[CentOS] Redirect output from python script with systemd

[C. L. Martinez]

Hi all,

 I need to redirect an output from python script that runs as a systemd 
service. I have tried to redirect its output in Exec statement without luck. I 
have tried to use StandardOutput and StandardError options also, but outpu log 
goes to /var/log/messages.

 Any tip?

Thanks.
-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: Problems with NextCloud 13.0.1 under Centos7

[C. L. Martinez]

Hi all,

 I have a strange problem with a clean NextCloud 13.0.1 install under
CentOS 7 (fully patched): when I try to login with admin user immediately
after setup, returns to login page without returning any error.

 An no errors in nginx or php log files ...

 I am using the following components:

 rh-php71
 rh-mariadb102
 nginx 1.12

 Any idea?

Many thanks.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Unbound question: forward-zone and stub-zone

[C. L. Martinez]

Hi all,

 I have a strange case with unbound ... I have defined a stub-zone to query to 
a secondary DNS server:

stub-zone:
name: "mydomain.org"
stub-addr: 172.22.54.4

stub-zone:
name: "54.22.172.in-addr.arpa."
stub-addr: 172.22.54.4

 ... but it doesn't works: any hostname or IP address is resolved. But if I use 
"forward":

forward-zone:
name: "mydomain.org"
forward-addr: 172.22.54.4

forward-zone:
name: "54.22.172.in-addr.arpa."
forward-addr: 172.22.54.4

 all works ok. Then, which is the real difference between stub and forward 
zones?

 According to unbound's man page, stub-zone is used for authority servers, 
which is my case. But forward zones are valid for not authority servers. On the 
other side: "unbound performs the recursive processing itself for stub zones." 
¿¿¿??? How?? Why?? If I use a stub-zone, it is because I have an authority 
server with recursion for its SOA domain ...

 I don't understand ... What is the correct configuration?

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Some problemas working with network namespaces

[C. L. Martinez]

Hi all,

 I am trying to virtually connect two bridges on different network namespaces 
inside a CentOS KVM host. I have tried different configs, but this is the most 
closer than I can test:

ip netns add pubnet
ip netns exec pubnet ip link set dev lo up
ip netns exec pubnet ifup pubif2
ip link add dev vethpubif1 type veth peer name vethpubif2
ovs-vsctl add-port pubif1 vethpubif1
ip link set vethpubif2 netns pubnet
ip netns exec pubnet brctl addif pubif2 vethpubif2
ip link set dev vethpubif1 up
ip netns exec pubnet ip link set dev vethpubif2 up

 Bridge in the root host network namespace is openvswitch based, and bridge 
inside pubnet's network namespace is brctl based. Using this config, vms 
attached to pubif1 openvswitch based can't ping to vms connected to vms in 
pubif2 bridge.

 What am i doing wrong?

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with dnscrypt's package from EPEL

[C. L. Martinez]

Sorry Stephen. I have enabled another dnscrypt process in port 6355 to
test ... But no luck.

On the other side, I am not sure if dnscrypt the problem. I have
replaced unbound by dnsmasq and voila! ... All it is working very fast
(and dnsmasq only spends 75 MiB of RAM, when unbound spends 400 MiB).
And no more SERVFAIL errors ... But I don't understand where is the
problem with unbound.conf's file then. Using same config for dnscrypt
and unbound in a FreeBSD vm, all works ok.

On Sun, Dec 10, 2017 at 8:10 PM, Stephen John Smoogen <smo...@gmail.com> wrote:
> Not sure if this is a factor yet, but your forwardzone is looking for
> 3 ports but only 2 ports are configured in the systemd startup.. so
> are 1/3 of all lookups going to fail? Or is the 6355 a 'given' (aka it
> will be set up whether 6353 and 6354 are setup?)
>
> On 9 December 2017 at 16:45, C. L. Martinez <carlopm...@gmail.com> wrote:
>> On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote:
>>> On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:
>>> > On 9 December 2017 at 14:04, C. L. Martinez <carlopm...@gmail.com> wrote:
>>> > > Hi all,
>>> > >
>>> > >  I have installed dnscrypt's rpm package from EPEL repo under a CentOS 
>>> > > 7.4 and using unbound as a resolver. But, I see constant timeouts and 
>>> > > responses are very slow ... Using same config in a Debian 9 virtual 
>>> > > machine, all works ok.
>>> > >
>>> > >  I think the problem is with dnscrypt's rpm package provided by EPEL. 
>>> > > Anyone have seen similar problems?
>>> > >
>>> >
>>> > Can you give some more information on what you are seeing and how you
>>> > have it set up? I can try to duplicate it in EPEL and/or put in bugs
>>> > on the package.
>>> >
>>> >
>>>
>>> Of course and thanks in advance Stephen. My dnscrypt startup scripts use 
>>> the following options:
>>>
>>> [Service]
>>> Type=forking
>>> PIDFile=/var/run/dnscrypt-cs.pid
>>> ExecStart=/usr/sbin/dnscrypt-proxy \
>>>   --daemonize \
>>>   --user=nobody \
>>>   --pidfile=/var/run/dnscrypt-cs.pid \
>>>   --ephemeral-keys \
>>>   --resolver-name=cs-fi \
>>>   --logfile=/tmp/cs.log \
>>>   --local-address=127.0.0.1:6354
>>> Restart=on-abort
>>>
>>> [Service]
>>> Type=forking
>>> PIDFile=/var/run/dnscrypt-ipredator.pid
>>> ExecStart=/usr/sbin/dnscrypt-proxy \
>>>   --daemonize \
>>>   --user=nobody \
>>>   --pidfile=/var/run/dnscrypt-ipredator.pid \
>>>   --ephemeral-keys \
>>>   --resolver-name=ipredator \
>>>   --logfile=/tmp/ipredator.log \
>>>   --local-address=127.0.0.1:6353
>>> Restart=on-abort
>>>
>>> And unbound.conf is:
>>>
>>> server:
>>>   interface: 127.0.0.1
>>>   interface: 172.22.54.4
>>>   interface: ::1
>>>   port: 53
>>>   do-ip6: no
>>>   do-udp: yes
>>>   do-tcp: yes
>>>   num-threads: 1
>>>
>>>   access-control: 0.0.0.0/0 refuse
>>>   access-control: 127.0.0.0/8 allow
>>>   access-control: ::0/0 refuse
>>>   access-control: ::1 allow
>>>   access-control: 172.22.54.0/29 allow
>>>   access-control: 172.22.55.1 allow
>>>
>>>   hide-identity: yes
>>>   hide-version: yes
>>>
>>>   do-not-query-localhost: no
>>>   val-permissive-mode: yes
>>>   val-clean-additional: yes
>>>   module-config: "validator iterator"
>>
>> Oops .. sorry. There are more options in unbound.conf's file:
>>
>> remote-control:
>> control-enable: yes
>> control-use-cert: yes
>> control-interface: 127.0.0.1
>>
>> forward-zone:
>> name: "."
>> forward-addr: 127.0.0.1@6353
>> forward-addr: 127.0.0.1@6354
>> forward-addr: 127.0.0.1@6355
>>
>> Sorry.
>>
>> --
>> Greetings,
>> C. L. Martinez
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>
>
>
> --
> Stephen J Smoogen.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with dnscrypt's package from EPEL

[C. L. Martinez]

On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote:
> On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:
> > On 9 December 2017 at 14:04, C. L. Martinez <carlopm...@gmail.com> wrote:
> > > Hi all,
> > >
> > >  I have installed dnscrypt's rpm package from EPEL repo under a CentOS 
> > > 7.4 and using unbound as a resolver. But, I see constant timeouts and 
> > > responses are very slow ... Using same config in a Debian 9 virtual 
> > > machine, all works ok.
> > >
> > >  I think the problem is with dnscrypt's rpm package provided by EPEL. 
> > > Anyone have seen similar problems?
> > >
> > 
> > Can you give some more information on what you are seeing and how you
> > have it set up? I can try to duplicate it in EPEL and/or put in bugs
> > on the package.
> > 
> > 
> 
> Of course and thanks in advance Stephen. My dnscrypt startup scripts use the 
> following options:
> 
> [Service]
> Type=forking
> PIDFile=/var/run/dnscrypt-cs.pid
> ExecStart=/usr/sbin/dnscrypt-proxy \
>   --daemonize \
>   --user=nobody \
>   --pidfile=/var/run/dnscrypt-cs.pid \
>   --ephemeral-keys \
>   --resolver-name=cs-fi \
>   --logfile=/tmp/cs.log \
>   --local-address=127.0.0.1:6354
> Restart=on-abort
> 
> [Service]
> Type=forking
> PIDFile=/var/run/dnscrypt-ipredator.pid
> ExecStart=/usr/sbin/dnscrypt-proxy \
>   --daemonize \
>   --user=nobody \
>   --pidfile=/var/run/dnscrypt-ipredator.pid \
>   --ephemeral-keys \
>   --resolver-name=ipredator \
>   --logfile=/tmp/ipredator.log \
>   --local-address=127.0.0.1:6353
> Restart=on-abort
> 
> And unbound.conf is: 
> 
> server:
>   interface: 127.0.0.1
>   interface: 172.22.54.4
>   interface: ::1
>   port: 53
>   do-ip6: no
>   do-udp: yes
>   do-tcp: yes
>   num-threads: 1
> 
>   access-control: 0.0.0.0/0 refuse
>   access-control: 127.0.0.0/8 allow
>   access-control: ::0/0 refuse
>   access-control: ::1 allow
>   access-control: 172.22.54.0/29 allow
>   access-control: 172.22.55.1 allow
> 
>   hide-identity: yes
>   hide-version: yes
> 
>   do-not-query-localhost: no
>   val-permissive-mode: yes
>   val-clean-additional: yes
>   module-config: "validator iterator"

Oops .. sorry. There are more options in unbound.conf's file:

remote-control:
control-enable: yes
control-use-cert: yes
control-interface: 127.0.0.1

forward-zone:
name: "."
forward-addr: 127.0.0.1@6353
forward-addr: 127.0.0.1@6354
forward-addr: 127.0.0.1@6355

Sorry.

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with dnscrypt's package from EPEL

[C. L. Martinez]

On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:
> On 9 December 2017 at 14:04, C. L. Martinez <carlopm...@gmail.com> wrote:
> > Hi all,
> >
> >  I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 
> > and using unbound as a resolver. But, I see constant timeouts and responses 
> > are very slow ... Using same config in a Debian 9 virtual machine, all 
> > works ok.
> >
> >  I think the problem is with dnscrypt's rpm package provided by EPEL. 
> > Anyone have seen similar problems?
> >
> 
> Can you give some more information on what you are seeing and how you
> have it set up? I can try to duplicate it in EPEL and/or put in bugs
> on the package.
> 
> 

Of course and thanks in advance Stephen. My dnscrypt startup scripts use the 
following options:

[Service]
Type=forking
PIDFile=/var/run/dnscrypt-cs.pid
ExecStart=/usr/sbin/dnscrypt-proxy \
--daemonize \
--user=nobody \
--pidfile=/var/run/dnscrypt-cs.pid \
--ephemeral-keys \
--resolver-name=cs-fi \
--logfile=/tmp/cs.log \
--local-address=127.0.0.1:6354
Restart=on-abort

[Service]
Type=forking
PIDFile=/var/run/dnscrypt-ipredator.pid
ExecStart=/usr/sbin/dnscrypt-proxy \
--daemonize \
--user=nobody \
--pidfile=/var/run/dnscrypt-ipredator.pid \
--ephemeral-keys \
--resolver-name=ipredator \
--logfile=/tmp/ipredator.log \
--local-address=127.0.0.1:6353
Restart=on-abort

And unbound.conf is: 

server:
interface: 127.0.0.1
interface: 172.22.54.4
interface: ::1
port: 53
do-ip6: no
do-udp: yes
do-tcp: yes
num-threads: 1

access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: ::0/0 refuse
access-control: ::1 allow
access-control: 172.22.54.0/29 allow
access-control: 172.22.55.1 allow

hide-identity: yes
hide-version: yes

do-not-query-localhost: no
val-permissive-mode: yes
    val-clean-additional: yes
module-config: "validator iterator"
-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Problems with dnscrypt's package from EPEL

[C. L. Martinez]

Hi all,

 I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 and 
using unbound as a resolver. But, I see constant timeouts and responses are 
very slow ... Using same config in a Debian 9 virtual machine, all works ok.

 I think the problem is with dnscrypt's rpm package provided by EPEL. Anyone 
have seen similar problems?

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Install virtual guest from console

[C. L. Martinez]

HI all,

 Is it possible to install a virtual guest (FreeBSD and OpenBSD
mainly) from kvm host's console? I have tried to do some search about
this but I haven't found anything about it.

 My idea is to launch "virsh start guest1" and inmediately "virsh
console guest1", but it doesn't works until serial console is
configured inside guest 

Any tip?

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] systemd-journald errors

[C. L. Martinez]

On Sun, Oct 29, 2017 at 07:54:50AM +, C. L. Martinez wrote:
> Hi all,
> 
>  I have 5 CentOS 7 virtual guests installed (all fully patched to latest 
> release) and i have the following error in all of them:
> 
> systemd-journald[7779]: File 
> /run/log/journal/b4a41f4214ca44f898638301891a6f2e/system.journal corrupted or 
> uncleanly shut down, renaming and replacing.
> 
>  ?? .. And I don't understand why. I have configured "Storage=volatile" in 
> journald.conf ...
> 
>  How can I debug this error? Is it possible to disable systemd-journald 
> thoroughly?
> 
> Thanks
> -- 
> Greetings,
> C. L. Martinez

Yep, I have changed "Storage=none" in journald.conf's file and now:

[  173.254585] INFO: rcu_sched self-detected stall on CPU { 0}  (t=104510 
jiffies g=2869 c=2868 q=8)
[  173.255985] Task dump for CPU 0:
[  173.256473] swapper/0   R  running task0 0  0 0x
[  173.257557]  819f9480 0d5a685ae9da1018 88004fc03db8 
810c3aa8
[  173.258744]   81a550c0 88004fc03dd0 
810c7439
[  173.259928]  0001 88004fc03e00 81137b20 
88004fc10260
[  173.261158] Call Trace:
[  173.261533][] sched_show_task+0xa8/0x110
[  173.262502]  [] dump_cpu_task+0x39/0x70
[  173.263297]  [] rcu_dump_cpu_stacks+0x90/0xd0
[  173.264163]  [] rcu_check_callbacks+0x442/0x730
[  173.265054]  [] ? update_wall_time+0x26c/0x6c0
[  173.265936]  [] ? tick_sched_do_timer+0x50/0x50
[  173.266833]  [] update_process_times+0x46/0x80
[  173.267725]  [] tick_sched_handle+0x30/0x70
[  173.268565]  [] tick_sched_timer+0x39/0x80
[  173.269397]  [] __hrtimer_run_queues+0xd4/0x260
[  173.270287]  [] hrtimer_interrupt+0xaf/0x1d0
[  173.271140]  [] local_apic_timer_interrupt+0x35/0x60
[  173.272097]  [] smp_apic_timer_interrupt+0x3d/0x50
[  173.273023]  [] apic_timer_interrupt+0x6d/0x80
[  173.273898][] ? native_safe_halt+0x6/0x10
[  173.274872]  [] default_idle+0x1e/0xc0
[  173.275652]  [] arch_cpu_idle+0x26/0x30
[  173.276442]  [] cpu_startup_entry+0x14a/0x1c0
[  173.277322]  [] rest_init+0x77/0x80
[  173.278065]  [] start_kernel+0x439/0x45a
[  173.278865]  [] ? repair_env_string+0x5c/0x5c
[  173.279724]  [] ? early_idt_handler_array+0x120/0x120
[  173.280682]  [] x86_64_start_reservations+0x24/0x26
[  173.281616]  [] x86_64_start_kernel+0x14f/0x172

 ¿¿??? WTF??? ...

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] systemd-journald errors

[C. L. Martinez]

Hi all,

 I have 5 CentOS 7 virtual guests installed (all fully patched to latest 
release) and i have the following error in all of them:

systemd-journald[7779]: File 
/run/log/journal/b4a41f4214ca44f898638301891a6f2e/system.journal corrupted or 
uncleanly shut down, renaming and replacing.

 ?? .. And I don't understand why. I have configured "Storage=volatile" in 
journald.conf ...

 How can I debug this error? Is it possible to disable systemd-journald 
thoroughly?

Thanks
-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Error "corrupted or uncleanly shut down, renaming and replacing" in CentOS 7 clean install

[C. L. Martinez]

Hi all,

 I have installed two new CentOS 7.1708 (fully patched, kernel release is 
3.10.0-693.2.2.el7.x86_64) as virtual guests, one is using lvm and the other 
not and both use XFS as filesystem. In both, I see the following systemd's 
error after a few minutes:

systemd-journald[779]: File 
/run/log/journal/3abe0470ce564669b797cb4c416f1ac0/system.journal corrupted or 
uncleanly shut down, renaming and replacing.

 Is it a bug? Or do I need to change some option in journald.conf's file? 
Actually, I have changed Storage's option to "volatile".

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ovirt-engine package for oVirt 4.1.x in CentOS offical mirrors disappears?

[C. L. Martinez]

Then, can I use both at the same time under oVirt engine host or only
official oVirt repo?

On Sun, Aug 13, 2017 at 2:16 PM, Barak Korren <bkor...@redhat.com> wrote:
> On 13 August 2017 at 15:12, C. L. Martinez <carlopm...@gmail.com> wrote:
>>
>>  I am trying to install oVirt 4.1.x from centos repos but it seems
>> ovirt-engine doesn't exists. But instead, ovirt-hosted-engine-setup
>> exists?
>>
>>  Is ovirt-engine package removed? In the official oVirt repos, exists.
>
> oVirt engine components are not included in CentOS, only dependencies
> required to set up an oVirt node.
>
> Please use the oVirt repos to install oVirt.
>
> --
> Barak Korren
> RHV DevOps team , RHCE, RHCi
> Red Hat EMEA
> redhat.com | TRIED. TESTED. TRUSTED. | redhat.com/trusted
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] ovirt-engine package for oVirt 4.1.x in CentOS offical mirrors disappears?

[C. L. Martinez]

Hi all,

 I am trying to install oVirt 4.1.x from centos repos but it seems
ovirt-engine doesn't exists. But instead, ovirt-hosted-engine-setup
exists?

 Is ovirt-engine package removed? In the official oVirt repos, exists.

Thanks.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] ovirt-engine package for oVirt 4.1.x

[C. L. Martinez]

Hi all,

 I am trying to install oVirt 4.1.x from centos repos but it seems
ovirt-engine doesn't exists. But instead, ovirt-hosted-engine-setup
exists?

 Is ovirt-engine package removed? In official oVirt repos, exists.

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] Using ssd disks for kvm guests

[C. L. Martinez]

Hi all,

Recently I have acquired a supermicro e200-8d micro server to use it as my
homelab.  It is equipped with two ssd disks.

 My idea is to install several kvm guests on it, but I have some doubts
about what type of filesystem (ext4 or xfs?) or block to use (lvm).

 Recommendations? Do I need to accomplish some type of running if I choose
to use ext4 or xfs??

Thanks.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Lightweight alternative to virt-manager

[C. L. Martinez]

Many thanks for your inputs. I will try what will suit for my needs

On Tuesday, July 4, 2017, -=X.L.O.R.D=- <xlord...@gmail.com> wrote:

> Dear C. L. Martinez,
> The simplest way for lightweight for you is with VNC from your Win/Mac to
> the virt host VNC remote desktop or just a SHELL.
> Its done!
>
> Xlord
>
> -Original Message-
> From: CentOS-virt [mailto:centos-virt-boun...@centos.org <javascript:;>]
> On Behalf Of Nux!
> Sent: Tuesday, July 4, 2017 6:36 PM
> To: Discussion about the virtualization on CentOS <centos-virt@centos.org
> <javascript:;>>
> Subject: Re: [CentOS-virt] Lightweight alternative to virt-manager
>
> Your best bet is running virt-manager via SSH X11 forwarding.
> In all my searches I have not met a reasonable replacement for it alas,
> everything else is either very buggy or bloated or both.
> (Which is why customers go for Xenserver and Hyperv).
>
> Somewhat offtopic, I can also recommend Proxmox if you're not really
> adamant
> on staying on CentOS, it's basically Xenserver-like, but on top of
> Debian/KVM; really nice UI and set of features.
>
> HTH
>
> --
> Sent from the Delta quadrant using Borg technology!
>
> Nux!
> www.nux.ro
>
> - Original Message -
> > From: "C. L. Martinez" <carlopm...@gmail.com <javascript:;>>
> > To: "Discussion about the virtualization on CentOS"
> > <centos-virt@centos.org <javascript:;>>
> > Sent: Tuesday, 4 July, 2017 07:13:33
> > Subject: [CentOS-virt] Lightweight alternative to virt-manager
>
> > Hi all,
> >
> > Anyone knows any lightweight alternative to virt-manager that works
> > with linux, Windows and macos?
> >
> > Searching I have found ovirt only but it is too heavy.
> >
> > Thanks
> >
> > ___
> > CentOS-virt mailing list
> > CentOS-virt@centos.org <javascript:;>
> > https://lists.centos.org/mailman/listinfo/centos-virt
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org <javascript:;>
> https://lists.centos.org/mailman/listinfo/centos-virt
>
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org <javascript:;>
> https://lists.centos.org/mailman/listinfo/centos-virt
>
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Lightweight alternative to virt-manager

[C. L. Martinez]

Hi all,

Anyone knows any lightweight alternative to virt-manager that works with
linux, Windows and macos?

Searching I have found ovirt only but it is too heavy.

Thanks
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] Centos7 on MacBook air 2017 model

[C. L. Martinez]

Hi all,

Anyone have tried to install centos7 in kaby lake model or almost in
previous model (2015 if I am not wrong). Experiences?? Is refind needed??

Thanks.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: Firefox lockdown policies for CentOS7 desktops

[C. L. Martinez]

Hi all,

 I am doing some tests with my CentOS7 desktop. I have configured a policy to 
lockdown Chrome/Chromium browsers and it works perfectly. And I am trying to 
the same for Firefox browsers but Firefox's docs are really "hard" to 
understand.

 I have the following stopper points:

 a/ what is the "real" system wide's config file: firefox.js, sysprefs.js or 
local-settings.js/mozilla.cfg ?
 b/ And what is the real directory: "/etc/firefox", 
"/usr/lib/firefox/defaults/pref" or which??
 c/ Is it possible to download and install addons using system wide's policy? 
For example with Chrome/Chromium you can use "ExtensionInstallForcelist" option.
 d/ Where can I found all the options :)?

Many thanks

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Controlling Chrome via policy (SOLVED)

[C. L. Martinez]

On Sat, Apr 15, 2017 at 03:53:28PM +, C. L. Martinez wrote:
> Hi all,
> 
>  I have installed Google Chrome in two CentOS7 workstations. I would like to 
> setup some extensions by default and install automatically. Reading 
> Chrome/Chromium docs, it is possible to accomplish this using 
> master_preferences or via policy. According to Chromium's docs, policy files 
> needs to be installed under /etc/opt/chrome/policies/managed/ (for Chrome) or 
> /etc/chromium/policies/managed/ (for Chromium). I have tried to create a JSON 
> file (custom.json) with my options, but no go. What am I doing wrong?
> 
>  On the other side, according to Chromium's docs, master_preferences needs to 
> be placed under dir where chrome binary is. Tried and no go.
> 
>  Any light on this?
> 
> Thanks.
> 
For the record, problem is solved. Problem was how I have defined 
"HomepageLocation" option. It was wrong.

Thanks

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: Controlling Chrome via policy

[C. L. Martinez]

Hi all,

 I have installed Google Chrome in two CentOS7 workstations. I would like to 
setup some extensions by default and install automatically. Reading 
Chrome/Chromium docs, it is possible to accomplish this using 
master_preferences or via policy. According to Chromium's docs, policy files 
needs to be installed under /etc/opt/chrome/policies/managed/ (for Chrome) or 
/etc/chromium/policies/managed/ (for Chromium). I have tried to create a JSON 
file (custom.json) with my options, but no go. What am I doing wrong?

 On the other side, according to Chromium's docs, master_preferences needs to 
be placed under dir where chrome binary is. Tried and no go.

 Any light on this?

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Network isolation for KVM guests (SOLVED)

[C. L. Martinez]

This can be if one of these interfaces isn't a wireless nic. But I need to use 
a wireless nic and another phys nic.

At least, I have solved the problem using network namespaces. All works ok and 
expected now.

Many thanks to all for your help

On Tue, Apr 04, 2017 at 10:39:05AM +0100, Nux! wrote:
> Just create a bridge, hook the host physical interface that you want in it, 
> hook the VMs interface in it, done.
> No need for passthrough.
> 
> This can be done via libvirt/virsh or if a UI is wanted then virt-manager 
> makes this really easy.
> 
> Now assign an IP in the VM and it should work. You don't need to assign any 
> IP on he host interface itself. Rinse and repeat for the rest of the 
> interfaces.
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
> Nux!
> www.nux.ro
> 
> - Original Message -
> > From: "C. L. Martinez" <carlopm...@gmail.com>
> > To: "Discussion about the virtualization on CentOS" <centos-virt@centos.org>
> > Sent: Friday, 31 March, 2017 19:18:43
> > Subject: Re: [CentOS-virt] Network isolation for KVM guests
> 
> > On Fri, Mar 31, 2017 at 05:06:53PM +0200, Sven Kieske wrote:
> >> On 31/03/17 15:55, C. L. Martinez wrote:
> >> > I need to attach two physical interfaces to a guest and these phy 
> >> > interfaces
> >> > have IP and routes assigned and I need to get them off the main routing 
> >> > table.
> >> 
> >> I do not understand this.
> >> 
> >> You can attach a physical (or virtual, doesn't matter), interface to any
> >> given vm, without assigning routes or IPs to these interfaces directly.
> > 
> > No, I can't because this host doesn't support PCI passthrough. One of these
> > interfaces is a wireless nic.
> > 
> >> 
> >> Just do the network configuration inside the vm, and the routing, well
> >> on your router? You will just need the route for the vm networks on your
> >> host, but what is your attack scenario to keep this separated from other
> >> routes on this host? you need at least CAP_NET_ADMIN to fiddle with those.
> > 
> > How? If the same host routes Internet traffic in the main routing table I 
> > expose
> > host's services to Internet.
> > 
> >> 
> >> --
> >> Mit freundlichen Grüßen / Regards
> >> 
> >> Sven Kieske
> >> 
> >> Systemadministrator
> >> Mittwald CM Service GmbH & Co. KG
> >> Königsberger Straße 6
> >> 32339 Espelkamp
> >> T: +495772 293100
> >> F: +495772 29
> >> https://www.mittwald.de
> >> Geschäftsführer: Robert Meyer
> >> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> >> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> >> 
> > 
> > 
> > 
> > 
> >> ___
> >> CentOS-virt mailing list
> >> CentOS-virt@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos-virt
> > 
> > 
> > --
> > Greetings,
> > C. L. Martinez
> > ___
> > CentOS-virt mailing list
> > CentOS-virt@centos.org
> > https://lists.centos.org/mailman/listinfo/centos-virt
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Network isolation for KVM guests

[C. L. Martinez]

On Fri, Mar 31, 2017 at 05:06:53PM +0200, Sven Kieske wrote:
> On 31/03/17 15:55, C. L. Martinez wrote:
> > I need to attach two physical interfaces to a guest and these phy 
> > interfaces have IP and routes assigned and I need to get them off the main 
> > routing table.
> 
> I do not understand this.
> 
> You can attach a physical (or virtual, doesn't matter), interface to any
> given vm, without assigning routes or IPs to these interfaces directly.

No, I can't because this host doesn't support PCI passthrough. One of these 
interfaces is a wireless nic.

> 
> Just do the network configuration inside the vm, and the routing, well
> on your router? You will just need the route for the vm networks on your
> host, but what is your attack scenario to keep this separated from other
> routes on this host? you need at least CAP_NET_ADMIN to fiddle with those.

How? If the same host routes Internet traffic in the main routing table I 
expose host's services to Internet.

> 
> -- 
> Mit freundlichen Grüßen / Regards
> 
> Sven Kieske
> 
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +495772 293100
> F: +495772 29
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
> 




> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt


-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Network isolation for KVM guests

[C. L. Martinez]

On Fri, Mar 31, 2017 at 06:14:22AM -0400, Dima (Dan) Yasny wrote:
> On Fri, Mar 31, 2017 at 5:56 AM, C. L. Martinez <carlopm...@gmail.com>
> wrote:
> 
> > On Thu, Mar 30, 2017 at 06:15:28PM +0100, Nux! wrote:
> > > Use libvirt with mac/ip spoofing enabled.
> > >
> > > https://libvirt.org/formatnwfilter.html
> > >
> > > https://libvirt.org/firewall.html
> > >
> > > --
> > > Sent from the Delta quadrant using Borg technology!
> > >
> > Thanks Nux and Kristian but I don't see if these solutions will be really
> > efective in my environment. Let me to explain. In this host I three
> > physical interfaces: eth0, eth1 and wlan0.
> >
> >  eth0 is connected to my internal network. eth1 is connected to a public
> > router and wlan0 is connected to another public router. wlan0 and eth1 are
> > bonded to provide failover Internet connections. CPU doesn't supports pci
> > passthrough (pci passthrough would solve my problems).
> >
> 
> If assigning a NIC directly to a VM would solve the problem, you could try
> using macvtap instead of PCI passthrough
> 
> 

Oops .. bad luck (according to https://access.redhat.com/solutions/1978833):

Does bridge/macvtap interfaces work on wireless interfaces in RHEL?
 SOLUTION VERIFIED - Updated October 2 2015 at 6:23 PM - English 
Environment

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Issue

If a bridge/macvtap interface is created using a wireless adapter, it fails to 
communicate. However, the wired physical ethernet card works without an issue
Resolution

Communication over an interface that's bridged with a wireless interface(Wi-Fi) 
won't work because most Access Points (APs) won't accept frames that have a 
source address that is not authenticated with the AP. The same holds true with 
APs that allow open authentication(without password)
Bridging can done only with physical ethernet controllers


-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Network isolation for KVM guests

[C. L. Martinez]

On Thu, Mar 30, 2017 at 06:15:28PM +0100, Nux! wrote:
> Use libvirt with mac/ip spoofing enabled.
> 
> https://libvirt.org/formatnwfilter.html
> 
> https://libvirt.org/firewall.html
> 
> --
> Sent from the Delta quadrant using Borg technology!
> 
Thanks Nux and Kristian but I don't see if these solutions will be really 
efective in my environment. Let me to explain. In this host I three physical 
interfaces: eth0, eth1 and wlan0.

 eth0 is connected to my internal network. eth1 is connected to a public router 
and wlan0 is connected to another public router. wlan0 and eth1 are bonded to 
provide failover Internet connections. CPU doesn't supports pci passthrough 
(pci passthrough would solve my problems).

 I need to deploy a fw vm to control traffic between internal and external 
interfaces. In BSD systems you can seggregate all ip address and route tables 
from principal routing table. It is the same effect that I would like to 
implement in this host.

 And I don't see how to implement using CentOS (or another linux distro). 

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Network isolation for KVM guests

[C. L. Martinez]

Hi all,

 What options exists under CentOS hosts to work with isolated networks?. For 
example, on BSD systems it is really trivial. In FreeBSD you can use setfib 
tools and on OpenBSD it is possible to use rdomain options. In 30 secs it is 
possible to work with isolated networks and assign process, ip address and 
routes (hidden from the main route table and ip addresses), etc.

 But I can't find a similar solution for CentOS environments. I have found two 
similar options:

 a/ Network namespaces (but doesn't provides a real network isolation)
 b/ VRF (but it is supported only for kernels 4.8 and up)

 Any ideas?

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] Using i3 wm under CentOS7

[C. L. Martinez]

Hi all,

 Anyone has installed i3 wm under CentOS7? Any samples? I have some doubts 
about to how to manage battery power, notifications, etc.

Thanks

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Running graphical applications from CentOS headless vm

[C. L. Martinez]

Hi all,

 I have installed a CentOS7 vm in my home server with all graphical tools 
installed: Gnome, Chrome, Tor Borwser, etc. My idea is to run these graphical 
applications from two MacOSX desktops. What I am looking for is something 
similar like Microsoft RDP services that supports copy and paste between client 
and server, sound, clipboard, etc ...

 I have seen a possible solution using xrdp: http://www.xrdp.org. But exists 
some other solution??

Thanks.
-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] USB passthrough for usb wireless nic adapter

[C. L. Martinez]

Hi all,

 I am trying to use usb passthrough for an usb wireless adapter to a
kvm guest under a CentOS7 host.

 Guest can connect to an AP and sometimes receives an IP and sometimes
not. But when and IP address is assigned by an AP (and defaultroute),
nothing works. If I try to resolv any host like for example
www.google.com, there is no result ... Trying to ping 8.8.8.8 doesn't
works also.

 Does usb passthrough works for usb wireless nic adapters? Or only for
storage devices?

Many thanks for your help.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Multiple problems with CentOS Atomic Host

[C. L. Martinez]

Hi all,

 I have installed Centos Atomic Host (latest, release: 
CentOS-Atomic-Host-7.1609-Installer.iso) in my KVM host laptop (RHEL 7.3 fully 
patched). But after install it a lot of problems appears.

 a/ Keyboard: I have selected spanish keyboard during install, but after first 
boot, keyboard is keymapped to us. Why? I have tried to change it via command 
line, without luck. Executing "localectl list-keymaps", returns this error: 
"Couldn't find any console maps". Maybe is it related to these bugs: 
https://bugzilla.redhat.com/show_bug.cgi?id=1186757 and 
https://bugzilla.redhat.com/show_bug.cgi?id=1235726??. RedHat knowledge article 
https://access.redhat.com/solutions/1562963

 b/ Network: same problem as with keyboard. I configured network adapter but 
after first boot, a docker0 bridge is created with a totally different IP 
address: 172.17.0.1/16. Why? Another bug?

 c/ Disk partitions: I have created the following partitions at first stage: 
/boot, swap, /, /tmp, /var ... and installation fails ... Selecting only /boot, 
swap and /, installation works ok, like it does with automatic partitionning 
... But, why?


 Seeing these problems, I am asking if CentOS Atomic Host is a ready to use 
product. To discard these problems, I have downloaded RedHat Atomic Host 7.3.1 
(latest production release) and same problems appears ...

 Are CentOS Atomic Host and RedHat Atomic Host ready to use products in 
production environments?? I think the answer is not ... In fact, they seems a 
really bad options to deploy docker containers ...

 Any input? Any idea to how to resolve these (startup) problems?

Many thanks and Happy New Year.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Running i386 guests under CentOS7 amd64 kvm host

[C. L. Martinez]

On Wed 30.Nov'16 at 23:00:47 +0800, -=X.L.O.R.D=- wrote:
> Dear Martinez,
> Hum...do you choose paravirtualized or fully virtualized?
> 
> Xlord

Sorry? There is not such option when you use KVM as a hypervisor ...

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Running i386 guests under CentOS7 amd64 kvm host

[C. L. Martinez]

On Wed 30.Nov'16 at  8:56:53 -0600, Robert Nichols wrote:
> On 11/30/2016 02:21 AM, C. L. Martinez wrote:
> > On Tue 29.Nov'16 at 11:54:10 -0600, Robert Nichols wrote:
> > > On 11/29/2016 08:46 AM, C. L. Martinez wrote:
> > > > On Tue 29.Nov'16 at 22:34:59 +0800, -=X.L.O.R.D=- wrote:
> > > > > Dear Martinez,
> > > > > You should be able to search the ubuntu  guest under virtManager from 
> > > > > CentOS
> > > > > desktop environment (Gnome for example).
> > > > > For New VM machine creation with Ubuntu guest, you just select OS type
> > > > > "Linux", Version " ubuntu12 " subject to available. Hope that helps!
> > > > > 
> > > > > Source:
> > > > > http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-kvm-qemu-on-cent
> > > > > os-7-rhel-7.html
> > > > > Source:
> > > > > https://raymii.org/s/articles/virt-install_introduction_and_copy_paste_distr
> > > > > o_install_commands.html
> > > > > 
> > > > > Xlord
> > > > 
> > > > Thanks XLord, but using virtual manager, there is not an option to 
> > > > select "i386" or "amd64" guest ...
> > > 
> > > In Step 5 of Create a New Virtual Machine, click on "Advanced options" 
> > > and you will find the architecture selection options "x86_64" and "i686".
> > > 
> > 
> > Thanks Bob, but there is not "Advanced options". I can use "Customize 
> > configuration before install", but if I use this option, architecture is 
> > fixed and it can not be changed ...
> > 
> > I am using virt-manager 1.2.1-8.el7.
> 
> Looks like it's absent in that version. It's there in 
> virt-manager-0.9.0-31.el6.x86_64.
> 
> -- 

But 0.9.0 is older than 1.2.1 ...

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Running i386 guests under CentOS7 amd64 kvm host

[C. L. Martinez]

On Tue 29.Nov'16 at 11:54:10 -0600, Robert Nichols wrote:
> On 11/29/2016 08:46 AM, C. L. Martinez wrote:
> > On Tue 29.Nov'16 at 22:34:59 +0800, -=X.L.O.R.D=- wrote:
> > > Dear Martinez,
> > > You should be able to search the ubuntu  guest under virtManager from 
> > > CentOS
> > > desktop environment (Gnome for example).
> > > For New VM machine creation with Ubuntu guest, you just select OS type
> > > "Linux", Version " ubuntu12 " subject to available. Hope that helps!
> > > 
> > > Source:
> > > http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-kvm-qemu-on-cent
> > > os-7-rhel-7.html
> > > Source:
> > > https://raymii.org/s/articles/virt-install_introduction_and_copy_paste_distr
> > > o_install_commands.html
> > > 
> > > Xlord
> > 
> > Thanks XLord, but using virtual manager, there is not an option to select 
> > "i386" or "amd64" guest ...
> 
> In Step 5 of Create a New Virtual Machine, click on "Advanced options" and 
> you will find the architecture selection options "x86_64" and "i686".
> 

Thanks Bob, but there is not "Advanced options". I can use "Customize 
configuration before install", but if I use this option, architecture is fixed 
and it can not be changed ...

I am using virt-manager 1.2.1-8.el7.

Mnay thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Running i386 guests under CentOS7 amd64 kvm host

[C. L. Martinez]

On Tue 29.Nov'16 at 22:34:59 +0800, -=X.L.O.R.D=- wrote:
> Dear Martinez,
> You should be able to search the ubuntu  guest under virtManager from CentOS
> desktop environment (Gnome for example).
> For New VM machine creation with Ubuntu guest, you just select OS type
> "Linux", Version " ubuntu12 " subject to available. Hope that helps!
> 
> Source:
> http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-kvm-qemu-on-cent
> os-7-rhel-7.html
> Source:
> https://raymii.org/s/articles/virt-install_introduction_and_copy_paste_distr
> o_install_commands.html
> 
> Xlord

Thanks XLord, but using virtual manager, there is not an option to select 
"i386" or "amd64" guest ...

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Running i386 guests under CentOS7 amd64 kvm host

[C. L. Martinez]

Hi all,

 Maybe it is a stupid question, but I a totally lost. When I try to configure 
an ubuntu i386 guest under CentOS7 amd64 kvm host (fully patched) using 
virt-manager, I can't select what architecture I want to use. If I try to 
change guest.xml using "virsh edit", I can do it, but guest doesn't starts ...

 Is it not possible to run i386 guests under CentOS7 amd64 kvm hosts??

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Bridging wireless interface for KVM guests

[C. L. Martinez]

Hi all,

 I am trying to configure wlan0 interface to use it with kvm guests. I
know that I need to use ebtables statements due to it is not possible
to link wlan0 interface with a bridge.

 I have followed Debian's tutorial:
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC
without luck.

 Someone have tried?? I am using CentOS 7 fully patched.

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Error doing PCI passthrough on CentOS 7.2

[C. L. Martinez]

On Wed 14.Sep'16 at  7:17:45 -0600, Alex Williamson wrote:
> On Wed, 14 Sep 2016 15:00:37 +0200
> Paolo Bonzini <pbonz...@redhat.com> wrote:
> 
> > On 14/09/2016 14:35, Sandro Bonazzola wrote:
> > > FYI
> > > 
> > > 
> > > -- Forwarded message --
> > > From: *C. L. Martinez* <carlopm...@gmail.com 
> > > <mailto:carlopm...@gmail.com>>
> > > Date: Tue, Sep 13, 2016 at 11:29 AM
> > > Subject: [CentOS-virt] Error doing PCI passthrough on CentOS 7.2
> > > To: centos-virt@centos.org <mailto:centos-virt@centos.org>
> > > 
> > > 
> > > Hi all,
> > > 
> > >  I am trying to configure a kvm guest using pci passthrough to pass it a
> > > wireless pci adapter (host is my personal laptop). But when I try to
> > > start it:
> > > 
> > > error: Failed to start domain obsdfw
> > > error: unsupported configuration: host doesn't support passthrough of
> > > host PCI devices  
> > 
> > What's the libvirt XML for the domain?
> > 
> > >  PCI passthrough is enabled:
> > > 
> > > [0.00] Command line:
> > > BOOT_IMAGE=/vmlinuz-3.10.0-327.28.3.el7.x86_64
> > > root=UUID=48220e4e-228c-42d9-a0af-482c2fc7c008 ro crashkernel=auto rhgb
> > > quiet intel_iommu=on
> > > [0.00] Kernel command line:
> > > BOOT_IMAGE=/vmlinuz-3.10.0-327.28.3.el7.x86_64
> > > root=UUID=48220e4e-228c-42d9-a0af-482c2fc7c008 ro crashkernel=auto rhgb
> > > quiet intel_iommu=on
> > > 
> > >  And supported according dmesg output:
> > > 
> > > root@lapdev01# dmesg | grep IOM
> > > [0.00] Intel-IOMMU: enabled  
> > 
> > Is the VFIO module installed, and can you see IOMMU groups in "ls -lR
> > /dev/vfio"?
> 
> What's the host processor model?  If this is the only line you see,
> chances are your processor doesn't support VT-d, this line is just an
> acknowledgment of the intel_iommu=on parameter, it doesn't indicate
> that it's really enabled as it implies.  The line you need to see is:
> 
>   DMAR: Intel(R) Virtualization Technology for Directed I/O
> 
> Find your processor on http://ark.intel.com/ and look for VT-d
> support.  Thanks,
> 
> Alex


Oops .. You are right Alex. My processor doesn't support VT-d according to 
Intel.

Many thanks for your help.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Error doing PCI passthrough on CentOS 7.2

[C. L. Martinez]

Hi all,

 I am trying to configure a kvm guest using pci passthrough to pass it a 
wireless pci adapter (host is my personal laptop). But when I try to start it:

error: Failed to start domain obsdfw
error: unsupported configuration: host doesn't support passthrough of host PCI 
devices

 PCI passthrough is enabled:

[0.00] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-327.28.3.el7.x86_64 
root=UUID=48220e4e-228c-42d9-a0af-482c2fc7c008 ro crashkernel=auto rhgb quiet 
intel_iommu=on
[0.00] Kernel command line: 
BOOT_IMAGE=/vmlinuz-3.10.0-327.28.3.el7.x86_64 
root=UUID=48220e4e-228c-42d9-a0af-482c2fc7c008 ro crashkernel=auto rhgb quiet 
intel_iommu=on

 And supported according dmesg output:

root@lapdev01# dmesg | grep IOM
[0.00] Intel-IOMMU: enabled

 As you can see in the following output, VT-d extensions are supported also:

root@lapdev01:~# cat /proc/cpuinfo | grep vmx
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology 
nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 
ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes 
xsave avx f16c rdrand lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi 
flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid 
xsaveopt
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology 
nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 
ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes 
xsave avx f16c rdrand lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi 
flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid 
xsaveopt
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology 
nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 
ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes 
xsave avx f16c rdrand lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi 
flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid 
xsaveopt
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology 
nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 
ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes 
xsave avx f16c rdrand lahf_lm abm ida arat epb pln pts dtherm tpr_shadow vnmi 
flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid 
xsaveopt

  CPU is a Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz (fam: 06, model: 45, 
stepping: 01), Westmere.

 Then, where is the problem?? I don't understand what I am doing wrong. CentOS 
is 7.2 release fully patched using qemu package from virt repo: 

qemu-kvm-ev-2.3.0-31.el7.16.1.x86_64
qemu-kvm-common-ev-2.3.0-31.el7.16.1.x86_64
qemu-img-ev-2.3.0-31.el7.16.1.x86_64

 Thanks.
-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Recommendation about an usb wireless adapter to use it as HostAP

[C. L. Martinez]

On Sat 10.Sep'16 at 10:12:26 -0700, Arun Khan wrote:
> On Fri, Sep 9, 2016 at 3:40 AM, C. L. Martinez <carlopm...@gmail.com> wrote:
> > Hi all,
> >
> >  I would like to install/test CentOS 7.X as a hostap for my home. I am 
> > thinking to use an Alfa (http://www.alfa.com.tw) usb wireless adapter or 
> > TP-Link.
> >BUt there is not much information in Alfa's or TP-Link's web sites about 
> >which of them can run as a HostAP.
> 
> I would suggest use openWRT -- it is designed for WiFi and the foot
> print is small (around 60MB).  It has a lot of additional packages
> (captive portal, WAN load balancing etc.) that you can install as per
> your needs.   I have used it on a Raspberry PI  with USB WiFi dongles
> (Realtek chip set).  You can conceivably run it as a virtual appliance
> with USB pass through to the h/w.
> 
> On Alpha's web site one of the slide show images show openWRT along
> with their USB WiFi adapter.
> I would suggest contact Alpha's Tech support to get specific model
> number and driver (chip set) it uses.  Also visit openWRT web site
> and/or mailing list.
> 
Many thanks fro your inputs, but I can't use a real wifi router. I need this 
usb adapter to connect two smartphones and a raspberry pi for my day to day 
job. The idea is to share laptop Internet's connection with these devices.


-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Recommendation about an usb wireless adapter to use it as HostAP

[C. L. Martinez]

Hi all,

 I would like to install/test CentOS 7.X as a hostap for my home. I am thinking 
to use an Alfa (http://www.alfa.com.tw) usb wireless adapter or TP-Link. BUt 
there is not much information in Alfa's or TP-Link's web sites about which of 
them can run as a HostAP. If I can find any adapter that supports ac with a 
throughput of 150 Mbps/300Mbps, it would be great.

 Any recommendation? Maybe AWUS036ACH and TP-TLW722N can supports this 
functionality, but I am not sure ...

 Thanks.
-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] No network using qemu-kvm-ev-2.3.0-31.el7.16.1

[C. L. Martinez]

Nop. Problem was with systemd-networkd. Using openvswitch of ifcfg-XXX config 
files, all works ok without problems.

On Mon 29.Aug'16 at 17:02:03 +0200, Kristián Feldsam wrote:
> Hello, this could be issue with firewall or netfilter on bridge
> 
> S pozdravem Kristián Feldsam
> Tel.: +420 773 303 353
> E-mail.: ad...@feldhost.cz
> 
> www.feldhost.cz - FeldHost poskytuje kvalitní hostingové a serverové služby 
> za příznivou cenu.
> 
> FELDSAM s.r.o.
> V rohu 434/3
> Praha 4 – Libuš, PSČ 142 00
> IČ: 290 60 958, DIČ: CZ290 60 958
> C 200350 vedená u Městského soudu v Praze
> 
> Banka: Fio banka a.s.
> Číslo účtu: 2400330446/2010
> BIC: FIOBCZPPXX
> IBAN: CZ82 2010  0024 0033 0446
> 
> > On 29 Aug 2016, at 16:52, -=X.L.O.R.D=- <xlord...@gmail.com> wrote:
> > 
> > Martinez,
> > Any more config you have checked for DNS resolution related? You can ping to
> > other host in the network right?
> > 
> > Xlord
> > 
> > -Original Message-
> > From: centos-virt-boun...@centos.org [mailto:centos-virt-boun...@centos.org]
> > On Behalf Of C. L. Martinez
> > Sent: Sunday, August 28, 2016 8:41 PM
> > To: centos-virt@centos.org
> > Subject: [CentOS-virt] No network using qemu-kvm-ev-2.3.0-31.el7.16.1
> > 
> > Hi all,
> > 
> > To do some tests, I have installed a new CentOS7 host (fully patched) using
> > qemu-kvm-ev-2.3.0-31.el7.16.1 instead of qemu-kvm's default package. And I
> > have problems with network inside my guests.
> > 
> > All guests can ping to CentOS host but nothing more: can't resolv dns
> > names, can access via tcp to other hosts, etc ... Using same config on other
> > CentOS7 host, but using default qemu-kvm package instead of
> > qemu-kvm-ev-2.3.0-31.el7.16.1, all works ok.
> > 
> > What am I doing wrong? Or is it a bug?
> > 
> > Thanks
> > 
> > -- 
> > Greetings,
> > C. L. Martinez
> > ___
> > CentOS-virt mailing list
> > CentOS-virt@centos.org
> > https://lists.centos.org/mailman/listinfo/centos-virt
> > 
> > ___________
> > CentOS-virt mailing list
> > CentOS-virt@centos.org
> > https://lists.centos.org/mailman/listinfo/centos-virt
> 
> ___
> CentOS-virt mailing list
> CentOS-virt@centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] No network using qemu-kvm-ev-2.3.0-31.el7.16.1

[C. L. Martinez]

Ok, problem is not with qemu-kvm-ev-2.3.0-31.el7.16.1 package, it is with 
systemd-networkd. I have installed openvswitch and all works ok. Then, my 
question, is why is it not possible to use systemd-networkd for configure 
virtual switches to use them with KVM guests in CentOS 7 (using for other 
things, they seem work ok)??

 In Ubuntu, Arch and Debian there is no problem with systemd-networkd 
configured bridges for KVM guests.

Any idea why ??

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] No network using qemu-kvm-ev-2.3.0-31.el7.16.1

[C. L. Martinez]

Hi all,

 To do some tests, I have installed a new CentOS7 host (fully patched) using 
qemu-kvm-ev-2.3.0-31.el7.16.1 instead of qemu-kvm's default package. And I have 
problems with network inside my guests.

 All guests can ping to CentOS host but nothing more: can't resolv dns names, 
can access via tcp to other hosts, etc ... Using same config on other CentOS7 
host, but using default qemu-kvm package instead of 
qemu-kvm-ev-2.3.0-31.el7.16.1, all works ok.

 What am I doing wrong? Or is it a bug?

Thanks

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] systemd-nspawn will replace lxc

[C. L. Martinez]

Hi all,

 It seems RH will deprecate LXC (https://access.redhat.com/articles/1365153) 
and will go to docker way (or maybe I am totally wrong). Is this true?? Will be 
systemd-nspawn a lightweight replacement for LXC containers??

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] Redhat Certificate System 9 in CentOS

[C. L. Martinez]

Hi all,

 Is RedHat Certificate System 9 based on Dogtag 9 or is it a different PKI 
implementation? I need to install a PKI infrastructure in my home lab to do 
some tests with different solutions that needs/use certificates and I have 
found Dogtag and RCS.

 Is RCS "backported" to CentOS?? Any software recommendation to manage 
(administer, maintain, etc.) PKI infrastructures under CentOS??

Thanks.

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with ProxyPass to a local ip (using SSL)

[C. L. Martinez]

On Tue  1.Mar'16 at 10:31:43 -0800, Gordon Messmer wrote:
> On 02/29/2016 05:19 AM, C. L. Martinez wrote:
> >But I am doing some mistakes because every time I'm receiving a loop error.
> ...
> >
> ...
> > ProxyPass / http://192.168.1.5:5100/
> > ProxyPassReverse / http://192.168.1.5:5100/
> > RewriteEngine On
> > RewriteRule ^/(.*) https://myweb01.local.domain:444/$1 [R,L]
> >
> >
> >  As you can see, I need to do a redirection to port 5100 from 444 port and 
> > protect it using ssl.
> 
> I think you need to figure out whether you want to proxy those requests or
> rewrite them.  You can't reasonably do both.
> 
> If you want to keep them SSL protected, then you don't need the rewrite rule
> at all.  Drop it.  Right now, you're redirecting clients to the same URL
> that they loaded to begin with, which is why your client is warning you
> about a loop.
> 
> 
Ok, problem solved. Finally, redirection needs to go to a tomcat server that 
use this commercial solution. Changing:

ProxyPass / http://192.168.1.5:5100/
ProxyPassReverse / http://192.168.1.5:5100/

to

ProxyPass / ajp://192.168.1.5:5100/
ProxyPassReverse / ajp://192.168.1.5:5100/

 ... problem solved.

Many thanks to all for your help.

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with ProxyPass to a local ip (using SSL)

[C. L. Martinez]

On Mon 29.Feb'16 at  9:05:13 -0800, Gordon Messmer wrote:
> On 02/29/2016 05:33 AM, C. L. Martinez wrote:
> >More info in my ssl_error.log:
> >
> >Mon Feb 29 14:32:06 2016] [info] [client 10.64.118.59] SSL handshake failed: 
> >HTTP spoken on HTTPS port; trying to send HTML error page
> >[Mon Feb 29 14:32:06 2016] [info] SSL Library Error: 336027804 
> >error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking 
> >HTTP to HTTPS port!?
> 
> Well, that just looks like you're making an http request instead of https in
> your browser.  It doesn't tell us anything about what's looping.

Right, this is due to the changes in the Rewrite rule. I am doing some 
modifications and now the only error is:

SSL Library Error: 336027804 error:1407609C:SSL 
routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?

 Any idea how to fix this??

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with ProxyPass to a local ip (using SSL)

[C. L. Martinez]

On Mon 29.Feb'16 at 13:19:07 +, C. L. Martinez wrote:
> Hi all,
> 
>  I am trying to setup an apache virtualhost under CentOS 6.7 that needs to 
> redirects requests from port 444 to port 5100 in its local ip. But I am doing 
> some mistakes because every time I'm receiving a loop error.
> 
>  My actual httpd's config for this virtualhost is:
> 
> NameVirtualHost 192.168.1.5:444
> 
>   ServerName myweb01.local.domain
>   ErrorLog logs/ssl_error.log
>   CustomLog logs/ssl_access.log combined
>   CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x 
> \"%r\" %b"
>   LogLevel info
>   SSLEngine on
>   SSLProxyEngine On
>   SSLProtocol -ALL +SSLv3 +TLSv1
>   SSLCipherSuite 
> ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
>   SSLCertificateFile /etc/httpd/certs/server.crt
>   SSLCertificateKeyFile /etc/httpd/certs/server.key
>   ProxyRequests Off
>   ProxyPreserveHost On
>   ProxyPass / http://192.168.1.5:5100/
>   ProxyPassReverse / http://192.168.1.5:5100/
>   RequestHeader set X-Forwarded-Proto "https"
>   RequestHeader set X-Forwarded-Port "444"
>   RewriteEngine On
>   RewriteRule ^/(.*) https://myweb01.local.domain:444/$1 [R,L]
> 
> 
>  As you can see, I need to do a redirection to port 5100 from 444 port and 
> protect it using ssl.
> 
>  I've configured iptables rules to drop connections to port 5100 directly:
> 
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 444 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
>  Any idea how to accomplish/resolve this?
> 
> Thanks.

More info in my ssl_error.log:

Mon Feb 29 14:32:06 2016] [info] [client 10.64.118.59] SSL handshake failed: 
HTTP spoken on HTTPS port; trying to send HTML error page
[Mon Feb 29 14:32:06 2016] [info] SSL Library Error: 336027804 
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP 
to HTTPS port!?


-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Problems with ProxyPass to a local ip (using SSL)

[C. L. Martinez]

Hi all,

 I am trying to setup an apache virtualhost under CentOS 6.7 that needs to 
redirects requests from port 444 to port 5100 in its local ip. But I am doing 
some mistakes because every time I'm receiving a loop error.

 My actual httpd's config for this virtualhost is:

NameVirtualHost 192.168.1.5:444

ServerName myweb01.local.domain
ErrorLog logs/ssl_error.log
CustomLog logs/ssl_access.log combined
CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x 
\"%r\" %b"
LogLevel info
SSLEngine on
SSLProxyEngine On
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite 
ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
SSLCertificateFile /etc/httpd/certs/server.crt
SSLCertificateKeyFile /etc/httpd/certs/server.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.1.5:5100/
ProxyPassReverse / http://192.168.1.5:5100/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "444"
RewriteEngine On
RewriteRule ^/(.*) https://myweb01.local.domain:444/$1 [R,L]


 As you can see, I need to do a redirection to port 5100 from 444 port and 
protect it using ssl.

 I've configured iptables rules to drop connections to port 5100 directly:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 444 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

 Any idea how to accomplish/resolve this?

Thanks.
-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

[C. L. Martinez]

On Thu  4.Feb'16 at 20:24:58 +0200, Eero Volotinen wrote:
> check out sslbump documentation:
> http://wiki.squid-cache.org/Features/SslBump
> 
> --
> Eero
> 
I have changed my ssl-bump options to "ssl_bump server-first all" only, but 
nothing ... It doesn't works.

Any more idea??

-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Squid as interception HTTPS proxy under CentOS 7

[C. L. Martinez]

On Thu, Feb 4, 2016 at 5:36 PM, Tris Hoar <trish...@bgfl.org> wrote:
> On 04/02/2016 13:24, C. L. Martinez wrote:
>>
>> Hi all,
>>
>>   I am trying to configure squid as a interception HTTPS proxy under
>> CentOS 7. At every https request, I am receiving a certificate error.
>>
>>   My current config for squid is:
>>
>> # My localnet
>> acl localnet src 172.22.55.0/28
>> acl localnet src 172.22.58.0/29
>>
>> acl SSL_ports port 443
>> acl Safe_ports port 80  # http
>> acl Safe_ports port 21  # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70  # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535  # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>>
>> #
>> # Recommended minimum Access Permission configuration:
>> #
>> # Deny requests to certain unsafe ports
>> http_access deny !Safe_ports
>>
>> # Deny CONNECT to other than secure SSL ports
>> http_access deny CONNECT !SSL_ports
>>
>> # Only allow cachemgr access from localhost
>> http_access allow localhost manager
>> http_access deny manager
>>
>> # We strongly recommend the following be uncommented to protect innocent
>> # web applications running on the proxy server who think the only
>> # one who can access services on "localhost" is a local user
>> #http_access deny to_localhost
>>
>> #
>> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
>> #
>>
>> # Example rule allowing access from your local networks.
>> # Adapt localnet in the ACL section to list your (internal) IP networks
>> # from where browsing should be allowed
>> http_access allow localnet
>> http_access allow localhost
>>
>> # And finally deny all other access to this proxy
>> http_access deny all
>>
>> # Squid normally listens to port 3128
>> #http_port 3128
>>
>> # Uncomment and adjust the following to add a disk cache directory.
>> #cache_dir ufs /var/spool/squid 100 16 256
>>
>> # Leave coredumps in the first cache dir
>> coredump_dir /var/spool/squid
>>
>> #
>> # Add any of your own refresh_pattern entries above these.
>> #
>> refresh_pattern ^ftp:   144020% 10080
>> refresh_pattern ^gopher:14400%  1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
>> refresh_pattern .   0   20% 4320
>>
>> # My custom configuration
>> http_port 8079
>> http_port 8080 intercept
>> https_port 8081 ssl-bump intercept generate-host-certificates=on
>> dynamic_cert_mem_cache_size=4MB key=/etc/squid/custom.private
>> cert=/etc/squid/custom.cert
>>
>> # Anonymous proxy
>> forwarded_for off
>> request_header_access Allow allow all
>> request_header_access Authorization allow all
>> request_header_access WWW-Authenticate allow all
>> request_header_access Proxy-Authorization allow all
>> request_header_access Proxy-Authenticate allow all
>> request_header_access Cache-Control allow all
>> request_header_access Content-Encoding allow all
>> request_header_access Content-Length allow all
>> request_header_access Content-Type allow all
>> request_header_access Date allow all
>> request_header_access Expires allow all
>> request_header_access Host allow all
>> request_header_access If-Modified-Since allow all
>> request_header_access Last-Modified allow all
>> request_header_access Location allow all
>> request_header_access Pragma allow all
>> request_header_access Accept allow all
>> request_header_access Accept-Charset allow all
>> request_header_access Accept-Encoding allow all
>> request_header_access Accept-Language allow all
>> request_header_access Content-Language allow all
>> request_header_access Mime-Version allow all
>> request_header_access Retry-After allow all
>> request_header_access Title allow all
>> request_header_access Connection allow all
>> request_header_access Proxy-Connection allow all
>> request_header_access User-Agent allow all
>> request_header_access Cookie allow all
>> request_header_access All deny all
>>
>> # SSL Bump Config
>> always_direct allow all
>> ssl_bump server-first all
>> sslproxy_cert_error deny all
>> sslproxy_flags DONT_VERIFY_PEER
>>
>>   I have tried disabling "sslproxy_cert_error" and "sslproxy_flags"
>> directives, without luck.
>>
>>   Any ideas about what am I doing wrong?
>>
>>   Thanks.
>>
>
> Do you have a copy of the Root CA you are using to re-encrypt the SSL stream
> installed in the browser?
>
> Tris
>

Yes, an every time I am receiving the same error:
NET::ERR_CERT_AUTHORITY_INVALID
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Where is QXL driver for Windows?

[C. L. Martinez]

On Thu  4.Feb'16 at  0:10:18 +0100, Alexander Dalloz wrote:
> Am 03.02.2016 um 22:29 schrieb Alexander Dalloz:
> >Am 03.02.2016 um 17:40 schrieb C. L. Martinez:
> >>Hi all,
> >>
> >>  Where can I found QXL driver for Windows 2012 R2/Windows 8.1? I
> >>don't see inside latest/stable iso images from fedoraproject ...
> >>
> >>Thanks.
> >>
> >
> >Don't know what you are checking, but it is definitely included in
> >
> >https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/latest-virtio/virtio-win.iso
> >
> >
> >Have used it myself just recently for a few Windows Server 2012 R2 VM
> >installs.
> >
> >Regards
> >
> >Alexander
> 
> Page
> 
> https://fedoraproject.org/wiki/Windows_Virtio_Drivers
> 
> states
> 
>  qxl/: QXL graphics driver for Windows 7 and earlier. (build
> virtio-win-0.1.103-1 and later)
>  qxldod/: QXL graphics driver for Windows 8 and later. (build
> virtio-win-0.1.103-2 and later)
> 
> So stable is not fresh enough while latest contains both.
> 
> Alexander

Got it. Many thanks Alexander. I have downloaded stable iso only ... Sorry.

-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] Squid as interception HTTPS proxy under CentOS 7

[C. L. Martinez]

Hi all,

 I am trying to configure squid as a interception HTTPS proxy under CentOS 7. 
At every https request, I am receiving a certificate error.

 My current config for squid is:

# My localnet
acl localnet src 172.22.55.0/28
acl localnet src 172.22.58.0/29

acl SSL_ports port 443
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
#http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320

# My custom configuration
http_port 8079
http_port 8080 intercept
https_port 8081 ssl-bump intercept generate-host-certificates=on 
dynamic_cert_mem_cache_size=4MB key=/etc/squid/custom.private 
cert=/etc/squid/custom.cert

# Anonymous proxy
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

# SSL Bump Config
always_direct allow all  
ssl_bump server-first all  
sslproxy_cert_error deny all  
sslproxy_flags DONT_VERIFY_PEER

 I have tried disabling "sslproxy_cert_error" and "sslproxy_flags" directives, 
without luck.

 Any ideas about what am I doing wrong?

 Thanks.
-- 
Greetings,
C. L. Martinez
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Where is QXL driver for Windows?

[C. L. Martinez]

Hi all,

 Where can I found QXL driver for Windows 2012 R2/Windows 8.1? I don't see 
inside latest/stable iso images from fedoraproject ...

Thanks.
-- 
Greetings,
C. L. Martinez
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Hostname inside lxc container

[C. L. Martinez]

On Thu, Jan 21, 2016 at 6:25 PM, Dennis Jacobfeuerborn
<denni...@conversis.de> wrote:
> On 21.01.2016 15:44, C. L. Martinez wrote:
>> Hi all,
>>
>>  I have installed a CentOS6 lxc guest under a Debian 8.x LXC host. All
>> it is working ok but I can't change the hostname for the centos6 lxc
>> container (it is using the same hostname from Debian host). I have
>> modifyed HOSTNAME under /etc/sysconfig/network and /etc/hosts file,
>> but it doesn't works.
>>
>>  Do I need to change anything else??
>
> These Files only persist the hostname. To actually set it live you have
> to call "hostname ". Your shell prompt will not change unless
> you log out and log in again though simply executing "hostname" without
> parameters should output the correct name right away.
>
> Keep in mind though that setting the hostname in a container requires
> explicit support for the UTS namespace on the host:
>
> http://man7.org/linux/man-pages/man7/namespaces.7.html
>
> If the host doesn't support the UTS namespace for its guests or this
> feature is not configured for the guest in question then setting the
> hostname in the guest is not possible.
>
> Regards,


Thanks Dennis. I have tried to fix using "hostname" command but after
reboot, returns to be the same hostname as Debian host. Debian kernel
has UTS enabled ...
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Hostname inside lxc container

[C. L. Martinez]

Hi all,

 I have installed a CentOS6 lxc guest under a Debian 8.x LXC host. All
it is working ok but I can't change the hostname for the centos6 lxc
container (it is using the same hostname from Debian host). I have
modifyed HOSTNAME under /etc/sysconfig/network and /etc/hosts file,
but it doesn't works.

 Do I need to change anything else??

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Install nested ESXi 6.x host under CentOS 7 kvm host

[C. L. Martinez]

Hi all,

 I am trying to install nested Esxi 6.x under a Centos7 kvm host to
use it as test lab for new ESXi versions, but I am doing something
wrong because I can't install it.

 I have configured kvm and kvm_intel modules with the following options:

options kvm ignore_msrs=1
options kvm_intel nested=1 ept=1

 and I add the following options in  xml guest file:

  
Westmere

  

qemu-kvm package is installed from Virtualization SIG:

qemu-kvm-common-ev-2.1.2-23.el7_1.8.1.x86_64
qemu-kvm-ev-2.1.2-23.el7_1.8.1.x86_64

 Am I doing something wrong or is it not possible to accomplish this scenario??

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Differences between qemu-kvm and qemu-kvm-ev

[C. L. Martinez]

Hi all,

 What are the real technical difference between qemu-kvm and
qemu-kvm-ev packages? What are the advantages to use qemu-kvm-ev (if
exists someone)?

 Or qemu-kvm-ev makes sense when is used with ovirt only??

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

On Tue, Oct 13, 2015 at 1:45 PM, Richard
<lists-cen...@listmail.innovate.net> wrote:
>
>> Date: Tuesday, October 13, 2015 13:41:56 +0000
>> From: "C. L. Martinez" <carlopm...@gmail.com>
>>
>>
>> On Tue, Oct 13, 2015 at 1:39 PM, Jonathan Billings
>> <billi...@negate.org> wrote:
>>> On Tue, Oct 13, 2015 at 06:24:19AM +, C. L. Martinez wrote:
>>>> For example: logwatch. Logwatch sends a daily email report about
>>>> system's health. I didn't received this email from October 9th
>>>> ... and email configuration is ok.
>>>
>>> So your problem is that cron jobs *DO NOT* run?
>>
>> Yes. that is the problem ... Sorry If I am not explained very
>> well.
>
> What does /var/log/cron show?

Nothing ... It is empty.

 Are the jobs triggered, but you don't
> get the expected output, or not triggered?

They are not triggered ...

>
> If not triggered, you might want to show your crontab entries.

I haven't entries in conrtab's users file at this moment, but I have
done a test: * * * * * ls -la, and it is not triggered. But like I say
before, installed system cronjobs like logwatch task are not triggered
...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

On Tue, Oct 13, 2015 at 1:58 PM, Richard
<lists-cen...@listmail.innovate.net> wrote:
>
>
>> Date: Tuesday, October 13, 2015 13:54:28 +0000
>> From: "C. L. Martinez" <carlopm...@gmail.com>
>>
>> On Tue, Oct 13, 2015 at 1:45 PM, Richard
>> <lists-cen...@listmail.innovate.net> wrote:
>>>
>>>> Date: Tuesday, October 13, 2015 13:41:56 +
>>>> From: "C. L. Martinez" <carlopm...@gmail.com>
>>>>
>>>>
>>>> On Tue, Oct 13, 2015 at 1:39 PM, Jonathan Billings
>>>> <billi...@negate.org> wrote:
>>>>> On Tue, Oct 13, 2015 at 06:24:19AM +, C. L. Martinez wrote:
>>>>>> For example: logwatch. Logwatch sends a daily email report
>>>>>> about system's health. I didn't received this email from
>>>>>> October 9th ... and email configuration is ok.
>>>>>
>>>>> So your problem is that cron jobs *DO NOT* run?
>>>>
>>>> Yes. that is the problem ... Sorry If I am not explained very
>>>> well.
>>>
>>> What does /var/log/cron show?
>>
>> Nothing ... It is empty.
>>
>>  Are the jobs triggered, but you don't
>>> get the expected output, or not triggered?
>>
>> They are not triggered ...
>>
>>>
>>> If not triggered, you might want to show your crontab entries.
>>
>> I haven't entries in conrtab's users file at this moment, but I
>> have done a test: * * * * * ls -la, and it is not triggered. But
>> like I say before, installed system cronjobs like logwatch task
>> are not triggered ...
>
> What is returned if you issue the command:
>
>   ps auxw | grep cron | grep -v grep
>

Cron service is running:

root   607  0.0  0.0 126304  1580 ?Ss   05:33   0:00
/usr/sbin/crond -n

And according to systemd, without problems:

crond.service - Command Scheduler
   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled)
   Active: active (running) since Tue 2015-10-13 05:33:28 UTC; 8h ago
 Main PID: 607 (crond)
   CGroup: /system.slice/crond.service
   └─607 /usr/sbin/crond -n
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

On Tue, Oct 13, 2015 at 1:39 PM, Jonathan Billings <billi...@negate.org> wrote:
> On Tue, Oct 13, 2015 at 06:24:19AM +0000, C. L. Martinez wrote:
>> For example: logwatch. Logwatch sends a daily email report about
>> system's health. I didn't received this email from October 9th ... and
>> email configuration is ok.
>
> So your problem is that cron jobs *DO NOT* run?

Yes. that is the problem ... Sorry If I am not explained very well.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

On Tue, Oct 13, 2015 at 2:35 PM, Jonathan Billings <billi...@negate.org> wrote:
> On Tue, Oct 13, 2015 at 02:04:49PM +0000, C. L. Martinez wrote:
>> And according to systemd, without problems:
>>
>> crond.service - Command Scheduler
>>Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled)
>>Active: active (running) since Tue 2015-10-13 05:33:28 UTC; 8h ago
>>  Main PID: 607 (crond)
>>CGroup: /system.slice/crond.service
>>└─607 /usr/sbin/crond -n
>
> Do you see anything helpful in the journal?
>
> run 'journalctl _SYSTEMD_UNIT=crond.service'
>

Nop, because binary logs (using journalctl) are disabled in this host
... But under /var/log/messages, there is no error ...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

On Tue, Oct 13, 2015 at 2:11 PM, Scott Robbins  wrote:
> On Tue, Oct 13, 2015 at 02:05:47PM +, Richard wrote:
>>
>>
>> >> If not triggered, you might want to show your crontab entries.
>> >
>> > I haven't entries in conrtab's users file at this moment, but I
>> > have done a test: * * * * * ls -la, and it is not triggered. But
>> > like I say before, installed system cronjobs like logwatch task
>> > are not triggered ...
>>
>> What is returned when you issue the commands:
>>
>>   ps auxw | grep cron | grep -v grep
>>
>
> Do you have spamassassin running on the machine?  I remember at one point,
> it was tagging the daily log messages as spam--this was awhile ago, I don't
> remember the details or even if I fixed it or it was fixed by an update.
>

No, it acts as a KVM server ...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

On Mon, Oct 12, 2015 at 12:15 AM, Gordon Messmer
<gordon.mess...@gmail.com> wrote:
> On 10/11/2015 09:38 AM, C. L. Martinez wrote:
>>
>> That's the problem. There is no error but any cron job configured runs..
>> And this is the cuestion: why any cron job works?.
>
>
> It's not clear what you're asking.  It would help if you replied with an
> example of a specific job that's configured on your system, and explaining
> what it is doing that it should not, or what it is not doing that it should.
>

For example: logwatch. Logwatch sends a daily email report about
system's health. I didn't received this email from October 9th ... and
email configuration is ok.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

On Mon, Oct 12, 2015 at 2:59 AM, Eero Volotinen  wrote:
> Because systemwide cronjobs are installed in /etc/cron.* directories, not
> in root user cron file..
>

Thanks Eero. I know this. And I have tried to put some cron job in
these directories to test ... and nothing ...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

Hi all,

 I am having strange problems with my cron jobs in my CentOS7 kvm
host. After the initial install and first boot, any cron job
configured had run (including cron tasks installed by some rpm
packages).

Last cron's entry log is:


Oct  9 17:01:01 santgraal CROND[9014]: (root) CMD (run-parts /etc/cron.hourly)
Oct  9 17:01:01 santgraal run-parts(/etc/cron.hourly)[9014]: starting 0anacron
Oct  9 17:01:01 santgraal run-parts(/etc/cron.hourly)[9023]: finished 0anacron
Oct  9 17:01:01 santgraal run-parts(/etc/cron.hourly)[9014]: starting
0yum-hourly.cron
Oct  9 17:01:01 santgraal run-parts(/etc/cron.hourly)[9029]: finished
0yum-hourly.cron

cron service is running without problems:

[root@coskvm01 log]# systemctl status crond
crond.service - Command Scheduler
   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled)
   Active: active (running) since Sun 2015-10-11 11:49:41 UTC; 28min ago
 Main PID: 5124 (crond)
   CGroup: /system.slice/crond.service
   └─5124 /usr/sbin/crond -n

Forcing to run cron tasks editing root's crontab with "crontab -e", it
doesn't works also.

Is this a bug?? Or do I need to install some package apart of:

cronie-1.4.11-13.el7.x86_64
cronie-anacron-1.4.11-13.el7.x86_64
crontabs-1.11-6.20121102git.el7.noarch ???
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Exists some problem with cronjobs under CentOS7

[C. L. Martinez]

On Sunday, October 11, 2015, Jonathan Billings <billi...@negate.org> wrote:

> On Oct 11, 2015, at 8:20 AM, C. L. Martinez <carlopm...@gmail.com
> <javascript:;>> wrote:
> > I am having strange problems with my cron jobs in my CentOS7 kvm
> > host. After the initial install and first boot, any cron job
> > configured had run (including cron tasks installed by some rpm
> > packages).
>
> Did you have a question or error to point out?  So far all I see is a
> correctly-running system.
>
> --
> Jonathan Billings <billi...@negate.org <javascript:;>>


That's the problem. There is no error but any cron job configured runs..
And this is the cuestion: why any cron job works?.


>
>
> ___
> CentOS mailing list
> CentOS@centos.org <javascript:;>
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd spends 6 min. to startup a host

[C. L. Martinez]

On Mon, Oct 5, 2015 at 1:56 PM, Marcelo Ricardo Leitner
 wrote:
> Em 03-10-2015 13:47, C.L. Martinez escreveu:
>>
>> Hi all,
>>
>>   I have a strange behavior with a CentOS7 host (fully patched). I have
>> configured nics as old style format: ifcfg- ... due to I need to use
>> openvswitch for my vms.
>>
>>   All works well, except when I reboot this server. Systemd spends 6
>> min. to startup this host!!! .. It stops with: "A start job is running
>> for LSB: Raise network ...".
>>
>>   Are not supposed that systemd startups hosts more faster??
>>
>>   ok, is it possible to fix this??
>
>
> While booting it, if you get out of the plymouth screen (press esc), you
> should be able to see a message like
> 'Waiting for ...'
> that should give you a direction already.
>

Nop, there is no errors ... Only the delay message ...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd spends 6 min. to startup a host

[C. L. Martinez]

On Tue, Oct 6, 2015 at 6:53 AM, Gordon Messmer  wrote:
> On 10/03/2015 09:47 AM, C.L. Martinez wrote:
>>
>>  All works well, except when I reboot this server. Systemd spends 6 min.
>> to startup this host!!! .. It stops with: "A start job is running for LSB:
>> Raise network ...".
>
>
> https://www.google.com/search?q=systemd+lsb+raise+network=utf-8=utf-8
>
> If your problem is similar to the first few google hits, then some part of
> your configuration is probably calling "service something restart" or
> "systemctl restart something".  The service being restarted requires
> network.target to be available, which only happens after the interfaces are
> all up, which is a deadlock condition.
>
> If you provide all of the configuration files you edited to enable
> openvswitch, we might be able to give you more specific advice. Your
> original question was quite vague.
>

Yes, my problem is very similar as described in Debian's bugtracker.
Ok, here is my openvswitches config:

DEVICE=dmzprif
DEVICETYPE=ovs
TYPE=OVSBridge
STP=off
ONBOOT=yes

DEVICE=encif
DEVICETYPE=ovs
TYPE=OVSBridge
STP=off
ONBOOT=yes

DEVICE=prodif
DEVICETYPE=ovs
TYPE=OVSBridge
STP=off
IPADDR=172.22.55.1
NETMASK=255.255.255.240
GATEWAY=172.22.55.14
ONBOOT=yes

DEVICE=vpnif
DEVICETYPE=ovs
TYPE=OVSBridge
STP=off
ONBOOT=yes

... and nics attached to some of these openvswitches:

DEVICE=eth0
OVS_BRIDGE=pubif
DEVICETYPE=ovs
TYPE=OVSPort
ONBOOT=yes

DEVICE=eth1
OVS_BRIDGE=prodif
DEVICETYPE=ovs
TYPE=OVSPort
ONBOOT=yes


...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd spends 6 min. to startup a host

[C. L. Martinez]

On Mon, Oct 5, 2015 at 3:11 PM, John R Pierce  wrote:
> On 10/5/2015 2:36 AM, C.L. Martinez wrote:
>>
>> On 10/05/2015 08:43 AM, Eero Volotinen wrote:
>>>
>>> This looks like modifications broke network configuration and it may
>>> affect
>>> startup speed.
>>>
>>> Please try standard network configuration first.
>>>
>>
>> Are you referring to use NetworkManager?? I can't. I need to use
>> openvswitches in this host ...
>
>
> just to see if thats the problem, remove openvswitches from your config, and
> if it boots fast, then you know the delay is related to that.
>
> --
> john r pierce, recycling bits in santa cruz
>


Uhmm ... but I need to startup openvswitches at boot ... I only see
one option: start openvswitches when libvirtd starts ...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd spends 6 min. to startup a host

[C. L. Martinez]

On Tue, Oct 6, 2015 at 7:45 AM, John R Pierce <pie...@hogranch.com> wrote:
> On 10/5/2015 11:53 PM, C. L. Martinez wrote:
>>
>> Uhmm ... but I need to startup openvswitches at boot ... I only see
>> one option: start openvswitches when libvirtd starts ...
>
>
> my suggestion was to help isolate the cause of this boot delay. if removing
> the openvswitch from your network configuration took out the delay, then
> you'd KNOW thats the problem, and you could work to further isolate why.
> if that didn't take out the delay, then the delay is somewhere else.
> telling me you need openvswitch isn't helping.
>

Ok, removed all openvswitches and it boots more fast, but message
about LSB tasks continues ...

Arrived to this point, I am pretty sure I have a problem using old nic
config ... If I disable all nics configs, voila!! ... Server boots ok.

Ok, all problems are reduced to nic settings.

The only option I see is to start openvswitches from libvirtd, but
what about ethX configs??
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] OT: adding a wifi adapter to openvswitch

[C. L. Martinez]

On Thu, Sep 24, 2015 at 11:28 AM, Dmitry E. Mikhailov
 wrote:
> Followup
>
> On 09/24/2015 01:59 PM, C.L. Martinez wrote:
>>
>>
>> https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC?
>
> They are doing an interesting Ethernet NAT with the following idea:
>
> Your wireless station has MAC "A" and IP "X"
> The virtual machine on the wireless station has MAC "B" and IP "Y"
>
> 1) To the outside world both your wireless station and virtual machine IPs
> would share the same MAC:
> Arp:
> IP "X": MAC "A"
> IP "Y": MAC "A" (translated from "B")
>
> 2) Every ingress packet coming to your wireless station with the VM's IP "Y"
> would have it's MAC changed back
>
> This scheme could provide you connectivity but it's hacky and it requires
> you to know the MAC and IP address combination of VM. So IMHO it's not
> really everyday mess-free usable.
>
> I'd prefer to have a real routing set up. Simple, fast and reliable.

Thanks Dimitry, but I use wlan0 or eth0 to connect my laptop to
different networks. I use a vm as fw and I would like to have all vms
and laptop behind this fw vm guest.

Another option is to assign an IP to these interfaces and natting all
to this fw vm ... but I don't like this option
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] Updating intel graphics driver on CentOS7

[C. L. Martinez]

Hi all,

 Is it possible to upgrade intel X11 org driver on CentOS7?? Maybe
with elrepo's packages:
http://elrepo.org/linux/extras/el7/x86_64/RPMS/xorg-x11-drv-intel-2.99.916-1.el7.elrepo.x86_64.rpm??

 It seems it doesn't exists driver in the upstream: https://01.org/linuxgraphics

Thanks,
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Updating intel graphics driver on CentOS7

[C. L. Martinez]

On Wed, Sep 23, 2015 at 7:39 AM, Fabian Arrotin <arr...@centos.org> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 23/09/15 08:00, C. L. Martinez wrote:
>> Hi all,
>>
>> Is it possible to upgrade intel X11 org driver on CentOS7?? Maybe
>> with elrepo's packages:
>> http://elrepo.org/linux/extras/el7/x86_64/RPMS/xorg-x11-drv-intel-2.99.916-1.el7.elrepo.x86_64.rpm??
>>
>>  It seems it doesn't exists driver in the upstream:
>> https://01.org/linuxgraphics
>>
>> Thanks,
>
> Well, that package is older as the one in the current CentOs 7 distro :
> xorg-x11-drv-intel-2.99.916-1.el7.elrepo.x86_64.rpm
> vs
> xorg-x11-drv-intel-2.99.916-5.el7.x86_64
>
> Are you searching for the 2.99.917 one ?
>

Thanks to both. Fabian, I am searching a driver that simply works :))
My laptop has a Hasweel motherboard with an Intel Graphics HD 4400:

00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT
Integrated Graphics Controller (rev 09)
00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio Controller (rev 09)
00:14.0 USB controller: Intel Corporation 8 Series USB xHCI HC (rev 04)
00:16.0 Communication controller: Intel Corporation 8 Series HECI #0 (rev 04)
00:1b.0 Audio device: Intel Corporation 8 Series HD Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 8 Series PCI Express Root Port 3 (rev e4)
00:1c.3 PCI bridge: Intel Corporation 8 Series PCI Express Root Port 4 (rev e4)
00:1d.0 USB controller: Intel Corporation 8 Series USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation 8 Series LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 8 Series SATA Controller 1
[AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 8 Series SMBus Controller (rev 04)
01:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM57786
Gigabit Ethernet PCIe (rev 01)
01:00.1 SD Host controller: Broadcom Corporation BCM57765/57785
SDXC/MMC Card Reader (rev 01)
02:00.0 Network controller: Qualcomm Atheros QCA9565 / AR9565 Wireless
Network Adapter (rev 01)

and, my screen is "blurry" with the actual driver.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Official openvswitch package for CentOS7

[C. L. Martinez]

On Fri, Sep 18, 2015 at 5:24 PM, Sandro Bonazzola <sbona...@redhat.com> wrote:
>
>
> On Fri, Sep 18, 2015 at 4:36 PM, George Dunlap <dunl...@umich.edu> wrote:
>>
>> On Fri, Sep 18, 2015 at 7:38 AM, Sandro Bonazzola <sbona...@redhat.com>
>> wrote:
>> >
>> >
>> > On Thu, Sep 17, 2015 at 6:15 PM, C. L. Martinez <carlopm...@gmail.com>
>> > wrote:
>> >>
>> >> On Thu, Sep 17, 2015 at 6:06 PM, George Dunlap <dunl...@umich.edu>
>> >> wrote:
>> >> > On Thu, Sep 17, 2015 at 3:19 PM, C. L. Martinez
>> >> > <carlopm...@gmail.com>
>> >> > wrote:
>> >> >> Hi all,
>> >> >>
>> >> >>  Exists an official openvswitch package for CentoS7?? If I am not
>> >> >> wrong, this:
>> >> >>
>> >> >>
>> >> >>
>> >> >> http://mirror.centos.org/centos/7/cloud/x86_64/openstack-kilo/openstack-neutron-openvswitch-2015.1.0-1.el7.noarch.rpm
>> >> >>
>> >> >> it can be used with openstack only.
>> >> >>
>> >> >> Do I need to recompile from source like is is explained here:
>> >> >>
>> >> >>
>> >> >> https://n40lab.wordpress.com/2015/06/28/centos-7-installing-openvswitch-2-3-2-lts/
>> >> >> or exists another rpm package for CentOS7??
>> >> >
>> >> > Since you're sending this to centos-virt, I assume you want to use
>> >> > openvswitch for virtualization?
>> >>
>> >> Correct, I will need to use for virtualization. In my case, only for
>> >> KVM. I don't use LXC or Docker.
>> >>
>> >> And in my opinion, I think it could be a great idea.
>> >
>> >
>> > Alan what do you think? Should we move openvswitch from cloud/openstack
>> > to
>> > virt/kvm-common ?
>>
>> Since Xen users may want it too, it should probably have its own repo
>> (so that both virt/kvm and virt/xen can use it).
>
>
> fine for me
>
>

Many thanks
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Official openvswitch package for CentOS7

[C. L. Martinez]

On Thu, Sep 17, 2015 at 6:06 PM, George Dunlap <dunl...@umich.edu> wrote:
> On Thu, Sep 17, 2015 at 3:19 PM, C. L. Martinez <carlopm...@gmail.com> wrote:
>> Hi all,
>>
>>  Exists an official openvswitch package for CentoS7?? If I am not wrong, 
>> this:
>>
>> http://mirror.centos.org/centos/7/cloud/x86_64/openstack-kilo/openstack-neutron-openvswitch-2015.1.0-1.el7.noarch.rpm
>>
>> it can be used with openstack only.
>>
>> Do I need to recompile from source like is is explained here:
>> https://n40lab.wordpress.com/2015/06/28/centos-7-installing-openvswitch-2-3-2-lts/
>> or exists another rpm package for CentOS7??
>
> Since you're sending this to centos-virt, I assume you want to use
> openvswitch for virtualization?

Correct, I will need to use for virtualization. In my case, only for
KVM. I don't use LXC or Docker.

And in my opinion, I think it could be a great idea.

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Official openvswitch package for CentOS7

[C. L. Martinez]

Hi all,

 Exists an official openvswitch package for CentoS7?? If I am not wrong, this:

http://mirror.centos.org/centos/7/cloud/x86_64/openstack-kilo/openstack-neutron-openvswitch-2015.1.0-1.el7.noarch.rpm

it can be used with openstack only.

Do I need to recompile from source like is is explained here:
https://n40lab.wordpress.com/2015/06/28/centos-7-installing-openvswitch-2-3-2-lts/
or exists another rpm package for CentOS7??

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Adding customized options to qemu command line

[C. L. Martinez]

Hi all,

 How can I add some options to qemu command line when a kvm guest starts up
from libvirtd??
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Adding customized options to qemu command line

[C. L. Martinez]

On Tue, Aug 18, 2015 at 12:03 PM, Gena Makhomed g...@csdoc.com wrote:
 On 18.08.2015 14:44, C. L. Martinez wrote:

 How can I add some options to qemu command line when a kvm guest
 starts up from libvirtd??


 # virsh edit vm-name

 1. change first line from domain type='kvm' to
 domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'

 2. add

   qemu:commandline
 qemu:arg value='-acpitable'/
 qemu:arg value='file=/path/to/SLIC.BIN'/
   /qemu:commandline

 before /domain tag

 3. if you need qemu options for adding SLIC table - also you need
 patch QEMU to add workaround for windows SLIC processing bug:
 https://bugzilla.redhat.com/show_bug.cgi?id=1248758

 --

Many thanks Gena. Works ok.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] Where does virt-manager store config in CentOS 7.1?

[C. L. Martinez]

Hi all,

 Anyone knows where virt-manager stores user config files in CentOS
7.1?? I am not seeing anything in user's home directory 

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Where does virt-manager store config in CentOS 7.1?

[C. L. Martinez]

On Tue, Apr 14, 2015 at 9:39 AM, Sven Kieske s.kie...@mittwald.de wrote:


 On 14/04/15 11:16, C. L. Martinez wrote:
 Hi all,

  Anyone knows where virt-manager stores user config files in CentOS
 7.1?? I am not seeing anything in user's home directory 

 Hi,

 well on my standard machine virt-manager just starts with root
 privileges, so the config is where I expect it to be:
 /etc/libvirt/qemu/$NAME.xml

 HTH

 --
 Mit freundlichen Grüßen / Regards

 Sven Kieske


Thanks Sven, but I am not referring to guests xml config files. I need
to know where user's config resides. Example: connections to KVM
hosts, preferences, etc...
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Questions about panel toolbars in CentOS7

[C. L. Martinez]

Uhmm ... Some example?? I am searching inside extensions.gnome.org but
I didn't find any extension to remove or make small bottom panel ...

On Sat, Mar 7, 2015 at 10:55 AM, Nux! n...@li.nux.ro wrote:
 If you go to extensions.gnome.org there are various extensions that let you 
 do that.
 You'll need this package to be able to install them from your browsers:
 gnome-shell-browser-plugin

 --
 Sent from the Delta quadrant using Borg technology!

 Nux!
 www.nux.ro

 - Original Message -
 From: C. L. Martinez carlopm...@gmail.com
 To: CentOS mailing list centos@centos.org
 Sent: Saturday, 7 March, 2015 10:52:29
 Subject: [CentOS] Questions about panel toolbars in CentOS7

 Hi all,

 I have installed a CentOS7 vm with gnome3 desktop. All it is working
 ok but I have two questions about configuring gnome3 environment
 (classic mode):

 a) How can I add applications launchers in the top panel toolbar?
 b) How can I modify bottom toolbar to make it smaller??

 Thanks
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Questions about panel toolbars in CentOS7

[C. L. Martinez]

Hi all,

 I have installed a CentOS7 vm with gnome3 desktop. All it is working
ok but I have two questions about configuring gnome3 environment
(classic mode):

a) How can I add applications launchers in the top panel toolbar?
b) How can I modify bottom toolbar to make it smaller??

Thanks
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Disable/stop nic in a virtual guest with virsh

[C. L. Martinez]

Hi all,

How can I stop/disable a nic in a virtual guest using a virsh
command?? I am searching the same effect like if I unplug network
cable ... Is it possible?? I have tried with detach-interface
command without luck. I don't want to remove the nic from guest
configuration, only to stop the nic ...

Thanks.

P.D: Host is CentOS 6.6 x86_64 fully patched.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] About CentOS Storage SIG and RedHat Storage Server 3.0

[C. L. Martinez]

Hi all,

 Does someone from CentOS Storage SIG can say something about this
subject? Is it planned to accomplish some RHSS 3 rebuild for CentOS
6.5??

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Kernel errors after updating

[C. L. Martinez]

Hi all,

 I have updated my Centos 6.5 KVM host to kernel 2.6.32-431.23.3 this
morning ... After 2 hours working, the following kernel error appears
and all vm guests goes slowly 

device monif4 entered promiscuous mode
monif: port 5(monif4) entering forwarding state
INFO: task cgroup:83 blocked for more than 120 seconds.
  Not tainted 2.6.32-431.23.3.el6.x86_64 #1
echo 0  /proc/sys/kernel/hung_task_timeout_secs disables this message.
cgroupD 0009 083  2 0x
 880411cb9d60 0046  
    880411cb2aa0
 880411cb3058 880411cb9fd8 fbc8 880411cb3058
Call Trace:
 [8152a36e] __mutex_lock_slowpath+0x13e/0x180
 [810d24d0] ? do_rebuild_sched_domains+0x0/0x50
 [8152a20b] mutex_lock+0x2b/0x50
 [810c97b5] cgroup_lock+0x15/0x20
 [810d24e8] do_rebuild_sched_domains+0x18/0x50
 [81094a20] worker_thread+0x170/0x2a0
 [8109afa0] ? autoremove_wake_function+0x0/0x40
 [810948b0] ? worker_thread+0x0/0x2a0
 [8109abf6] kthread+0x96/0xa0
 [8100c20a] child_rip+0xa/0x20
 [8109ab60] ? kthread+0x0/0xa0
 [8100c200] ? child_rip+0x0/0x20
INFO: task cgroup:83 blocked for more than 120 seconds.
  Not tainted 2.6.32-431.23.3.el6.x86_64 #1
echo 0  /proc/sys/kernel/hung_task_timeout_secs disables this message.
cgroupD 0009 083  2 0x
 880411cb9d60 0046  
    880411cb2aa0
 880411cb3058 880411cb9fd8 fbc8 880411cb3058
Call Trace:
 [8152a36e] __mutex_lock_slowpath+0x13e/0x180
 [810d24d0] ? do_rebuild_sched_domains+0x0/0x50
 [8152a20b] mutex_lock+0x2b/0x50
 [810c97b5] cgroup_lock+0x15/0x20
 [810d24e8] do_rebuild_sched_domains+0x18/0x50
 [81094a20] worker_thread+0x170/0x2a0
 [8109afa0] ? autoremove_wake_function+0x0/0x40
 [810948b0] ? worker_thread+0x0/0x2a0
 [8109abf6] kthread+0x96/0xa0
 [8100c20a] child_rip+0xa/0x20
 [8109ab60] ? kthread+0x0/0xa0
 [8100c200] ? child_rip+0x0/0x20
INFO: task cgroup:83 blocked for more than 120 seconds.
  Not tainted 2.6.32-431.23.3.el6.x86_64 #1
echo 0  /proc/sys/kernel/hung_task_timeout_secs disables this message.
cgroupD 0009 083  2 0x
 880411cb9d60 0046  
    880411cb2aa0
 880411cb3058 880411cb9fd8 fbc8 880411cb3058
Call Trace:
 [8152a36e] __mutex_lock_slowpath+0x13e/0x180
 [810d24d0] ? do_rebuild_sched_domains+0x0/0x50
 [8152a20b] mutex_lock+0x2b/0x50
 [810c97b5] cgroup_lock+0x15/0x20
 [810d24e8] do_rebuild_sched_domains+0x18/0x50
 [81094a20] worker_thread+0x170/0x2a0
 [8109afa0] ? autoremove_wake_function+0x0/0x40
 [810948b0] ? worker_thread+0x0/0x2a0
 [8109abf6] kthread+0x96/0xa0
 [8100c20a] child_rip+0xa/0x20
 [8109ab60] ? kthread+0x0/0xa0
 [8100c200] ? child_rip+0x0/0x20
INFO: task cgroup:83 blocked for more than 120 seconds.
  Not tainted 2.6.32-431.23.3.el6.x86_64 #1
echo 0  /proc/sys/kernel/hung_task_timeout_secs disables this message.
cgroupD 0009 083  2 0x
 880411cb9d60 0046  
    880411cb2aa0
 880411cb3058 880411cb9fd8 fbc8 880411cb3058
Call Trace:
 [8152a36e] __mutex_lock_slowpath+0x13e/0x180
 [810d24d0] ? do_rebuild_sched_domains+0x0/0x50
 [8152a20b] mutex_lock+0x2b/0x50
 [810c97b5] cgroup_lock+0x15/0x20
 [810d24e8] do_rebuild_sched_domains+0x18/0x50
 [81094a20] worker_thread+0x170/0x2a0
 [8109afa0] ? autoremove_wake_function+0x0/0x40
 [810948b0] ? worker_thread+0x0/0x2a0
 [8109abf6] kthread+0x96/0xa0
 [8100c20a] child_rip+0xa/0x20
 [8109ab60] ? kthread+0x0/0xa0
 [8100c200] ? child_rip+0x0/0x20
INFO: task cgroup:83 blocked for more than 120 seconds.
  Not tainted 2.6.32-431.23.3.el6.x86_64 #1
echo 0  /proc/sys/kernel/hung_task_timeout_secs disables this message.
cgroupD 0009 083  2 0x
 880411cb9d60 0046  
    880411cb2aa0
 880411cb3058 880411cb9fd8 fbc8 880411cb3058
Call Trace:
 [8152a36e] __mutex_lock_slowpath+0x13e/0x180
 [810d24d0] ? do_rebuild_sched_domains+0x0/0x50
 [8152a20b] mutex_lock+0x2b/0x50
 [810c97b5] cgroup_lock+0x15/0x20
 [810d24e8] 

Re: [CentOS] Runing multiple daemons with systemctl

[C. L. Martinez]

On Mon, Sep 1, 2014 at 4:52 PM, James Hogarth james.hoga...@gmail.com wrote:
 On 1 Sep 2014 11:10, C. L. Martinez carlopm...@gmail.com wrote:

 For example:

 a) start daemon1
 b) if daemon1 returns no startup errors, launch daemon2
 c) if daemon1 returns any startup error, doesn't start daemon2 and exit.

 Is it possible to do this with systemctl??

 In this specific example I'd probably do it as two service units with
 daemon2 wanted by multi-user.target and requiring the daemon1 service...

 That was daemon2 will want to be started by default and dependencies mean
 that will start daemon1 in the process of doing so... But since 2 requires
 1 if 1 fails to start for some reason then 2 won't be stated.

Thanks james. That was my first idea ... But some of these daemons can
conflict with some system packages. For example I need to startup two
rsyslog daemons, and this can be a problem ... or not??
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Runing multiple daemons with systemctl

[C. L. Martinez]

Hi all,

 I am doing some tests with a CentOS7 vm image before to enter in our
production environment. I need to migrate some sysvinit scripts to
systemctl.

 In all of them I need to launch some daemons in the same init script.
For example:

a) start daemon1
b) if daemon1 returns no startup errors, launch daemon2
c) if daemon1 returns any startup error, doesn't start daemon2 and exit.

Is it possible to do this with systemctl??

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Logrotate errors

[C. L. Martinez]

Yep, Marios and Steven are right ... I have changed dateformat for one
log file and I have done another test changing time rotations ... And
all works ok.

Many thanks for your help.

On Fri, Apr 11, 2014 at 12:09 AM, Steven Tardy sjt5a...@gmail.com wrote:
 http://svn.fedorahosted.org/svn/logrotate/tags/r3-8-5/logrotate.8
 shows hourly as a .conf option was added to 3.8.5...

 current centos 6 version is logrotate-3.7.8-17.el6.x86_64

 centos6$ man logrotate:
dateformat format_string
   Specify  the extension for dateext using the notation similar
 to
   strftime(3) function. Only  %Y  %m  %d  and  %s  specifiers
 are
   allowed.

 in your .conf try:
 dateformat -%s



 On Wed, Apr 9, 2014 at 2:45 AM, C. L. Martinez carlopm...@gmail.com wrote:

 Hi all,

  I have a problem with logrotate and I don't know why. In
 /var/log/messages appears these errors:

 Apr  8 15:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 16:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 17:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 18:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 19:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 20:01:02 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 21:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 22:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
 Apr  8 23:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]

 It seems the problem if with this logrotate.conf (executed every hour):

 create
 dateext

 /srv/www2/logs/viewer.log {
size 512k
create 0640 www www
missingok
rotate 7
compress
delaycompress
copytruncate
notifempty
 }

 Doing a debug:

 [root@www02 ~]# logrotate /data/config/etc/logrotate.conf -dv
 reading config file /data/config/etc/logrotate.conf
 reading config info for /nsm/moloch/logs/viewer.log

 Handling 1 logs

 rotating pattern: /srv/www2/logs/viewer.log  524288 bytes (7 rotations)
 empty log files are not rotated, old logs are removed
 considering log /srv/www2/logs/viewer.log
   log needs rotating
 rotating log /srv/www2/logs/viewer.log, log-rotateCount is 7
 dateext suffix '-20140409'
 glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
 glob finding logs to compress failed
 destination /srv/www2/logs/viewer.log-20140409 already exists, skipping
 rotation

  According to this kb from redhat's website:

 https://access.redhat.com/site/solutions/39006

  problem could be selinux. But SElinux is disabled:

 [root@www02 ~]# sestatus
 SELinux status: disabled
 [root@www02 ~]#

  Any idea?? Could be a bug??

  Host is a CentOS 6.5 x86_64 fully patched.

 Thanks.
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos

 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Logrotate errors

[C. L. Martinez]

Hi all,

 I have a problem with logrotate and I don't know why. In
/var/log/messages appears these errors:

Apr  8 15:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
Apr  8 16:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
Apr  8 17:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
Apr  8 18:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
Apr  8 19:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
Apr  8 20:01:02 plzfnsm02 logrotate: ALERT exited abnormally with [1]
Apr  8 21:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
Apr  8 22:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]
Apr  8 23:01:01 plzfnsm02 logrotate: ALERT exited abnormally with [1]

It seems the problem if with this logrotate.conf (executed every hour):

create
dateext

/srv/www2/logs/viewer.log {
   size 512k
   create 0640 www www
   missingok
   rotate 7
   compress
   delaycompress
   copytruncate
   notifempty
}

Doing a debug:

[root@www02 ~]# logrotate /data/config/etc/logrotate.conf -dv
reading config file /data/config/etc/logrotate.conf
reading config info for /nsm/moloch/logs/viewer.log

Handling 1 logs

rotating pattern: /srv/www2/logs/viewer.log  524288 bytes (7 rotations)
empty log files are not rotated, old logs are removed
considering log /srv/www2/logs/viewer.log
  log needs rotating
rotating log /srv/www2/logs/viewer.log, log-rotateCount is 7
dateext suffix '-20140409'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding logs to compress failed
destination /srv/www2/logs/viewer.log-20140409 already exists, skipping rotation

 According to this kb from redhat's website:

https://access.redhat.com/site/solutions/39006

 problem could be selinux. But SElinux is disabled:

[root@www02 ~]# sestatus
SELinux status: disabled
[root@www02 ~]#

 Any idea?? Could be a bug??

 Host is a CentOS 6.5 x86_64 fully patched.

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Setup a devel environment for perl modules

[C. L. Martinez]

Hi all,

 This is an interesting thread:

 http://lists.centos.org/pipermail/centos/2014-April/141871.html

 about the problems you can find building perl modules for CentOS
releases (new or old).

 I agree with John R. Pierce: cpan is very very bad tool ( in fact, I
hate it) to build perl modules for CentOS systems, breaks all other
perl modules. I need to use several perl modules in several servers in
my dept. and after some tests, I migrate to FreeBSD due to easy
install perl modules with poudriere suite.

 But, anyone knows if it is possible to build a confident devel
environment under  CentOS with some tool to build rpm's perl modules
without breaking anything in CentOS systems??

 Maybe, it is a good idea to create a CentOS Perl SIG :))

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Setup a devel environment for perl modules

[C. L. Martinez]

On Tue, Apr 1, 2014 at 8:44 PM, Les Mikesell lesmikes...@gmail.com wrote:
 On Tue, Apr 1, 2014 at 1:50 AM, C. L. Martinez carlopm...@gmail.com wrote:

  http://lists.centos.org/pipermail/centos/2014-April/141871.html

  about the problems you can find building perl modules for CentOS
 releases (new or old).

  I agree with John R. Pierce: cpan is very very bad tool ( in fact, I
 hate it) to build perl modules for CentOS systems, breaks all other
 perl modules. I need to use several perl modules in several servers in
 my dept. and after some tests, I migrate to FreeBSD due to easy
 install perl modules with poudriere suite.

  But, anyone knows if it is possible to build a confident devel
 environment under  CentOS with some tool to build rpm's perl modules
 without breaking anything in CentOS systems??

  Maybe, it is a good idea to create a CentOS Perl SIG :))

 Pretty much everyone needs EPEL for something - so it is not enough to
 not break anything in CentOS base, but you also need to not
 break/conflict with/replace anything in EPEL.So really, the best
 approach would just be to add any missing modules to EPEL.


Thanks Les, but EPEL here it is not an option. I need a lot of perl
modules that it doesn't exists in EPEL repos. Yes, I can use some (a
few) of perl modules published in EPEL, but they are outdated ... And
it is another problem ..
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: Howto to capture taskset output command

[C. L. Martinez]

Hi all,

 I am trying to set processor affinity for a specific process using a
shell script without result. Script:

#!/bin/sh -x

cpu_affinity_ok=2
cpu_affinity=taskset -p -c `cat /tmp/test.pid` | awk '{print $6}'

if [ -f /tmp/test.pid ]; then
if [ $cpu_affinity == $cpu_affinity_ok ]; then
   exit 0
 else
taskset -p -c 2 `cat /tmp/test.pid`
 fi
fi

This script doesn't works:

[root@cos01 bin]# taskset -p -c 27756
pid 27756's current affinity list: 2

Excecuting script:

[root@cos01 bin]# ./my_cpu_affinitty
+ cpu_affinity_ok=2
++ cat /tmp/test.pid
+ cpu_affinity='taskset -p -c 27756 | awk '\''{print }'\'''
+ '[' -f /tmp/test.pid ']'
+ '[' 'taskset -p -c 27756 | awk '\''{print }'\''' == 2 ']'
++ cat /tmp/test.pid
+ taskset -p -c 2 27756
pid 27756's current affinity list: 2
pid 27756's new affinity list: 2

 As you can see, function compare under if statement doesn't works ...

Any idea??

Thanks.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Howto to capture taskset output command

[C. L. Martinez]

On Wed, Feb 26, 2014 at 12:40 PM, Steven Tardy sjt5a...@gmail.com wrote:
 On Wed, Feb 26, 2014 at 6:57 AM, C. L. Martinez carlopm...@gmail.comwrote:

 if [ $cpu_affinity == $cpu_affinity_ok ]; then


 are you comparing strings or integers?
 # man test
STRING1 = STRING2
   the strings are equal
INTEGER1 -eq INTEGER2
   INTEGER1 is equal to INTEGER2

Thanks Steven, but it doesn't works also ..

Using if [ $cpu_affinity -eq $cpu_affinity_ok ]; then
./cpu_affinitty: line 7: [: taskset -p -c 27756 | awk '{ print  }':
integer expression expected
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Howto to capture taskset output command

[C. L. Martinez]

On Wed, Feb 26, 2014 at 1:40 PM, sjt5atra sjt5a...@gmail.com wrote:




 On Feb 26, 2014, at 8:28 AM, C. L. Martinez carlopm...@gmail.com wrote:

 On Wed, Feb 26, 2014 at 12:40 PM, Steven Tardy sjt5a...@gmail.com wrote:
 On Wed, Feb 26, 2014 at 6:57 AM, C. L. Martinez carlopm...@gmail.comwrote:

if [ $cpu_affinity == $cpu_affinity_ok ]; then

 are you comparing strings or integers?
 # man test
   STRING1 = STRING2
  the strings are equal
   INTEGER1 -eq INTEGER2
  INTEGER1 is equal to INTEGER2

 Thanks Steven, but it doesn't works also ..

 Using if [ $cpu_affinity -eq $cpu_affinity_ok ]; then
 ./cpu_affinitty: line 7: [: taskset -p -c 27756 | awk '{ print  }':
 integer expression expected

 Yes, since you are double quoting you are using strings. Try using a single = 
 sign instead of your original double equal sign.


Ok, problem solved. With this compare function:

if [[ $bro_cpu_affinity == *$cpu_affinity_ok* ]]; then

works ok ...

sjt5atra, using a single =, it doesn't works ...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: Howto to capture taskset output command

[C. L. Martinez]

On Wed, Feb 26, 2014 at 1:54 PM, Tris Hoar trish...@bgfl.org wrote:
 On 26/02/2014 13:45, C. L. Martinez wrote:
 On Wed, Feb 26, 2014 at 1:40 PM, sjt5atra sjt5a...@gmail.com wrote:




 On Feb 26, 2014, at 8:28 AM, C. L. Martinez carlopm...@gmail.com wrote:

 On Wed, Feb 26, 2014 at 12:40 PM, Steven Tardy sjt5a...@gmail.com wrote:
 On Wed, Feb 26, 2014 at 6:57 AM, C. L. Martinez 
 carlopm...@gmail.comwrote:

 if [ $cpu_affinity == $cpu_affinity_ok ]; then

 are you comparing strings or integers?
 # man test
STRING1 = STRING2
   the strings are equal
INTEGER1 -eq INTEGER2
   INTEGER1 is equal to INTEGER2

 Thanks Steven, but it doesn't works also ..

 Using if [ $cpu_affinity -eq $cpu_affinity_ok ]; then
 ./cpu_affinitty: line 7: [: taskset -p -c 27756 | awk '{ print  }':
 integer expression expected

 Yes, since you are double quoting you are using strings. Try using a single 
 = sign instead of your original double equal sign.


 Ok, problem solved. With this compare function:

 if [[ $bro_cpu_affinity == *$cpu_affinity_ok* ]]; then

 works ok ...

 sjt5atra, using a single =, it doesn't works ...

 The issues are to do with your variable expansion

 [root@srvman ~]# cpu_affinity=taskset -p -c `cat /var/run/crond.pid` |
 awk '{print $6}'
 [root@srvman ~]# echo $cpu_affinity
 taskset -p -c 2532 | awk '{print }'

 I think your script is still broken, as you are now just looking for any
 number matching $cpu_affinity_ok in $cpu_affinity. You should be able to
 do an integer comparison for your if statement.

 Tris


Uhmm .. You are right Tris ... The correct option is what John Doe says ..

Many thanks to all.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Problem with lvm disks assigned to kvm guests

[C. L. Martinez]

Hi all,

 I have a strange problem when I use lvm disks to expose to virtual
guests (host is CentOS 6.5 x86_64). If I remove a kvm guest and all
lvm disks attached to it, and I create a new kvm with another lvm
disks that use the same disk space previously assigned to the previous
kvm guest, this new guest sees all partitions and data. Creating new
lvm volumes with different names to this new kvm doesn't resolves the
problem.

Any idea why??

Thanks.
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Problem with lvm disks assigned to kvm guests

[C. L. Martinez]

On Thu, Feb 6, 2014 at 11:36 AM, Andrej Kacian and...@kacian.sk wrote:
 On Thu, 6 Feb 2014 11:20:37 +
 C. L. Martinez carlopm...@gmail.com wrote:

 Ok, thanks ... This procedure can works when I reuse a full disk, but
 what about if I want to reuse only a logical volume??

 Only way is to overwrite the lvol while it still exists, before deleting
 it.

 Regards,
 --
 Andrej

Doing another dd over this logical volume??
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Avoid sharing interrupts under kvm guest

[C. L. Martinez]

On Thu, Oct 10, 2013 at 8:31 AM, Ilya Ponetayev inste...@gmail.com wrote:
 AFAIK irqbalance can only dynamically set CPU affinity for irq handlers, but
 is unable to reassign irq numbers.

 Is ACPI/APIC enabled in your qemu options? Usually virtio devices in
 /proc/interrupts can be seen as two handlers per device - config request
 queue and data transmission requests queue.


Yes I have enabled ACPI/APIC ... I have tried with another FreeBSD
guest, and same problem ... Is it possible to assign different
interrupts for pci also??
___
CentOS-virt mailing list
CentOS-virt@centos.org
http://lists.centos.org/mailman/listinfo/centos-virt