Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
Am 18.08.2015 um 11:27 schrieb lheck...@users.sourceforge.net: Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. Some change in this update has broken something. I would like to understand what, and so ought the package maintainers. C5 isn't EOL until March 2017. rpm -q --changelog openssl-0.9.8e. You weren't clear which version you upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1 (from March 2014, nevertheless), which works. I would hazard a guess that this is the change causing your problem. * Fri Jun 26 2015 Tomas Mraz tm...@redhat.com 0.9.8e-36 - also change the default DH parameters in s_server to 1024 bits Here's some more info, https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ RH must have backported this fix to 0.9.8e. There seem to be many reports out there that the openssl update broke mysql, but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1, so you're most likely on your own. I'm quite ignorant of mysql, but it looks like you may be able to get this to work again by changing the cipher in mysql and regenerating your cert. https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4 http://lists.centos.org/pipermail/centos/2015-July/153753.html -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. Some change in this update has broken something. I would like to understand what, and so ought the package maintainers. C5 isn't EOL until March 2017. rpm -q --changelog openssl-0.9.8e. You weren't clear which version you upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1 (from March 2014, nevertheless), which works. I would hazard a guess that this is the change causing your problem. * Fri Jun 26 2015 Tomas Mraz tm...@redhat.com 0.9.8e-36 - also change the default DH parameters in s_server to 1024 bits Here's some more info, https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ RH must have backported this fix to 0.9.8e. There seem to be many reports out there that the openssl update broke mysql, but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1, so you're most likely on your own. I'm quite ignorant of mysql, but it looks like you may be able to get this to work again by changing the cipher in mysql and regenerating your cert. https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
Am 18.08.2015 um 10:55 schrieb t...@softins.co.uk (Tony Mountifield): In article 55d2ed32.6040...@hogranch.com, John R Pierce pie...@hogranch.com wrote: On 8/18/2015 1:27 AM, Tony Mountifield wrote: That may well be the case, but isn't relevant to the point I'm making, which is that something changed in openssl-0.9.8e-36 that has broken something. mysql 5.0 and openssl 0.9.8 are both ancient and way past their expiration date. Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. Some change in this update has broken something. I would like to understand what, and so ought the package maintainers. C5 isn't EOL until March 2017. important in this case is, that a different combination of software packages, that are not in the scenario of upstreams philosophy, are not supported and can lead to unexpected behavior. As always recommended by any advisory: Before applying this update, make sure all previously released errata relevant to your system have been applied. Why EL5 is on MySQL 5.5 and EL6 on MySQL 5.1 is a different question (only upstream can answer). I recommended to update your (client and server) systems to the current supported state (5.11) with all relevant updates applied. This includes the mentioned migration to mysql55-mysql. Our EL5 setup/service passes this migration seamless. And then check your problem in this new environment ... -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
In article 013173c7-6aec-4c2d-9eb7-84c873c89...@googlemail.com, Leon Fauster leonfaus...@googlemail.com wrote: Am 18.08.2015 um 11:27 schrieb lheck...@users.sourceforge.net: Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. Some change in this update has broken something. I would like to understand what, and so ought the package maintainers. C5 isn't EOL until March 2017. rpm -q --changelog openssl-0.9.8e. You weren't clear which version you upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1 (from March 2014, nevertheless), which works. I would hazard a guess that this is the change causing your problem. * Fri Jun 26 2015 Tomas Mraz tm...@redhat.com 0.9.8e-36 - also change the default DH parameters in s_server to 1024 bits Here's some more info, https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ RH must have backported this fix to 0.9.8e. There seem to be many reports out there that the openssl update broke mysql, but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1, so you're most likely on your own. I'm quite ignorant of mysql, but it looks like you may be able to get this to work again by changing the cipher in mysql and regenerating your cert. https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4 http://lists.centos.org/pipermail/centos/2015-July/153753.html Cool - that looks like the answer. Just tried it successfully. Many thanks! Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
On 08/18/2015 02:32 AM, Leon Fauster wrote: Am 18.08.2015 um 11:27 schrieb lheck...@users.sourceforge.net: Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. Some change in this update has broken something. I would like to understand what, and so ought the package maintainers. C5 isn't EOL until March 2017. rpm -q --changelog openssl-0.9.8e. You weren't clear which version you upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1 (from March 2014, nevertheless), which works. I would hazard a guess that this is the change causing your problem. * Fri Jun 26 2015 Tomas Mraz tm...@redhat.com 0.9.8e-36 - also change the default DH parameters in s_server to 1024 bits Here's some more info, https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ RH must have backported this fix to 0.9.8e. There seem to be many reports out there that the openssl update broke mysql, but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1, so you're most likely on your own. I'm quite ignorant of mysql, but it looks like you may be able to get this to work again by changing the cipher in mysql and regenerating your cert. https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4 http://lists.centos.org/pipermail/centos/2015-July/153753.html -- LF That makes sense, and the issue is logjam vulnerability with DH cipher groups 1024 bit. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
In article 55d2174f.70...@centos.org, Johnny Hughes joh...@centos.org wrote: On 08/17/2015 11:19 AM, Johnny Hughes wrote: On 08/17/2015 10:57 AM, Tony Mountifield wrote: I recently applied updates to a CentOS 5 box running MySQL. I've discovered that the new version of openssl, 0.9.8e-36.0.1.el5_11, breaks MySQL SSL connections. If I rename /lib/libssl.so.0.9.8e and replace it with the old version of that file from openssl-0.9.8e-27.el5_10.1 (not sure if that is the next oldest, but it was handy), then SSL connection to MySQL works again. I then performed cross-checks using the server with new libssl and the client with old, and then vice versa. What I found was that it didn't matter whether the server was started with the old libssl or the new libssl. In both cases, the mysql client would only connect using the old libssl, and not when using the new libssl. When it works with the old libssl, I can confirm that SSL is in use: mysql \s -- mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1 Connection id: 2 Current database: Current user: root@localhost SSL:Cipher in use is DHE-RSA-AES256-SHA The error with the new libssl looks like this: [root@hostname ~]# mysql ERROR 2026 (HY000): SSL connection error Has anyone else come across this? Is it a bug in SSL? Or a new restriction? Do I need to regenerate my certificates using the new openssl? Cheers Tony You should now be using mysql55 on CentOS-5, not mysql-5.0 In case you did not understand my post, here is how one is supposed to move from mysql-5.0 to mysql55 and why: https://rhn.redhat.com/errata/RHEA-2013-1329.html https://rhn.redhat.com/errata/RHEA-2013-1330.html Thanks. I eventually found the more specific link at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-Migrating_from_MySQL_5.0_to_MySQL_5.5.html However, the only why I could find was Red Hat will not issue any more security advisories for the MySQL 5.0 packages (mysql-5.0.* and related packages). Security advisories will be provided only for MySQL 5.5. Nothing to indicate that anything in 5.0 is inherently broken. Are there any more specific reasons? It appears to be working fine. And is the same true for C6, which comes with mysql 5.1, that one should use mysql55 from SCL instead? Why, or why not? Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
In article 55d20981.7030...@centos.org, Johnny Hughes joh...@centos.org wrote: On 08/17/2015 10:57 AM, Tony Mountifield wrote: I recently applied updates to a CentOS 5 box running MySQL. I've discovered that the new version of openssl, 0.9.8e-36.0.1.el5_11, breaks MySQL SSL connections. If I rename /lib/libssl.so.0.9.8e and replace it with the old version of that file from openssl-0.9.8e-27.el5_10.1 (not sure if that is the next oldest, but it was handy), then SSL connection to MySQL works again. I then performed cross-checks using the server with new libssl and the client with old, and then vice versa. What I found was that it didn't matter whether the server was started with the old libssl or the new libssl. In both cases, the mysql client would only connect using the old libssl, and not when using the new libssl. When it works with the old libssl, I can confirm that SSL is in use: mysql \s -- mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1 Connection id: 2 Current database: Current user: root@localhost SSL:Cipher in use is DHE-RSA-AES256-SHA The error with the new libssl looks like this: [root@hostname ~]# mysql ERROR 2026 (HY000): SSL connection error Has anyone else come across this? Is it a bug in SSL? Or a new restriction? Do I need to regenerate my certificates using the new openssl? Cheers Tony You should now be using mysql55 on CentOS-5, not mysql-5.0 That may well be the case, but isn't relevant to the point I'm making, which is that something changed in openssl-0.9.8e-36 that has broken something. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] persistent change of max_stack_depth
Hi Gordon, On 17/08/15 19:07, Gordon Messmer wrote: On 08/17/2015 03:34 AM, Michael H wrote: the [Service] section - [Service] LimitSTACK=12288 ... By the errors I will assume that it should be in the [Service] section. I couldn't find confirmation of this online... Yes, it belongs in the [Service] section. $ man systemd.exec ... The execution specific configuration options are configured in the [Service], [Socket], [Mount], or [Swap] sections, depending on the unit type. However, I assume that you are confused because ulimit in a bash shell returns a value in KiB, but LimitSTACK and setrlimit accept a value in bytes. That is, you've decreased the stack size to 12KiB, which is why PostgreSQL segfaults immediately. That is the most valuable piece of information! I couldn't find this documented anywhere, maybe I just looked in the wrong place... # cat /etc/systemd/system/postgresql.service .include /lib/systemd/system/postgresql.service [Service] LimitSTACK=12582912 # grep stack /var/lib/pgsql/data/postgresql.conf max_stack_depth = 10MB# min 100kB # systemctl daemon-reload # systemctl restart postgresql ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Thank you for your help, Michael ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
On 8/18/2015 1:27 AM, Tony Mountifield wrote: You should now be using mysql55 on CentOS-5, not mysql-5.0 That may well be the case, but isn't relevant to the point I'm making, which is that something changed in openssl-0.9.8e-36 that has broken something. mysql 5.0 and openssl 0.9.8 are both ancient and way past their expiration date. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
In article 55d2ed32.6040...@hogranch.com, John R Pierce pie...@hogranch.com wrote: On 8/18/2015 1:27 AM, Tony Mountifield wrote: You should now be using mysql55 on CentOS-5, not mysql-5.0 That may well be the case, but isn't relevant to the point I'm making, which is that something changed in openssl-0.9.8e-36 that has broken something. mysql 5.0 and openssl 0.9.8 are both ancient and way past their expiration date. Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. Some change in this update has broken something. I would like to understand what, and so ought the package maintainers. C5 isn't EOL until March 2017. Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] Ayuda Zona DNs Webmail
Hola para realizar lo que mencionas osea enviarle al subdominio webmail.eldominio.com creoq ue igual debo redirigirlo desde el apache? -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 18/08/15 03:55, New Route Inc wrote: Por que no simplemente asignarle un subdominio: *webmail.eldominio.com http://webmail.eldominio.com*, creando la entrada en el DNS para*webmail* apuntando a donde se desee. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-virt] qemu-kvm SLIC acpitable workaround of Windows bug
Le 31/07/2015 17:50, Gena Makhomed a écrit : On 31.07.2015 10:19, Sandro Bonazzola wrote: https://bugzilla.redhat.com/show_bug.cgi?id=1248758 Have you checked 3.5.4 RC or CentOS Virt SIG[2] to see if the bug has been fixed in latest qemu-kvm-ev ? [1] http://resources.ovirt.org/pub/ovirt-3.5-pre/ [2] http://cbs.centos.org/repos/virt7-kvm-common-testing/x86_64/os/ Patch mjt-set-oem-in-rsdt-like-slic.diff with workaround not included into qemu-kvm-ev-2.1.2-23.el7_1.6.1.src.rpm Bug not in qemu, bug in windows - windows reject SLIC table if oem_id and oem_table_id from SLIC table and from RSDT table is different, and this windows bug prevent any virt-p2v migration of OEM windows from hardware node to VM inside CentOS/RHEL server, even with config qemu:commandline qemu:arg value='-acpitable'/ qemu:arg value='file=/path/to/sys/firmware/acpi/tables/SLIC'/ /qemu:commandline because during acpi tables rebuild qemu-kvm from qemu-kvm-ev create RSDT table with BOCHS oem_id and BXPCRSDT oem_table_id. Hi I've just rebuild a qemu-kvm-ev-2.1.2-23.el7_1.centos.6.2.src.rpm with your patch applied : https://copr.fedoraproject.org/coprs/jmliger/virt7-upstream/build/109631/ Regards, Jean-Marc ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] Adding customized options to qemu command line
Hi all, How can I add some options to qemu command line when a kvm guest starts up from libvirtd?? ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-virt] Adding customized options to qemu command line
On Tue, Aug 18, 2015 at 12:03 PM, Gena Makhomed g...@csdoc.com wrote: On 18.08.2015 14:44, C. L. Martinez wrote: How can I add some options to qemu command line when a kvm guest starts up from libvirtd?? # virsh edit vm-name 1. change first line from domain type='kvm' to domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0' 2. add qemu:commandline qemu:arg value='-acpitable'/ qemu:arg value='file=/path/to/SLIC.BIN'/ /qemu:commandline before /domain tag 3. if you need qemu options for adding SLIC table - also you need patch QEMU to add workaround for windows SLIC processing bug: https://bugzilla.redhat.com/show_bug.cgi?id=1248758 -- Many thanks Gena. Works ok. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] CentOS-announce Digest, Vol 126, Issue 8
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CEEA-2015:1625 CentOS 5 tzdata Enhancement Update (Johnny Hughes) 2. CEEA-2015:1625 CentOS 6 tzdata Enhancement Update (Johnny Hughes) 3. CEEA-2015:1625 CentOS 7 tzdata Enhancement Update (Johnny Hughes) 4. CESA-2015:1628 Moderate CentOS 5 mysql55-mysqlSecurity Update (Johnny Hughes) 5. CESA-2015:1634 Moderate CentOS 6 sqlite Security Update (Johnny Hughes) 6. CESA-2015:1633 Moderate CentOS 6 subversion Security Update (Johnny Hughes) 7. CEBA-2015:1632 CentOS 7 phonon FASTTRACK BugFix Update (Johnny Hughes) 8. CESA-2015:1636 Moderate CentOS 6 net-snmp Security Update (Johnny Hughes) 9. CESA-2015:1627 Moderate CentOS 5 glibc Security Update (Johnny Hughes) 10. CESA-2015:1635 Moderate CentOS 7 sqlite Security Update (Johnny Hughes) 11. CESA-2015:1636 Moderate CentOS 7 net-snmp Security Update (Johnny Hughes) -- Message: 1 Date: Fri, 14 Aug 2015 16:16:29 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CEEA-2015:1625 CentOS 5 tzdata Enhancement Update Message-ID: 20150814161629.ga1...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Enhancement Advisory 2015:1625 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1625.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 9b76bfc1556355c1ca764112b3b8ea255e9a5ea5767e808b5cf7a10eaec392b5 tzdata-2015f-1.el5.i386.rpm 0947ae55138f8dc9eb7232a1c47976769962534ec5bbce13ad63408c4a6fcddb tzdata-java-2015f-1.el5.i386.rpm x86_64: 952f2c11829135a5732100a69876033ed51628f8905bb5a7516ea72d2b1aeb57 tzdata-2015f-1.el5.x86_64.rpm b11ee90335c85906ce1ad42936388d8f594288993dd4af3ce058e410ed6f7cb6 tzdata-java-2015f-1.el5.x86_64.rpm Source: fec585f1eba0e2453f88499292bc677bfeb1e7260c2480ba3618741d8f9241d2 tzdata-2015f-1.el5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Fri, 14 Aug 2015 16:23:40 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CEEA-2015:1625 CentOS 6 tzdata Enhancement Update Message-ID: 20150814162340.ga20...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Enhancement Advisory 2015:1625 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1625.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1a50cebd39cd4e79cf6367d941ca73888d21366a92165ca3cbfcdb4cffdfbbb1 tzdata-2015f-1.el6.noarch.rpm 8009137185fa9ac461a83017e83b674ca3d33d44d6329849ebcb2a95417fcd80 tzdata-java-2015f-1.el6.noarch.rpm x86_64: 1a50cebd39cd4e79cf6367d941ca73888d21366a92165ca3cbfcdb4cffdfbbb1 tzdata-2015f-1.el6.noarch.rpm 8009137185fa9ac461a83017e83b674ca3d33d44d6329849ebcb2a95417fcd80 tzdata-java-2015f-1.el6.noarch.rpm Source: c733d290c468118a9a2ece6c777f255cb23f599227ac88fb39387302d1689c49 tzdata-2015f-1.el6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 3 Date: Fri, 14 Aug 2015 16:40:30 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CEEA-2015:1625 CentOS 7 tzdata Enhancement Update Message-ID: 20150814164030.ga25...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Enhancement Advisory 2015:1625 Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-1625.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8de6176d6adafc80d3a5cb79f4c8bed7c1ab2d4cbc90978012802389638b808d tzdata-2015f-1.el7.noarch.rpm 8b5411a39ca59a25e673490b47f1f0323e2cc46141db4b9e2fe12ee7d81f7f63 tzdata-java-2015f-1.el7.noarch.rpm Source: 33197c3bdbb73a331f0a17b166466cac0d782c3f5ec2164f9e2ef501d455acb8 tzdata-2015f-1.el7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 4 Date: Mon, 17 Aug 2015 15:20:46 + From: Johnny Hughes joh...@centos.org To:
Re: [CentOS-virt] Adding customized options to qemu command line
On 18.08.2015 14:44, C. L. Martinez wrote: How can I add some options to qemu command line when a kvm guest starts up from libvirtd?? # virsh edit vm-name 1. change first line from domain type='kvm' to domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0' 2. add qemu:commandline qemu:arg value='-acpitable'/ qemu:arg value='file=/path/to/SLIC.BIN'/ /qemu:commandline before /domain tag 3. if you need qemu options for adding SLIC table - also you need patch QEMU to add workaround for windows SLIC processing bug: https://bugzilla.redhat.com/show_bug.cgi?id=1248758 -- Best regards, Gena ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-docs] Russian wiki
username: Ilyas Arinov 2015-08-18 21:54 GMT+06:00 Akemi Yagi amy...@gmail.com: On Tue, Aug 18, 2015 at 6:30 AM, Ilyas Arinov arinov.il...@gmail.com wrote: The same here, want to know how can I create russian wiki documentation pages to add and translate official contents. What is your wiki username? Akwmi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Russian wiki
On Tue, Aug 18, 2015 at 9:58 AM, Ilyas Arinov arinov.il...@gmail.com wrote: 2015-08-18 21:54 GMT+06:00 Akemi Yagi amy...@gmail.com: On Tue, Aug 18, 2015 at 6:30 AM, Ilyas Arinov arinov.il...@gmail.com wrote: The same here, want to know how can I create russian wiki documentation pages to add and translate official contents. What is your wiki username? username: Ilyas Arinov Please lose that space to conform to the wiki username standard: IlyasArinov Are there any particular pages you'd like to start with? Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Russian wiki
Username changed to standards. I have 2 days in week to pedantically rewrite whole content until I can. Those (first 8-10 weeks): - FrontPage http://wiki.centos.org/FrontPage - Help http://wiki.centos.org/Documentation - Tips and Tricks http://wiki.centos.org/TipsAndTricks - How To http://wiki.centos.org/HowTos - FAQs http://wiki.centos.org/FAQ - Events http://wiki.centos.org/Events - Contribute http://wiki.centos.org/Contribute - Newsletter http://wiki.centos.org/Newsletter/Latest - Changelog http://wiki.centos.org/RecentChanges 2015-08-18 23:06 GMT+06:00 Akemi Yagi amy...@gmail.com: On Tue, Aug 18, 2015 at 9:58 AM, Ilyas Arinov arinov.il...@gmail.com wrote: 2015-08-18 21:54 GMT+06:00 Akemi Yagi amy...@gmail.com: On Tue, Aug 18, 2015 at 6:30 AM, Ilyas Arinov arinov.il...@gmail.com wrote: The same here, want to know how can I create russian wiki documentation pages to add and translate official contents. What is your wiki username? username: Ilyas Arinov Please lose that space to conform to the wiki username standard: IlyasArinov Are there any particular pages you'd like to start with? Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS-docs] Markup for commands
Hi, I just edited http://wiki.centos.org/de/TipsAndTricks/BecomingRoot and formatted all the commands in section 1.1 as `monospace`. Since the main font and the monospace font look quite similar, it is sometimes difficult to see where one ends and the other starts. Therefore I propose to add the following CSS rule to the whole CentOS wiki: #page tt.backtick { background-color: #eee; padding: 0 0.3em; } Using this styling, the commands stick out of the normal text, so that lazy readers can quickly scan through them. Additionally, the padding to the left and right helps when copying such a command to the clipboard. By the way, this styling is also used on StackOverflow, so it is quite popular already. It’s nothing that I just invented myself. Any comments? Roland ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-docs] Russian wiki
Thanks a lot. 2015-08-19 1:39 GMT+06:00 Akemi Yagi amy...@gmail.com: On Tue, Aug 18, 2015 at 10:16 AM, Ilyas Arinov arinov.il...@gmail.com wrote: Username changed to standards. I have 2 days in week to pedantically rewrite whole content until I can. Those (first 8-10 weeks): FrontPage Help Tips and Tricks How To FAQs Events Contribute You should be able to edit those pages. 'Newsletter' is now quite obsolete. So, let's not bother with that page. 'Changelog' is dynamically created. Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] initial setup of centos linux 7 core license information license not accepted
On Tue, Aug 18, 2015 at 12:38 PM, Dave Burns tbu...@hawaii.edu wrote: Otherwise, this is an FYI for other newbies who get confused by this like I did. My caffeine-deprived response was to try q, c, and r, none of which got me unstuck. Forced to actually use my brain, I typed 1. More confusing text appeared, and I finally understood that in order to accept the license I must type 2. Then I had to type 1 again for some reason. An attempt at a helpful suggestion: I am assuming that in some other circumstance, I might have more than one problem presented to me to deal with at the same time using this interface. I should think that the prompt should read like this: Please choose the number of the item above that you wish to try to fix, 'q' to quit and shut down, 'c' to continue booting, or 'r' if you are unable to read this text (or wish to petition the gods for mercy). The issue is being tracked here: http://bugs.centos.org/view.php?id=7177 As you suggested, it may be a good idea to put this in the FAQ. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] initial setup of centos linux 7 core license information license not accepted
Did all this happen because I switched monitors? Or because I did all my setup over ssh? Otherwise, this is an FYI for other newbies who get confused by this like I did. Yesterday I set up a new centos 7 install, did updates, made all the config tweaks I like to make, and rebooted at the end to see if it would start up properly. No problem. (I logged in as the single user to see if it worked but did *nothing* as that user and did the rest of my work over the network via ssh.) This morning I shut it down and moved to a different location with a *different monitor.* During boot, it stopped with the following on the screen: After [ OK ] Started D-Bus System Message Bus. Initial setup of CentOS 7 (Core) 1) [!] License information (License not accepted) Please make your choice from above ['q' to quit | 'c' to continue | 'r' to refresh]: My caffeine-deprived response was to try q, c, and r, none of which got me unstuck. Forced to actually use my brain, I typed 1. More confusing text appeared, and I finally understood that in order to accept the license I must type 2. Then I had to type 1 again for some reason. Then my machine booted. It is probably apparent that I wouldn't have all this text to email you if the process had been as smooth as described. I have elided a certain amount of cursing and hair-pulling as unnecessary and embarrassing detail. I am curious as to the cause of the timing of this interruption. An attempt at a helpful suggestion: I am assuming that in some other circumstance, I might have more than one problem presented to me to deal with at the same time using this interface. I should think that the prompt should read like this: Please choose the number of the item above that you wish to try to fix, 'q' to quit and shut down, 'c' to continue booting, or 'r' if you are unable to read this text (or wish to petition the gods for mercy). cheers, Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Converting HVM to PV kernel CentOS7
Hi, I have installed CentOS 7 HVM kernel. I would like to convert it to CentOs 7 PV kernel. When googled about it, I found that this can be done by following commands yum install xen or yum install kernel-xen But, when I tried the below commands, I am getting the error *No package kernel-xen available.*** What am I missing here. Any help is much appreciated. -- Thanks Regards, Venkateswara Rao Dokku. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Optimum Block Size to use
Hi All We use CentOS 6.6 for our application. I have profiled the application and find that we have a heavy requirement in terms of Disk writes. On an average when our application operates at a certain load i can observe that the disk writes / second is around 2 Mbps (Average). The block size set is 4k *** [root@localhost ~]# blockdev --getbsz /dev/sda3 4096 *** OS , Kernel Version: * [root@localhost ~]# uname -a Linux localhost 2.6.32-504.el6.x86_64 #1 SMP Wed Oct 15 04:27:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [root@localhost ~]# cat /etc/*release CentOS release 6.6 (Final) CentOS release 6.6 (Final) CentOS release 6.6 (Final) * File-System being used: [root@localhost ~]# df -T Filesystem Type 1K-blocks Used Available Use% Mounted on /dev/sda3 ext3 100934056 20298152 75508688 22% / /dev/sda1 ext3 19833734459153638 19% /boot tmpfs tmpfs 164401520 16440152 0% /dev/shm * I have a few queries with respect to the block size being set in the system: 1. Is 4k the optimum block size considering the amount of writes / second the application performs ? 2. How do i find out the optimum block size given the application load in terms of reads / writes per second ? 3. If there is a better block size that i can use , Can you suggest one ? 4. What are the pros / Cons of changing the default block size ? 5. We use ext3 as the file system for the partition which has heavy writes per second , Should we migrate it to ext4 ? Any pros / cons for it ? Appreciate any response / pointers in this regard. Thanks Jatin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how do I stop automount of Hitichi Lifestudio USB drive
On Fri, 14 Aug 2015, Jason Warr wrote: On Fri, 2015-08-14 at 12:39 -0500, Michael Hennebry wrote: I've been trying to read 80-udisks.rules with little success. Would posting it (242 lines) be helpful? After I plug in a drive, is there a way to discover what udev rule was applied? udevadm test /sys/device_path should give you a whole lot of output. This will include info about what rules apply to the device and actions that udev would take. I did it twice, once with a USB SD card reader and once with another USB drive I discovered that the mount without asking behavior is not specific to Hitachi. Both experiments produced more than two hundred lines of output. Interpretation escapes me. I expect that posting them here would be considered rude. I did a grep -n apply on both of them. I did the test on the SD card reader while the what-to-do popup was visible: 98:udev_rules_apply_to_event: RUN 'socket:/org/kernel/dm/multipath_event' /lib/udev/rules.d/40-multipath.rules:16 99:udev_rules_apply_to_event: LINK 'block/8:33' /lib/udev/rules.d/50-udev-default.rules:3 100:udev_rules_apply_to_event: GROUP 6 /lib/udev/rules.d/50-udev-default.rules:76 110:udev_rules_apply_to_event: OWNER 0 /etc/udev/rules.d/60-libsane.rules:3 111:udev_rules_apply_to_event: GROUP 100 /etc/udev/rules.d/60-libsane.rules:3 112:udev_rules_apply_to_event: MODE 0664 /etc/udev/rules.d/60-libsane.rules:3 114:udev_rules_apply_to_event: LINK 'disk/by-id/usb-Generic_STORAGE_DEVICE_9451-0:0-part1' /lib/udev/rules.d/60-persistent-storage.rules:55 115:udev_rules_apply_to_event: LINK 'disk/by-path/pci-:00:02.1-usb-0:9:1.0-scsi-0:0:0:0-part1' /lib/udev/rules.d/60-persistent-storage.rules:76 116:udev_rules_apply_to_event: IMPORT '/sbin/blkid -o udev -p /dev/sdc1' /lib/udev/rules.d/60-persistent-storage.rules:90 125:udev_rules_apply_to_event: LINK 'disk/by-uuid/3DBE-2637' /lib/udev/rules.d/60-persistent-storage.rules:100 126:udev_rules_apply_to_event: RUN 'udev-acl --action=$env{ACTION} --device=$env{DEVNAME}' /lib/udev/rules.d/70-acl.rules:53 127:udev_rules_apply_to_event: IMPORT 'fstab_import sdc1 block/8:33 disk/by-id/usb-Generic_STORAGE_DEVICE_9451-0:0-part1 disk/by-path/pci-:00:02.1-usb-0:9:1.0-scsi-0:0:0:0-part1 disk/by-uuid/3DBE-2637 mapper/' /lib/udev/rules.d/79-fstab_import.rules:1 150:udev_rules_apply_to_event: IMPORT 'udisks-part-id /dev/sdc1' /lib/udev/rules.d/80-udisks.rules:87 182:udev_rules_apply_to_event: RUN 'socket:@/org/freedesktop/hal/udev_event' /etc/udev/rules.d/90-hal.rules:2 I did the test on the other after all the partitions had been mounted. Not much choice: 98:udev_rules_apply_to_event: RUN 'socket:/org/kernel/dm/multipath_event' /lib/udev/rules.d/40-multipath.rules:16 99:udev_rules_apply_to_event: LINK 'block/8:34' /lib/udev/rules.d/50-udev-default.rules:3 100:udev_rules_apply_to_event: GROUP 6 /lib/udev/rules.d/50-udev-default.rules:76 110:udev_rules_apply_to_event: OWNER 0 /etc/udev/rules.d/60-libsane.rules:3 111:udev_rules_apply_to_event: GROUP 100 /etc/udev/rules.d/60-libsane.rules:3 112:udev_rules_apply_to_event: MODE 0664 /etc/udev/rules.d/60-libsane.rules:3 114:udev_rules_apply_to_event: LINK 'disk/by-id/usb-WD_1200BB_External_57442D5743414C4B31343036323635-0:0-part2' /lib/udev/rules.d/60-persistent-storage.rules:55 115:udev_rules_apply_to_event: LINK 'disk/by-path/pci-:00:02.1-usb-0:9:1.0-scsi-0:0:0:0-part2' /lib/udev/rules.d/60-persistent-storage.rules:76 116:udev_rules_apply_to_event: IMPORT '/sbin/blkid -o udev -p /dev/sdc2' /lib/udev/rules.d/60-persistent-storage.rules:90 124:udev_rules_apply_to_event: LINK 'disk/by-uuid/f9bda2dd-8e62-4493-a612-3582f8e639f5' /lib/udev/rules.d/60-persistent-storage.rules:100 125:udev_rules_apply_to_event: RUN 'udev-acl --action=$env{ACTION} --device=$env{DEVNAME}' /lib/udev/rules.d/70-acl.rules:53 126:udev_rules_apply_to_event: IMPORT 'fstab_import sdc2 block/8:34 disk/by-id/usb-WD_1200BB_External_57442D5743414C4B31343036323635-0:0-part2 disk/by-path/pci-:00:02.1-usb-0:9:1.0-scsi-0:0:0:0-part2 disk/by-uuid/f9bda2dd-8e62-4493-a612-3582f8e639f5 mapper/' /lib/udev/rules.d/79-fstab_import.rules:1 149:udev_rules_apply_to_event: IMPORT 'udisks-part-id /dev/sdc2' /lib/udev/rules.d/80-udisks.rules:87 194:udev_rules_apply_to_event: RUN 'socket:@/org/freedesktop/hal/udev_event' /etc/udev/rules.d/90-hal.rules:2 As before, interpretation escapes me. -- Michael henne...@web.cs.ndsu.nodak.edu Sorry but your password must contain an uppercase letter, a number, a haiku, a gang sign, a heiroglyph, and the blood of a virgin. -- someeecards ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
In article 20150818092704.ga13...@users.sourceforge.net, lheck...@users.sourceforge.net wrote: Maybe so, but still a side issue. Openssl 0.9.8e was recently updated. Some change in this update has broken something. I would like to understand what, and so ought the package maintainers. C5 isn't EOL until March 2017. rpm -q --changelog openssl-0.9.8e. You weren't clear which version you upgraded from, but you mentioned testing against openssl-0.9.8e-27.el5_10.1 (from March 2014, nevertheless), which works. I would hazard a guess that this is the change causing your problem. * Fri Jun 26 2015 Tomas Mraz tm...@redhat.com 0.9.8e-36 - also change the default DH parameters in s_server to 1024 bits Here's some more info, https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ RH must have backported this fix to 0.9.8e. There seem to be many reports out there that the openssl update broke mysql, but unfortunately, at a quick glance, they are all about RHEL6/openssl 1.0.1, so you're most likely on your own. I'm quite ignorant of mysql, but it looks like you may be able to get this to work again by changing the cipher in mysql and regenerating your cert. https://www.howtoforge.com/how-to-set-up-mysql-database-replication-with-ssl-encryption-on-centos-5.4 Interesting... many thanks for the pointers! Something for me to experiment with... Cheers Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Converting HVM to PV kernel CentOS7
On 8/18/2015 10:37 PM, Venkateswara Rao Dokku wrote: Thanks for the reply. Sorry for the typo in the earlier mail. I have PV-HVM of CentOS 7 I need to convert it to PV kernel. Basically here I am trying to see whether my PV_HVM kernel is vulenrable to this issue given in the following link http://seclists.org/oss-sec/2015/q3/212 that is talking about a problem with QEMU and emulated cdroms, and as far as I can tell, the bug is in the qemu emulator, not in the VM's. it merely states that if you only use PV VM's you won't trigger the bug, but the correct fix is to update your QEMU so there is no bug. In the above link, it was mentioned that the PV kernel is not vulnerable to this bug, but HVM is. It didnt say anything about PV-HVM. Can you please help me in this regard? https://access.redhat.com/security/cve/CVE-2015-5154 suggests QEMU has been fixed as of July 27/28, at least for KVM servers, see the 4 RHSA Errata linked there. again, RHEL7 and therefore CentOS 7 is all about KVM not Xen. If you're running someone's xen server, you need to ensure its patched against this bug. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Converting HVM to PV kernel CentOS7
On 8/18/2015 9:53 PM, Venkateswara Rao Dokku wrote: I have installed CentOS 7 HVM kernel. I would like to convert it to CentOs 7 PV kernel. When googled about it, I found that this can be done by following commands yum install xen or yum install kernel-xen But, when I tried the below commands, I am getting the error *No package kernel-xen available.*** what version were those instructions for ? AFAIK, there's no xen specific kernel in EL7, Red Hat and therefore CentOS supports KVM as their native virtualization, and the PV drivers for KVM are built in. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Converting HVM to PV kernel CentOS7
Thanks for the reply. Sorry for the typo in the earlier mail. I have PV-HVM of CentOS 7 I need to convert it to PV kernel. Basically here I am trying to see whether my PV_HVM kernel is vulenrable to this issue given in the following link http://seclists.org/oss-sec/2015/q3/212 In the above link, it was mentioned that the PV kernel is not vulnerable to this bug, but HVM is. It didnt say anything about PV-HVM. Can you please help me in this regard? On Wed, Aug 19, 2015 at 10:43 AM, John R Pierce pie...@hogranch.com wrote: On 8/18/2015 9:53 PM, Venkateswara Rao Dokku wrote: I have installed CentOS 7 HVM kernel. I would like to convert it to CentOs 7 PV kernel. When googled about it, I found that this can be done by following commands yum install xen or yum install kernel-xen But, when I tried the below commands, I am getting the error *No package kernel-xen available.*** what version were those instructions for ? AFAIK, there's no xen specific kernel in EL7, Red Hat and therefore CentOS supports KVM as their native virtualization, and the PV drivers for KVM are built in. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Thanks Regards, Venkateswara Rao Dokku. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-docs] Russian wiki
The same here, want to know how can I create russian wiki documentation pages to add and translate official contents. ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] C5 recent openssl update breaks mysql SSL connection
On 08/18/2015 03:47 AM, Tony Mountifield wrote: In article 55d2174f.70...@centos.org, Johnny Hughes joh...@centos.org wrote: On 08/17/2015 11:19 AM, Johnny Hughes wrote: On 08/17/2015 10:57 AM, Tony Mountifield wrote: I recently applied updates to a CentOS 5 box running MySQL. I've discovered that the new version of openssl, 0.9.8e-36.0.1.el5_11, breaks MySQL SSL connections. If I rename /lib/libssl.so.0.9.8e and replace it with the old version of that file from openssl-0.9.8e-27.el5_10.1 (not sure if that is the next oldest, but it was handy), then SSL connection to MySQL works again. I then performed cross-checks using the server with new libssl and the client with old, and then vice versa. What I found was that it didn't matter whether the server was started with the old libssl or the new libssl. In both cases, the mysql client would only connect using the old libssl, and not when using the new libssl. When it works with the old libssl, I can confirm that SSL is in use: mysql \s -- mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (i386) using readline 5.1 Connection id: 2 Current database: Current user: root@localhost SSL:Cipher in use is DHE-RSA-AES256-SHA The error with the new libssl looks like this: [root@hostname ~]# mysql ERROR 2026 (HY000): SSL connection error Has anyone else come across this? Is it a bug in SSL? Or a new restriction? Do I need to regenerate my certificates using the new openssl? Cheers Tony You should now be using mysql55 on CentOS-5, not mysql-5.0 In case you did not understand my post, here is how one is supposed to move from mysql-5.0 to mysql55 and why: https://rhn.redhat.com/errata/RHEA-2013-1329.html https://rhn.redhat.com/errata/RHEA-2013-1330.html Thanks. I eventually found the more specific link at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-Migrating_from_MySQL_5.0_to_MySQL_5.5.html However, the only why I could find was Red Hat will not issue any more security advisories for the MySQL 5.0 packages (mysql-5.0.* and related packages). Security advisories will be provided only for MySQL 5.5. Nothing to indicate that anything in 5.0 is inherently broken. Are there any more specific reasons? It appears to be working fine. Working fine is NOT secure. The fact that they have not issued any security update for MySQL 5.0 since mid 2013 .. and since then there have been 4 security issues fixed in EL5 (1 Important, 3 Moderate) in the mysql55 updates. And is the same true for C6, which comes with mysql 5.1, that one should use mysql55 from SCL instead? Why, or why not? No, I would use the version of mysql that is supported in the distro. For EL5, the supported version is the mysql55. For EL6 it is the mysql-5.1 version. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-docs] Russian wiki
On Tue, Aug 18, 2015 at 10:16 AM, Ilyas Arinov arinov.il...@gmail.com wrote: Username changed to standards. I have 2 days in week to pedantically rewrite whole content until I can. Those (first 8-10 weeks): FrontPage Help Tips and Tricks How To FAQs Events Contribute You should be able to edit those pages. 'Newsletter' is now quite obsolete. So, let's not bother with that page. 'Changelog' is dynamically created. Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-es] Bloqueo de usuarios fuera del dominio en el proxy
No he usado más el tema de los Dominios, pues he visto que Samba trabaja mejor como SHARED. De igual forma no hay forma de decirle a esos Started que son parte de un GRUPO de TRABAJO??? Saludos, David El día 18 de agosto de 2015, 11:35, LLANO, Venzy (Cuba) vll...@gecvbybat.co.cu escribió: Lo extraño es que funciona 1 mes bien y de pronto uno de los usuarios deja de funcionar Y siempre es de los que no están unidos al dominio pero que utiliza credenciales dentro del dominio Y normalmente guardan las credenciales dentro de la PC -Mensaje original- De: centos-es-boun...@centos.org [mailto:centos-es-boun...@centos.org] En nombre de René Lara Enviado el: lunes, 17 de agosto de 2015 11:01 a.m. Para: centos-es@centos.org Asunto: Re: [CentOS-es] Bloqueo de usuarios fuera del dominio en el proxy ¿Será que tenga que ver con la versión de Windows, que no sea adecuada para unirse a un dominio? -Mensaje original- De: centos-es-boun...@centos.org [mailto:centos-es-boun...@centos.org] En nombre de LLANO, Venzy (Cuba) Enviado el: lunes, 17 de agosto de 2015 08:37 a.m. Para: centos-es@centos.org Asunto: [CentOS-es] Bloqueo de usuarios fuera del dominio en el proxy Hola lista: Tengo instalado un dominio de Windows con 270 PC y todo funciona ok Un firewall check point con una DMZ activada y en la DMZ proxy centos con Squid 3 y Optenet para filtrar contenido y dejar solo a los usuarios autorizados navegar en internet. Las PC que están en el dominio funcionan muy bien y navegan sin problema, el control de acceso por LDAP contra el Windows 2008 funciona ok Y los filtros de contenido también funcionan. Donde está el problema: Existen laptops con Windows started que no pueden estar en el dominio por ser propias de los usuarios y en ocasiones y sin ningún patrón lógico un día 1 o 2 usuarios dejan de tener permiso para navegar y hay que crearles un usuario nuevo. En ese caso son más o menos 10 personas. Siempre sucede con los que no están en el dominio los usuarios del dominio no tienen problema. Pregunta? Existe alguna lista negra en algún lugar para quitar esos usuarios? Pudiera crear otra forma de autenticación para esos usuarios? O alguna otra sugerencia por favor? Gracias de antemano Venzy ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Les donnees et renseignements contenus dans ce message sont personnels, confidentiels et secrets. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee. Si vous n'etes pas le bon destinataire, nous vous demandons de ne pas lire, copier, utiliser ou divulguer cette communication. Nous vous prions de notifier cette erreur a l'expediteur et d'effacer immediatement cette communication de votre systeme. Any data and information contained in this electronic mail is personal, confidential and secret. Any total or partial publication, use or distribution must be authorized. If you are not the right addressee, we ask you not to read, copy, use or disclose this communication. Please notify this error to the sender and erase at once this communication from your system. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-announce] CESA-2015:1640 Moderate CentOS 6 pam Security Update
CentOS Errata and Security Advisory 2015:1640 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1640.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 290b2de5b11274bedd3dc14b63bacfc1794b2c4208e4e29979c4c7428eb7964f pam-1.1.1-20.el6_7.1.i686.rpm 6da9c1315ae8d24e44544eed02e3a9fe0c7eece7648bc5b52a3b65a46a86fec8 pam-devel-1.1.1-20.el6_7.1.i686.rpm x86_64: 290b2de5b11274bedd3dc14b63bacfc1794b2c4208e4e29979c4c7428eb7964f pam-1.1.1-20.el6_7.1.i686.rpm 6c9678f3372acbb5f652c2daf83c1f6ecd80b31b79c2b1b61c333c34a179dcdd pam-1.1.1-20.el6_7.1.x86_64.rpm 6da9c1315ae8d24e44544eed02e3a9fe0c7eece7648bc5b52a3b65a46a86fec8 pam-devel-1.1.1-20.el6_7.1.i686.rpm a39aae7c68c958278ba676170b8b8b29429cd74618f2dd1b5a7a6886cfa29458 pam-devel-1.1.1-20.el6_7.1.x86_64.rpm Source: a47936b7aad2c540af234b821224a9ece34577f1f9e6e94974cc91112e850bde pam-1.1.1-20.el6_7.1.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2015:1640 Moderate CentOS 7 pam Security Update
CentOS Errata and Security Advisory 2015:1640 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1640.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: e0d36e10c6878fa9f1b0b7e9dc15deb22d795925856826ecc8619fd322f23892 pam-1.1.8-12.el7_1.1.i686.rpm 95e6dfc467787bfe47414daa88e9ce701ead0b791e399f891f8cedbce99ff979 pam-1.1.8-12.el7_1.1.x86_64.rpm d45322823151e2f613dcbe6fb4f30a4c3136c5416a68aeb640c8e3d014c3f1d4 pam-devel-1.1.8-12.el7_1.1.i686.rpm 59ee244c96662c9b7a9a739d88f6a33b8821c3def4ee425cb4d9f98181685508 pam-devel-1.1.8-12.el7_1.1.x86_64.rpm Source: a2f8e35f3ab15ebd7821384966adee39e4efaa3cc1fdd0a26b80efdb92301e81 pam-1.1.8-12.el7_1.1.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS-docs] Russian wiki
On Tue, Aug 18, 2015 at 6:30 AM, Ilyas Arinov arinov.il...@gmail.com wrote: The same here, want to know how can I create russian wiki documentation pages to add and translate official contents. What is your wiki username? Akwmi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs