Re: [CentOS] Post-installation setup script for CentOS 7 servers

2019-11-17 Thread Nicolas Kovacs 

Le 17/11/2019 à 18:56, Jonathan Billings a écrit :
> You should never be using ntpdate anymore (which is why the ntp project is 
> deprecating it, http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate 
>  ).  I really only 
> ever suggest ntpd unless you’re running an NTP server that provides NTP 
> service to your network, and needs to supported time source hardware.  NTPd 
> actually worse for laptops and other devices with intermittent/congested 
> connections, and VMs that experience time jumps during migrations.  Chrony 
> also tends to use less RAM and power than NTPd due to how it does time 
> management and generally smaller footprint.

I know ntpdate has officially been deprecated for ages. This being said,
it works reliable when you have some serious lagging on the server.

> 
>> * firewalld: https://github.com/kikinovak/firewall 
>> 
> Kinda looks like you’ve reinvented the wheel here, breaking down firewall 
> rules into separate files and managed by a single service.  Plus, firewalld 
> supports ipsets along side iptables rules in C7, and uses nftables by default 
> in C8, keeping you with the fastest way of setting up rules.  But I get it, 
> not everyone cares for firewalld.  On c6, I managed the iptables file with a 
> template in configuration management, breaking up the individual config files 
> into separate, role-based chunks.  

This is probably my Slackware background, but for many years,
firewalling was essentially a shell script with iptables rules. From
this point of view, firewalld has reinvented the wheel, so I simply
stick with what works and what I'm familiar with. And since Linux obeys
the Great Rule of Herding Cats, along comes nftables. BTW, the file
snippets are just templates meant to be copy/pasted with Vim using split
mode. :o)


> 
>> * NetworkManager: great on laptops, useless on servers
> Untrue.  NM is great for servers.  I think I’ve told this story a dozen times 
> on this list, but nearly all our servers use NM.  We experienced a power 
> outage in our datacenter due to some clumsy UPS maintenance people, and when 
> power was restored to the floor, the servers booted faster than the 
> networking equipment.  Everything using the old ’network’ service booted up, 
> detected no network, and gave up and completed the boot, with no network at 
> all.  Had to visit the datacenter to reboot them.  All the NM systems had the 
> network start fail, and continued with the boot, and as soon as the interface 
> comes online, NM brings up the network and triggers all network-dependent 
> services to come online.  

Again, this is probably the ex-Slacker in me throwing all the junk out
and just keeping what's really needed.

Cheers & thanks for your detailed explanations. You've tickled my
curiosity, so as soon as I finish writing my current Linux book (around
X-mas I guess) I'll have a deeper look at all that stuff.

Niki


-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Post-installation setup script for CentOS 7 servers

2019-11-17 Thread Jonathan Billings 
On Nov 17, 2019, at 11:58 AM, Nicolas Kovacs  wrote
> * chrony: I'm using ntpd and ntpdate

You should never be using ntpdate anymore (which is why the ntp project is 
deprecating it, http://support.ntp.org/bin/view/Dev/DeprecatingNtpdate 
 ).  I really only ever 
suggest ntpd unless you’re running an NTP server that provides NTP service to 
your network, and needs to supported time source hardware.  NTPd actually worse 
for laptops and other devices with intermittent/congested connections, and VMs 
that experience time jumps during migrations.  Chrony also tends to use less 
RAM and power than NTPd due to how it does time management and generally 
smaller footprint.

> * firewalld: https://github.com/kikinovak/firewall 
> 

Kinda looks like you’ve reinvented the wheel here, breaking down firewall rules 
into separate files and managed by a single service.  Plus, firewalld supports 
ipsets along side iptables rules in C7, and uses nftables by default in C8, 
keeping you with the fastest way of setting up rules.  But I get it, not 
everyone cares for firewalld.  On c6, I managed the iptables file with a 
template in configuration management, breaking up the individual config files 
into separate, role-based chunks.  

Also, the ‘fail2ban’ service has firewalld support, which uses ipsets for its 
blocks, improving overall performance.

> * NetworkManager: great on laptops, useless on servers

Untrue.  NM is great for servers.  I think I’ve told this story a dozen times 
on this list, but nearly all our servers use NM.  We experienced a power outage 
in our datacenter due to some clumsy UPS maintenance people, and when power was 
restored to the floor, the servers booted faster than the networking equipment. 
 Everything using the old ’network’ service booted up, detected no network, and 
gave up and completed the boot, with no network at all.  Had to visit the 
datacenter to reboot them.  All the NM systems had the network start fail, and 
continued with the boot, and as soon as the interface comes online, NM brings 
up the network and triggers all network-dependent services to come online.  

NM supports event-based dispatching (in /etc/NetworkManager/dispatcher.d/) so 
you can run custom scripts when the network state changes.  NM in CentOS7 is a 
lot better than you had in C6, the default settings don’t restart the interface 
if you change the ifcfg-* files (a stupid problem in C6) and supports a lot 
more features like bridges and bonds that were missing in earlier versions.  
You can interact with it via dbus (if that’s your thing) and the nmcli tool is 
really handy for CLI-based settings. 

The only time I’ve seen a need to use the old network service was when I 
discovered that you can’t set custom routes on the loopback interface with NM, 
since it doesn’t manage the loopback interface.



--
Jonathan Billings

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Post-installation setup script for CentOS 7 servers

2019-11-17 Thread Nicolas Kovacs 
Le 17/11/2019 à 14:15, Jonathan Billings a écrit :
> I’m curious why you list these as “cruft” packages?
> 
> chrony
> firewalld
> iperf
> NetworkManager-libnm

* chrony: I'm using ntpd and ntpdate

* firewalld: https://github.com/kikinovak/firewall

* iperf: replaced by iperf3

* NetworkManager: great on laptops, useless on servers
> 
> Also, I’m sure it’s helpful for you, but setting all the default CentOS repos 
> to ones in France as a baseurl means that anyone using it would get that too, 
> so anyone thinking of forking the repo, don’t replace the CentOS repo files. 
> The mirrorlist url should give you geographically close mirrors. 

You're right. The main reason I did this is because some of my servers
are behind filtering proxies, and more often than not, CentOS mirrors
are blocked.

I have to think about a practical solution for this.

Thanks for the feedback !

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Download Red Hat Enterprise Linux (RHEL) 8.1.0 (for development use)

2019-11-17 Thread Turritopsis Dohrnii Teo En Ming 
Noted with thanks.

On Sun, 17 Nov 2019 at 21:42, Phil Perry  wrote:
>
> On 17/11/2019 13:31, Turritopsis Dohrnii Teo En Ming wrote:
> > Good day from Singapore,
> >
> > You can download Red Hat Enterprise Linux (RHEL) 8.1.0 (for
> > development use) from the following link.
> >
> > https://developers.redhat.com/products/rhel/download
> >
> > When will CentOS 8.1.0 become available?
> >
> > Thank you very much.
> >
>
> The CentOS project will release CentOS 8 as soon as it's ready. To get
> an idea of the steps involved to rebuild the necessary packages, take a
> look here (based upon the original 8.0 release, but same principles apply):
>
> https://wiki.centos.org/About/Building_8
>
> It's impossible for anyone to give any kind of detailed answer to your
> question as no one knows how long it will take to complete the required
> steps, but realistically it's likely to be anywhere from a few weeks to
> a few months depending how things go.
>
> Hope that helps
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

-BEGIN EMAIL SIGNATURE-

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: 
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html



Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017) and in Taiwan (5
Aug 2019):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-END EMAIL SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Download Red Hat Enterprise Linux (RHEL) 8.1.0 (for development use)

2019-11-17 Thread Phil Perry 

On 17/11/2019 13:31, Turritopsis Dohrnii Teo En Ming wrote:

Good day from Singapore,

You can download Red Hat Enterprise Linux (RHEL) 8.1.0 (for
development use) from the following link.

https://developers.redhat.com/products/rhel/download

When will CentOS 8.1.0 become available?

Thank you very much.



The CentOS project will release CentOS 8 as soon as it's ready. To get 
an idea of the steps involved to rebuild the necessary packages, take a 
look here (based upon the original 8.0 release, but same principles apply):


https://wiki.centos.org/About/Building_8

It's impossible for anyone to give any kind of detailed answer to your 
question as no one knows how long it will take to complete the required 
steps, but realistically it's likely to be anywhere from a few weeks to 
a few months depending how things go.


Hope that helps

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Download Red Hat Enterprise Linux (RHEL) 8.1.0 (for development use)

2019-11-17 Thread Turritopsis Dohrnii Teo En Ming 
Good day from Singapore,

You can download Red Hat Enterprise Linux (RHEL) 8.1.0 (for
development use) from the following link.

https://developers.redhat.com/products/rhel/download

When will CentOS 8.1.0 become available?

Thank you very much.




-BEGIN EMAIL SIGNATURE-

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: 
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html



Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017) and in Taiwan (5
Aug 2019):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-END EMAIL SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Post-installation setup script for CentOS 7 servers

2019-11-17 Thread Jonathan Billings 
On Nov 17, 2019, at 05:11, Nicolas Kovacs  wrote:
> 
> I just sanded down the remaining edges of my CentOS 7 post-install
> configuration script and published it on a Github repository, along with
> some detailed instructions.
> 
>  * https://github.com/kikinovak/centos-setup
> 
> Feel free to use it (and/or adapt it to your needs).

I’m curious why you list these as “cruft” packages?

chrony
firewalld
iperf
NetworkManager-libnm

They are all removed as per of the “setup” command you provided. You remove the 
default NTP service, you disable the default firewall (although you do install 
iptables-service in base.txt) and you hobble NetworkManager. 

Also, I’m sure it’s helpful for you, but setting all the default CentOS repos 
to ones in France as a baseurl means that anyone using it would get that too, 
so anyone thinking of forking the repo, don’t replace the CentOS repo files. 
The mirrorlist url should give you geographically close mirrors. 


--
Jonathan Billings

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Post-installation setup script for CentOS 7 servers

2019-11-17 Thread Nicolas Kovacs 
Hi,

I just sanded down the remaining edges of my CentOS 7 post-install
configuration script and published it on a Github repository, along with
some detailed instructions.

  * https://github.com/kikinovak/centos-setup

Feel free to use it (and/or adapt it to your needs).

Cheers from the sunny South of France,

Niki
-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos