Re: [CentOS] [Infra] - Planned outage : lists.centos.org (migration to mailman3) : please read
Once upon a time, Fabian Arrotin said: > Migration is scheduled for """"Tuesday April 8th, 7:00 am UTC time"""". > You can convert to local time with $(date -d '2024-04-08 07:00 UTC') April 8, 2024, is Monday, not Tuesday. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Missing python-reportlab-2.5-11.el7_9 RHSA-2023:5616
On 1/18/24 11:11, Chris Schanzle via CentOS wrote: I am having troubles finding the -11 update to python-reportlab. I just got dinged for: Remote package installed : python-reportlab-2.5-10.el7 Should be : python-reportlab-2.5-11.el7_9 I don't see it in the list of updates, my local mirror, or at: http://mirror.centos.org/centos/7/updates/x86_64/Packages/ Thanks, Chris [Adding centos-devel] Still getting dinged for this issue from errata issued by RHSA-2023:5616 <https://access.redhat.com/errata/RHSA-2023:5616> but no package is available for CentOS. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Missing python-reportlab-2.5-11.el7_9
I am having troubles finding the -11 update to python-reportlab. I just got dinged for: Remote package installed : python-reportlab-2.5-10.el7 Should be : python-reportlab-2.5-11.el7_9 I don't see it in the list of updates, my local mirror, or at: http://mirror.centos.org/centos/7/updates/x86_64/Packages/ Thanks, Chris ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Current RHEL fragmentation landscape
Once upon a time, Gordon Messmer said: > If Red Hat were doing development in RHEL minor releases that wasn't > published elsewhere, I would probably have a different view of > thing, but they aren't. There's nothing there that isn't published > elsewhere. This will not be the case for the second half of a RHEL major release life cycle, because the corresponding Stream will be EOL and no longer updated. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mirror problems with elfutils-debuginfod-client
Once upon a time, Chris Adams said: > The package elfutils-debuginfod-client is needed for even a minimal > install, but it is not available on most mirrors. I suspect some are > excluding mirroring debuginfo packages with just a *debuginfo* pattern > to rsync, where they should do something like *-debuginfo-*.rpm (which > should be good for now as I don't see any package with just "debuginfo" > in the name, even in Fedora). Sorry, made a mistake in my checking, here's an updated list. It also appears that they are just excluding "*debug*", because they don't have packages like kernel-debug. Also, some servers returned in the metalink file have both HTTP and HTTPS, but HTTP just redirects to HTTPS. The HTTP should just be removed as it serves no purpose. Servers missing elfutils-debuginfod-client: forksystems.mm.fcix.net ftp-chi.osuosl.org ftp-nyc.osuosl.org ftp-osl.osuosl.org mirror.fcix.net mirror.xenyth.net nocix.mm.fcix.net ohioix.mm.fcix.net volico.mm.fcix.net -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Mirror problems with elfutils-debuginfod-client
The package elfutils-debuginfod-client is needed for even a minimal install, but it is not available on most mirrors. I suspect some are excluding mirroring debuginfo packages with just a *debuginfo* pattern to rsync, where they should do something like *-debuginfo-*.rpm (which should be good for now as I don't see any package with just "debuginfo" in the name, even in Fedora). The following mirrors are affected: centos-stream-distro.1gservers.com dfw.mirror.rackspace.com forksystems.mm.fcix.net ftp-chi.osuosl.org ftp-nyc.osuosl.org ftp-osl.osuosl.org ftpmirror.your.org iad.mirror.rackspace.com mirror.datto.com mirror.facebook.net mirror.fcix.net mirror.rackspace.com mirror.servaxnet.com mirror.siena.edu mirror.team-cymru.com mirror.xenyth.net mirror2.sandyriver.net mirrors.ocf.berkeley.edu nocix.mm.fcix.net ohioix.mm.fcix.net ord.mirror.rackspace.com repos.eggycrew.com volico.mm.fcix.net -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache mpm itk
Once upon a time, Gionatan Danti said: > Il 2022-09-23 19:06 Gionatan Danti ha scritto: > >Hi all, > >the EPEL repository for CentOS7 contains httpd-itk, an apache module > >for running different vhosts under specific user/group ID. > > > >For RHEL8 I can find it only in 3rd party repos, while I misses it > >entirely for RHEL9. > > > >Is the module deprecated? Can it be re-included into EPEL? > >Regards. > > Hi all, > anyone with some ideas? Any explanations on why httpd-itk is absent > from both EPEL-8 an EPEL-9? The package was orphaned in Fedora, so there's no maintainer to create and manage builds. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash test ?
Once upon a time, lejeczek said:
> There is a several ways to run tests in shell, but 'test' which is
> own binary as I understand, defeats me..
> in those three examples - regardless of how one can "bend" quoting &
> expanding - the same identical variable syntax is used and yet
> different tests render the same result.
It's because shell variable expansion happens before the command is run.
When you do:
unset _Val; test -z ${_Val}
The shell expands ${_Val} to nothing, then does whitespace removal, and
runs test with a single argument, "-z". When instead you do:
unset _Val; test -z "${_Val}"
The shell sees the quoted string and keeps it as an empty argument, so
test gets run with two arguments: "-z", and "" (null aka a zero-length
string).
It appears that test treats -z/-n (and other tests) with no following
argument as always successful, rather than an error. Checking the
POSIX/Single Unix Specification standard, this is compliant; it says
that any time test is run with one argument, the exit is true (0) if the
argument is not null, false otherwise (e.g. test "" is false, while
test -blob is true).
Note that bash has test and [ as shell builtins, but the external
command /usr/bin/test and /usr/bin/[ have the same behavior.
The [[ ]] method is a bash extension, and treats a test operator without
a corresponding operand (e.g. [[ -z ]]) as an error condition instead of
returning true.
--
Chris Adams
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] wget http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/images/pxeboot/vmlinuz --max-redirect=0 --no-hsts
Once upon a time, Jelle de Jong said: > Thank you in advance for making the mirror.stream.centos.org work > with HTTP again and letting users choose between HTTP and HTTPS. If you really must load directly from remote sites, you can set up your own local proxy (nginx should be able to do this for example). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mount removed raid disk back on same machine as original raid
Once upon a time, Bowie Bailey said: > What is going to happen when I try to mount a drive that the system > thinks is part of an existing array? I don't _think_ anything special will happen - md RAID doesn't go actively looking for drives like that AFAIK. And RAID 1 means you should be able to ignore RAID and just access the contents directly. However, the contents could still be a problem. If LVM was in use on it, that will be a problem, because LVM does auto-probe and will react when it sees the same UUID (IIRC LVM will only block access to the newly seen drive). I don't think any filesystems care (I know I've mounted snapshots of ext4 and IIRC xfs on the same system, haven't touched btrfs). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7, removing zoom problem
On 2/5/23 5:19 PM, Simon Matter wrote:
Hi
Guys, I'm trying to update my zoom client and yum (or yumex) won't let me
do an update, so I try to remove the installed one, on the theory that if
it isn't there I should be able to install a newer one, by doing "sudo yum
remove zoom_x86_64" (where my PWD is the directory where the zoom RPM
files
live) and it tells me "no packages marked for removal.
This should tell you the real name of the package
rpm -qa zoom\*
Then rpm -e zoom... should remove it.
That said, I've never used zoom so I don't really know if they do
something special.
Regards,
Simon
Looking at
https://support.zoom.us/hc/en-us/articles/204206269-Installing-or-updating-Zoom-on-Linux#h_c3eadf5f-1311-4d38-972e-dd8868353ccb
You should use: sudo yum remove zoom
Commercial companies are notorious for renaming their RPM's to different filenames than
what the package variables set. The filename has no bearing on the package name when
installed. In this case, the download is called "zoom_x86_64.rpm" but it's
real rpm filename with the typical name-version-release.arch may be queried from the
download file itself:
rpm -q --qf='%{name}-%{version}-%{release}.%{arch}\n' -p ./zoom_x86_64.rpm
zoom-5.13.5.431-1.x86_64
As you can see, the real package name is "zoom".
"sudo rpm -ev zoom" would also be a fine option.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a RAID1 box
Once upon a time, Simon Matter said: > Are you sure that's still true? I've done it that way in the past but it > seems at least with EL8 you can put /boot/efi on md raid1 with metadata > format 1.0. That way the EFI firmware will see it as two independent FAT > filesystems. Only thing you have to be sure is that nothing ever writes to > these filesystems when Linux is not running, otherwise your /boot/efi md > raid will become corrupt. > > Can someone who has this running confirm that it works? Yes, that's even how RHEL/Fedora set it up currently I believe. But like you say, it only works as long as there's no other OS on the system and the UEFI firmware itself is never used to change anything on the FS. It's not entirely clear that most UEFI firmwares would handle a drive failure correctly either (since it's outside the scope of UEFI), so IIRC there's been some consideration in Fedora of dropping this support. And... I'm not sure if GRUB2 handles RAID 1 /boot fully correctly, for things where it writes to the FS (grubenv updates for "savedefault" for example). But, there's other issues with GRUB2's FS handling anyway, so this case is probably far down the list. I think that having RAID 1 for /boot and/or /boot/efi can be helpful (and I've set it up, definitely not saying "don't do that"), but has to be handled with care and possibly (probably?) would need manual intervention to get booting again after a drive failure or replacement. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7: Missing Thunderbird Updates
Hi, Looks like CentOS 7 hasn't shipped Thunderbird updates for a while. The latest I see in repos is: Sep 1 15:22 thunderbird-91.13.0-1.el7.centos.x86_64.rpm Perusing through the RHEL announcements, that was from the RHSA-2022:6169-01 on 2022-08-24. Seems none of the 102.x versions have shipped: 2022-09-26 RHSA-2022:6710-01 thunderbird-102.3.0-3.el7_9.x86_64.rpm 2022-10-18 RHSA-2022:6998-01 thunderbird-102.3.0-4.el7_9.x86_64.rpm 2022-10-25 RHSA-2022:7184-01 thunderbird-102.4.0-1.el7_9.x86_64.rpm And for completeness, just announced today: 2022-11-21 RHSA-2022:8555-01 thunderbird-102.5.0-2.el7_9.x86_64.rpm Thanks in advance for efforts to find and clear the blockage! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 9 Stream mirrorlist url's
Once upon a time, Jos Vos said: > I'm trying to port a CentOS 8 Stream kickstart file to CentOS 9 Stream, > but I cannot find what repo mirrorlist url's I now have to use. The metalinks are preferred now (not sure if there are mirrorlist entries for 9-Stream). I have: url --metalink=https://mirrors.centos.org/metalink?repo=centos-baseos-9-stream=x86_64 repo --name=appstream --metalink=https://mirrors.centos.org/metalink?repo=centos-appstream-9-stream=x86_64 repo --name=crb --metalink=https://mirrors.centos.org/metalink?repo=centos-crb-9-stream=x86_64 -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trouble with kernel-3.10.0-1160.80.1.el7.x86_64
On 11/15/22 7:50 PM, Petko Alov wrote: On 2022-11-08 15:49, Orion Poplawski wrote: On 11/8/22 13:12, Simon Matter wrote: Is anyone else experiencing trouble with kernel-3.10.0-1160.80.1.el7.x86_64? I'm seeing a kernel panics in the kvm module on one of our VM hosts with it. I did notice a new libvirt update as well, but it seems to work fine with the older kernel (.76.1). Where did you get the .80.1 kernel from? I'm a bit confused because I can only see .76.1 on my systems. Simon I'm actually running Scientific Linux, which seems to be a little ahead here. Probably not related, but vmlinuz-4.18.0-372.32.1.el8_6.x86_64 (AlmaLinux 8.6) had a kernel panic on a Intel Xeon E5504 processor, but works fine on Xeon E56XX processors (5620 specifically in our tests). * Believe from kernel version, the original email is for Centos 7, possible the same change that went into the EL8 kernel went also to EL7 Triggered right after I used virsh start to start the vm. (Caused Black Screen, and reboot. Found this in the crashed kernel logs on /var/crash) Works fine on vmlinuz-4.18.0-372.26.1.el8_6.x86_64 and vmlinuz-4.18.0-372.16.1.el8_6.x86_64 In fact, related - on our systems attempt to start qemu-kvm VM under kernel-3.10.0-1160.80.1.el7.x86_64 freezes any of 5 workstations with dual E5507 (all worked OK under kernel-3.10.0-1160.76.1.el7.x86_64 and any previous version). The workstations with E5-2609, E5-2650 or E5-2630 are not affected - all of them run qemu-kvm VM under kernel-3.10.0-1160.80.1.el7.x86_64 without problems. Thankfully, no problems with 2x Xeon E5-2667 v2 and CentOS 7.9 kernel 3.10.0-1160.80.1.el7.x86_64. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Microsoft deprecation of basic authentication centos 7
On 10/14/22 12:31 PM, Jerry Geis wrote: Hi All I have a server out there running centos 7. I installed fetchmail to monitor an email inbox - has worked for years. Microsoft deprecated basic authentication so fetchmail is not working any more. Anyone else run into this ? fetchmail 6 does not support oauth. Any thoughts on how to update - get this working again ? its nearly impossible to change the OS - as the box is not local to me. Microsoft is accepting short-term enforcement delays (until Dec 31 if I recall) if your company will submit the request. Consider looking at a generic proxy like https://github.com/simonrob/email-oauth2-proxy I tried it on EL8, but had troubles getting the GUI to appear in the systray unless until in my python virtenv I added: pip install PyGObject # also installs pycairo Worked for me with Thunderbird -- we can't use built-in OAUTH2 due to https://bugzilla.mozilla.org/show_bug.cgi?id=1685414 Good luck! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS-virt] el9 xen packeges/kernel
Hi All are there somewhere already xen and dom0 kernel packages for el9? - Greetz ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] IPv6 token with /60 and prefix delegation
Once upon a time, Kenneth Porter said: > Right now it's a CentOS 8 system running NetworkManager. The LAN > side is going to run the Kea DHCP server but for now I'm just trying > to get the WAN side going. The typical IPv6 CPU router setup is: - WAN receives Router Advertisement that says there is stateful config - WAN does DHCPv6 to get WAN IP (typically either a /64 or a /128) - WAN does sepearate DHCPv6 to get a prefix delegation (e.g. /64, /60, /56) - router assigns /64 prefixes from PD to LAN interface(s) as needed So when you get a /60 via PD, that doesn't go on the WAN interface at all, that's for use on LAN interfaces. NM can get an apply a WAN IP in that setup just by setting ipv6.method=auto. There's some support in NM for also running PD and assigning prefixes to LAN interfaces (although not sure it is in CentOS 8), but I think it's incomplete. Instead, you can use something like: https://github.com/sshambar/nmutils to add event scripts to NM to handle it (although IIRC I had a couple of issues with those scripts too, but didn't get back to working it all out). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kickstart storage configuration hangs
Once upon a time, Leon Fauster said: > I guess anaconda is not ready? Because even the ks file > from the manually installed system does not work ... I installed a 9-stream VM from kickstart today, so I don't think it is a general issue. Did you look at the logs to see what is happening? -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any downside to mount -o noatime?
Once upon a time, Kenneth Porter said: > I'm using BackupPC to do rsync-based backups of all my systems. The > "incremental" backups look only at size and timestamp changes. The > less-frequent "full" backups checksum all my files. That means an > extra write for every file that gets checked. Well, not really. atime writes would get batched just like any other write, and filesystems have inode metadata grouped together, so it'd be more like one flush of a few inode metadata blocks for a whole lot of atime updates. Unless you had zero other writes (in which case, why back up), this will still be lost in the noise of total writes. Any old SSD will handle that just fine for many years to come. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Any downside to mount -o noatime?
Once upon a time, Kenneth Porter said: > According to the man page for mount, relatime updates atime whenever > mtime or ctime are updated, or if neither has been updated in the > last 24 hours. Which is still prohibitive if you're doing an > incremental (rsync) backup and checking file contents on the "full" > backup weekly or monthly. Unless you never write to the disk, that will still be lost in the noise of writes. But if it still bothers you, use rsync --open-noatime. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [EXT] c9s: CPU ISA level lower than required
Once upon a time, Simon Matter said: > Is there an easy way to figure out if a CPU does support x86-64-v2? > Something like a list of CPU families or a list of flags to check? Run "/lib64/ld-linux-x86-64.so.2 --help" - the output should include: Subdirectories of glibc-hwcaps directories, in priority order: x86-64-v4 x86-64-v3 (supported, searched) x86-64-v2 (supported, searched) So for example, the system I ran this on is -v3, but not -v4. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] EPEL repo RPM in CentOS 9-stream?
Will the Fedora EPEL repo RPM be added to any CentOS 9-stream core repos, like epel-release is in 7 and 8-stream extras? -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: DMARC for centos.org
We use Office365 for hosting mail. You may stop reading now, no offense taken. :-) Recently and intermittently, emails from the centos and centos-devel mailing lists are being put in my "Junk E-Mail" folder by Microsoft (not by any client filtering). My insightful email admin has been working with Microsoft to nail down the cause and it is (partly?) due to centos.org not having a DMARC DNS record. I verified this is true with a missing "ANSWER SECTION" if DNS is queried: dig _dmarc.centos.org txt When I pressed for more details about the intermittent filtering, he replied: "Maybe passing SPF or DKIM for some sending domains helps get some of them through? I can’t be totally sure in this evolving Microsoft dynamic situation. But I’m still not through with them. Still asking questions trying to draw out answers..." Microsoft suggested: You can ask an admin in the sending domain to configure their email authentication records: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-authentication?view=o365-worldwide#ask-the-sender-to-configure-email-authentication-for-domains-you-dont-own My apologies if this is bringing up issues already beaten to death. But if it could be addressed without too much hassle...it might help others as well. Thanks! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS-virt] xen repo el8
Hi are there somewhere good el8 (rhel, centos,rocky etc) repositories with xen 4.16 pkgs? - Greetz ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-virt] Script for making a KVM VM from a kickstart
I have been building up a script to quickly and easily make CentOS/RHEL and Fedora VMs from kickstart files for a long time, and thought I'd see if anyone else was interested. It's especially useful IMHO if you are working on building kickstarts, because you can fairly rapidly iterate and test. I've got it built as an RPM, so if others think this is useful, I might submit it to Fedora and EPEL. Let me know what you think! https://github.com/cmadamsgit/ks-install -- Chris Adams ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Qemu - enabling "bridge mode" for primary physical interface for VMs
Once upon a time, Lists said: > Thank you, I'll be trying this on a spare machine here before I try it in > production. Carefully reading the directions, although I see where bridge-br0 > is created, I don't see where bridge-slave-em1 is defined? This part: > > # Make a connection for the physical ethernet em1 to be part of the bridge > > nmcli con add type ethernet ifname em1 master bridge-br0 does it. If you don't specify a connection name, NM names a new bridge member connection profile as "bridge-slave-". -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 9-stream "CRB" repo
I'm starting to look at CentOS 9-stream... what is the CRB repo? It appears to be a lot of development libraries and such, but I didn't see a definition or "CRB" anywhere. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Qemu - enabling "bridge mode" for primary physical interface for VMs
Once upon a time, Lists said: > I understand that it's possible to allow the 4 VM guest systems to each have > a > "direct" fixed IP address and access the addresses \via the host network > adapter, while the host retains its fixed IP. If you are running NetworkManager (the default), it's not too hard. Here's an example step-by-step for changing an existing interface "em1" to be a bridge "br0": # Create a bridge interface nmcli con add type bridge ifname br0 bridge.stp no # Copy all the IPv4/IPv6 config from an existing interface nmcli con mod bridge-br0 $(nmcli -f ipv4.method,ipv4.addresses,ipv4.gateway,ipv6.method,ipv6.addresses,ipv6.gateway con show em1 | grep -v -- -- | sed 's/: */ /') # -or- just set an IPv4 address/gateway to known values nmcli con mod bridge-br0 ipv4.method manual ipv4.address 10.1.1.2/24 ipv4.gateway 10.1.1.1 ipv6.method ignore # Make a connection for the physical ethernet em1 to be part of the bridge nmcli con add type ethernet ifname em1 master bridge-br0 # Switch from the "regular" em1 to the bridge nmcli con down em1; nmcli con up bridge-br0; nmcli con up bridge-slave-em1 # Disable the original config nmcli con mod em1 autoconnect 0 Then you set your VMs to use the bridge - in the libvirt XML for example, you'd have something like: Inside the VM, configure the interface just as if it was a physical system on that subnet. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 9-stream modules?
Once upon a time, Stephen John Smoogen said: > On Sun, 14 Nov 2021 at 17:48, Chris Adams wrote: > > I started looking at 9-stream a bit... and I notice there are no package > > modules. All the things that were modules in 8/8-stream appear to have > > been folded back into the base OS, with no variants included (like > > different versions of MariaDB and php for example). Is this expected to > > be the way forward, or are modules just still to be filled out? > > Modules will probably occur later in time. Made up example follows > which bears no resemblance to reality: Perl-5.400 comes out and it is > a good candidate for use, then it will be added as a module which > would replace regular packages. Same with PHP, IDM and other > 'fast-but-useful' tool-sets. Okay, thanks to you and to Josh Boyer for the info. This appears to be a little different from CentOS 8 (and Fedora), where such things are always modules, so I just wanted to make sure I wasn't missing anything. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 9-stream modules?
I started looking at 9-stream a bit... and I notice there are no package modules. All the things that were modules in 8/8-stream appear to have been folded back into the base OS, with no variants included (like different versions of MariaDB and php for example). Is this expected to be the way forward, or are modules just still to be filled out? -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mementos
Once upon a time, mark said: > Cleaning up, and found something relevant here: anyone want a > memento - I have an original RH 5.2 set. That'd be RHL - RH is the company. :) My oldest Red Hat Linux release is 3.0.3 - first Linux distribution I got on CD (instead of just downloading a floppy image after floppy image). I wonder if it would install in a modern VM? -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [External] Re: Microsoft Teams on CentOS 7. Does the latest version work?
Once upon a time, Phil Perry said: > So Teams now needs a newer version of libstdc++ than that in RHEL7. > As others have mentioned, Microsoft clearly do not understand how to > package software using RPM and you are probably better off with a > snap/flatpak solution. Umm, I would say that there is a proper dependency on a required library, they do understand how to package software using RPM. They're just choosing to build on a newer OS version that has dependencies that aren't handled on CentOS 7. I don't know if they specify supported distributions anywhere (I didn't find a list in a quick search), so don't think they claim that CentOS 7 is supported. I think they just say "here's an RPM" and "here's a repo". -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [External] Re: Microsoft Teams on CentOS 7. Does the latest version work?
Once upon a time, Toralf Lund said: > But in that situation, you expect runtime errors. In this case, the > application doesn't just install, it also starts and stays running > for as long as I care to let it. It just doesn't do anything useful. > Not as far as I can tell, anyway. I guess part of the question was > if I'm missing something. Like, perhaps it doesn't open any windows > by default, but there's some obscure way to make them come up... Like a number of "desktop apps" for web-based sites, Teams is an Electron app. That means it's really a package of Chrome plus the site's client HTML/CSS/JavaScript, so you get all the fun bugs of Chrome (with no way to upgrade it). Microsoft's RPM does appear to have all the proper RPM dependencies, so that's probably not the issue (as long as it installs, they should be satisfied). Have you run Teams before on this system? If so, I've found that it tends to bog down over time, which I suspect is something like it growing a cache without bounds or the like. If that's the case, I suggest removing its data and re-logging in. It looks like that "~/.config/Microsoft/Microsoft Teams". -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
Once upon a time, Gionatan Danti said: > While I fully understand & agree on the motivation for keeping Rocky > (and other clones) 1:1 with Red Hat, it should be understood that > current RHEL packages selection itself is drifting away from > small/medium business needs. So the core issue is a more fundamental > one: Red Hat, our upstream, is walking away from traditional server > needs. Like any commercial product, RHEL exists for Red Hat's customers... so if you want to see something specific from RHEL, you need to be a customer to give input. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [C8 stream] unix_chkpwd wants access to /proc
Once upon a time, Chris Adams said: > Once upon a time, Łukasz Posadowski said: > > From 11.06 journal is logging a lot of denied access to /proc for > > unix_chkpwd by selinux. They are so frequent, that I see them in > > htop. :) Right now I have 2122 logges denials. > > > > Is it OK for unix_chkpwd to poke in /proc? It has to know who is > > logged in, do probably yes, bit I'm not sure. > > I haven't dug into it, but I'm thinking there was some policy or library > change that isn't quite right... sssd_be also has the same denial on > startup (so every boot). Went ahead and poked at it - the issue is the new version of libcap-ng. Opened https://bugzilla.redhat.com/show_bug.cgi?id=1971688 -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [C8 stream] unix_chkpwd wants access to /proc
Once upon a time, Łukasz Posadowski said: > From 11.06 journal is logging a lot of denied access to /proc for > unix_chkpwd by selinux. They are so frequent, that I see them in > htop. :) Right now I have 2122 logges denials. > > Is it OK for unix_chkpwd to poke in /proc? It has to know who is > logged in, do probably yes, bit I'm not sure. I haven't dug into it, but I'm thinking there was some policy or library change that isn't quite right... sssd_be also has the same denial on startup (so every boot). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
Once upon a time, Carlos Oliva said: > Thank you for your response Martin. We should probably consider > moving to the alternatives that you mentioned or Ubuntu. Centos was > no longer a Community effort after RH was bought by a propriatory > company. The vast majority of open source software is developed by companies like Red Hat/IBM (IBM was a significant Linux contributor long before they bought Red Hat; the original SCO lawsuit was about code IBM contributed to the Linux kernel). That's not just true of Linux; a lot of FreeBSD development is done by a few companies (sometimes imperfectly, as seen with the VPN mess just before FreeBSD 13 release). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] password algorithm with authconfig vs authselect
Once upon a time, Leon Fauster said: > How does the new "way" looks like (>=EL8), to switch the password > algorithm? It looks like authselect doesn't support that. While authconfig tried to be a super-multi-tool that knew how to configure all the things, I think it got to a point where it was too difficult to maintain (keeping track of which options were required, conflicted with each other, etc.). So authselect instead ships a pre-set group of config files that have been tested, with some options in them. Right now, the password algorithm is always sha512. I think that could be turned into what authselect calls a "feature", but I'm not sure (that'd be a good request for the project, using their project page at https://github.com/authselect/authselect). It looks like features might support only enable/disable, not custom string values. The "officially correct" way to do that today seems to be to create a custom profile (which can be based on an existing profile), change the values, then apply the custom profile. This seems like a lot to just set the algorithm, but I'm guessing that at this point, there aren't many requests to do that (so it isn't a well-supported thing to change). It looks like something like this might do it: authselect create-profile sha256 --base-on=sssd sed -i 's/sha512/sha256/g' /etc/authselect/custom/sha256/* authselect select custom/sha256 -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ssh stalls/hangs instead of exiting
On 4/14/21 2:22 AM, Simon Matter wrote:
>>>> On 4/13/21 11:36 PM, Chris Schanzle via CentOS wrote:
>>>>> On 4/13/21 5:00 PM, Frank Cox wrote:
>>>>>> On Tue, 13 Apr 2021 22:29:26 +0200
>>>>>> Simon Matter wrote:
>>>>>>
>>>>>>> You could try running strace on the hanging process so see what it's
>>>>>>> doing.
>>>>>> [frankcox@mutt temp]$ rsync -avv ../temp/ jeff:temp
>>>>>> opening connection using: ssh jeff rsync --server -vvlogDtpre.iLsfxC
>>>>>> .
>>>> temp (7 args)
>>>>>> sending incremental file list
>>>>>> delta-transmission enabled
>>>>>> abc is uptodate
>>>>>> total: matches=0 hash_hits=0 false_alarms=0 data=0
>>>>>>
>>>>>> Leaving that sit there apparently doing nothing (but still not giving
>>>>>> me my cursor back) I switched to another terminal window and did the
>>>>>> following:
>>>>>>
>>>>>> [frankcox@mutt ~]$ ps -FA | grep rsync
>>>>>> frankcox54002435 0 60586 3160 5 14:52 pts/000:00:00
>>>>>> rsync -avv ../temp/ jeff:temp
>>>>>> frankcox54015400 0 67980 7440 1 14:52 pts/000:00:00
>>>>>> ssh
>>>>> jeff rsync --server -vvlogDtpre.iLsfxC . temp
>>>>>> frankcox55265416 0 55476 1076 3 14:53 pts/100:00:00
>>>>>> grep --color=auto rsync
>>>>>>
>>>>>> [frankcox@mutt ~]$ strace -p 5401
>>>>>> strace: Process 5401 attached
>>>>>> select(11, [5 9 10], [], NULL, NULL
>>>>>>
>>>>>> Then it just sits there with no further action. I get my cursor back
>>>>>> when I hit ctrl-c.
>>>>>>
>>>>>> [frankcox@mutt ~]$ strace -p 5400
>>>>>> strace: Process 5400 attached
>>>>>> restart_syscall(<... resuming interrupted nanosleep ...>) = 0
>>>>>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>>>>>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>>>>>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>>>>>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>>>>>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>>>>>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>>>>>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>>>>>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>>>>>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>>>>>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>>>>>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>>>>>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>>>>>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>>>>>>
>>>>>> The wait4-etc line just keeps repeating endlessly until I hit ctrl-c.
>>>>>>
>>>>>> Unfortunately, I have no idea what any of the above actually means.
>>>>>> Does it tell us anything interesting?
>>>>> Yay! I am glad someone else on the planet is experiencing this.
>>>>> I noticed this started happening to me after updating some CentOS
>>>>> Linux
>>>> 8
>>>>> systems today.
>>>>>
>>>>> I discovered if I set ForwardX11=no (either on ssh command line or in
>>>> ~/.ssh/config) the hang does not happen. But why does that matter? No
>>>> updates to openssh.
>>>>> It is not the systemd update doing something silly with session
>>>>> management. I painfully downgraded manually and rebooted to no
>>>>> effect.
>>>>> As an aside, why can't we we have nice things in life like 'dnf
>>>>> downgrade
>>>>> systemd\*' actually work? I did the below - might be dumb, but it
>>>> worked -- alternate suggestions to downgrade are appreciated -
>>>> searching
>>>> the list and my google-fu was off the mark today.
>>>>> cd [path-to-repo]/centos/8/BaseOS/x86_64/os/Packages
>>>>> dnf downgrade $(rpm -qa systemd\* | grep 239-41.el8_3.2 | sed -e
>>>> 's/3\.2/3.1/' -e 's/^/.\//' -e 's/$/.rpm/')
>>>>> Chris
>>>>
>>>> [adjusted the subject, hope that is OK.]
>>>>
>>>>
Re: [CentOS] ssh stalls/hangs instead of exiting
On 4/13/21 11:36 PM, Chris Schanzle via CentOS wrote:
> On 4/13/21 5:00 PM, Frank Cox wrote:
>> On Tue, 13 Apr 2021 22:29:26 +0200
>> Simon Matter wrote:
>>
>>> You could try running strace on the hanging process so see what it's doing.
>> [frankcox@mutt temp]$ rsync -avv ../temp/ jeff:temp
>> opening connection using: ssh jeff rsync --server -vvlogDtpre.iLsfxC .
temp (7 args)
>> sending incremental file list
>> delta-transmission enabled
>> abc is uptodate
>> total: matches=0 hash_hits=0 false_alarms=0 data=0
>>
>> Leaving that sit there apparently doing nothing (but still not giving me my
>> cursor back) I switched to another terminal window and did the following:
>>
>> [frankcox@mutt ~]$ ps -FA | grep rsync
>> frankcox54002435 0 60586 3160 5 14:52 pts/000:00:00 rsync
>> -avv ../temp/ jeff:temp
>> frankcox54015400 0 67980 7440 1 14:52 pts/000:00:00 ssh
> jeff rsync --server -vvlogDtpre.iLsfxC . temp
>> frankcox55265416 0 55476 1076 3 14:53 pts/100:00:00 grep
>> --color=auto rsync
>>
>> [frankcox@mutt ~]$ strace -p 5401
>> strace: Process 5401 attached
>> select(11, [5 9 10], [], NULL, NULL
>>
>> Then it just sits there with no further action. I get my cursor back when I
>> hit ctrl-c.
>>
>> [frankcox@mutt ~]$ strace -p 5400
>> strace: Process 5400 attached
>> restart_syscall(<... resuming interrupted nanosleep ...>) = 0
>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
>> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>>
>> The wait4-etc line just keeps repeating endlessly until I hit ctrl-c.
>>
>> Unfortunately, I have no idea what any of the above actually means. Does it
>> tell us anything interesting?
>
> Yay! I am glad someone else on the planet is experiencing this.
> I noticed this started happening to me after updating some CentOS Linux
8
> systems today.
>
> I discovered if I set ForwardX11=no (either on ssh command line or in
~/.ssh/config) the hang does not happen. But why does that matter? No updates
to openssh.
>
> It is not the systemd update doing something silly with session management.
> I painfully downgraded manually and rebooted to no effect.
> As an aside, why can't we we have nice things in life like 'dnf downgrade
> systemd\*' actually work? I did the below - might be dumb, but it
worked -- alternate suggestions to downgrade are appreciated - searching the
list and my google-fu was off the mark today.
>
> cd [path-to-repo]/centos/8/BaseOS/x86_64/os/Packages
> dnf downgrade $(rpm -qa systemd\* | grep 239-41.el8_3.2 | sed -e
's/3\.2/3.1/' -e 's/^/.\//' -e 's/$/.rpm/')
>
> Chris
[adjusted the subject, hope that is OK.]
Found it! It's the dbus update to 1.12.8-12. Downgrade to -11
and ssh connections close normally.
To clarify the problem, with the new dbus, simple ssh's like:
ssh somehost uptime
will print the uptime, but do not return to the local shell prompt until you
hit ctrl-c. It works normally if you downgrade dbus or
ssh -o forwardx11=no somehost uptime
I'm sure a bug report exists somewhere, but that's something to dig for or
create tomorrow.
To downgrade, packages were scattered in different locations, so I copied
them to one directory and did
dnf downgrade ./*
The packages I needed to downgrade on a x86_64 system were:
dbus-1.12.8-11.el8.x86_64.rpm
dbus-common-1.12.8-11.el8.noarch.rpm
dbus-daemon-1.12.8-11.el8.x86_64.rpm
dbus-devel-1.12.8-11.el8.x86_64.rpm
dbus-libs-1.12.8-11.el8.x86_64.rpm
dbus-tools-1.12.8-11.el8.x86_64.rpm
dbus-x11-1.12.8-11.el8.x86_64.rpm
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync over ssh stalls after completing the job
On 4/13/21 5:00 PM, Frank Cox wrote:
> On Tue, 13 Apr 2021 22:29:26 +0200
> Simon Matter wrote:
>
>> You could try running strace on the hanging process so see what it's doing.
> [frankcox@mutt temp]$ rsync -avv ../temp/ jeff:temp
> opening connection using: ssh jeff rsync --server -vvlogDtpre.iLsfxC . temp
> (7 args)
> sending incremental file list
> delta-transmission enabled
> abc is uptodate
> total: matches=0 hash_hits=0 false_alarms=0 data=0
>
> Leaving that sit there apparently doing nothing (but still not giving me my
> cursor back) I switched to another terminal window and did the following:
>
> [frankcox@mutt ~]$ ps -FA | grep rsync
> frankcox54002435 0 60586 3160 5 14:52 pts/000:00:00 rsync
> -avv ../temp/ jeff:temp
> frankcox54015400 0 67980 7440 1 14:52 pts/000:00:00 ssh
jeff rsync --server -vvlogDtpre.iLsfxC . temp
> frankcox55265416 0 55476 1076 3 14:53 pts/100:00:00 grep
> --color=auto rsync
>
> [frankcox@mutt ~]$ strace -p 5401
> strace: Process 5401 attached
> select(11, [5 9 10], [], NULL, NULL
>
> Then it just sits there with no further action. I get my cursor back when I
> hit ctrl-c.
>
> [frankcox@mutt ~]$ strace -p 5400
> strace: Process 5400 attached
> restart_syscall(<... resuming interrupted nanosleep ...>) = 0
> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
> nanosleep({tv_sec=0, tv_nsec=2000}, NULL) = 0
> wait4(5401, 0x7ffd45105564, WNOHANG, NULL) = 0
>
> The wait4-etc line just keeps repeating endlessly until I hit ctrl-c.
>
> Unfortunately, I have no idea what any of the above actually means. Does it
> tell us anything interesting?
Yay! I am glad someone else on the planet is experiencing this.
I noticed this started happening to me after updating some CentOS Linux 8
systems today.
I discovered if I set ForwardX11=no (either on ssh command line or in
~/.ssh/config) the hang does not happen. But why does that matter? No updates
to openssh.
It is not the systemd update doing something silly with session management. I
painfully downgraded manually and rebooted to no effect.
As an aside, why can't we we have nice things in life like 'dnf downgrade
systemd\*' actually work? I did the below - might be dumb, but it worked --
alternate suggestions to downgrade are appreciated - searching the list and my
google-fu was off the mark today.
cd [path-to-repo]/centos/8/BaseOS/x86_64/os/Packages
dnf downgrade $(rpm -qa systemd\* | grep 239-41.el8_3.2 | sed -e
's/3\.2/3.1/' -e 's/^/.\//' -e 's/$/.rpm/')
Chris
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Proxmox Backup Server equivalent for the RHEL/CentOS world ?
Once upon a time, Simon Matter said: > I haven't followed oVirt/RHV but I'm wondering how free it is? Is it as > "free" as RHEL or as CentOS/Alma/Rocky/Navy/Oracle Linux? oVirt is the upstream for RHV. Development takes place in oVirt, but (to me anyway) like Fedora, that doesn't mean it is an unfinished or beta product - they do development and have test releases and such. But, like any freely-available software, sometimes you get to find new ways to break it (and then go hunting for help on mailing lists and such). :) I've run oVirt in production for over 6 years (don't actually remember exactly when I started but at least that long). > BTW, from what I know Proxmox does make use of ZFS for some nice features, > does oVirt/RHV have some comparable solutions? All of my oVirt experience has been with external iSCSI storage arrays - my main cluster was a mail server farm for 60K residential users, so we needed TBs of fast storage. oVirt supports a hyperconverged setup with Gluster as well; I set it up once in a lab, but we didn't end up using it (so I can't offer any experience with it). We used to have a TrueNAS (commercial FreeBSD+ZFS storage array), and... we had issues with it. I was not a fan and probably would avoid ZFS and FreeNAS/TrueNAS based on my experiences (but maybe they've gotten better). We hit multiple bugs with it that took a long time to resolve. We were also unhappy with the hardware and its support from iX Systems (the company behind FreeNAS/TrueNAS). Aside from bugs, one drawback of ZFS for me was that, when we needed more storage and added more drives, there was no way to rebalance the space. We ended up getting "hot spots" because a flood of data was written to just the new drives. The ZFS "solution" is just to backup and restore your data (which is not an enterprise or highly available option to me). Rebalance is hard, but I ran DEC Unix back in the day, and their AdvFS not only supported rebalance, it ran it regularly from a cron job (which may have been a hack around the kernel not balancing well to begin with of course). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Proxmox Backup Server equivalent for the RHEL/CentOS world ?
Once upon a time, Nicolas Kovacs said: > Le 12/04/2021 à 23:11, Chris Adams a écrit : > > oVirt > > itself doesn't include backup software (it supports VM snapshots and > > clones), but there are several third-party backup tools (both free and > > commercial) compatible with oVirt/RHV, like Storeware's vProtect (I > > haven't used it but seen others mention it). > > I'd be very grateful for some links to these third-party backup tools, with a > preference for free (as in beer + speech) stuff. Google is your friend - check out the ovirt-users mailing list archive. I'm not doing VM-based backups (had system backups already before setting up this VM environment and haven't had the opportunity to change), so I can't really say. I know there are people using Ansible plays against the oVirt API to do things, so there are probably scripts for that in the usual places like github. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Proxmox Backup Server equivalent for the RHEL/CentOS world ?
Once upon a time, Nicolas Kovacs said: > Both PVE and PBS are based on Debian, and now I wonder if RHEL-based systems > have something similar to offer. I believe Red Hat Virtualization, and its open upstream oVirt, are comparable to Proxmox. I have used oVirt for a number of years. oVirt itself doesn't include backup software (it supports VM snapshots and clones), but there are several third-party backup tools (both free and commercial) compatible with oVirt/RHV, like Storeware's vProtect (I haven't used it but seen others mention it). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] nmcli
Once upon a time, Peter Larsen said: > >how do I just remove the single ADDRESS I added as an alias ? not the whole > thing ? > > You first remove all ipv4.addresses and then add the one you want. Then you > save/activate. That's not necessary. For any setting that can be multi-valued (such as addresses and routes), you can prefix with + or - to add or remove just one entry. For example, to remove just address 10.1.1.2/24: nmcli con mod em1 -ipv4.address 10.1.1.2/24 nmcli con up em1 -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Date question
On 2/17/21 1:57 PM, Jerry Geis wrote: > SO from the man page on date I can do > > current=`TZ=":America/Indianapolis" date` > echo $current > current=`TZ=":America/Los_Angeles" date ` > echo $current > > And I get correct data. LA is 3 hours earlier. But doing this: > > current=`TZ=":America/Indianapolis" date +%s` > echo $current > current=`TZ=":America/Los_Angeles" date +%s` > echo $current > > I get the same data - its not 3 hours different. > > What am I not doing correct ? > > Thanks, > > Jerry Per the date(1) man page, %s seconds since 1970-01-01 00:00:00 UTC Thus,%s is independent of the timezonerelative to UTC. And you don't need any of those double-quotes. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] luks encrypted - tell at boot to skip/ignore it - how?
On 1/30/21 9:48 AM, lejeczek via CentOS wrote: > How to tell grub/kernel to ignore, skip either all or a specific block device > which is luks-ecrypted - would anybody know? > I have a box (kvm) which had a "secondary" luks-encrypted disk which now is > detached and Centos just hangs @boot waiting for that disk. > many thanks, L. Try adding to /etc/crypttab an entry for it including the options: nofail,noauto You might also need an /etc/fstab entry for it (recommend LABEL= or UUID= as the source) and use the mount option of "nofail". Might also need "noauto" depending on your situation. crypttab(5) and mount(8) are your friends here. Hope that helps! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba setup
I could never connect to my smb shares . So I browsed directly to a shared folder when I received the message that directed me to the link of which I sent earlier. I’m not sure how to tell what protocol version samba uses but it may be that it’s using the ver 1. I haven’t looked into trying to fix mine as I’m going to be redoing my Linux server and then after that I’ll be seeing if I can connect with my win10 pc. Don’t feel like adding any unnecessary patches to my win 10 machine unless I have to after I update my Linux box. Might want to do more research and see what actual protocol version the smb server is using Sent from my iPhone > On Jan 29, 2021, at 12:02 PM, Robert G. (Doc) Savage > wrote: > > >> >> On Fri, 2021-01-29 at 06:32 -0600, Chris Weisiger wrote: >> >> I’m not exactly sure if this may be the same issue I experienced but Google >> smb1 and windows10 . Apparently Microsoft removed support for Ann version 1 >> from windows 10 after one of the release updates >> >> https://go.Microsoft.com/fwlink/?linkid=852747 > > Chris, > > I added the following line to [global], but it didn't fix the problem. > > server max protocol = SMB2 > > --Doc ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba setup
> On Jan 28, 2021, at 10:49 PM, Robert G. (Doc) Savage via CentOS > wrote: > > On Fri, 2021-01-29 at 04:40 +, Strahil Nikolov wrote: >> I know from experience that you need to decide how you control access >> and you got 2 options: >> >> - Linux directory is set to 777 and all control is in samba >> - Linux directory is set as if unix user will access it and you use >> the sam uid/gid for both client and server accounts (AD, FreeIPA, >> LDAP) >> >> What is your settings right now ? >> >> Best Regards, >> Strahil Nikolov > > Strahil, > > 777 and ownership of /tank/Windows is nobody:nobody. It's actually an > empty directory right now. > > Not using AD/FreeIPA/LDAP. > > --Robert Savage > Fairview Heights, IL > > >> >>> On Thu, Jan 28, 2021 at 7:57, Robert G. (Doc) Savage via CentOS >>> wrote: >>>> On Tue, 2021-01-19 at 17:18 +0100, Götz Reinicke wrote: >>>>> >>>>> Anything in the samba logs? May be SELinux/Firewall issues? >>> >>> Götz, >>> >>> Unfortunately, no. >>> >>> The nmbd log verifies that the fileserver's samba service is the >>> local >>> master browser for WORKGROUP on both eth0 and virbr0. >>> >>> [2021/01/17 19:02:22.190795, 0] >>> >>> ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2 >>> ) >>> * >>> Samba name server LIONSTORE is now a local master browser for >>> workgroup >>> WORKGROUP on subnet 192.168.1.20 >>> * >>> >>> [2021/01/17 19:02:22.191085, 0] >>> >>> ../../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2 >>> ) >>> * >>> Samba name server LIONSTORE is now a local master browser for >>> workgroup >>> WORKGROUP on subnet 192.168.122.1 >>> * >>> >>> The samba smbd log simply reports the connection denials: >>> >>> [2021/01/17 23:07:40.304626, 0] >>> ../../lib/util/access.c:371(allow_access) >>> Denied connection from 192.168.1.30 (192.168.1.30 >>> >>> There's nothing in the SELinux logs for that date. >>> >>> I checked firewall-config on the storage server and verified that >>> the >>> samba service is allowed (but not samba-client or samba-dc). >>> >>> Is there a really comprehensive setup checklist available for >>> setting >>> up samba on CentOS? The partial how-tos I've been able to find are >>> obviously not enough. I'm looking for completer smb.conf setup, >>> firewall settings, required services, directory permissions, >>> accounts, >>> and anything else that's required. I'm running up against very >>> unhelpful roadblocks that seem to indicate a critical permissions >>> problem but nothing specific. >>> >>> V/R >>> --Doc Savage >>> Fairview Heights, IL >>> >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos I’m not exactly sure if this may be the same issue I experienced but Google smb1 and windows10 . Apparently Microsoft removed support for Ann version 1 from windows 10 after one of the release updates https://go.Microsoft.com/fwlink/?linkid=852747 Chris ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 future
On 12/14/20 3:47 PM, Leroy Tennison wrote: > The whole issue of "support longevity" raises an issue I've been pondering, > is 10-year support a good thing from a security perspective? At work we use > Ubuntu LTS which has only a five year support cycle (you can pay for an extra > five years) but, even with that, issues have arisen. Although they do > security and bug fix updates, the package versions remain basically the same. > So, if a package is on version 1.2.3, it remains 1.2.3 with bug fixes and > security patches for the life of the distribution. Does Red Hat/CentOS do the > same thing? Yes. Nearly always. Exceptions are in release notes as "rebasing". > The reason I ask is I ran into an issue where OpenVPN was updated in a later > release to support a more robust security architecture which wasn't available > until I upgraded. A configuration change could have addressed a security > weakness in the older version so that the issue wasn't one of a security > patch. This, in a nutshell, is why it is better for stability within a release, to back-port fixes. Yes, it takes a lot more effort by Red Hat to maintain software this way. When you decide a package needs a significantly newer version, that's when you start looking at new releases of the OS. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS Stream & Release Notes / Documentation
One thing I have not seen discussed is how users will be notified of changes to functionality and new features in CentOS Stream. With Stream being on the leading edge of a release as opposed to following, will there be some mechanism where changes are blogged about, Beta release notes, or something similar? Thanks again to JohnnyH and the rest of the team for a great ride. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Desktop Over NFS Home Blocked By Firewalld
On 11/20/20 2:31 PM, Michael B Allen wrote: > On Fri, Nov 20, 2020 at 2:06 PM Michael B Allen wrote: >> Apparently I don't know how to do "that" because this: >> >> # iptables -A INPUT -p tcp --sport 760 -m conntrack --ctstate >> NEW,ESTABLISHED -j ACCEPT >> >> still doesn't allow the traffic through (not that I would want to >> allow an --sport rule anyway but I'd just like to confirm that this >> traffic is indeed responsible). What am I doing wrong here? I've also >> tried simpler rules without conntrack or cstate but it's still not >> getting through. >> >> Incidentally I added kerberos and kadmin firewalld services without >> effect either. > Well I've managed to resolve the issue but I'm not entirely satisfied > with the solution. Apparently firewalld and iptables are at least > partially mutually exclusive such that changes to iptable have no > effect. If I add a Source Port rule using the Firewalld GUI to allow > source port 760, it resolves the issue. But it seems pretty dubious to > allow traffic from any particular source port. The service using port > 760 is krbupdate but there isn't a lot of information about it on the > net. It doesn't look like destination ports are a range because they > have changed from 41285 and 46167. There must be something on the > CentOS 7 side broadcasting info about what ports to use. What a PITA. > I can't log into a desktop with an nfs home dir without punching a > reverse hole in my firewall? That shouldn't be. 99% of people will > just drop the pants on their machine. > > Mike You didn't state what version of NFS you're using. We're still on nfsv3. What you're describing looks like an issue with locked. Curious: Try giving the login ~10 minutes to see if something 'gives up.' On the nfs server: rpcinfo -p Look at nlockmgr ports & protocols. My hunch is your dst ports reported are listed. On CentOS 7 & 8, I lock down ports on my clients and server using /etc/nfs.conf (c8) or /etc/sysconfig/nfs (c7). I used random high numbers, pick your own to taste: $ egrep -v '^($|#)' /etc/nfs.conf [general] [exportfs] [gssd] use-gss-proxy=1 [lockd] port = 43090 udp-port = 43090 [mountd] port = 43091 [nfsdcltrack] [nfsd] [statd] port = 43092 [sm-notify] On the server and clients, I allow those corresponding ports. I believe on centos 7 I used /etc/modprobe.d/lockd.conf to use something like: options lockd nlm_udpport=43094 nlm_tcpport=43094 and # cat /etc/sysconfig/nfs LOCKD_TCPPORT=43090 LOCKD_UDPPORT=43090 MOUNTD_PORT=43091 STATD_PORT=43092 RQUOTAD_PORT=43093 Hope that helps! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Best practice preparing for disk restoring system
I would include LVM and mdadm info as well, since I use those features. I encourage you to look at what long-lived tools, such as clonezilla, write into their archive directories. It's impressive. If you zero out all free space on all of your HDD partitions (dd bs=1M if=/dev/zero of=/path/deleteme; rm /path/deleteme) or use 'fstrim' for SSD's, you could use dd to image with fast & light compression (lzop or my current favorite, pzstd) and get maximum benefit of a bit-by-bit archival copy. On 11/16/20 11:02 PM, H wrote: > Short of backing up entire disks using dd, I'd like to collect all required > information to make sure I can restore partitions, disk information, UUIDs > and anything else required in the event of losing a disk. > > So far I am collecting information from: > - fdisk -l > - blkid > - lsblk > - grub2-efi.cfg > - grub > - fstab > > Hoping that this would supply me with /all/ information to restore a system - > with the exception of installed operating system, apps and data. > > I would appreciate any and all thoughts on the above! > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Network Manager - rotate connection profile
Once upon a time, Frank Cox said: > I have an occasional need to switch a few computers from one Internet > provider to a different one. Both Internet providers feed into the same > network, one at 192.168.0.1 and the other at 192.168.0.254. > > So to change from one provider to the other I run nmtui to change the gateway > and dns server addresses, then deactivate and reactivate the connection and > I'm done. You could just create multiple connection profiles, like "provA" and "provB". Then to switch A->B would be "nmcli con down provA; nmcli con up provB". You'd only want one to autoconnect though, so maybe: nmcli con down provA nmcli con mod provA autoconnect 0 nmcli con up provB nmcli con mod provB autoconnect 1 Or you could even get fancier with a script that would check the currently active and switch to the other one. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ThinkStation with BIOS RAID and disk error messages in gparted
Once upon a time, Simon Matter said: > I'm a bit confused what you have here. Did you mix pseudo hardware RAID > (BIOS RAID 0) with software RAID here? Because /dev/md126 clearly is part > of a software RAID. IIRC the old dmraid support for motherboard RAID has been phased out, but mdraid has grown support for Intel (and maybe some other?) common motherboard RAID. So, /dev/md doesn't inherently mean "Linux software RAID" for a while now. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Script to rebuild CentOS 8 boot ISO with plus kernel
I want to install CentOS 8 on some older Dells that have storage controllers dropped by RHEL 8. The CentOS 8 kernel-plus package supports them, so I wrote a script that rebuilds the boot ISO to boot and install using the kernel-plus package from the centosplus repo. https://github.com/cmadamsgit/misc-scripts/ I know you can use driver disks to load additional modules from elsewhere, but I wanted to end up with the kernel-plus anyway, so why not just do it during install? Lightly tested, but seems to work. Posting here in case it is useful to others. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] storage for mailserver
On 9/17/20 4:25 PM, Phil Perry wrote: > On 17/09/2020 13:35, Michael Schumacher wrote: >> Hello Phil, >> >> Wednesday, September 16, 2020, 7:40:24 PM, you wrote: >> >> PP> You can achieve this with a hybrid RAID1 by mixing SSDs and HDDs, and >> PP> marking the HDD members as --write-mostly, meaning most of the reads >> PP> will come from the faster SSDs retaining much of the speed advantage, >> PP> but you have the redundancy of both SSDs and HDDs in the array. >> >> PP> Read performance is not far off native write performance of the SSD, and >> PP> writes mostly cached / happen in the background so are not so noticeable >> PP> on a mail server anyway. >> >> very interesting. Do you or anybody else have experience with this >> setup? Any test results to compare? I will do some testing if nobody >> can come up with comparisons. >> >> >> best regards >> --- >> Michael Schumacher > > Here's a few performance stats from my setup, made with fio. > > Firstly a RAID1 array from 2 x WD Black 1TB drives. Second set of figures are > the same are for a RAID1 array with the same 2 WD Black 1TB drives and a WD > Blue NVMe (PCIe X2) added into the array, with the 2 X HDDs set to > --write-mostly. > > Sequential write QD32 > 147MB/s (2 x HDD RAID1) > 156MB/s (1 x NVMe, 2 x HDD RAID1) > > The write tests give near identical performance with and without the SSD in > the array as once any cache has been saturated, write speeds are presumably > limited by the slowest device in the array. > > Sequential read QD32 > 187MB/s (2 x HDD RAID1) > 1725MB/s (1 x NVMe, 2 x HDD RAID1) > > Sequential read QD1 > 162MB/s (2 x HDD RAID1) > 1296MB/s (1 x NVMe, 2 x HDD RAID1) > > 4K random read > 712kB/s (2 x HDD RAID1) > 55.0MB/s (1 x NVMe, 2 x HDD RAID1) > > The read speeds are a completely different story, and the array essentially > performs identically to the native speed of the SSD device once the slower > HDDs are set to --write-mostly, meaning the reads are prioritized to the SSD > device. The SSD NVMe device is limited to PCIe X2 hence why sequential read > speeds top out at 1725MB/s. Current PCIe X4 devices should be able to double > that. > > To summarize, a hybrid RAID1 mixing HDDs and SSDs will have write performance > similar to the HDD (slowest device) and read performance similar to the SSD > (fastest device) as long as the slower HDDs are added to the array with the > --write-mostly flag set. Obviously these are synthetic I/O tests and may not > reflect real world application performance but at least give you a good idea > where the underlying bottlenecks may be. Too bad the 4k random write tests are missing above. I have used SSD + HDD RAID1 configurations in dozens of CentOS desktops and servers for years and it works very well with the --write-mostly flag being set on the HDD. With most reads coming from the SSD, starting programs are much quicker. However, I find the write queue to be very, very small, so the system "feels" like a slow HDD system during writing. But it is possible to configure an extended write-behind buffer/queue which will greatly improve 'bursty' write performance (e.g., Yum/DNF updates or unpacking a tarball with many small files). Do test, lest some kernel bugs over the years, such as [1], rear their ugly head (you will get a panic quickly). The bug returned at some point and I gave up hope upstream would not break it again. For desktops, it left me unable to boot and required console access to fix. In short, use 'mdadm --examine-bitmap' on a component (not the md device itself) and look at "Write Mode." I set it to the maximum of 16383 which must be done when the bitmap is created, so remove the bitmap and create a new one with the options you prefer: mdadm /dev/mdX --grow --bitmap=none mdadm /dev/mdX --grow --bitmap=internal --bitmap-chunk=512M --write-behind=16383 Note sync_action must be idle if you decide to script this. Bigger bitmap-chunks are my preference, but might not be yours. Your mileage and performance may differ. :-) I've been meaning to test big write-behind's on my CentOS 8 systems... [1] https://bugzilla.redhat.com/show_bug.cgi?id=1582673 (login required to view) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] CentOS 8 Install as DOMU in PV Environment
We tried to get CentOS 8 domU working in PV mode as well but did not have any success and ended up deploying it in HVM mode. The reason OP have was lack of hardware support for HVM. This wasn't our rationale for wanting to run in PV mode. Our rationale was that we prefer to deploy CentOS 7 VMs on LVs which are formatted and deployed from an image on dom0 and don't have any partition table. This makes snapshotting, mounting, backing up and migrating very simple. We have written a number of scripts over the years that needed extensive modification to work with HVM VMs but in the end we ended up doing it because we couldn't get PV mode working. And we accepted that HVM is the future so might as well take the opportunity to adapt our ways. If anyone manages to get PV mode working I'd still like to know. Chris On September 19, 2020 7:08:28 PM GMT+02:00, "Radosław Piliszek" wrote: >Hi, > >In general, PV tends not to be supported in newer distribution >releases. >This is mostly due to HVM performance and flexibility nowadays, which >just was not the case back in the days when PV ruled. > >I am curious why you are trying PV. > >-yoctozepto > >On Sat, Sep 19, 2020 at 6:41 PM 9f9dcad3f78905b03201--- via >CentOS-virt wrote: >> >> All, >> >> Just wanted to check one last time before letting this thread die. >> >> I am curious if anyone has gotten CentOS 8 to work in a PV Xen >environment. >> >> >> Thanks. >> >> >> <9f9dcad3f78905b03...@bcirpg.com> wrote: >> >All, >> > >> >I have successfully installed CentOS 7 on a PV environment, and have >been trying to see if I can can get a CentOS 8 install running. >> > >> >Hardware does not support virtualization extensions, hence the PV >environment and I cant do HVM for the install then migrate. >> > >> >My understanding is that PV support is in the kernel, and that the >distro of Linux shouldnt technically matter. But currently when >trying to PXEBoot using a CentOS 8 kernel and ram image I >get a near instant crash for an invalid kernel. >> > >> >I tried to get around the issue by using DOM0 kernel and Ram Disk >for the install (DOM0 is Debian 10), having the boot progress until it >reaches the following, looping ISCSI error: >> > >> >[ OK ] Reached target Slices. >> > Starting Create Static Device Nodes in /dev... >> >[ OK ] Started iSCSI UserSpace I/O driver. >> >[ OK ] Started Setup Virtual Console. >> > Starting dracut cmdline hook... >> >[ OK ] Started Apply Kernel Variables. >> >[ OK ] Stopped iSCSI UserSpace I/O driver. >> > Starting iSCSI UserSpace I/O driver... >> > >> >I have also tried the CentOS 7 kernel Ram Disk with the same >results. >> > >> >I even tried installing CentOS 7 clean, then upgrading in place (by >unofficial and unsupported means) and was left with an error that >pygrub couldnt find the partition with the kernel. >> > >> >Is this is a bug, or is PV just not supported? Or am I doing >something wrong? >> > >> >Config for the install is below: >> > >> ># Kernel paths for install >> >#kernel = >/var/opt/xen/ISO_Store/Centos8PXEBoot/vmlinuz >> >kernel = /vmlinuz >> >#ramdisk = >/var/opt/xen/ISO_Store/Centos8PXEBoot/initrd.img >> >ramdisk = /initrd.img >> >extra=modules=loop,squashfs console=hvc0 >> > >> ># Path to HDD and iso file >> >disk = [ >> >#file:/vmdisk0,xvda,w >> >format=raw, vdev=xvda, access=w, >target=/dev/mapper/vg_1-virtualmachine, >> > ] >> > >> >extra=ksdevice= >inst.repo=https://mirror.jaleco.com/centos/8.2.2004/isos/x86_64/ >nameserver=1.1.1.1 >> > >> ># Network configuration >> >vif = [bridge=xenbr0] >> > >> >#DomU Settings >> >memory = 3072 >> >name = centos-8.2 >> > >> >Thank you to all. >> >___ >> >CentOS-virt mailing list >> >CentOS-virt@centos.org >> >https://lists.centos.org/mailman/listinfo/centos-virt >> ___ >> CentOS-virt mailing list >> CentOS-virt@centos.org >> https://lists.centos.org/mailman/listinfo/centos-virt >___ >CentOS-virt mailing list >CentOS-virt@centos.org >https://lists.centos.org/mailman/listinfo/centos-virt -- Chris Wik Anu Internet Services www.cwik.ch | www.anu.net___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
[CentOS] Testing
Testing Sent from my iPhone ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kvm & external snapshots
Once upon a time, Gregory P. Ennis said: > I have used the command line : > > snapshot-create-as --diskspec vda,snapshot=external,file=/u4/guest/MaBa- > clone/test.snap.img--domain MaBa-clone --name MaBa-clone_snap --description > "Snap > before 9Aug2020" I believe that when creating an external snapshot, you have to either specify --disk-only (to not snapshot RAM), or supply --memspec (to specify how/where to save RAM). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fixing grub/shim issue Centos 7
Once upon a time, Alessandro Baggi said: > you are right but is not UEFI a standard and it shouldn't work the > same on several vendors? I ask this because this patch broken all my > uefi workstations. The great thing about standards is there's so many to choose from! Also relevant: https://xkcd.com/927/ UEFI has gone through a number of revisions over the years, and has optional bits like Secure Boot (which itself has gone through revisions). Almost any set of standards has undefined corners where vendors interpret things differently. Vendors also have bugs in weird places sometimes. The firmware and boot loaders arguably are the least "exercised" parts of a system - both change rarely and there are few implementations. There's not many combinations, and they don't change a lot. I'm interested to read about the cause of this issue - something like this can be a lesson on "hmm, hadn't thought of that before" type things to watch for in other areas. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Thunderbird 68.10.0
On 7/29/20 6:28 PM, Johnny Hughes wrote: > On 7/27/20 1:43 PM, Leon Fauster via CentOS wrote: >> Am 27.07.20 um 19:50 schrieb Chris Schanzle via CentOS: >>> Sorry if I'm being overly impatient, but is there some snag with >>> releasing Thunderbird 68.10.0 for EL8? >>> >>> [RHSA-2020:3038-01] Important: thunderbird security update >>> >>> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2020%3A3038data=02%7C01%7Cchristopher.schanzle%40nist.gov%7C638e7edab7454c80ef2408d8340eb9d7%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637316585150559834sdata=HkuReVjbdCYxkaehqjeC6oNlRBxKcZXIEbUDoKvJuJo%3Dreserved=0 >>> >>> Thanks! >>> >> at the door: >> >> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.centos.org%2Frpms%2Fthunderbird%2Freleasesdata=02%7C01%7Cchristopher.schanzle%40nist.gov%7C638e7edab7454c80ef2408d8340eb9d7%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637316585150569829sdata=cywUwwoVucVxW6o9EQNDimm280PVFkRx%2BgF4SEGYkDA%3Dreserved=0 > We have been working non-stop for the last several days on the embargoed > kernel, grub2, and other secure boot items (that is .. the 'Boot Hole' > issue) for el7 and el8 for the .. therefore some other updates were > pushed back. > > I am trying to finish up the 'Boot Hole' el7 updates right now .. 2 > other people are currently working on the el8 items. > > Once these get pushed .. hopefully tonight .. we will be working on the > other updates starting tomorrow. > > Thanks, > Johnny Hughes First, thank you for all the efforts that went into the Boot Hole / shim issue. I'm sorry for the bad PR CentOS got for it. I do hope upstream will not have more occurrences of the like...historically, they've been very reliable, which is why it is my choice of OS. Just a friendly reminder Thunderbird 68.10 hasn't been released for CentOS 8. And I see RHEL has announced Thunderbird 68.11.0: https://access.redhat.com/errata/RHSA-2020:3341 I do hope the day will come where we can meet so I can thank you in person. It would be a great pleasure buy you a beer / meal / t-shirt. Best regards, Chris ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync upgrade
On 8/6/20 12:30 PM, Jack Bailey via CentOS wrote: > On 2020-08-06 08:45, J Martin Rushton via CentOS wrote: >> You'll need to upgrade to CentOS8. >> >> C7 is at rsync 3.1.2-10, and will not go above 3.1.2 ever. >> >> C8.2 is at 3.1.3-7, C8 will always be on 3.1.3 >> >> Martin > > Another option is to build rsync from source, which is what I did to try out > the zstd compression. Just wanted to share Fedora 32's rsync-3.2.2-1.fc32.src.rpm rebuilds cleanly without any necessary tweaks on CentOS 7. I used mock for a clean build environment. It is very empowering to learn how to build your own packages and not very hard to get started. I encourage you to do the same! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fixing grub/shim issue Centos 7
Once upon a time, Johnny Hughes said: > The issues should now be resolved. > > If you just mount /mnt/sysimage, set an ip address and upgrade (to get > th new shim) .. then: > > yum reinstall I'm curious - why does the kernel need to be reinstalled? The shim-x64 package installs its files directly to the EFI partition where they are needed. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Boot failed on latest CentOS 7 update
Once upon a time, Jonathan Billings said: > On Aug 2, 2020, at 14:43, Pete Biggs wrote: > > You don't have to use UEFI secure booting - most machines can fall back > > to legacy booting using BIOS settings. If you do that, you won't use > > any Microsoft signed code. > > Back in 2017, Intel said that it was going to deprecate the “Legacy” CSM by > 2020. They might have changed their schedule but I suspect we’ll start seeing > hardware without anything but UEFI. I believe that is still Intel's plan. However, as happens often, people are confusing UEFI and Secure Boot. UEFI is a replacement for the ages-old BIOS - Secure Boot is an extension to UEFI to create a "trusted" (for whatever that may mean) boot chain to get to the OS. You can have UEFI without having Secure Boot enabled (that's what I do on my systems). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Thunderbird 68.10.0
Sorry if I'm being overly impatient, but is there some snag with releasing Thunderbird 68.10.0 for EL8? [RHSA-2020:3038-01] Important: thunderbird security update https://access.redhat.com/errata/RHSA-2020:3038 Thanks! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache umask
On 7/13/20 6:40 PM, Emmett Culley via CentOS wrote: > I need to set the umask for apache to 002. I've tried every idea I've found > on the internet, but nothing make a difference. Most suggest that I put > "umask 002" in /etc/sysconfig/httpd, but that doesn't seem to make a > difference. Other's suggest adding something to the httpd.service script for > systemd. And that doesn't make any difference. I had a couple sideline emails with Emmett about suexec possibly being the culprit. TL;DR: that's not it. The apache suexec utility can enforce a umask (typically 022) on CGI and SSI (server-side includes). Taking a look at the source in support/suexec.c, if compiled with AP_SUEXEC_UMASK set to some value, it will set the umask; else there is no umask change. AP_SUEXEC_UMASK is set via ./configure with --with-suexec-umask. In CentOS 8 httpd-2.4.37-21.module_el8.2.0+382+15b0afa8.src.rpm the httpd.spec for ./configure with suexec-related configuration flags are notably absent of --with-suexec-umask. I also did a prep of the sources and no patches modify the suexec sources in this way. I similarly checked CentOS 7.8 httpd-2.4.6-93.el7.centos.src.rpm with the same result. Just thought I'd share my dead-end attempt to help since suexec hasn't been mentioned. :-) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 & HandBrakeCLI
On 7/12/20 10:04 PM, Frank M. Ramaekers Jr. wrote: > Since I upgraded to CentOS8, I cannot get HandBrakeCLI to work: > > # HandBrakeCLI > HandBrakeCLI: error while loading shared libraries: libass.so.5: cannot open > shared object file: No such file or directory HandBrakeCLI (and ghb - the GUI) at least starts without error on CentOS 8 as installed from rpmfusion. I haven't actually used it. I suggest you look at 'rpm -qi $(which HandBrakeCLI)' to show you where you got your handbrake from and possibly update it from there. Perhaps you disabled some repos? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USB-serial adapter for CentOS 7
Once upon a time, mailist said: > Even if you did have an RS232 port on the box, the serial drivers > for CentOS 7 have > never worked correctly. I had an application using RS232 that > worked perfectly > under CentOS 6, and then worked intermittently under CentOS 7, and > failed miserably > on CentOS 8. The handwriting on the RedHat wall says, "nobody uses > RS232 anymore!" I've used serial ports just fine on CentOS 7 (haven't had a physical CentOS 8 system so far, so can't say there, but have used serial consoles on CentOS 8 VMs), as well as newer Fedora (similar but newer kernels). Are you sure you weren't doing something in an unsupported and/or undefined way that just happened to work on CentOS 6? -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USB-serial adapter for CentOS 7
Once upon a time, John Pierce said: > yes, but is it 'basic serial UPS' or is it 'enhanced serial UPS' ?the > former do NOT use the rx/tx data of the serial port at all, they ONLY use > the serial port control signals, and they probably will NOT work with a > USB port because they require very specific behavior from those signals at > power up and reboot times. I've used various serial devices, including UPSes, via various USB-to-serial adapters (Prolific PL2303 and FTDI FT2232C), and all the signaling works fine. Only issue you sometimes have is that there are many cheap adapters on Amazon that claim to be Prolific or FTDI but are in fact counterfeit clones - those may or may not work reliably for ANY purpose. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not getting bootloader installed with CentOS 8 + mdraid
Once upon a time, Chris Adams said: > I am trying to use a kickstart to install CentOS 8.2 on a server with a > pair of drives with Linux software RAID 1. The install completes, but > the resulting system will not boot - I get "Booting from Hard drive C:" > from the BIOS (Dell in legacy BIOS mode, not UEFI) and it stops. If I > then start the installer in rescue mode and run grub2-install on the two > drives, it boots okay. Never mind, this was user error. :) I have a kickstart that discard unused space in %post to make VM images smaller, and it tries too hard (and the SSDs listened!) - it got the unpartitioned space between the partition table and the first partition, and GRUB2 uses more of that when /boot is on RAID1. Oops. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Not getting bootloader installed with CentOS 8 + mdraid
I am trying to use a kickstart to install CentOS 8.2 on a server with a pair of drives with Linux software RAID 1. The install completes, but the resulting system will not boot - I get "Booting from Hard drive C:" from the BIOS (Dell in legacy BIOS mode, not UEFI) and it stops. If I then start the installer in rescue mode and run grub2-install on the two drives, it boots okay. If I take out the RAID config and just install on the first drive, it boots fine - it appears to just be an issue with RAID. I tried my kickstart in a KVM VM with two disks, and it works there (I get RAID and a bootloader). Anybody else run into this? Any ideas? I've been installing from kickstarts for ages, including software RAID, but not CentOS 8 with software RAID until now. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blog article about the state of CentOS
Once upon a time, Noam Bernstein said: > Of course. My only question is whether the observation that the gap for > CentOS 8 is indeed larger than we have come to be used to for CentOS 7. So, I took a look... and the answer is "it's not" (with a small sample set). I took dates from Wikipedia for RHEL and the archived release notes for CentOS. I didn't bother with the .0 releases (since that's a lot of new work anyway). Right now, CentOS 8 is far faster than CentOS 7 and 6 were at this stage. release RHEL date CentOS date days 6.1 2011-05-19 2011-12-12 207 6.2 2011-12-06 2012-07-24 231 6.3 2012-05-20 2012-09-30 133 6.4 2013-02-21 2013-05-21 89 6.5 2013-11-21 2014-02-26 97 6.6 2014-10-13 2014-11-15 33 6.7 2015-07-22 2015-09-05 45 6.8 2016-05-10 2016-07-28 79 6.9 2017-03-21 2017-04-05 15 6.102018-06-19 2018-07-03 14 7.1 2015-03-05 2015-10-11 220 7.2 2015-11-19 2016-02-19 92 7.3 2016-11-03 2016-12-21 48 7.4 2017-08-01 2018-03-21 232 7.5 2018-04-10 2018-10-30 203 7.6 2018-10-30 2019-01-28 90 7.7 2019-08-06 (didn't find release notes) 7.8 2020-03-31 2020-04-27 27 8.1 2019-11-05 2020-01-15 71 8.2 2020-04-28 2020-06-15 48 -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blog article about the state of CentOS
Once upon a time, Alessandro Baggi said: > As reported in my previous message I'm not worried about how much time is > required to build the new (major/minor) release, it will be ready when it > will be. My major concern is about the "security update blackout" that take > long as the build process. I'm not involved in building CentOS, but the issue is that it is a rebuild of upstream. When RHEL 8.2 is released, there are no more upstream updates released for RHEL 8.1; they are all on top of the RHEL 8.2 release. So, until the time that CentOS can rebuild RHEL 8.2 and make a new CentOS release, there can't be any updates for CentOS 8.1. RHEL 8 introduced modules, which complicated the build system and required new tooling, so CentOS has had a bunch of "under the hood" work to catch up. Hopefully, once that's ironed out, the gap between a RHEL 8.x release and the corresponding CentOS release will drop. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Minicom and Ncurses
Once upon a time, Nicolas Kovacs said: > I have to do some maintenance on a CentOS 7 proxy installed on a routerboard > without a video card. The only way to access this machine directly is via > Minicom and serial port. > > I'm using NetworkManager TUI (nmtui) to configure network interfaces, but > Ncurses rendering in Minicom works in the sense that chickens fly and horses > swim. What you get is a forest of question marks with a few barely > recognizable > options lost in between. > > Is there some magical trick to render Ncurses interfaces correctly in Minicom > ? I'd guess the TERM is not set correctly. IIRC Minicom by default emulates a traditional VT102 terminal, while the default Linux TERM variable is usually "linux" (which is a superset of VT102). Try setting TERM=vt102 first. Alternately, if you have screen installed, it can also be used for serial access... run "screen /dev/ttyS0 9600" (change the device and speed as needed). Screen has its own superset of VT102, so you can set TERM=screen, but it is also possibly close enough to the linux terminal emulation to work directly (they're both ANSI supersets with similar extensions). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld / iptables / nftables
Once upon a time, Jonathan Billings said: > 'iptables' and 'nftables' are competing technologies. In CentOS 8, > firewalld's backend was switched from iptables to nftables. So it > would be expected that the iptables command wouldn't have any rules > defined, it isn't being used by firewalld. That is partially incorrect. While iptables and nftables are two different in-kernel firewalls, the iptables CLI command is now a wrapper that can translate to the nftables backend for compatibility. However, it can only manage a subset of nftables information (basically what it can create in the iptables back-compat mode). The nftables rules created by firewalld don't fall into that category, so can't be viewed by iptables. Instead, use the nft command, like "nft list ruleset" to see a dump of all current rules. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ip6tables equivalent for NAT?
Once upon a time, Kenneth Porter said: > I figure that TCP is easy: Add a rule to the forward chain to allow > SYN packets. There's already connection tracking to handle > established connections. Does connection tracking handle UDP? If I > allow all UDP from the LAN interface and one sends a DNS query from > LAN to WAN, will the reply get back? I don't want to blanket > authorize all UDP. ICMPv6, maybe, to allow traceroutes. Unless > that's also handled by the tracking system. Anything that's already working through IPv4 NAT should work just fine through IPv6 with connection tracking. IPv4 NAT is a stateful, connection tracking, packet mangling firewall. With IPv6, you can just do the same thing without the packet mangling misfeatures of NAT, with just connection tracking. But don't go blocking ICMP - doing that in IPv4 already can break things, and it can break even more things in IPv6. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] rpm command option
We located an application recommended by one of customers for sharing certain data. It was available for installation using a few different methods. Using yum was also recommended for the installation. The install instructions began with what appeared to be a fairly typical command as indicated below (with the URL slightly altered). sudo rpm --import https://rpm.x.com/rpmrepo.key To our junior employee assigned to perform the install on a test system, it seemed like a good idea to do some checking on the rpm option --import indicated in those instructions. They did not find the --import in any of the 14 pages of the CentOS 7 man page for rpm. Some Google searches indicated that the --import option does exist. The repo setup and application installation all went well and took only about three minutes. The app is also working as intended. Is there some good reason for --import being left out of the manual page? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Diagnosing IPv6 routing
Once upon a time, Kenneth Porter said: > I discovered that IPv6 is sort of working when I got an email > rejection from Comcast for not having an IPv6 PTR record. I > discovered I could telnet to port 25 on their MX server over IPv6! I > then found I could tracroute6 to them, but I couldn't to my Linode > VPS in Fremont. It gets to the data center and stops. Going the > other way, my Linode can traceroute6 almost to my AT > server. Neither can reach the open port 25 on the other, but both > can reach mx1.comcast.net via IPv6. Yeah, unfortunately things like that can happen, v4 or v6 (like I couldn't get to a local TV station's website a little while ago from my home connection, but could from elsewhere). >From your traceroutes, it kind of looks like it's possible that it's something on your gateway (but I'm not really sure). Do you have any IPv6 firewall running there? One other note about mail on v6 - not only do you need to have a valid reverse (with matching forward) DNS record, you probably need to do TLS with a valid cert (Let's Encrypt is free and easy). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Diagnosing IPv6 routing
Once upon a time, Kenneth Porter said: > --On Tuesday, April 28, 2020 10:16 PM -0500 Chris Adams > wrote: > >And frankly, giving you a /56 is pretty crappy, since ARIN rules say to > >give every site a /48. I'd only do a /56 for a home connection prefix > >delegation. But, that's AT! :) > > I'd just read about that when researching this. Maybe they decided > that since we only have about a dozen people at our site, we won't > have a lot of subnets. What do small offices DO with 256 public > subnets, anyway? I suppose eventually we'll have an IoT subnet on > every person. The idea with IPv6 is not to even necessarily think about it in terms of direct numbers, but in layers. It is not uncommon to have several layers of routers, firewalls, guest wifi networks, etc., and each layer should request a prefix delegation from its parent. So rather than 256 subnets, think about it as 8 layers (at most... but if a layer has more than 2 children, you have fewer layers available). So for example, if your Internet gateway has a desktop firewall, a guest wifi, a public DMZ, and a development lab gateway connected, and you want to allow for more things at that layer, there's 3 of your 8 bits in a /56. If the dev lab needs to fan out more, and maybe your public DMZ needs to break up for production and QA-testing networks, and you add a VPN concentrator to the desktop network... you can go through those bits fast. In IPv4, people would just NAT the crap out of everything, having to tunnel from one NATted network to another, making life really difficult. The plan is no NAT in IPv6, so allow for all potential allocations up front. Also, allocations should be larger than necessary and sparse, so that you never need another allocation (even if you grow to 1000 employees and multiple buildings on a campus). This is to hopefully prevent routing tables from exploding like IPv4 did (and also to avoid you having to renumber everything just to stay in a single block). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Diagnosing IPv6 routing
Once upon a time, Kenneth Porter said: > I'm using OpenWrt at home and it's working mostly fine there. Except > with my Android phone. I'm not getting a DNS setting for V6, but I > do have the setting in the router's config file. The Win10 clients > work fine, though. Apparently Android has issues with DHCPv6, and > I'm betting it's interfering with my SLAAC config. Yeah, Android refuses to support DHCPv6, so you either have to have IPv4 DNS or SLAAC. I have IPv4 DNS on my home network, so don't have an issue. I did just look, and OpenWRT is putting the DNS option for SLAAC in the RA, so that should work too (but I think that's something relatively recent for OpenWRT). I didn't get that you have a static assignment (presumably a business connection) - they may not do RAs on that (I don't at my ISP job). Business connections (or at least, connections with static assignments) tend to operate differently. For that, they should have given you a static v6 address and gateway, just like they did for v4. So... there's one thing you could try (but probably won't work to a regular router interface) - see if there's a MAC-derived fe80::/64 link-local address on their end. Get the MAC of the gateway from the v4 ARP entry and expand it to a LL v6 address as fe80:::xxff:fexx: (split the MAC, put ff:fe in the middle). Try ping6 that address with %em2 appended (have to append the interface when using link-local addresses). I doubt it'll work, since I know Juniper (which IIRC AT likes) doesn't assign those (I can't remember for sure about Cisco and don't have a handy test target). And frankly, giving you a /56 is pretty crappy, since ARIN rules say to give every site a /48. I'd only do a /56 for a home connection prefix delegation. But, that's AT! :) -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Diagnosing IPv6 routing
Once upon a time, Kenneth Porter said: > On 4/28/2020 3:17 PM, Chris Adams wrote: > >- gateway sends a router solicitation and gets a router advertisement > > with "stateful config" set, which tells gateway to do DHCPv6 (but > > default route comes from RA) > > I'm not seeing any outbound IPv6 traffic from my CentOS 7 box on the > WAN interface. I do see RA's emitting from the LAN interface, from > radvd. Is there some setting in NM tells it to send solicitations? > Is there some way to push one manually? What's in /etc/sysconfig/network-scripts/ifcfg-? I wonder if you have IPv6 disabled. I'm not using a "regular" (CentOS, Fedora, etc.) Linux as a gateway; I have OpenWRT on a dedicated box. I couldn't find a way to handle the prefix delegation with the typical desktop/server tools (but it has been a while since I looked). OpenWRT has their own daemon for that. However, my local systems are all sending RA solicitations and getting DHCPv6-assigned addresses with NetworkManager (which matches the first steps of what you need on the WAN, just not the prefix delegation). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Diagnosing IPv6 routing
Once upon a time, Kenneth Porter said: > I just got 50 Mbps symmetric fiber from AT and it includes a /56 > of IPv6 addresses, replacing a much slower ADSL line. I never tried > to get IPv6 working on the old connection. I'm using CentOS 7 as a > gateway and it's worked great for several versions for IPv4. > > I'm not seeing any IPv6 default route on the WAN interface. I > suspect I'm not getting route announcements. I think I have all the > IPv6 variables in ifcfg-em2 set right. But I do notice that the > accept_ra file in proc for that interface has value 1, not 2. > Changing it to 2 doesn't change anything, though. No route appears. > > While I wait for an answer to my trouble ticket, is there some way > to verify that I'm not receiving any RA packets? Is there a way to > force a solicitation for one? Is there a tcpdump invocation I can > use to watch for them? Are there log messages that will tell me when > an RA has been seen and added to the routing table or ignored? I haven't touched AT's IPv6, but the typical way WAN IPv6 works is: - gateway sends a router solicitation and gets a router advertisement with "stateful config" set, which tells gateway to do DHCPv6 (but default route comes from RA) - gateway does DHCPv6 to get a WAN IP - after that completes, gateway does DHCPv6 for prefix delegation If you are running NetworkManager, then IIRC the accept_ra flag doesn't matter, because NM manages everything rather than have the kernel handle autoconfiguration (because NM needs to know what's going on with IPs). As for watching, "tcpdump -p -i -v ip6" should show everything (and since you don't have any routing yet, you don't really need to filter out anything else!). You could filter "ip6 and multicast", because RAs and DHCPv6 (and ND, neighbor discovery, the counterpart to ARP) are all multicast. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-virt] VM migration problems
I may have run into this issue before too, but in my case the VMs ran fine with only 1 vcpu so I booted them that way and left them like that. It was just a few small legacy VMs and I didn't spend any more time on it. Did you try booting with only 1 vcpu? Chris -- Chris Wik Anu Internet Services www.anu.net | www.cwik.ch From: isdtor To: Sent: 24/04/2020 11:53 AM Subject: [CentOS-virt] VM migration problems I have migrated KVM VMs from a CentOS 6 to a CentOS 7 host. All work fine post-migration, CentOS 3 (don't ask ...), CentOS 6, CentOS 7, Windows. But the CentOS 5 VMs failed. At some point during the boot process, they became unpingable and also inaccessible. I have correlated this to the start of the irqbalance service and was wondering if it is generally considered best practice to turn it off. The VMs in question all have at least 2 vcpus, and the C5 VMs are the odd ones out. ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] Looking for C8 AMD help
On 4/23/20 4:23 PM, Pete Geenhuizen wrote: I'm migrating from C7 to C8. I'm currently using autofs, but alas autofs has been dropped in C8 for the AMD automounter. Nope, it's in there! 8/BaseOS/x86_64/os/Packages/autofs-5.1.4-35.el8.x86_64.rpm I have some very ancient knowledge of AMD, I used it when it was first introduced many years ago on Solaris and moved to Sun's automounter when it was introduced. So now it's back to square one. I used automount2amd to convert one of my existing maps, included it in the amd.conf file and tried it out. I don't get any syntax errors so I guess that the map syntax is correct, but amd fails to mount the remote filesystem and generates these errors in messages. Apr 23 16:04:29 localhost.my.domain amd[19389]: matched default selectors "type:=nfs;opts:=rw,grpid,nosuid,utimeout=600" Apr 23 16:04:29 localhost.my.domain amd[19389]: key new: map selector host (=localhost) did not match remotehost Apr 23 16:04:29 localhost.my.domain amd[19389]: merge rem/opts "rw,grpid,nosuid,utimeout=600" add "fstype=nfs,vers=4,soft,intr" => "rw,grpid,nosuid,utimeout=600,fstype=nfs,vers=4,soft,intr" Apr 23 16:04:29 localhost.my.domain amd[19389]: Map entry host==remotehost;type:=link;fs:=/export/data/& for /repo/new did not match Apr 23 16:04:29 localhost.my.domain amd[19389]: merge rem/opts "rw,grpid,nosuid,utimeout=600" add "fstype=nfs,vers=4,soft,intr" => "rw,grpid,nosuid,utimeout=600,fstype=nfs,vers=4,soft,intr" Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: returning NFS(4,tcp) on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(4,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(3,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(2,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: returning NFS(0,udp) on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: Using NFS version 4, protocol tcp on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: changing remotehost.my.domain's ping value from 30 to 30 Apr 23 16:04:29 localhost.my.domain amd[19389]: Trying mount of remotehost:/export/data/& on /.automount/remotehost/export/data/& fstype nfs mount_type non-autofs Apr 23 16:04:31 localhost.my.domain amd[19389]: Trying mount of remotehost:/export/data/& on /.automount/remotehost/export/data/& fstype nfs mount_type non-autofs Apr 23 16:04:32 localhost.my.domain amd[19389]: file server remotehost.my.domain, type nfs, state starts down Apr 23 16:04:49 localhost.my.domain amd[19389]: "/repo/new" on //nil// timed out (flags 0x20) I'm using firewalld on both hosts and allow these services mountd nfs rpc-bind and protocols 111/tcp and 111/udp all of which allow autofs to work flawlessly, I've tried turning firewalld off which made no difference. Here's my /etc/amd.remote file looks like new \ -addopts:=fstype=nfs,vers=4,soft,intr \ host==remotehost;type:=link;fs:=/export/data/& \ rhost:=remotehost;rfs:=/export/data/& Any assistance in pointing me in the right direction would be greatly appreciated. Pete sudo dnf -y install autofs # for the win! consider removing what I think you have is am-utils. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mounting CIFS shares on C8
On 4/3/20 12:48 PM, Patrick DERWAEL wrote: User & pass are present According to the man pages, workgroup is supported I have changed it to domain, but that didn't change a thing [root@plexvm ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Fri Apr 3 14:02:23 2020 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # /dev/mapper/cl_plexvm-root / xfs defaults 0 0 UUID=f7c4e0e2-703e-4e61-8d7a-0aa34f836b02 /boot ext4 defaults1 2 /dev/mapper/cl_plexvm-swap swapswapdefaults 0 0 //192.168.1.200/mp3 /home/plex/Musique cifs user=plex,pass=plex,domain=DERWAEL,ro,auto,vers=3.0 #//192.168.1.200/videos /home/plex/Vidéos cifs user=plex,pass=plex,workgroup=DERWAEL,ro,auto,vers=3.0 #//192.168.1.200/series /home/plex/Séries cifs user=plex,pass=plex,workgroup=DERWAEL,ro,auto,vers=3.0 [root@plexvm ~]# systemctl daemon-reload [root@plexvm ~]# mount -a mount error(2): No such file or directory Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) [root@plexvm ~]# Le ven. 3 avr. 2020 à 18:23, Leon Fauster via CentOS a écrit : Am 03.04.20 um 18:01 schrieb Patrick DERWAEL: Le ven. 3 avr. 2020 à 17:54, Jonathan Billings a écrit : On Fri, Apr 03, 2020 at 04:00:42PM +0200, Patrick DERWAEL wrote: //192.168.1.200/mp3 /home/plex/Musique cifs user=plex,pass=plex,workgroup=DERWAEL,ro,auto,vers=3.0 //192.168.1.200/videos /home/plex/Vidéos cifs user=plex,pass=plex,workgroup=DERWAEL,ro,auto,vers=3.0 //192.168.1.200/series /home/plex/Séries cifs user=plex,pass=plex,workgroup=DERWAEL,ro,auto,vers=3.0 Try removing non-ascii characters from your mountpoints and try again. -- Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.centos.org%2Fmailman%2Flistinfo%2Fcentosdata=02%7C01%7Cchristopher.schanzle%40nist.gov%7C50e5520598c94cdebfc708d7d7eefb64%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637215293735011190sdata=jVoqTxBRGNNfP7%2BWZCRP%2Fbb5vQ9RdErHznttq5wkWH8%3Dreserved=0 I have commented out the 2 mounts with non-ascii... that didn't help... [root@plexvm ~]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Fri Apr 3 14:02:23 2020 # # Accessible filesystems, by reference, are maintained under '/dev/disk/'. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info. # # After editing this file, run 'systemctl daemon-reload' to update systemd # units generated from this file. # /dev/mapper/cl_plexvm-root / xfs defaults 0 0 UUID=f7c4e0e2-703e-4e61-8d7a-0aa34f836b02 /boot ext4 defaults1 2 /dev/mapper/cl_plexvm-swap swapswapdefaults 0 0 //192.168.1.200/mp3 /home/plex/Musique cifs user=plex,pass=plex,workgroup=DERWAEL,ro,auto,vers=3.0 #//192.168.1.200/videos /home/plex/Vidéos cifs user=plex,pass=plex,workgroup=DERWAEL,ro,auto,vers=3.0 #//192.168.1.200/series /home/plex/Séries cifs user=plex,pass=plex,workgroup=DERWAEL,ro,auto,vers=3.0 [root@plexvm ~]# mount -a mount error(2): No such file or directory Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) [root@plexvm ~]# username=value password=value domain=value ? -- Instead of user=, try username=. mount.cifs(8) states: While some versions of the cifs kernel module accept user= as an abbreviation for this option, its use can confuse the standard mount program into thinking that this is a non-superuser mount. It is therefore recommended to use the full username= option name. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C8 and backup solution
Once upon a time, Valeri Galtsev said: > On 4/3/20 8:34 AM, John Pierce wrote: > >Do note, backup systems that use rsync or similar file by file copies of a > >running system do not make coherent atomic snapshots, so things like > >relational databases should be excluded from those, and backed by database > >tools > > Long ago I learned to back up databases by dumping them (with a flag > "lock" or similar to make sure no changed are made during dump), and > backing up dump file. It isn't just databases - there are other things that backing up individual files one at a time is not so good. The best way to handle that is to freeze/snapshot the whole filesystem, and then back up the snapshot. This can be scripted pretty easily if the filesystem is on LVM. Even better is to freeze _all_ filesystems simultaneously - this is usually easiest if the system is a virtual machine and/or the storage is on a SAN with snapshot capabilities. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.10 bind DNSSEC issues
Once upon a time, Robert Heller said: > Yes. The installed ISC DLV key installed with > bind-9.8.2-0.68.rc1.el6_10.3.x86_64 seems to have expired and there does not > appear to be a new bind-9.8.2 RPM with a new key. I guess you can *manually* > fetch a new key (look in the installed /etc/named.iscdlv.key file) ISC DLV has been obsolete for a while now, you should disable it. > dnssec-lookaside auto; I think setting this to "no" and restarting named should do it. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] tuned on CentOS 6.9
Does tuned on CentOS 6.9 (i.e. tuned-0.2.19-18.el6.noarch) do any dynamic tuning, or does it only support static configuration via a static profile? Chris ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] EPEL Package update?
We run RANCID at the day job to back up switch and router configs. Version 3.11 adds some support for devices we need. The current EPEL version is 3.9. I filed a request at Fedora to get it updated, which they have completed (version 3.11), but it still hasn't made it into the EPEL for CentOS. What's the right place/process to get the update into EPEL for CentOS? All pointers appreciated. --Chris ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] System Time
Once upon a time, Pete Biggs said: > There's also a massive problem with > signal strength in the UK - the (singular) time transmitter is in the > middle of the country in Cumbria and in the south it's virtually > impossible getting a signal any further than about 2 feet from a window > - not a hope of getting anything in an office building! There are different systems around the world (WWVB in the US for example), and I don't think there's a system at all in many countries. Also, putting a receiver inside a computer case would pretty much never work for the low radio frequencies used by these systems, so there'd have to be an external antenna (a lot of effort to go to when you could just use network time sources). Radio clock accuracy is typically in the 100ms range, so is good enough for most people's computer clock usage. > GPS times also have problems. They are very accurately wrong! The > atomic clocks on the satellites haven't been updated since they were > launched, so no leap seconds. That is not a problem - GPS time is defined as being continuous, unlike UTC. However, the GPS signal includes the UTC offset, which is updated when UTC applies a leap second, so you can calculate correct UTC from just the radio signal. I'm not as familiar with the GPS alternatives (Galileo, GLONASS, Beidou, and more), but I believe they'd all be the same (a continuous time base, with offsets specified in the data). Also, again, GPS signals are weak and require an external antenna. I do have an external GPS receiver and external antenna hooked up to one system at home, so I have a stratum-1 NTP server (probably accurate to about 1µs). Basically for most, the "chip inside the box to set the clock" is the network chip. :) If you need clock setting on a disconnected network, you can get a dedicated time server. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] System Time
A few years ago, one of our interns was curious about system time keeping features in computer systems. This intern was also the proud owner of an inexpensive Radio-Controlled Clock. The intern wondered why computer motherboards were not just equipped with a chip like the ones in the RCC so that their system time would always be correct. I posted a question about this on the CentOS email list and received more responses than those postings about problems with the new Firefox release. I must have really struck a very sensitive system time nerve. This large response was a bit of a surprise and included a bunch of time related horror stories. It became clear why using an RCC chip on motherboards would NOT be a good idea. GPS network time servers seemed to be a preferred choice. All of our bedrooms have Radio-Controlled Clocks. At 5:30 this morning, half of the clocks displayed the correct time. The other half of the clocks were incorrectly showing a time one hour ahead. Maybe this is one more piece of evidence to reject using an RCC time base for computers, at lease in thestate of Arizona. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8.1 cron does not send mail
On 2/27/20 8:01 AM, Tobias Kirchhofer wrote: Hi, we experience difficulties with crond behaviour sending mail since CentOS 8.1. The cron job is the same like we used in CentOS 7. crontab -l /usr/bin/python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/backup.sh Agreed on the missing timespec (invalid cron line), but why the mile-long python rather than the simpler: sleep $((RANDOM \% 3600)) Recall percent signs (%) in crontabs means put a newline here, so it needs to be quoted to disable. Regardless, you say it's not sending mail...that could be silence or say if /usr/bin/python3 didn't exist, should output an error. did you check your mail logs? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Nested Virtualization with CentOS 7 host and CentOS 8 guest
I'm not sure whether this is a specific CentOS question, but I'm hoping someone here can give me some pointers. I have an OpenStack compute node running CentOS 7.4.1708 and kernel 3.10.0-693.17.1.el7.x86_64 which is configured for nested virtualization; this has been set up for a few years and works fine when running CentOS 7 guests which themselves are using virt-create / virt-customize etc. Nova is set up on the compute node so that guests have cpu mode host-passthrough. I have been trying to run a CentOS 8 guest on the compute node so that I can build CentOS 8 images for OpenStack (there is an issue using a CentOS 7 server to build a CentOS 8 image related to xfs options which are only supported read-only by CentOS 7). However, every time I try to build a CentOS 8 image using a CentOS 8 guest, the CentOS 8 guest crashes with a kernel panic, not immediately but usually near the end of the image build process. (I have also seen similar behaviour using a Fedora 31 guest to build a CentOS 8 image, but the crashes are less frequent, and some image builds have succeeded). The CentOS 8 guest is running CentOS 8.1.1911 (Core) and kernel 4.18.0-147.3.1.el8_1.x86_64. Any ideas? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Renaming virtio devices names on CentOS 8 VM guest
Thanks Robert, I was doing that but it was still renaming to ens*. However, I now know why, and have fixed it. For those who are interested, the problem was that when I created the base image from a kickstart I didn't pass net.ifnames=0 to virt-create, and I ended up with an image that had forgotten about eth0 completely. I have now redone the kickstart with net.ifnames=0 and all is well. Chris Sent from Samsung Mobile on O2 Original message From: "Robert G (Doc) Savage via CentOS" Date: 21/02/2020 16:08 (GMT+00:00) To: CentOS mailing list Subject: Re: [CentOS] Renaming virtio devices names on CentOS 8 VM guest On Fri, 2020-02-21 at 13:03 +0100, Gianluca Cecchi wrote: > On Fri, Feb 21, 2020 at 10:57 AM Chris Card > wrote: > > > I have built a CentOS 8 base image from a kickstart, for use in > > OpenStack. > > This image boots fine but the problem I have is that I can't stop > > udev > > from renaming the network device from eth0 to ens. > > I have /etc/sysconfig/network-scripts/ifcfg-eth0 with the correct > > HWADDR > > defined in it, and have set net.ifnames=0 and biosdevname=0 in the > > grub > > configuration, but nothing I have tried has stopped the renaming. > > I found this bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=1660179 > > which describes the same situation, but the comments in the bug > > didn't help. > > I'd like to keep the eth* device names because we have various heat > > templates and other scripts which assume that the network devices > > are > > called eth0, eth1 etc. > > Any ideas? Is this even possible with a CentOS 8 VM guest? > > > > Chris > > > > > It is strongly discouraged, for Openstack and when you have more than > one > adapter. See here if you have access: > https://access.redhat.com/solutions/2435891 > > Anyway perhaps you could manage order of names customizing > /usr/lib/systemd/network/99-default.link > At least as described here: > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/consistent-network-interface-device-naming_configuring-and-managing-networking > but I never tried it > HIH, > Gianluca Gianluca, What you are trying to do is documented at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-disabling_consistent_network_device_naming You need to edit the GRUB_CMDLOINE_LINUX line in /etc/default/grub as shown below; ~]# cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel_7/swap rd.luks.uuid=luks- cc387312-6da6-469a-8e49-b40cd58ad67a crashkernel=auto vconsole.keymap=us vconsole.font=latarcyrheb-sun16 rd.lvm.lv=rhel_7/root rhgb quiet net.ifnames=0 biosdevname=0" GRUB_DISABLE_RECOVERY="true" Then for an EUFI system run this: ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg Reboot and you should have your old eth0, eth1, etc. naming convention back again. WATCH YOUR TYPING. BE CAREFUL NOT TO OMIT OR ADD EXTRANEOUS SPACES !!! Hope this helps. --Doc SavageFairview Heights, IL 62208-3432 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Renaming virtio devices names on CentOS 8 VM guest
Thanks Gianluca, I can't access https://access.redhat.com/solutions/2435891 unfortunately, but https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/consistent-network-interface-device-naming_configuring-and-managing-networking looks like it might help me. Chris From: CentOS on behalf of Gianluca Cecchi Sent: 21 February 2020 12:03 To: CentOS mailing list Subject: Re: [CentOS] Renaming virtio devices names on CentOS 8 VM guest On Fri, Feb 21, 2020 at 10:57 AM Chris Card wrote: > I have built a CentOS 8 base image from a kickstart, for use in OpenStack. > This image boots fine but the problem I have is that I can't stop udev > from renaming the network device from eth0 to ens. > I have /etc/sysconfig/network-scripts/ifcfg-eth0 with the correct HWADDR > defined in it, and have set net.ifnames=0 and biosdevname=0 in the grub > configuration, but nothing I have tried has stopped the renaming. > I found this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1660179 > which describes the same situation, but the comments in the bug didn't help. > I'd like to keep the eth* device names because we have various heat > templates and other scripts which assume that the network devices are > called eth0, eth1 etc. > Any ideas? Is this even possible with a CentOS 8 VM guest? > > Chris > > It is strongly discouraged, for Openstack and when you have more than one adapter. See here if you have access: https://access.redhat.com/solutions/2435891 Anyway perhaps you could manage order of names customizing /usr/lib/systemd/network/99-default.link At least as described here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/consistent-network-interface-device-naming_configuring-and-managing-networking but I never tried it HIH, Gianluca ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Renaming virtio devices names on CentOS 8 VM guest
I have built a CentOS 8 base image from a kickstart, for use in OpenStack. This image boots fine but the problem I have is that I can't stop udev from renaming the network device from eth0 to ens. I have /etc/sysconfig/network-scripts/ifcfg-eth0 with the correct HWADDR defined in it, and have set net.ifnames=0 and biosdevname=0 in the grub configuration, but nothing I have tried has stopped the renaming. I found this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1660179 which describes the same situation, but the comments in the bug didn't help. I'd like to keep the eth* device names because we have various heat templates and other scripts which assume that the network devices are called eth0, eth1 etc. Any ideas? Is this even possible with a CentOS 8 VM guest? Chris ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NetworkManager on servers
Once upon a time, Stephen John Smoogen said: > The reason is that having 1 way to configure networks makes it so the > developer and tech support only have to diagnose issues from 1 set of tools > versus two different ones (and occasionally 2 competing ones if both are > trying to do their job at the same time). Not only that - the hodge-podge bash network scripts are kind of a mess. It is impressive that they do what they do so reliably after so long, but every new feature appears to have been hacked in by a different developer, leaving parts of them almost indecipherable. That's not intended as a criticism of the scripts or the people who wrote that code - it's just that IMHO they managed to go beyond what is reasonable in bash scripting, which makes for a difficult to read (and I'm sure fix/extend) set of scripts. And even on servers now, there are often dynamic network changes that work much better with NetworkManager than the old-style static scripts. Containers, VMs, and VPNs all come and go, and work better with a single system configuring their networks (rather than each layer implementing their own setup). -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Switching from lokkit (iptables) to firewalld
Once upon a time, Stephen John Smoogen said: > It will because it is a linear list that every packet has to be 'judged' > against. Even if you break it down to 2 or 3 trees it will still take a > while. Putting them in ipset would be much better performance (uses hash, so not a linear search). It also makes for a much more readable and manageable firewall config. I use ipsets for most everything these days, even where there are just a few IPs/networks involved. However... > Any list of ip addresses is going to be outdated by a year because of how > ranges are so dynamic these days. Most 'bad-guys' can jump around a couple > hundred thousand or million ip addresses without much cost on their part > and can get new ranges to screw around weekly. Yeah, it's going to be a useless list. If you want to protect services, then short-term blocking like fail2ban is okay - better is to just allow your "known good" sources and not try to block things bit by bit. -- Chris Adams ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
