8 without a lot of patching to make it work with whatever changed... but
some other related components may be able to recompile fine.]

Thus you need people who enjoy that kind of work to do this because EPEL is
nearly all volunteer work. I had to work after hours or take vacation time
to work on getting EPEL-8 out so that I could get focused effort on it.
Most people don't have that 'luxury' and so the number of volunteers is
small but the expectation that it will be there is large.



> Tony Schreiner
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 25 Feb 2021 at 02:11, Simon Matter  wrote:

> >>
> >> Smooge, you know I feel your pain, but becoming a maintainer in EPEL has
> >> a pretty high bar (lots of new tools and methods to work with, amongst
> >> other things) -- as it SHOULD, given that it's intended as an addon to
> >> EL and needs to be very tightly controlled.  It's just more difficult to
> >> get started these days relative to when anyone could build an rpm as
> >> long as they had a copy of Maximum RPM and knew how to drive 'rpm -ba'
> >>  back when building as root in a non-reproducible buildroot wasn't a
> >> cardinal sin.
> >>
> >
> > Not that it matters .. BUT .. EL8 is much harder to build for.  There
> > are modular components, not all the Devel files exist, etc.
> >
> > It is much harder than EL7.
>
> Thanks Johnny for reminding. I was wondering why the situation for EL8 is
> so much worse than for EL7 and that was true before CentOS Stream came up.
>
> In the end I have never been happy with the new modules system and how it
> makes packaging much more difficult than it was and than it should be.
>
> IMHO the hurdles to build high quality packages should be as simple as
> possible but the difficulties to do so went in the wrong direction. The
> result we see now. Today we have an unstable distribution (Fedora) with a
> quite good and comprehensive package set, and we have stable (EL) with an
> unstable and lacking package set.
>
>
Even without modules (A person wrote a program which undid some of those
problems for us in EPEL), EL8 is not easy to build. Packages and software
themselves have gotten more interdependent and complex. This leads to a
larger and larger chain of 'buildrequires' and 'requires' for each package.
To get some of the XFCE packages into EPEL you need to bring into EPEL all
kinds of quaternary packages so you can build the tertiary packages which
are needed for the secondary packages which allow you to get something like
xfce4-cpufreq-plugin-1.2.1-7.fc33.src.rpm built. Each of those packages
needs a maintainer who wants to deal with them in EPEL which requires them
to run an EL to test.

I tried an experiment during the RHEL-8 beta to see what it would take to
get EPEL-8 1:1 with EPEL-7.. I gave up after adding nearly a thousand
packages to the 'build chain' which were not in EPEL-7 nor even in the
RHEL-8 beta or its 'buildroot'. These were mainly packages that are in
Fedora already and would need to be maintained in EPEL and no one wants to
do that.

This was supposed to be a problem modularity was to fix.. so you need 100
packages not in EPEL for your 1 application set, and you don't  want to
maintain those extra packages? Just put them inside your module build chain
and deliver what you wanted. Of course that is still a monumental task and
most packagers would say 'meh I got better things to do, like do a root
canal without anesthesia.'



> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Permission denied when updating CentOS 8 Streams

[Stephen John Smoogen]

On Fri, 19 Feb 2021 at 09:47, Simon Matter  wrote:

> > On Fri, 19 Feb 2021, Mathieu Baudier wrote:
> >
> >> Hello,
> >>
> >> On a remote server (in an IPv6-only infrastructure) I am getting the
> >> following error when trying to update CentOS 8 Streams x86_64:
> >>
> >> $ sudo dnf upgrade --refresh
> >> Failed to set locale, defaulting to C.UTF-8
> >> CentOS Stream 8 - AppStream
> >>
> >>   0.0  B/s |   0  B 00:16
> >> Errors during downloading metadata for repository 'appstream':
> >>  - Curl error (7): Couldn't connect to server for
> >>
> http://mirrorlist.centos.org/?release=8-stream=x86_64=AppStream=stock
> >> [Failed to connect to mirrorlist.centos.org port 80: Permission denied]
> >> Error: Failed to download metadata for repo 'appstream': Cannot prepare
> >> internal mirrorlist: Curl error (7): Couldn't connect to server for
> >>
> http://mirrorlist.centos.org/?release=8-stream=x86_64=AppStream=stock
> >> [Failed to connect to mirrorlist.centos.org port 80: Permission denied]
> >
> > Try using an https:// URL.
>
> Are you sure? At least from here over IPv4, http works well but https
> doesn't work at all. Sounds strange if http would work only over IPv4 and
> https would work only over IPv6.
>
>
It wouldn't work anyway because CentOS mirrors do not have https. I tried
this from my home system
```
[ssmoogen@localhost ~]$ for i in "2001:4178:5:200::10"
"2600:1f16:c1:5e01:4180:6610:5482:c1c0" "2604:1380:2001:d00::3"
"2604:1580:fe02:2::10" "2604:1380:1001:6c00::1"; do curl -v6
"https://[${i}]/?release=8-stream=x86_64=AppStream=stock;;
done
*   Trying 2001:4178:5:200::10:443...
* connect to 2001:4178:5:200::10 port 443 failed: Permission denied
* Failed to connect to 2001:4178:5:200::10 port 443: Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2001:4178:5:200::10 port 443: Permission
denied
*   Trying 2600:1f16:c1:5e01:4180:6610:5482:c1c0:443...
* connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port 443 failed:
Permission denied
* Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port 443:
Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port
443: Permission denied
*   Trying 2604:1380:2001:d00::3:443...
* connect to 2604:1380:2001:d00::3 port 443 failed: Permission denied
* Failed to connect to 2604:1380:2001:d00::3 port 443: Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2604:1380:2001:d00::3 port 443: Permission
denied
*   Trying 2604:1580:fe02:2::10:443...
* connect to 2604:1580:fe02:2::10 port 443 failed: Permission denied
* Failed to connect to 2604:1580:fe02:2::10 port 443: Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2604:1580:fe02:2::10 port 443: Permission
denied
*   Trying 2604:1380:1001:6c00::1:443...
* connect to 2604:1380:1001:6c00::1 port 443 failed: Permission denied
* Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission denied
* Closing connection 0
curl: (7) Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission
denied
```

removing the -v gives the following error:
```
[ssmoogen@localhost ~]$ for i in "2001:4178:5:200::10"
"2600:1f16:c1:5e01:4180:6610:5482:c1c0" "2604:1380:2001:d00::3"
"2604:1580:fe02:2::10" "2604:1380:1001:6c00::1"; do curl -6
"https://[${i}]/?release=8-stream=x86_64=AppStream=stock;;
done
curl: (7) Failed to connect to 2001:4178:5:200::10 port 443: Permission
denied
curl: (7) Failed to connect to 2600:1f16:c1:5e01:4180:6610:5482:c1c0 port
443: Permission denied
curl: (7) Failed to connect to 2604:1380:2001:d00::3 port 443: Permission
denied
curl: (7) Failed to connect to 2604:1580:fe02:2::10 port 443: Permission
denied
curl: (7) Failed to connect to 2604:1380:1001:6c00::1 port 443: Permission
denied
```

Notice that the permission denied is different from what was reported in
the original email. I am not sure why that is.

If I change that from https: to http all of the IP addresses work. So my
guess is that something is blocking the originator IP to those mirror
servers but it isn't clear what.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 18 Feb 2021 at 12:04, Simon Matter  wrote:

> > On Thu, 18 Feb 2021 at 04:47, Simon Matter 
> wrote:
> >
> >> >
> >> > Smooge, you know I feel your pain, but becoming a maintainer in EPEL
> >> has
> >> > a pretty high bar (lots of new tools and methods to work with, amongst
> >> > other things) -- as it SHOULD, given that it's intended as an addon to
> >> > EL and needs to be very tightly controlled.  It's just more difficult
> >> to
> >> > get started these days relative to when anyone could build an rpm as
> >> > long as they had a copy of Maximum RPM and knew how to drive 'rpm -ba'
> >> >  back when building as root in a non-reproducible buildroot wasn't
> >> a
> >> > cardinal sin.
> >> >
> >>
> >> I've just started reading https://fedoraproject.org/wiki/EPEL/FAQ and
> >> realized this became a problem which hurts EPEL much more than Fedora.
> >>
> >> IMHO it simply got too difficult to maintain packages for quite a number
> >> of software tools. It explains why there are so many missing, outdated
> >> or
> >> dead packages in Fedora and more so in EPEL.
> >>
> >> What worries me even more is that things have changed to be worse with
> >> every release than becoming better.
> >>
> >>
> > To put it bluntly, is that there are multiple issues going on:
> >
> > 1. We have a large number of people who have gotten used to someone else
> > doing the work for them and not having to care about the software
> > themselves. In doing so they have this idea that building the software is
> > exactly like it was when they got into computers. [* This isn't a new
> > phenomena]
> > 2. Software gets more complicated and more interdependent to do the many
> > things software consumers expect it to accomplish.
> > 3. Software changes more rapidly because more people are able to work on
> > code and people have this odd thing of deciding that whoever wrote the
> > code
> > last was a complete idiot and this new method/language is much better.
> > [The
> > only time it is funny is the once a week where a git blame shows you that
> > the last idiot was you.]
> > 4. With millions of software consumers, there are millions of 'opinions'
> > of
> > what they need and Linux being a system which allows you to shoot your
> > foot
> > in a billion ways tries to accomplish all of them.
> >
> > * When I was getting into software in the 1990's there were a lot of
> > people
> > who had been using Unix systems from the 1970's who found 'modern'
> > software
> > to be too complicated to build and coders were out of their minds for
> > adding in such complexity when no one needed an editor more than ed. At
> > the
> > time I thought they were 'joking' but when I went to work at various
> > places
> > I found they were dead serious. The change is that where in the 1990's
> > there were only hundreds of people like that, now there are maybe a low
> > million.
> >
> > Trying to build large amounts of divergent code and make it stay working
> > is
> > very hard. As much as modules are a bane of my existence, something like
> > them is absolutely necessary for many complicated stacks from desktop
> > software to web applications. Writing basic rpms is even more complicated
> > than in 1999 because there are so many corner cases which have to be
> dealt
> > with. Writing modules is adding more layers of indirection on top of that
> > because it is trying to keep the Rube Goldberg machine of each
> individuals
> > 'choices' going.
> >
> > Frankly unless someone can figure out a way to make the packaging
> > janitorial work sexy enough to have people interested in it.. or people
> > who
> > need this stuff actually pay people to do it.. this is all going to fall
> > apart like all infrastructure which was 'someone else's problem'.
>
> Well, unfortunately yes, EPEL is on a good way to go where DAG, ATrpms,
> NUX, freshrpms and all the others already are.
>
>
Many of those ran out of steam because software got more and more
complicated, and consumers demanded MORE of it but put less into it. "There
is no such thing as a free lunch" but it doesn't seem to stop people
assuming there has to be.



> Ironically, CentOS was the reason for other clones like Scientific Linux
> to vanish, now CentOS Linux vanishes itself. The same goes with EPEL, it
>

CentOS was not the primary reason Scientific Linux (and some other
rebuilds) vanished, it was the convenient excuse. The staff who were
working on Scientific Linux had continual budget cuts over a decade while
also an increase in what people wanted from it. There were several 'your
team has been told to retire' before they combined with CentOS. It is a
problem that the other past clones ran into and I expect the future ones
will also have to grapple. It takes a lot of resources to build an OS even
if it is recompiling the source code others made available to you. Without
a constant renewal and growth of those resources, the people volunteering
(or even being paid) to do the work run out of 

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 18 Feb 2021 at 04:47, Simon Matter  wrote:

> >
> > Smooge, you know I feel your pain, but becoming a maintainer in EPEL has
> > a pretty high bar (lots of new tools and methods to work with, amongst
> > other things) -- as it SHOULD, given that it's intended as an addon to
> > EL and needs to be very tightly controlled.  It's just more difficult to
> > get started these days relative to when anyone could build an rpm as
> > long as they had a copy of Maximum RPM and knew how to drive 'rpm -ba'
> >  back when building as root in a non-reproducible buildroot wasn't a
> > cardinal sin.
> >
>
> I've just started reading https://fedoraproject.org/wiki/EPEL/FAQ and
> realized this became a problem which hurts EPEL much more than Fedora.
>
> IMHO it simply got too difficult to maintain packages for quite a number
> of software tools. It explains why there are so many missing, outdated or
> dead packages in Fedora and more so in EPEL.
>
> What worries me even more is that things have changed to be worse with
> every release than becoming better.
>
>
To put it bluntly, is that there are multiple issues going on:

1. We have a large number of people who have gotten used to someone else
doing the work for them and not having to care about the software
themselves. In doing so they have this idea that building the software is
exactly like it was when they got into computers. [* This isn't a new
phenomena]
2. Software gets more complicated and more interdependent to do the many
things software consumers expect it to accomplish.
3. Software changes more rapidly because more people are able to work on
code and people have this odd thing of deciding that whoever wrote the code
last was a complete idiot and this new method/language is much better. [The
only time it is funny is the once a week where a git blame shows you that
the last idiot was you.]
4. With millions of software consumers, there are millions of 'opinions' of
what they need and Linux being a system which allows you to shoot your foot
in a billion ways tries to accomplish all of them.

* When I was getting into software in the 1990's there were a lot of people
who had been using Unix systems from the 1970's who found 'modern' software
to be too complicated to build and coders were out of their minds for
adding in such complexity when no one needed an editor more than ed. At the
time I thought they were 'joking' but when I went to work at various places
I found they were dead serious. The change is that where in the 1990's
there were only hundreds of people like that, now there are maybe a low
million.

Trying to build large amounts of divergent code and make it stay working is
very hard. As much as modules are a bane of my existence, something like
them is absolutely necessary for many complicated stacks from desktop
software to web applications. Writing basic rpms is even more complicated
than in 1999 because there are so many corner cases which have to be dealt
with. Writing modules is adding more layers of indirection on top of that
because it is trying to keep the Rube Goldberg machine of each individuals
'choices' going.

Frankly unless someone can figure out a way to make the packaging
janitorial work sexy enough to have people interested in it.. or people who
need this stuff actually pay people to do it.. this is all going to fall
apart like all infrastructure which was 'someone else's problem'.


> Regards,
> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 11 Feb 2021 at 13:39, Simon Matter  wrote:

> > On Thu, 11 Feb 2021 at 12:31, Simon Matter 
> wrote:
> >
> >> > Le 11/02/2021 à 17:08, Simon Matter a écrit :
> >> >> But, I'm a bit shocked to find EPEL 8 in such a bad shape of
> >> brokenness
> >> >> and incompleteness
> >> >
> >> > I've come to the same conclusion.
> >> >
> >> > For the past couple years, my solution has been to use RHEL clones
> >> (CentOS
> >> > and
> >> > Oracle Linux) on servers only (multi-user.target).
> >> >
> >> > I've moved all my graphical installations (workstation, laptops,
> >> desktop
> >> > clients) to OpenSUSE Leap + KDE.
> >>
> >> In our situation it's not so easy to say server or client. We're running
> >> remote desktops over nx-libs, so, a server is also a client at the same
> >> time.
> >>
> >> I always new EPEL is not perfect but it was usable to some degree and
> >> that's why Red Hat told their customers about it and how to use it. But
> >> the current state of EPEL is sad.
> >>
> >>
> > EPEL is a volunteer driven repository and not many volunteers have been
> > available for EL8. Many of the past volunteers have retired or been
> > promoted out of positions they actually have time to do the work anymore.
> > Asking for replacements is not easy because most people who are
> interested
> > in EPEL just want the packages built. They have no want or clue to do the
> > work themselves and want someone else to do the work for them. This leads
> > to a lot of people expecting packages without anyone doing the work.
>
> I know what you mean but my case is a bit different. For ~ two decades I'm
> using Red Hat based distributions and built a large number of packages.
> There are even packages in RHEL which they took over from me with my
> permission. I'm maintaining quite a number of packages which sometimes
> also exist in EPEL but I always keep them up to date and available with
> the same version on all Red Hat based distributions of the past, even
> after EOL. Many of the packages are available as SRPMs to those
> interested. Usually we didn't use any critical package from EPEL because
> of the state of support it has. But it was handy to consume some slowly
> changing things like XFCE from EPEL. To find out now that even such things
> are now in a bad state is a bit sad.
>
>
My apologies, you did not deserve the rant, but the word 'sad' seems to
make me see red. I have been told things were 'sad' for EPEL from May of
2019 until now over and over again. Unlike you, most of the people are ones
who never volunteered a package but thought it was a 'given' that EPEL
would have all their packages for them. After more than a year of it.. it
is a tick and I should count to 100 before replying versus 50.

In the end, it is a bad state of affairs, but I also think that it is how
things are going. There are a LOT of people who seem to expect that this is
all for them FREE and that they can make as many demands as they want. That
tires out volunteers and eventually you end up with what happened to all
the previous 3rd party repositories.. the volunteers stop showing up to
help out. So without a reason for people to volunteer or someone paying the
4+ people needed to do the work day in and day out, the repositories end up
in a bad state.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to install XFCE on CentOS 8?

[Stephen John Smoogen]

On Thu, 11 Feb 2021 at 12:31, Simon Matter  wrote:

> > Le 11/02/2021 à 17:08, Simon Matter a écrit :
> >> But, I'm a bit shocked to find EPEL 8 in such a bad shape of brokenness
> >> and incompleteness
> >
> > I've come to the same conclusion.
> >
> > For the past couple years, my solution has been to use RHEL clones
> (CentOS
> > and
> > Oracle Linux) on servers only (multi-user.target).
> >
> > I've moved all my graphical installations (workstation, laptops, desktop
> > clients) to OpenSUSE Leap + KDE.
>
> In our situation it's not so easy to say server or client. We're running
> remote desktops over nx-libs, so, a server is also a client at the same
> time.
>
> I always new EPEL is not perfect but it was usable to some degree and
> that's why Red Hat told their customers about it and how to use it. But
> the current state of EPEL is sad.
>
>
EPEL is a volunteer driven repository and not many volunteers have been
available for EL8. Many of the past volunteers have retired or been
promoted out of positions they actually have time to do the work anymore.
Asking for replacements is not easy because most people who are interested
in EPEL just want the packages built. They have no want or clue to do the
work themselves and want someone else to do the work for them. This leads
to a lot of people expecting packages without anyone doing the work.

That rant aside, if people are interested in helping out, there is a weekly
EPEL IRC SIG meeting (irc.freenode.net #fedora-meeting 22:00 UTC Friday).
THere is the #epel mailing list and there are several people who are trying
to get volunteers to work on packages and such.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Challenging times in trying to access oracle Linux documentation

[Stephen John Smoogen]

On Sat, 6 Feb 2021 at 18:39, Stephen John Smoogen  wrote:

>
>
> On Sat, 6 Feb 2021 at 15:57, Frank Cox  wrote:
>
>> On Sat, 6 Feb 2021 15:22:21 -0500
>> Jonathan Billings wrote:
>>
>> 1.) you assume people will clearly label their off topic threads
>>
>> I think that in most cases that will happen, yes, since people with a
>> technical background understand that clarity and precision are important
>> when posting a question or observation or asking for advice.
>>
>>  2.) as we’ve seen, those off topic threads often weave in and out of
>> on-topic threads until a moderator tells you to take it to another venue.
>>
>> Which of course never happens now with threads that start off discussing
>> some aspect of Centos?
>> >
>> >  You’ll dilute the usefulness of this list to the point that it will be
>> > worthless for people who are interested in CentOS topics.
>>
>> In your opinion.  On average, this is not a high-traffic mailing list and
>> I'd be really surprised if the traffic actually increased in any
>> significant way since a question that might today be asked about Centos
>> will be asked tomorrow about Rocky; either way, there's no net increase in
>> the traffic, just a change in the subject line.
>>
>>
> I have now administered mailing lists for 25+ years and I have found that
> what happens is that off-topic traffic basically causes an echo chamber
> effect over time. The people having the side conversations get louder and
> louder over time not because the list gets larger but because they have
> 'driven' off the people who were here for a specific focus. The people
> remaining become more and more of an echo chamber moving the 'topic' to
> being wha
>
> I realize that this has been a traumatic split in the culture for a lot of
> people (myself included), but there is a point where the list main topic of
> discussion will be on how to use/administer/fix CentOS Stream and CentOS-7
> versus Oracle/FreeBSD/Rocky/Alma/Debian/Slackware/etc.
>
> I can ask for a generic-enterprise-nix (genix?) list on the CentOS mailman
> and see if that can take up the traffic for the people who feel that they
> want and need to talk about alternatives. If that is acceptable then people
> can subscribe there and talk in detail about other operating systems
> choices.  I do believe these conversations do need to happen but not
> everyone wants to hear the 4 Yorkshiremen skit every day as we 'old-timers'
> deal with our past.
>
>
>
https://pagure.io/centos-infra/issue/214

The list may not make sense to be on the CentOS mail servers so I may need
to look at either Fedora or a different site.



> --
> Stephen J Smoogen.
>
>

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Challenging times in trying to access oracle Linux documentation

[Stephen John Smoogen]

On Sat, 6 Feb 2021 at 15:57, Frank Cox  wrote:

> On Sat, 6 Feb 2021 15:22:21 -0500
> Jonathan Billings wrote:
>
> 1.) you assume people will clearly label their off topic threads
>
> I think that in most cases that will happen, yes, since people with a
> technical background understand that clarity and precision are important
> when posting a question or observation or asking for advice.
>
>  2.) as we’ve seen, those off topic threads often weave in and out of
> on-topic threads until a moderator tells you to take it to another venue.
>
> Which of course never happens now with threads that start off discussing
> some aspect of Centos?
> >
> >  You’ll dilute the usefulness of this list to the point that it will be
> > worthless for people who are interested in CentOS topics.
>
> In your opinion.  On average, this is not a high-traffic mailing list and
> I'd be really surprised if the traffic actually increased in any
> significant way since a question that might today be asked about Centos
> will be asked tomorrow about Rocky; either way, there's no net increase in
> the traffic, just a change in the subject line.
>
>
I have now administered mailing lists for 25+ years and I have found that
what happens is that off-topic traffic basically causes an echo chamber
effect over time. The people having the side conversations get louder and
louder over time not because the list gets larger but because they have
'driven' off the people who were here for a specific focus. The people
remaining become more and more of an echo chamber moving the 'topic' to
being wha

I realize that this has been a traumatic split in the culture for a lot of
people (myself included), but there is a point where the list main topic of
discussion will be on how to use/administer/fix CentOS Stream and CentOS-7
versus Oracle/FreeBSD/Rocky/Alma/Debian/Slackware/etc.

I can ask for a generic-enterprise-nix (genix?) list on the CentOS mailman
and see if that can take up the traffic for the people who feel that they
want and need to talk about alternatives. If that is acceptable then people
can subscribe there and talk in detail about other operating systems
choices.  I do believe these conversations do need to happen but not
everyone wants to hear the 4 Yorkshiremen skit every day as we 'old-timers'
deal with our past.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Challenging times in trying to access oracle Linux documentation

[John R. Dennison]

On Thu, Feb 04, 2021 at 10:23:37AM -0600, Frank Cox wrote:
> 
> Speaking for myself only, I have no problem with anyone posting Oracle
> Linux questions, answers or solutions in this mailing list.  I think
> that as time goes on, OL and Rocky Linux will start to get more
> discussion and coverage here.  Since they are all very similar to each
> other, most of the solutions for one will likely be applicable to all
> anyway and if there's a better alternative offered on one of the
> others, then that's worth knowing as well.

This is a CentOS list.  The other distros you mention have their own
venues for support and discussion and those should be used.






John
-- 
"He'll sit here and say, 'Do this! Do that!' And nothing will happen. Poor
Ike. It won't be a bit like the army. He'll find it very frustrating."

Harry Truman - shortly before the Eisenhower inauguration in 1952


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel/64 CentOS VM running on a Mac M1?

[Stephen John Smoogen]

On Thu, 28 Jan 2021 at 20:12, Lists  wrote:

> My Dell Precision M3800 running Fedora works great but is really starting
> to
> show its age, and I'm thinking about getting a new Mac M1-based laptop as
> it
> would really be useful for Video production.
>
> But I really need to have a IA64 CentOS 7/8 VMs running locally for
> development as I'm often on the road and flaky Internet makes it a
> necessity to
> keep productivity up. I've been unable to officially confirm that VMWare/
> Parallels/VirtualBox intend to support IA64 based OS's and it *needs* to
> be an
> exact (VM) copy of production so I can trial environments and builds prior
> to
> roll out.
>
>
1. The Apple M1 uses a variant of the aarch64 (ARM 64 bit) CPU, and the
hardware architecture is different from aarch64 server class hardware in
multiple ways.
2. Currently the work to get Linux to run on the M1 works great in
emulation and somewhat with a lot of work in native mode.
3. IA64 is the Itanium server which Intel stopped making a while ago and
Red Hat quit supporting in 2017.
4. x86_64 (or amd64 ) is the native processor name for the Intel/AMD 64 bit
architecture. It is what your older system runs.
5. The only way to run x86_64 on an M1 is via 'double' emulation. First you
would have to run a virtual machine on the M1 and that virtual machine
would have to emulate the x86_64. It would be extremely slow, inefficient
and probably could not emulate all the hardware needed.

If you are needing to update your hardware, you need to keep Linux running
native on the system, and that system needs to be x86_64, you will either
need to get an earlier generation Mac or a current system from Dell, HP,
ASUS, etc.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OPIE w/ OpenSSH Account Enumeration The remote host is susceptible to an information disclosure attack.

[Stephen John Smoogen]

On Thu, 28 Jan 2021 at 11:40, Kaushal Shriyan 
wrote:

> Hi,
>
> I am running the openssh-server-7.4p1-21.el7.x86_64 on CentOS Linux release
> 7.9.2009 (Core).
>
> #cat /etc/redhat-release
> CentOS Linux release 7.9.2009 (Core)
> # rpm -qa |grep ssh
> openssh-server-7.4p1-21.el7.x86_64
> libssh2-1.8.0-4.el7.x86_64
> openssh-7.4p1-21.el7.x86_64
> openssh-clients-7.4p1-21.el7.x86_64
>
> While invoking the Vulnerability Assessment and Penetration Testing (VAPT)
> scan, we are encountering the below vulnerability.
>
> OPIE w/ OpenSSH Account Enumeration The remote host is susceptible to an
> > information disclosure attack. CVE-2007-2768 A patch currently does not
> > exist for this issue. As a workaround, ensure that OPIE for PAM is not
> > installed.
> > Version source: SSH-2.0-OpenSSH_7.4
> > Installed version : 7.4
> > https://seclists.org/fulldisclosure/2007/Apr/634
>
>
> Any help will be highly appreciated. Thanks in Advance. Please let me know
> if you need any additional information.
>
>
This vulnerability is a 'useless' one to test against unless you are either
going to 'exploit' OPIE to confirm it is installed or have local access to
the system to check. For the systems which show up like this you will need
to see if OPIE has been installed on the systems.  OPIE is not shipped with
CentOS as far as I know but it could be installed aftermarket.

if it was done with rpms'
rpm -qa | grep -i opie

otherwise you will need to look in /etc/pam.d

grep -i open /etc/pam.d/*

If it is installed, then this isn't a CentOS issue as OPIE is not shipped
but would be whoever added this to the systems problem.


> Best Regards,
>
> Kaushal
> -
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to query which yum package groups a particular package is member of

[Stephen John Smoogen]

On Wed, 27 Jan 2021 at 15:27, Stephen John Smoogen  wrote:

>
>
> On Wed, 27 Jan 2021 at 15:23, Kenneth Porter 
> wrote:
>
>> --On Wednesday, January 27, 2021 8:07 PM + J Martin Rushton via
>> CentOS
>>  wrote:
>>
>> > Here's how to find the package for a particular file:
>>
>> That one's easy and I use this all the time:
>>
>> rpm -qf full-file-name
>>
>> I'm looking for how to get the yum group for a package. (I'm guessing a
>> package might even be in more than one group?) That would help explain
>> how
>> the dnsmasq package got installed on my system. (It was never enabled by
>> systemd and isn't required by any other package. So I went ahead and
>> erased
>> it to free the space and reduce my attack surface.)
>>
>>
>>
> yum group list
>
> then look at the groups installed
>
> yum group info 
>
> as in
>
> yum group info base
>
>
or one can look for the comps file in /var/cache/yum

network-tools has dnsmasq listed as a package

repoquery says the following on my rhel box
NetworkManager-1:1.4.0-20.el7_3.x86_64
libvirt-daemon-driver-network-0:4.5.0-36.el7_9.3.x86_64



>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
>
> --
> Stephen J Smoogen.
>
>

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to query which yum package groups a particular package is member of

[Stephen John Smoogen]

On Wed, 27 Jan 2021 at 15:23, Kenneth Porter  wrote:

> --On Wednesday, January 27, 2021 8:07 PM + J Martin Rushton via CentOS
>  wrote:
>
> > Here's how to find the package for a particular file:
>
> That one's easy and I use this all the time:
>
> rpm -qf full-file-name
>
> I'm looking for how to get the yum group for a package. (I'm guessing a
> package might even be in more than one group?) That would help explain how
> the dnsmasq package got installed on my system. (It was never enabled by
> systemd and isn't required by any other package. So I went ahead and
> erased
> it to free the space and reduce my attack surface.)
>
>
>
yum group list

then look at the groups installed

yum group info 

as in

yum group info base


> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to query which yum package groups a particular package is member of

[Stephen John Smoogen]

On Wed, 27 Jan 2021 at 15:01, Kenneth Porter  wrote:

> I'm trying to find out how dnsmasq got on my CentOS 7 system, since I use
> BIND for DNS. I'm guessing it was part of a base group that Anaconda
> installs for all systems.
>
>
probably from virtualization if it is there.. but a way to check is

repoquery --whatrequires dnsmasq



Red Hat has this answered on this page but the answer is only available to
> subscribers. I'm guessing this kind of content will be available to us
> once
> the new free subscription thing starts.
>
> 
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL changes

[John R. Dennison]

On Mon, Jan 25, 2021 at 09:05:12PM +0100, Marc Balmer via CentOS wrote:
> 
> We suggested CentOS 8 to our customers.  And we have been badly f***ed 
> the a**.  Sorry for the wording that you may assume, but that is how it is.

Could you at least pretend to be professional when posting to our lists?

> Really, you (as in the CentOS project) totally screwed it.

Really, you, (as in you) totally don't get it.  *CentOS* didn't do this
thing; *Red Hat* did this thing.  Go blame them.





John
-- 
If there is an embarrassment equivalent of post-traumatic stress disorder,
South Carolina has it.

-- Dick Harpootlian, former state Democratic chairman, on its recent
   politics, New York Times, 12 June 2010


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL changes

[John R. Dennison]

On Fri, Jan 22, 2021 at 06:06:41PM -0500, Matthew Miller wrote:
> 

I am not sure that speaking in absolutes does anyone any good.





    John
-- 
Everything happens for a reason.  And that reason is normally physics.

- Anonymous


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL changes

[Stephen John Smoogen]

On Fri, 22 Jan 2021 at 08:32, Gionatan Danti  wrote:

> Il 2021-01-22 13:43 Nikolaos Milas ha scritto:
> > I think we can expect Rocky Linux to provide a real solution to CentOS
> > future. We shall know very soon, so let's just wait for a short while.
>
> Hi, there are any specific reasons to not use Spingdale Linux?
> As far I know, it already ships a RHEL 8.3 clone.
>
>
My guess is that no one wants to go to a new OS alone. They want to go with
all their mailing list buddies but they also want to make a STATEMENT to
stick it in the eye of Red Hat for doing this. Going to a staid and quiet
existing OS doesn't make that statement. Going to a competing company like
Oracle does have the stick in the eye, but it already has its own community
and ways of doing things in an Oracle way. A lot of grumpy old sysadmins
are a drop in the bucket. Now Rocky has no history, no existing community
and a bunch of old sysadmins could jump in and be just like they were
elsewhere. So try and get everyone you know to go there.. [it also doesn't
exist so if it doesn't work out you won't have moved your systems to it and
then found you had to move it something else.]


> Thanks.
>
> --
> Danti Gionatan
> Supporto Tecnico
> Assyoma S.r.l. - www.assyoma.it
> email: g.da...@assyoma.it - i...@assyoma.it
> GPG public key ID: FF5F32A8
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL changes

[John R. Dennison]

On Thu, Jan 21, 2021 at 11:15:50PM +, Phil Perry wrote:
> 
> Surely anyone requiring less than 16 licences will now ditch CentOS 7 in
> favour of RHEL7? The rest may stay on CentOS 7 for a year or so until there
> is a clearer picture around viable alternatives. This may as well become the
> RHEL users list and CentOS-Devel effectively becomes the CentOS-Stream
> mailing list?

I have no plans on moving to RHEL7; it's work that doesn't need to be
done.

And let's face it, centos-devel@ has been nothing but RH noise since
2014; I've suggested renaming it, and #centos-devel for what it's worth,
on a couple different occasions.






    John
-- 
Learn to control ego.  Humans hold their dogmas and biases too tightly,
and we only think that our opponents are dogmatic!  But we all need
criticism.  Criticism is the only known antidote to error.

-- David Brin (6 October 1950-), American scientist and award-winning
   science fiction author, interview at ActuSF.com, March 2008


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL changes

[John R. Dennison]

On Thu, Jan 21, 2021 at 11:36:44PM +0100, Ljubomir Ljubojevic wrote:
> On 1/21/21 8:53 PM, Alfredo Perez wrote:
> > Is this good news for the "Centos" family?
> > 
> 
> There is no CentOS "family". CentOS clone is dead and will be now

Odd that you say it's dead when 7 doesn't sunset until June 30th, 2024.





    John
-- 
I do not fear an army of lions, if they are led by a lamb.  I do fear an
army of sheep, if they are led by a lion.

-- Alexander the Great


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL changes

[Stephen John Smoogen]

On Thu, 21 Jan 2021 at 17:15, Nicolas Kovacs  wrote:

> Le 21/01/2021 à 22:17, Valeri Galtsev a écrit :
> > I tried Oracle Linux. After installation it took forever to update yum
> > database, or do you yum search. Also: I didn't find mirrors... All this
> sort of
> > ruled it out for me.
>
> Works perfectly here:
>
> https://gitlab.com/kikinovak/oracle/-/blob/master/linux-setup.sh
>
> You might want to give it another spin.
>
>
I think from years of posting that FreeBSD is how Valeri's brain works best
and that is cool. Some people have certain OS paradigms where they function
best and are able to solve problems better than another system. For other
people it might be a completely 'brainjam' type thing [sort of like when
people try using my tools and find many of them are left-handed.. things
look the same but they don't work 'correctly' for some reason.] but if you
find the tool you work best in for an enterprise and your customers are
happy so be it.



> Cheers,
>
> Niki
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : i...@microlinux.fr
> Tél. : 04 66 63 10 32
> Mob. : 06 51 80 12 12
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kickstart "Error setting up base repository"

[Stephen John Smoogen]

On Tue, 19 Jan 2021 at 15:54, Alex Kirk  wrote:

> So adding on:
>
> repo --name="BaseOS"
> --baseurl=file:///run/install/sources/mount--cdrom/BaseOS
>
> ...didn't help at all. Neither did adding the symlink out of the BaseOS
> directory to the images subdirectory above it.
>
> I did notice this time, however, that when I click into the "Installation
> Source" button of the UI where the erorr is, if I click on the repos being
> read from my Kickstart file, there's a small error at the bottom of the
> page that says "Repository name conflicts with internal repository name".
> That seems weird, since again I'm basing this on a successful manual
> install - why would that write a conflicting repo name to the config?
>
>
so I think the error (or warning) is because according to the repo command
you can't name repositories the same as ones already defined in anaconda.
However somehow our working kickstarts have
# Use network install
url --url=http://10.0.0.1/repo/rhel/RHEL/8.2/x86_64/
repo --name=epel --baseurl=http://10.0.0.1/pub/epel/8/Everything/x86_64/
repo --name="BaseOS" --baseurl=
http://10.0.0.1/repo/rhel/rhel8/x86_64/rhel-8-for-x86_64-baseos-rpms/
repo --name="AppStream"  --baseurl=
http://10.0.0.1/repo/rhel/rhel8/x86_64/rhel-8-for-x86_64-appstream-rpms/
repo --name="PowerTools" --baseurl=
http://10.0.0.1/repo/rhel/rhel8/x86_64/codeready-builder-for-rhel-8-x86_64-rpms/

are you able to get to a console when this box is 'failing'? control-b 2 or
something to move to a shell? if you can there might be a way to see if the
cdrom is even mounted and in the directory listed. If it isn't
//run/install/sources/mount--cdrom then none of the repositories would
work. I don't have any systems with cdroms anymore so I am not sure how to
test to see myself.

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kickstart "Error setting up base repository"

[Stephen John Smoogen]

On Tue, 19 Jan 2021 at 12:27, Alex Kirk  wrote:

> I recently built my first CentOS kickstart config on a CentOS 7 system; it
> runs well, but the OS and its tools are old enough that it's causing pain
> with the apps I want to run on top of said system, so I'm trying to port it
> to CentOS 8.
>
> I've taken the anaconda-ks.cfg file created from a successful manual
> install (of both regular 8 and Stream), placed it on my DVD ISO, and
> wrapped things back up like I was doing with CentOS 7. I'm successfully
> beginning the installation, but running into "Error setting up base
> repository" - despite having not touched either the filesystem structure of
> the ISO, or the generated kickstart file that points at my repos.
>
> Here is the relevant config:
>
> #version=RHEL8
> # Use graphical install
> graphical
>
> repo --name="AppStream"
> --baseurl=file:///run/install/sources/mount--cdrom/AppStream
>
>
I think you need to have a repo for every repository used including the
baseOS one.. like

repo --name="BaseOS"
--baseurl=file:///run/install/sources/mount--cdrom/BaseOS


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to do virtual IP on NetworkManager

[Stephen John Smoogen]

On Mon, 18 Jan 2021 at 12:51, Simon Matter  wrote:

> > On Mon, Jan 18, 2021 at 2:56 PM Jerry Geis  wrote:
> >
> >> Hi All,
> >>
> >> I use virtual IP from time to time on CentOS 7. just take something like
> >> eth0 and make eth0:1 put in there the IP and subnet and bring up the new
> >> IP
> >> and it works.
> >>
> >> How do I do that with NetworkManager on the command line (assuming all
> >> static IP information)
> >> I do something like this from nmcli to set the static address:
> >> nmcli connection modify eth0 ipv4.method manual ipv6.method ignore
> >> autoconnect yes ipv4.addr 192.168.1.8/24 gw4 192.168.1.1 ipv4.dns
> >> 8.8.8.8
> >>
> >> How then do I add a virtual IP?
> >>
> >> Thanks
> >>
> >> Jerry
> >
> >
> > With nmcli you should use:
> > nmcli con mod eth0 +ipv4.addresses 192.168.1.X/24
> >
> > This would modify your existing ifcfg-eth0 adding the lines:
> >
> > IPADDR1=192.168.1.X
> > PREFIX1=24
> >
> > To have the new setting applied and your new ip alias up and running you
> > can then use
> >
> > nmcli dev reapply eth0
> > (supposing the device name bound to the connection is eth0)
> >
> > You can also manually modify the file adding the two lines above and then
> > run:
> > nmcli con reload
> > nmcli dev reapply eth0
> >
> > I think you should not lose your connection, but always test on a non
> > production machine with the same os version... just for safety
> > HIH,
> > Gianluca
>
> Hi Gianluca,
>
> Am I right that what you describe doesn't add an alias device like eth0:1
> but adds the additional IP address to the eth0 device?
>
> Apart from that, when running with NetworkManager, can one still add a
> temporary eth0:1 alias (with ifconfig/ip), use it and remove it again, or
> does NM somehow prevent this?
>
>
There are several issues which get in the way, but the major one is with
the iproute command replacing net-tools (versus NetworkManager)

https://unix.stackexchange.com/questions/192908/how-do-you-create-an-ip-alias-using-iproute-utils
https://unix.stackexchange.com/questions/87829/difference-between-virtual-interfaces-with-ifconfig-and-iproute2

[The major issues I run into is that ethX is considered a kernel only
interface and may not always point to the same interface depending on the
day of the week.. that gets added onto how iproute wants to do 'aliases'
versus proper port configs and then NetworkManager sits on top and get the
blame :)]



> Regards,
> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to reset the USB subsystem?

[Stephen John Smoogen]

On Thu, 14 Jan 2021 at 12:19, Fred  wrote:

> from a non-expert (me):
>
> possibly figure out what happens when the device is plugged/unplugged and
> doing that by hand. if you can find the udev file(s) that manage the
> port(s) that get hung you may be able to figure out what those steps would
> be.
>
> or you could try, when hung, plugging it into a different USB port... some
> motherboards have multiple USB controllers, so even if one gets wedged
> tight, the other one(s) shouldn't be.
>
>
So what can happen is that the USB device is seeing a lot of noise from the
interface and shutdown the interface for a period of time. If you are
extremely lucky, it will even send some sort of message to the computer bus
it is doing this. In most other cases, the only fix is to reboot or
temporarily unplug the devices connected to that particular USB controller
(a computer may have multiple USB controllers since USB is a hubbed network
and collisions and conflicts are expected for short periods.). [It used to
be that you could cause a USB reset by removing the modules from the kernel
and add them but that was a long time ago when a PS/2 keyboard was a real
device and not an emulated PS/2 connected to the USB hub. ]





> Good Luck!
>
> Fred
>
> On Thu, Jan 14, 2021 at 11:22 AM Frank Bures  wrote:
>
> > Hi,
> >
> > my USB connected printer goes into deep space from time to time probably
> > due to a HW problem on the MoBo.
> >
> > Is there a way how to reset the USB subsystem the same way one can
> restart
> > networking or X without the necessity to reboot?
> >
> > Thanks
> > Frank
> >
> > --
> >
> > 
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LTS

[Stephen John Smoogen]

On Tue, 12 Jan 2021 at 01:32, Thomas Stephen Lee  wrote:

> Hi,
>
> CentOS Linux can continue as Fedora LTS or something similar with a
> five-year life cycle. After five years, users can opt for paid upgrades.
> We can also work with System manufacturers to pre-install the free LTS on
> their products, which will increase our user base.
>
>
1. There is no Fedora LTS and there are no plans for one. Many of the
developers who do the work in Fedora but do not work for Red Hat are not
interested in the project doing any sort of LTS work. Getting EPEL work is
a slog already there.
2. Both Fedora and CentOS are Red Hat 'sponsored' projects where Red Hat
owns the trademarks and legally owns the output of the projects. Use of
said trademarks for any product needs approval of Red Hat within specific
guidelines. If Red Hat is not interested in continued CentOS, then I do not
see any reason it would be interested in Fedora LTS.
3. "We can also work with.." requires legal agreements which needs Red Hat
lawyers to sign. There are a lot of legal items which have to be reviewed
and a lot of liability negotiations which have to be done.
4. Getting System manufacturers to pre-install is a multi year work. The
getting Fedora onto Lenovo started in the early 2010's and only got done in
2020. Each company that does this has multiple internal groups who are
advocating THEIR favourite Linux to be the one which usually means there is
all kinds of internal system manufacturer social negotiations going on. The
agreements also are usually tightly reigned in by the manufacturer so that
getting an LTS (if it existed) onto this hardware would be a multi-year
work to do starting from when you had a working LTS.

That said, the items above are all true if you remove Fedora from the
equation. Rocky Linux/Navy Linux/RedHawk Linux/Cloud Linux could all be the
places for that to happen.


> ---
> Lee,
> Community User.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LTS

[John R. Dennison]

On Tue, Jan 12, 2021 at 12:00:00PM +0530, Thomas Stephen Lee wrote:
> 
> CentOS Linux can continue as Fedora LTS or something similar with a
> five-year life cycle. After five years, users can opt for paid upgrades.
> We can also work with System manufacturers to pre-install the free LTS on
> their products, which will increase our user base.

Who is this "we" you speak of?



    John
-- 
Children's talent to endure stems from their ignorance of alternatives.

-- Maya Angelou (1928-2014), American author, poet, and civil rights activist,
   I Know Why the Caged Bird Sings (1969)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Reboot/shutdown without login

[Stephen John Smoogen]

On Mon, 11 Jan 2021 at 14:14, Kenneth Porter  wrote:

> On 1/11/2021 10:32 AM, Frank Cox wrote:
> > How do you want the person to shut it down without logging in?  Some
> computers have a "smart" power switch pushbutton that you can program to do
> a shutdown or a reboot depending on how long you hold the button down.
> Otherwise you'll need at least a keyboard, or possibly something like a
> joystick or a mouse button?
>
> Keyboard. i don't have a mouse hooked up since it's currently running
> without a GUI.
>
> I wasn't sure if the power switch on the R720xd is monitored that way so
> that hitting the front panel button would shut the system down or maybe
> bring up the DRAC screen.
>
>
>
The simplest would be to have a person plug in a keyboard and do a three
finger salute (CNTRL-ALT-DEL) on the system. Doing it once should trigger a
shutdown and reboot. [That said. I have seen some systems ignore it and
others do an immediate power cycle so please test.]

When the hardware is booted, the DRAC screen can only be brought up on the
network.




> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Stephen John Smoogen]

On Wed, 6 Jan 2021 at 13:48, Gianluca Cecchi 
wrote:

> On Wed, Jan 6, 2021 at 7:43 PM Stephen John Smoogen 
> wrote:
>
> >
> > I honestly have no idea how much Tomcat is used anymore. The various
> places
> > that I worked previously or have contacts with have killed it off by
> moving
> > whatever used it to external cloud services versus JBOSS or anything
> else.
> > That is just an anecdata but it is all I have on the subject.
> >
> >
> Red Hat still has one of its offering based on Apache and Tomcat, named
> JBoss Web Server:
> https://www.redhat.com/en/technologies/jboss-middleware/web-server
>
> and the latest update available (5.4, based on upstream Tomcat 9) in
> November 2020, had the bits for RH EL 6, 7 and 8.
> See also docs entry page here:
> https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.4/
>
> So it is non considered a dead technology, even for business use cases
>
>
OK it looks like whatever I say is going to be taken to extremes so this
will be my last email on this.

I am not saying Tomcat is a dead technology. It is a technology which has
certain use cases and deployments which the people I knew who used it are
replacing with a different technology/service.

EOF




> Gianluca
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Stephen John Smoogen]

On Wed, 6 Jan 2021 at 12:42, Simon Matter  wrote:

> > On Wed, 6 Jan 2021 at 11:17, Simon Matter 
> wrote:
> >
> >> > On Wed, 6 Jan 2021 at 07:50, Simon Matter 
> >> wrote:
>
> > I didn't say or mean that. My answer is that it is complicated and more
> > meant that the software you expect requires more than the industry in
> > general is willing to pay to keep going. 10-20 years ago they were and so
> > the software was able to be 'mainstream'. As less people use it, and less
> > people are willing to pay for its maintenance the harder it is to keep
> > 'running safely'. Tomcat and Imagemagick have had a LOT of severe
> security
>
> I'd like to correct myself, ImageMagick was not simply removed but
> replaced by GraphicsMagick. From what I read it should be a usable
> solution as it's a fork from IM.
>
> For the Tomcat thing, I don't agree. Tomcat is widely used and I think the
> security concerns are not the real reason to remove it. It more likely
> that RedHat simply likes to sell more JBoss EAP. It's their right to do so
> but it's a removal of important functionality of the base RHEL package.
>
>
I honestly have no idea how much Tomcat is used anymore. The various places
that I worked previously or have contacts with have killed it off by moving
whatever used it to external cloud services versus JBOSS or anything else.
That is just an anecdata but it is all I have on the subject.



> Regards,
> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Stephen John Smoogen]

On Wed, 6 Jan 2021 at 11:17, Simon Matter  wrote:

> > On Wed, 6 Jan 2021 at 07:50, Simon Matter 
> wrote:
> >
> >> > Am 06.01.21 um 03:01 schrieb Scott Robbins:
> >> >> On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:
> >> >>> Off topic for sure, but it's a shame this has to be a manual process
> >> of
> >> >>> destroying and rebuilding every X years. Even Microsoft has gone the
> >> >>> Apple
> >> >>> way and just perpetually updates Windows 10 now.
> >> >>
> >> >> I'm not sure how it will go. Fedora now has a very good upgrade tool
> >> >> that
> >> >> has worked for me through a few versions.  So, hopefully, RH, and
> >> CentOS
> >> >> will have one too, who knows, maybe in time to migrate to Stream-9.
> >> >>
> >> >
> >> > Fedora's package set is quite "stable". You can expect that a package
> >> is
> >> > in the next release. This is not so valid for EL. Deprecated packages
> >> > (ImageMagick in EL7 but not in EL8) make such upgrade path difficult
> >> ...
> >>
> >> It's anyway hard to understand how an enterprise grade Linux can be
> >> shipped without things like ImageMagick or Tomcat. For quite some time
> >> now
> >> it gives me the impression that we're not the targeted audience anymore.
> >>
> >>
> > The issue is that 'Enterprise' is an overloaded term without the nuance
> it
> > needs. In the 'small' enterprise you have a lot of use of ImageMagick and
> > TomCat. In the large enterprise of 100,000+ servers.. it isn't. As more
> of
> > the large enterprises moved into RHEL, the amount of usage for a lot of
> > 'leaf' programs became rounding errors without enough usage to justify
> the
> > bug-fixing needed when compared to the load of bugfixing/enhancements/etc
> > in the 100k customers.
>
> Thanks for confirming that RHEL is the wrong OS for SME businesses these
> days. It's not really good for SME servers and not really good for SME
> clients. Something between Fedora and RHEL could be it but it doesn't
> exist.
>
>
I didn't say or mean that. My answer is that it is complicated and more
meant that the software you expect requires more than the industry in
general is willing to pay to keep going. 10-20 years ago they were and so
the software was able to be 'mainstream'. As less people use it, and less
people are willing to pay for its maintenance the harder it is to keep
'running safely'. Tomcat and Imagemagick have had a LOT of severe security
problems over the years and the general way the software is written makes
anyone who does work on them say it will have it for years in the future.
As less of the industry uses that software, the cost to keep the software
running is going to cost more.

So please don't take my statement to confirm your preconceived notion.


> BTW, servers? Who needs servers in the days of clouds and serverless
> computing :-)
>
>
Simon
>
> >
> >
> >> That's really sad because the competitors still include such important
> >> software as first class citizens. Maybe our requirements are just too
> >> old
> >> school?
> >>
> >>
> > An additional problem is a generational one. We have a lot of programs
> > which do various things 'well' enough written 10-30 years ago, and we of
> a
> > certain age use them for the hammers to every nail problem. However, the
> > problems fleets of 100k systems have are more welding versus hammering.
> So
> > we are in a situation where we do need to retrain some of our hammers to
> > be
> > rivet guns. There is also a similar industry problem that anything older
> > than 2 years ago is not sexy anymore because VC and investors aren't
> going
> > to dump money into it. [You see a similar issue in the various 'popular
> > mechanics' press that all homes in the next generation will only be built
> > with metal and hammers and wood are a thing of the past. What you see
> > instead is a wave of it and then a realization that you end up needing to
> > do a little of each.]
> >
> >
> >
> >> Simon
> >>
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> >
> >
> > --
> > Stephen J Smoogen.
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[Stephen John Smoogen]

On Wed, 6 Jan 2021 at 07:50, Simon Matter  wrote:

> > Am 06.01.21 um 03:01 schrieb Scott Robbins:
> >> On Tue, Jan 05, 2021 at 11:31:34PM +, Jamie Burchell wrote:
> >>> Off topic for sure, but it's a shame this has to be a manual process of
> >>> destroying and rebuilding every X years. Even Microsoft has gone the
> >>> Apple
> >>> way and just perpetually updates Windows 10 now.
> >>
> >> I'm not sure how it will go. Fedora now has a very good upgrade tool
> >> that
> >> has worked for me through a few versions.  So, hopefully, RH, and CentOS
> >> will have one too, who knows, maybe in time to migrate to Stream-9.
> >>
> >
> > Fedora's package set is quite "stable". You can expect that a package is
> > in the next release. This is not so valid for EL. Deprecated packages
> > (ImageMagick in EL7 but not in EL8) make such upgrade path difficult ...
>
> It's anyway hard to understand how an enterprise grade Linux can be
> shipped without things like ImageMagick or Tomcat. For quite some time now
> it gives me the impression that we're not the targeted audience anymore.
>
>
The issue is that 'Enterprise' is an overloaded term without the nuance it
needs. In the 'small' enterprise you have a lot of use of ImageMagick and
TomCat. In the large enterprise of 100,000+ servers.. it isn't. As more of
the large enterprises moved into RHEL, the amount of usage for a lot of
'leaf' programs became rounding errors without enough usage to justify the
bug-fixing needed when compared to the load of bugfixing/enhancements/etc
in the 100k customers.


> That's really sad because the competitors still include such important
> software as first class citizens. Maybe our requirements are just too old
> school?
>
>
An additional problem is a generational one. We have a lot of programs
which do various things 'well' enough written 10-30 years ago, and we of a
certain age use them for the hammers to every nail problem. However, the
problems fleets of 100k systems have are more welding versus hammering. So
we are in a situation where we do need to retrain some of our hammers to be
rivet guns. There is also a similar industry problem that anything older
than 2 years ago is not sexy anymore because VC and investors aren't going
to dump money into it. [You see a similar issue in the various 'popular
mechanics' press that all homes in the next generation will only be built
with metal and hammers and wood are a thing of the past. What you see
instead is a wave of it and then a realization that you end up needing to
do a little of each.]



> Simon
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream suitability as a production webserver

[John R. Dennison]

On Wed, Jan 06, 2021 at 08:31:34AM +0100, Nicolas Kovacs wrote:
> 
> No, this was an actual problem I had back in April 2020. Upgrading from CR
> broke imagemagick, so I couldn't use the corresponding PHP modules, so my
> Roundcube installation was broken for a few weeks.

To be fair it was only broken because you kept it broken; you could have
backed out the CR updates and waited for the point release to go GA and
be on ABI parity with EPEL.

> One of the things I like about Oracle Linux is that they maintain their own
> EPEL repo, most probably to prevent these things from happening.

I would be careful of expectations around that partial EPEL rebuild;
it's not complete and some of the builds are quite dated.







    John
-- 
Politicians are like a Slinky.
They're really not good for anything,
but they still bring a smile to your face
when you push them down a flight of stairs.

-- attribution unknown other except as a signature from shrdlu at deaddrop.org


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is EPEL compatible with Stream?

[Stephen John Smoogen]

On Sun, 3 Jan 2021 at 23:05, Mark LaPierre  wrote:

> On 1/3/21 8:34 PM, Stephen John Smoogen wrote:
> > On Sun, 3 Jan 2021 at 18:20, Gordon Messmer 
> > wrote:
> >
> >> On 1/3/21 2:51 PM, Kay Schenk wrote:
> >>> is it still OK to set up EPEL as a repo?
> >>
> >>
> >> Yes.  CentOS Stream is expected to be backward-compatible with RHEL, for
> >> the same reason that each RHEL point release is backward-compatible with
> >> previous point releases.
> >>
> >>
> > Except in cases where packages in a RHEL point release are being rebased.
> > This is something which is happening with a lot more gusto than in any
> > previous releases so there may be points where say a QT or a
> > gnomelib provides in Stream is ahead of EPEL
> >
> >
>
> So how would one use this shiny bit of information?  Is there a way to
> discover if an EPEL application is going to clobber your system before
> you install it?
>
>
Unless you are doing something like 'rpm -ivh --force --nodeps', this
problem with EPEL is not going to clobber your system. What will happen is
that you can either 'not upgrade' to that package in EPEL because nothing
provides the needed dependencies in Stream. OR you won't be able to update
to whatever is newer in CentOS Stream because it would break your system
because it removes dependencies.

The solution will be that there will be an EPEL-Stream which can have
updated packages which will not have this dependency issue. I do not have
an ETA on when that will be available

-- 
>  _
> °v°
>/(_)\
> ^ ^
>   Mark LaPierre
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is EPEL compatible with Stream?

[Stephen John Smoogen]

On Sun, 3 Jan 2021 at 18:20, Gordon Messmer 
wrote:

> On 1/3/21 2:51 PM, Kay Schenk wrote:
> > is it still OK to set up EPEL as a repo?
>
>
> Yes.  CentOS Stream is expected to be backward-compatible with RHEL, for
> the same reason that each RHEL point release is backward-compatible with
> previous point releases.
>
>
Except in cases where packages in a RHEL point release are being rebased.
This is something which is happening with a lot more gusto than in any
previous releases so there may be points where say a QT or a
gnomelib provides in Stream is ahead of EPEL



> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Out of office: "CentOS Digest, Vol 191, Issue 26"

[Stephen John Smoogen]

On Sat, 26 Dec 2020 at 12:21, Nicolas Kovacs  wrote:

> Le 26/12/2020 à 18:14, Scott Robbins a écrit :
> > I'm sure all of us have done, if not this, something equally embarrassing
> > like posting a private reply to an email or doing dd with the wrong
> > destination, etc.
>
> Then let's make a little contest out of it: what's the most stupid thing
> you've
> done as a system administrator ?
>
> I'm a ten-finger-typer, and I rarely look at the keyboard. Which is a bad
> thing
> when your focus is on the wrong terminal. So a few years ago I happened to
> type
> "ssh r...@some-remote-server.com   ", vaguely
> sensed in the corner of my eye that something was wrong and discovered to
> my
> horror that I just posted it on a densely populated IRC channel.
>
> Your turn. :o)
>
>
2 am clean up of disk space to get email servers working again
discover a large tree of temp files from a shared service in /usr/ # remember before /home?
/bin/rm -rf . /*
^c
up-arrow
spew coffee and swearing
go get reinstall cdrom and backup tapes

-- 
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : i...@microlinux.fr
> Tél. : 04 66 63 10 32
> Mob. : 06 51 80 12 12
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Rocky LInux moving forward..

[John Plemons]

Got an eMail this morning about the Rocky Linux build, more info at this 
link, Sign up for forum access..

Paste ->
John,

Just looping back around to keep you informed. We have published our 
first community update 
<https://forums.rockylinux.org/t/community-update-december-2020/1157> on 
the forums.


Best,  < End Paste
rockylinux.org

Jordan Pisaniello
Community Manager
The Rocky Linux Foundation

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Finding which repository files provide required libraries

[Stephen John Smoogen]

On Sat, 19 Dec 2020 at 19:37, H  wrote:

> I came across the following Ubuntu script to identify which repository
> files provide libraries required by an app. Is there a rpm alternative to
> dpk-query that would allow this to run on CentOS/RH?
>
> ldd /bin/zoom | awk '/=>/{print $(NF-1)}' | while read n; do dpk-query -S
> $n; done | sed 's/^\([^:]\+\):.*$/\1/' | uniq
>
>
repoquery would what would be used instead. Its syntax is slightly
different
ldd /bin/ls | awk '/=>/{print $(NF-1)}' | while read n; do dnf repoquery
--whatprovides $n; done | uniq


> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8 future [ Interesting Article.. ZDNet ]

[John Plemons]

https://www.zdnet.com/article/cloudlinux-to-invest-more-than-a-million-dollar-a-year-into-centos-clone/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What are the differences between CentOS Linux and CentOS Stream?

[John Plemons]

I have a DEC Alpha sitting in my warehouse collecting dust what a great 
machine it was.. Was sorry to see Linux Support die for it..


john


On 12/16/2020 1:18 PM, R C wrote:


On 12/16/20 11:10 AM, Lamar Owen wrote:

On 12/16/20 11:24 AM, R C wrote:


On 12/16/20 8:11 AM, Lamar Owen wrote:
But the Red Hat-based ecosystem version of that second group is 
on-topic, as the same sort of enthusiast exists here and has been 
very vocal about this change.
Well yes it is, but it started with a remark about licensing. I 
don't use Windows much, not even a handful of times in the last 
decade. Thing is that MS has something called their "Developers 
Network" (named something along those lines). If you're in higher 
education, R etc you can be in that network, in sortof an R 
category, for 'free'. ...



I have a whole shelf full of MSDN CDs and binders; it wasn't free, 
but it wasn't terribly expensive either.  In some cases the 
activations/keys for the software expire after a few months. Still 
have the last Windows 2000 Beta CD for the DEC Alpha architecture 



DEC  remember that..    the other day I ran into a  windows 95 box, I 
might even have an old drive with windows for work groups *lol*



here in that set.  Something similar for RHEL beyond the 
single-entitlement developer subscription would be cool.



But all kidding aside;  It would be cool to have an MSDN equivalent 
for RH for those that do a lot with RH, and that "take their work home 
and vice versa". That is what I use(d) Centos for, at home that is






For example, I was messing with kubernetes in a few ways.  redhat 
provides a license for RHEL, that you can use for that purpose for 
free, BUT you can have only have one license. 
Yes, which makes it a bit difficult to mess around with kubernetes. 
That particular case would be covered resonably well by CentOS 
Stream, though, since the major part of kubernetes' behavior isn't 
going to change radically within a point release cycle.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8 future ("Long goodbye"?)

[John Plemons]

I would like to echo the thanks in this post, and to add a bit of 
information that I have learned doing some quick research on where to 
go.  Scientific Linux is basically no more, they deferred to Centos and 
pretty much ended their distribution.
Oracle seems to be the easiest and quickest migration, they have a 
script which will make all of the changes to your server, switching you 
over to the Oracle flavor of Linux. On the horizon is Rocky Linux, a 
start up from the people who brought you Centos. As well as Cloud OS who 
says they are going to pick up where Centos left off, and continue a 
down stream version of the product. Worst case, we / you will have 
Oracle to fall back on if Rocky Linux or Cloud OS doesn't come through..

But once again, a BIG THANK YOU to Centos for all the years of work.

John Plemons


On 12/16/2020 11:45 AM, Valeri Galtsev wrote:

My apologies about top posting.

I join Matthew on all counts.

The following might sound as a rant, but it is not, given the 
circumstances we have been put into.


First, and most important: thank you CentOS team for all great work 
youhave done during all these years. As user who used results of your 
work without giving much back (not counting maintaining public mirror, 
or helping others on the list whenever I felt my expertise adequate), 
I can not express how high I value what you gave to all of us.


Now, that CentOS as we knew it (as a “binary replica” of RedHat 
Enterprise) ceases to exist many of us are trying to figure out new 
long term solution for their “enterprise” sort of systems. Luckily I 
only partly have to do that, as for servers I already didmigration 
quite long ago. My mentioning it on this list was causing 
moreannoyance than I would like to, so I stopped mentioning it. But 
now it is time to mention it again, just to help everyone arrive at 
best decision. But first some thoughts on migration to different Linux 
Distro:


One of obvious possibilities is to migrate to some other “binary 
clone” of RHEL. One can find several, Oracle Linux (even thoughmany 
are cautious of Oracle, they - Oracle - didn’t drown out ofexistence 
mysql so far, maybe thanks to mariadb fork existence, …), Scientific 
Linux (which is effort of really small team, and I evaluated it well 
below CentOS when I had to make decision, and it confirmed trueover 
time), and others... However, once RedHat (or rather its owner 
IBM)made fundamental decision, it is not as much about the one who 
clones (binary rebuilds) of RHEL, as it is about RHEL itself. At least 
fo me it is. As, by undermining trust, even if they roll everything 
back to what it was, the trust is already lost by the knowledge of 
everyone that any moment they can do that in a future. This 
alternative is just out of question for me. Will I maintain RHEL for 
my current or potential future employer? Yes, definitely. Will I 
recommend fair (and way cheaper, better, longer lasting) alternative? 
By all means, yes, and with my experience of migration, and documented 
migration steps, etc...


Another possibility for pure Linux folks is switch to different 
distro.Not with 10 years life cycle (here RedHat was unique), but 
shorter one, yet with much easier upgrade from one release to another. 
[Even knowing about Ubuntu LTS] Debian would be my choice, which I am 
going to pursue for CentOS number crunchers and workstations I 
maintain. Laptops are Debianclone Ubuntu since long ago. This will be 
“rolling release", i.e. mostly you will have to upgrade packages to 
latest release, and constantly will take chance something will break 
with change of internals of given software from one release to 
another. It will be more work (for 24/7/365 servers most gravely 
notable). But it may outweigh the single event when your “enterprise” 
life is cancelled one day, and youhave to redo the whole 
infrastructure all at once. Think about it and about peace of mind 
avoiding that eventuality.


This leads me at last to telling that my sever infrastructure was 
migrated long ago to FreeBSD. One can chose different BSD successor 
based on one’s own assessment of suitability. First of all, pure Linux 
folk, it is not that challenging as one may think. I would say here 
the same thing I was telling to my users who we just starting to use 
UNIX (or Linux). How many command do you need to know to start using 
UNIX? Just 5-6 isenough. Start doing things, and in a couple of Months 
you will feel you know everything. In 6 Months you will be top expert: 
the one who knows what he knows and knows what he doesn’t know. My 
choice was based on the following facts: FreeBSD is most widely used 
(even Microsoft was once noticed to run some of their servers on 
FreeBSD). FreeBSD has excellent documentation. FreeBSD community is as 
eager to help the one who got stuck with something as our CentOS 
community is. They have as excellent experts as Johnny, Matthew, ... 
sorry I can not mention everyone, that will

Re: [CentOS] CentOS 8 future

[John R. Dennison]

On Tue, Dec 15, 2020 at 10:45:43AM -0700, R C wrote:
> 
> I didn't know that fact, but hey that could be a pretty cool tribute.

It was in Greg's announcement of Rocky Linux.  Right up near the top
if I recall correctly.






    John
-- 
Time is the coin of your life.  It is the only coin you have, and only you
can determine how it will be spent.  Be careful lest you let other people
spend it for you.

-- Carl Sandburg (1878-1967), American poet, historian, and novelist


signature.asc
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Oracle Linux - oracle-epel vs epel - dnf priority

[Stephen John Smoogen]

On Mon, 14 Dec 2020 at 14:27, Nicolas Kovacs  wrote:

> Le 14/12/2020 à 19:41, Frank Cox a écrit :
> > For those of us who are considering moving to Oracle Linux (or at least
> > doing some experimenting with it), I just had an idea for dealing with
> the
> > fact that the oracle-el-epel apparently doesn't have all of the packages
> > that are in the fedora-el-epel that we all know and love.
>
> The Yum Priorities plugin (package yum-plugin-priorities) would be nice to
> have, but unfortunately it seems to have disappeared. I've used this quite
> extensively over the last decade. Whenever I have to use a third-party repo
> that's a potential threat to the official repos, I'm setting it up with
> priority=10 or something just to be on the safe side.
>
> This has always worked like a charm.
>
>
Like all system administration, there are a lot of corner cases which come
up when you have nearly the same repositories. It was nearly a daily
occurence in #epel and #centos-devel of someone, somewhere having a problem
with DAG and EPEL even with the appropriate priorities. The more overlap of
the package sets, the more likely something would break in a way you only
found 2 to 3 days after you updated.

There is also a level of system administration skill to make it work
seamlessly which we forget. Most of the people running into issues were
people who had followed someone else's advice in an irc or mailing list but
did not really understand what priorities or similar tools did. People who
do know tend to also have test systems and roll out methodologies which are
second nature versus 'yum -y update' cron jobs on a fleet of systems.






> Cheers,
>
> Niki
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : i...@microlinux.fr
> Tél. : 04 66 63 10 32
> Mob. : 06 51 80 12 12
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Oracle Linux - oracle-epel vs epel - dnf priority

[Stephen John Smoogen]

On Mon, 14 Dec 2020 at 13:41, Frank Cox  wrote:

> I'd like to run this by you guys and get your opinion.
>
> For those of us who are considering moving to Oracle Linux (or at least
> doing some experimenting with it), I just had an idea for dealing with the
> fact that the oracle-el-epel apparently doesn't have all of the packages
> that are in the fedora-el-epel that we all know and love.
>
> It makes sense to me to use the oracle epel with OL to the greatest extent
> possible simply because it's part of OL.
>
> To get around the missing package issue, what about setting up both
> oracle-epel and fedora-epel, and then using the dnf priorities to pick the
> stuff from oracle-epel first and if it's not there then grab it from
> fedora-epel.
>
>

Having done this for years.. choose one or the other. Do NOT mix the two.
You will end up with heartache and sleepless nights trying to figure out
why things are broken. If you are lucky it is something easy like an update
is broken because the missing EPEL package wants a library that the OEL has
an older version of. In other cases it is the same thing but the soname was
good enough to make rpm think it would work.

I say this as a former EPEL package leader.. either use Oracle EPEL and
figure out how to interact with them to get their rebuilds done faster or
do the same with Fedora EPEL. Priorities and similar filtering tools work
well enough if you have focused repositories where small sets may overlap
but you want X to take over from Y. In the case of nearly 1:1 repos, you
will end up with it working 95%-99% of the time and then burning down the
house.




-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos