Re: [CentOS] USB Serial Ports

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

> -Original Message-
> From: Chris Olson [mailto:chris_e_ol...@yahoo.com]
> Sent: Thursday, November 16, 2017 5:42 PM
> To: CentOS Mailing List
> Subject: [CentOS] USB Serial Ports
> 
> We have several CentOS 6 systems that are used in various configurations
> of test equipment.  One of the primary functions of these systems is the
> connectivity to serial ports of some operational systems that have serial
> port control requirements.  Lack of interface bus slots led us to the use
> of USB connected serial ports on these CentOS 6 systems.
> 
> We first used these USB connected serial ports in our RHEL 5 test equipment
> systems.  With RHEL 5, shut down and boot up of the systems would often
> cause the serial ports to have a different driver name, even though we had
> not changed the ports where the USB devices were plugged in.  This caused
> software access problems until we discovered what could be done using the
> udev rules to lock in the driver names.
> 
> This problem seems to have gone away in our newer systems with CentOS 6,
> and we would like to make sure that it does not return.  We are deploying
> some of the systems and do not want to have software access issues in the
> field where fixes are more difficult.  We would like to know if there is
> some underlying factor that has solved this problem for us.  Any ideas on
> what to check would be greatly appreciated.
> 
I have no idea why it is working better under 6, but it is possible to use UDEV 
rules to force them to be at expected /dev/my_tty* locations using 
vendor_ID/device_ID/serial_number combinations.  Once you figure that out, you 
should even be able to use the same (or at least similar) rules under 7.

--
Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How to blacklist a device driver (sysemd)

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

> -Original Message-
> From: James Pearson [mailto:jame...@moving-picture.com]
> Sent: Friday, November 17, 2017 5:21 AM
> To: CentOS mailing list; Frank Thommen
> Subject: Re: [CentOS] How to blacklist a device driver (sysemd)
> 
> Frank Thommen wrote:
> > Hi,
> >
> > how can a specific device driver in CentOS 7 be blacklisted, so that it
> > doesn't load at boot time?  We have Infiniband adapters which are not
> > completely supported by CentOS and we want to silence the error messages
> > for the time being.
> >
> > I tried with the files
> >
> >    /etc/modprobe.d/blacklist
> >    /etc/modprobe.d/blacklist.conf

> >
> > None of these entries helps.  mlx5_core and mlx5_ib are still loaded and
> > the system is flooded with error messages.
> 
> They are probably being loaded via the initramfs at boot time - i.e.
> before the real root is mounted (where the blacklist entries exist)
> 

Having had to blacklist things like this in the past, it has been my experience 
that James is correct.
If the driver is available in the existing initrd (created before the updates 
to the blacklists), then the driver WILL be loaded prior to the blacklists 
being read.
For me I found two solutions that worked:
1) (re)install a new kernel after blacklist creation (which causes an dracut 
run with all the correct parameters)
2) create the blacklists, then workout the correct dracut parameters and run it.

obviously from the point of avoiding research time, doing a boot into an 
_older_ kernel, 
'yum remove kernel-currentversion; yum update kernel' is easier, but once you 
figure out how to tell Dracut to use it's usual parameters for each machine you 
can avoid the time of doing the extra reboot on a bunch of machines.  It has 
been ~4 years since I looked at this so I don't remember how to automate using 
the right options per machine.
Or you could wait for the next CentOS 7 kernel update...Unfortunately the CVE's 
for the 6 kernel that just came out were all fixed in the 7 kernel back in 
October, so I have no expectation of a new 7 kernel anytime soon.

--
Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] home on nfs

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

> -Original Message-
> From: hw [mailto:h...@adminart.net]
> Sent: Monday, October 30, 2017 12:02 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] home on nfs
> 
> Jonathan Billings  writes:
> 
> > On Oct 28, 2017, at 23:15, hw  wrote:
> >>
> >> Jonathan Billings  writes:
> >>
>  On Oct 27, 2017, at 10:21, hw  wrote:
> 
>  Hi,
> 
>  I have the home directory of a user on an nfs server and mount it on a
>  client.  When the user logs in, they end up in the root directory rather
>  than in their actual home directory and need to cd into it.
> 
>  The user can read and write to their home directory, so it kinda works
>  fine --- but only kinda.  When the user starts emacs, some of the
>  settings in ~/.emacs are not applied, but the saved desktop is being
>  loaded.
> 
>  Both machines are running Centos 7.4.  What could be wrong with the nfs
>  mount?
> >>>
> >>> Sounds like you haven’t set the selinux Boolean for NFS homedirs.
> >>> setsebool -P use_nfs_home_dirs 1
> >>
> >> Oh, indeed, I didn´t know that I need to do that.
> >>
> >> Do I do this on the client or on the server or both?
> >
> > Just the client.
> 
> Thanks, I tried that and it works now :)
> 

If you find that the problem comes back in the near future (or perhaps check as 
a preventative), you should look to see if the client machine is using the 
'soft' mount option instead of 'hard,intr' on the home dirs.  A few years ago 
it took me better than a month to figure out that some other admin had (on some 
machines) thought that using soft would cause less waiting on reboots, but we 
found that the side effect on home directories was corrupt data and strange 
issues on user login. (soft can work OK if there is a longish timeout between 
mount request and mount use, but if it is quick like autofs at login, then soft 
falls down.)

--
Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] TeX Live on CentOS 7

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

> -Original Message-
> From: Nicolas Kovacs [mailto:i...@microlinux.fr]
> Sent: Friday, July 21, 2017 2:29 AM
> To: CentOS
> Subject: [CentOS] TeX Live on CentOS 7
> 
> Hi,
> 
> I just installed the OpenVAS vulnerability scanner on my CentOS 7
> workstation. Everything seems to work fine, except PDF generation. The
> 'openvas-check-setup' script tells me that PDF generation works fine,
> but whenever I want to generate a report, the result is unusable and
> can't open in Evince or Okular.
> 
> After googling a bit, I found out that several users complained that Tex
> Live is broken under RHEL/CentOS 7.
> 
> While I did use LaTeX a long time ago to write documents, I don't use it
> anymore nowadays (just Markdown or LibreOffice). But I do need a working
> installation of TeX Live for OpenVAS PDF reports.
> 
> What can I do now? Perform a manual installation of TeX Live with their
> provided installer (to /opt) and then blacklist all texlive* packages? I
> admit I'm a bit surprised that a distribution like RHEL/CentOS that
> prises quality wouldn't provide a working TeX Live in their package
> repositories.
> 
> Any suggestions?

The users that were complaining, were they all OpenVAS user?

Going from my experiences on CentOS 6, I find it surprising that LaTeX is not 
working.
Does even the trivial.tex from [0] compile?
Can you get the LaTeX file that OpenVAS is generating, and on the command line 
run pdflatex (or other latex compile command) on it and capture the error 
messages?
This might point to missing packages/fonts.

It may be possible that not enough of texlive has been installed.   I tend to 
do a `yum install \*latex\*` (and answer no) to see what is available and then 
install every latex thing that is not a -devel package. That way I never have 
to think about getting packages again, or if I do I will pretty much know I'll 
have to get it from CTAN myself.
seeing [1] from the opanvas wiki makes me think you should try `yum install 
\*latex\*extra\*` and see if it is now available.  And as seen elsewhere [2] 
sometimes rpm packager's don't name them the same as LaTeX packagers.   And it 
looks like[3] a lot of folks take the same 'trash the distro' perspective as 
openvas[1] which is unfortunate.  Perhaps we could ask the CentOS-extras (and a 
RHEL or EPEL ticket) folks if they would be willing to rebuild the needed 
packages from an old Fedora RPM if they are not yet available in a EL 
repository.  Have you checked EPEL?


[0] https://www.centos.org/forums/viewtopic.php?t=48421
[1] https://wiki.openvas.org/index.php/Generate_a_PDF_report#CentOS_7
[2] https://tex.stackexchange.com/a/166140
[3] https://www.centos.org/forums/viewtopic.php?t=54410

--
Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What besides Postfix should not start until system time set?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

From: Robert Moskowitz [r...@htt-consult.com]
Sent: Thursday, April 20, 2017 5:00 PM
To: CentOS mailing list
Subject: [CentOS] What besides Postfix should not start until system time   
set?
> 
> So I have learned that Postfix should delay until Chronyd has moved the
> system time from 0 to current.

Something you might consider to make the time delta _less_ drastic, is to 
create a service which on system shutdown touches a file {in /etc/} and on boot 
early in the start-up {make some other services depend on it} checks to see if 
the system date is before the time on that file, if it is then use the 
time stamp {+ a few sec} on the file to set the current time.  That way time 
would at least move forward.

in the olden days we used to use `hwclock --badyear` mitigate part of it. 
perhaps you could extend hwclock for --dead-batteries and make it easier for 
every one  with an arm {assuming hwclock is still used in the boot process to 
pull the initial time from the clock}. :)

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Compiling custom "vmlinuz" PXE kernel?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

> From: Locane [loc...@gmail.com]
> Sent: Monday, April 03, 2017 8:33 PM
> To: CentOS mailing list
> Subject: [CentOS] Compiling custom "vmlinuz" PXE kernel?
> 
> Hello CentOS list, I still need help.
> 
> Does anyone know how I would go about creating my own "vmlinuz" PXE
> kernel?  I'm still trying to get the NUC6CAYH to load to a LiveCD, and I'm
> getitng nowhere with Intel.
> 
> My company wants to do hundreds of these per month;  we're not above paying
> for professional help at this point.
> 
> My current line of reasoning is to get whatever specialized memory and CPU
> drivers the NUC6CAYH requires to recognize properly and bake them in to a
> custom vmlinuz PXE kernel that loads the initial ramdisk image.  This
> kernel is located in a regular CentOS 7.3 DVD at
> CentOS-7-x86_64-DVD-1611/images/pxeboot/vmlinuz.
> 
> Has anyone done this before?  Is there documentation online?

If I understand correctly you are wanting to build a kernel to boot the install 
process with, i.e., boot to run anaconda.
For some reason I never had any luck [with EL4] replacing the modules in the 
anaconda initrd.img with the ones for the kernel I built, so I took a more 
*brittle* path.
I built a kernel that included *_all_* the drivers I needed (and only those 
*_needed_*) built into the kernel itself, i.e., *not* as modules.  I then set 
the process up to boot from the vmlinuz I built.  It was not right to ignore 
the mods in the initrd, but it worked enough to get us going, IIRC it was 
because some USB driver we needed was not built in and we were installing from 
a USB hard drive.
Also note, you need to grab the kernel config for an EL kernel of your distro 
and start modifying from there because some of the later tools in the install 
chain expect most of the kernel to be configured as RH would do it.


*_all_* - using this method you can't depend on ANY modules, everything you 
need to activate all the hardware in the system has to be in the kernel image 
(vmlinuz).  If you can figure out how to correctly mod the initrd then you can 
use some modules again, and then only the modules you need to boot and read the 
initrd have to be in vmlinuz.  Also I don't recall what they are, but there are 
some size limits to how big vmlinuz can be, so don't just build every driver 
into the kernel.

Good luck.
--
Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Nvidia related kernel panic on boot, *unless* the keyboard is tapped

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

> -Original Message-
> From: Duncan Brown [mailto:cent...@duncb.co.uk]
> Sent: Wednesday, March 01, 2017 5:49 AM
> To: CentOS@centos.org
> Subject: [CentOS] Nvidia related kernel panic on boot, *unless* the keyboard 
> is tapped
> 
> So here is an odd one
> 
> Ever since the upgrade to 7.3, when using the el-repo kmod-nvidia, boot
> hangs around the 'mounted /boot' point. If left it then kernel panics
> 
> However at that point, tapping the keyboard gets it going again. As I'm
> using a wireless keyboard, even the act of switching the keyboard on
> gets it going again
> 
> This doesn't happen without the kmod, and I'm in the process of
> capturing the panic to file the bug report with el-repo, but for the
> sake of conversation has anyone seen anything like this before, or have
> any idea why that could happen?
> 
> cheers
> 
> Dunc
> 

I have not checked to see if elrepo has kicked out all the new drivers to fix 
it since then, but apparently RH changed some kernel 'pointers' in 7.3 which 
kind of messes up some of the kmods:
https://elrepo.org/bugs/view.php?id=715
https://elrepo.org/bugs/view.php?id=710

I am betting that you installed the kmod-nvidia before the upgrade to 7.3 and 
thus did not get the kind of warning that those folks did.
Perhaps even related to this issue:
https://elrepo.org/bugs/view.php?id=693

which kmod-nvidia do you have?  At the bottom of 693, pperry indicates: 
"kmod-nvidia-367.57-2.el7.elrepo.x86_64 is for EL7.3".

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, firefox, PIV cards

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

m.roth at 5-cent.us further wrote:
##
m.roth at 5-cent.us wrote:
> Hi, folks,
>
>Up until a few weeks ago, it worked as it has been for years: firefox,
> security device is libcoolkey, and pcscd.
>
>Today, I go to use it (I have done updates sine I last used it), and
> try preferences->advanced->certificates, and it hangs. My most recent
> try was for over 20 min. If you move something over the window, then
> move it away, it's a blank window. Pull out the card, and *some* of the
> time, it pops up the window showing no certs, having never asked for a
> PIN. The rest of the time, firefox crashes, hard.
>
>I know the pcscd part works - I used it via a script this morning from
> the command line, as does pkcs15-tool from the command line.
>
>Anyone got any clues? Maybe I should downgrade (if I can) firefox?
>
Additional info: I tried bringing up firefox with two other profiles. One
didn't have coolkey as a security device, but when I tried to add it, it
responded with "cannot add module".

Yet a third profile, that had both libcoolky and the older onepin, and
that popped up a window saying I needed to authenticate, sat there with no
way to put a pin in, then, when I pulled the card, it flashed the popup
window with my certs.

Yes, at this time, I'm looking at issues with firefox.

So - has anyone else had this problem?

   mark
#

Not yet had the issue(s) but I do have some questions:
1) is this with the same physical PIV that you have been using "Up until a few 
weeks ago", that is did you (or the affected person) get a new PIV recently?
1a) does firefox have the certificate authorities loaded which cover the card 
in question (make sure to trace back to the root CA, there have been changes)?

2) have you tried just `yum downgrade firefox` and see if it works?
2a) I would be tempted to do something on the order of `rpm -qa --last |head 
-50` and then for each package seen there do an rpm -q --verify (syntax unsure) 
on them to be sure all the packages got installed correctly.

3) same as (2) but with recent nss|coolkey|pcscd updates?

4) interrupted updates?  i.e., `yum complete-transaction` (sp???)  `yum 
reinstall firefox nss coolkey pcscd`

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.7->6.8, ssh-add issue, followup, more info

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Thu Jul 28 17:39:16 UTC 2016 ,  m.roth at 5-cent.us wrote:
> What I
> used to do was ssh-add -s libcoolkeypk11.so. It would then ask for a PIN,
> and add it. Now, it still asks for the PIN, but then announces that it
> failed to add it to the agent.

Not sure if this is good or bad news :-/
On up to date RHEL6.8 the following looks like it worked.

$ ssh-add -D
All identities removed.
$ ssh-add -s libcoolkeypk11.so
Enter passphrase for PKCS#11:
Card added: libcoolkeypk11.so
$ ssh-add -l
#lists all three expected finger prints.
$ ssh -XA PKIneedingUser@localhost
[PKIneedingUser@localhost]$

Nothing good is ever easy.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.7->6.8, ssh-add issue, followup, more info

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Tue Jul 26 21:17:40 UTC 2016,  m.roth at 5-cent.us wrote:
> I could try the reinstall, but it's very odd - everything worked, and now, 
> after the upgrade, it doesn't. Oh, and here's another twist on this: Under
> 6.7, if I'd logged into my webmail via firefox, and while that was
> happening, I stuck my AA ("Logical token" card) into the keyboard slot,
> and used it in logging onto one server (using sccr), it just chugged
> along. Now, at 6.8, *everything* in firefox hangs - even a google search,
> until I pull the card out of the keyboard. It's clearly trying to
> authenticate the client, not just the server


rpm -qa --last \*pcsc\* \*cool\* \*nss-\* \*ssh\* ccid\* 

in 6.7 the last nss was 3.21.0-0.3.el6_7 in 6.8 it is 3.21.0-8.el6
--changelog is confusing, as there is no 3.21.0-0.3, and there is a "Rebase 
RHEL 6.8 to NSS 3.21" even though we where ALREADY on 3.21?

--changelog ccid shows changes the Omnikey 3022 behavior, and added more ccids 
and "Allow longer ccid messages"

Fortunately/Unfortunately the problems you are seeing are not affecting me on 
the RHEL box I am currently using with the nss access method I sent the other 
day, and I don't have an AA card, so it is a little hard to figure out what 
broke.

I suspect that for us to figure out what exactly happened (which I would like 
to know) we would have downgrade some components back to their 6.7 state on 
your box and see  which component had the bad change.  And then figure out what 
those changes were.  I've done it before to help RH get CAC with ssh going 
again in 6.x series (6.[34] IIRC, broke something).

Remember the software stack is IIRC:
firefox
nss
coolkey
pcscd
ccid

I think your use of openssh -s libcoolkeypk11.so makes it look like:
ssh
coolkey
pcscd
ccid
 

and for your sccr script probably looks a bit like:
sccr
?nss??openssl?
coolkey
pcscd
ccid

I would likely** yum downgrade ccid pcscd coolkey   and then see if the lock 
still happened between sccr and firefox, then kick nss (or do douwngrade in the 
other order).  After it is working, I would upgrade each of those components 
until it broke again... and depending on how pedantic I was being I might 
downgrade just the component that I think broke it and upgrade the rest.

**downgrade is a little trickier using CentOS when crossing point releases... 
you may need to build your own 'updates' repo, containing all the 6.7 updates 
and the 6.8 stuff.

Good hunting.

BTW: if you drop us/me the whole ssh invocation using -s, I might give that a 
go here and see if it works here on RHEL compared to my normal nss invocation.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.7->6.8, ssh-add issue, followup, more info

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

> -Original Message-
> From: m.r...@5-cent.us [mailto:m.r...@5-cent.us]
> Sent: Friday, July 22, 2016 4:15 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] CentOS 6.7->6.8, ssh-add issue, followup, more info
> 
> m.r...@5-cent.us wrote:
> > Folks,
> >
> >I am perplexed. I updated my workstation at work Wed before I left,
> > from 6.7 to 6.8. Then, yesterday, I went to use ssh-add -s
> > libcoolkeypk11.so, which I've done many times before to add the certs
> > from my PIV card... and 100% of the time if fails, letting me
> > SSH_AGENT_FAILURE, cannot add card.
> >
> >Now, using a script called sccr, which uses my public and private key
> > to generate a one-time password (we use the to sudo to root), works
> > with no problem. I used my card to go into the data center this
> > morning, which also reads my card, and had no problem. I've tried eval
> > $(ssh-agent) to start a new instance. Nothing works.
> >
> >Also, pklogin-finder finds the cards, asks for my PIN< and it works.
> >
> >Clues for the poor?
> >
> I just tried ssh -I libcoolkeypk11.so  and in messages, it
> reports "ssh-pkcs11-helper: errror:no slots" before failing to let me log
> on.
> 
>  mark
> 

Assuming
1) that /etc/pki/nssdb/ has been populated with all the appropriate and current 
gov certificate authorities (CA).
certutil -L -d /etc/pki/nssdb/ #list the CAs
2) that you are using the RH/CentOS stock openssh*rpm files.
3) that you have not also gotten a newer card in the same time period, which 
happens to use a CA that is not in /etc/pki/nssdb/

Have you tried a third different set of ssh commands to use the cac:
ln -s /etc/pki/nssdb/*  ~/.ssh/ #make the certificate authorities available to 
ssh*
ssh-add -D #clear out any existing sigs
ssh-add -n #use nss to access the cac

Also on some boxes coolkey gets disassociated from nss, and I have found the 
simple
yum reinstall coolkey
fixes it, may need to logout/reboot as it affects a bunch O'stuff (and been a 
while since I had the problem).


Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, iscsi,

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Thu Jul 7 17:31:05 UTC 2016, m.roth at 5-cent.us wrote:
> I've got docs for the JetStor, which
> include setting up the target - I'm still trying to figure the identifier
> name.

Although the identifier name format is shown in [1], it is better explained in 
[2] & [3].

[1] 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-iscsi.html

[2] 
http://www.intel.com/content/www/us/en/ethernet-products/converged-network-adapters/iscsi-quick-connect-red-hat-linux-guide.html

[3] https://en.wikipedia.org/wiki/ISCSI#Addressing

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, iscsi,

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Thu Jul 7 14:47:23 UTC 2016, m.roth at 5-cent.us wrote:
> Hi, folks,
> 
>I installed the iscsi packages, and I *thought* that the first thing to
> do was configure /etc/tgt/target.conf. Am I wrong? Did I have to
> configure iSNS on the RAID appliance?

One thing to make sure you have straight is Target vs. Initiator [2], for me it 
originally felt like the names were backwards.  I would expect the physical 
RAID machine to be the Target. Was that your expectation too, as it is a little 
unclear from the para above?

> 
>All that I find on the web, incl. upstream docs, is to install it, then
> start the service.

It might have helped if you had pointed at which upstream docs... some are 
better than others on the same subject.  


When I did a test of it, I found starting with the Target creation doc [1]  and 
following with the Initiator doc[3] (each on different RH/CentOS boxes) helped 
me to figure it out.  BTW while in [1] they use /dev/vdb it works as well with 
real /dev/sd* or Logical Volumes, I don't recall _trying_ with PVs.

[1] 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-iscsi.html

[2] https://en.wikipedia.org/wiki/ISCSI#Initiator

[3] 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/iscsi-api.html

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Minimum RAM requirement for CentOS 6.x graphic installer?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

On Thu, 2 Jun 2016 06:36:51 +0200 Nicolas Kovacs wrote:
> The title says it all. What's the minimum RAM requirement for the CentOS
> 6.x graphic installer? In our public libraries we have some old hardware
> running CentOS 5, and I wonder if some of these machines can be upgraded
> to CentOS 6. Unfortunately RHEL 5.x' nifty text mode installer got
> seriously crippled with version 6.x.

I think that if you feed the install a kickstart file, it will install in 
accordance with what you told it, but that does mean you have to spend some 
time figuring out what to put in your kickstart first.  This would also give 
you some consistency between systems.

Or you could let the 6.x "text installer" install it's minimal system, and then 
comeback and yum install everything else afterwards.  fewer choices to make, 
but you get to live with RH's ideas of sane partition sizes.

Another option for installing on smaller machines is to use the live disk[1] 
and a few tweaks[2] to do the install.  However it will mean some hand holding 
on each machine to make it work, but I have done it and been reasonably happy 
with the resulting system.  Note on a really small system (512MB or smaller), 
the use of zram (with the normal centos kernel, and swappiness~99), or zswap 
(with the elrepo kernel-ml) will make the system operate a lot better.  It is 
too bad the live disks to not enable zram while booting when they don't find a 
linux swap part.

[1] Have not seen the 6.8 live disk announce yet, 
https://lists.centos.org/pipermail/centos-announce/2015-August/021304.html
[2] "HOWTO install CentOS 6 on low memory computer or virtual machine (even 
192MB RAM)"
 https://lists.centos.org/pipermail/centos/2011-July/115367.html


Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CenOS 6.8 and libGL failures

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Curiously my intel 845-G has had gl applications (freecad and wine based 
windows games) STARTED working correctly with this update.

I see in a latter email that you have a) found a path issue for users vs root, 
and b) you are using nvidia.
This reminded me of an issue I was having with some GL code I use (jogamp 
based) and nvidia drivers a little over a month ago, this might be something 
else you want to be aware of.

Nvidia is in the process of making a Vendor-Neutral GL[0], which I think is 
probably a good thing, but they have found that "several  applications relied 
on behaviors or attributes of the NVIDIA OpenGL driver that fall outside of the 
Linux OpenGL ABI"[1]. Once I figured out it was kmod-nvidia related, this[2] 
post helped me figure out the mapping to the other links.
for now I have had to stick our nvidia machines at 352.79 until either we get 
our app working with the  GLVND API, or elrepo packages a non-GLVND config[1].


[0] https://github.com/NVIDIA/libglvnd
[1] 
https://devtalk.nvidia.com/default/topic/915640/unix-graphics-announcements-and-news/multiple-glx-client-libraries-in-the-nvidia-linux-driver-installer-package/

[2] https://www.centos.org/forums/viewtopic.php?f=14=57047

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


From: isdtor [isd...@gmail.com]
Sent: Tuesday, May 31, 2016 7:09 AM
To: CentOS mailing list
Subject: [CentOS] CenOS 6.8 and libGL failures

Ever since I upgraded to CentOS 6.8, some software has stopped working 
alogether. This is related to OpenGL/mesa and can be demonstrated with glxgears:

$ glxgears
libGL error: No matching fbConfigs or visuals found
libGL error: failed to load driver: swrast
X Error of failed request:  BadValue (integer parameter out of range for 
operation)
  Major opcode of failed request:  154 (GLX)
  Minor opcode of failed request:  3 (X_GLXCreateContext)
  Value in failed request:  0x0
  Serial number of failed request:  33
  Current serial number in output stream:  35
$

This appears to be a common problem, but I found no solutions that apply here 
since I believe everything is installed and set up correctly. It all worked 
with CentOS 6.x, x<8.

https://www.centos.org/forums/viewtopic.php?t=56273
https://ask.fedoraproject.org/en/question/38116/issues-with-libgl-on-fedora-20-unable-to-load-driver-swrast/


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] delete directories with find and exclude other directories

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

From: Valeri Galtsev 
Sent: Wednesday, February 03, 2016 12:58 PM

On Wed, February 3, 2016 11:37 am, Tim Dunphy wrote:
> Hi all,
>
> I'm attempting to delete some directories and I want to be able to exclude
> a directory called 'logs' from being deleted.
>
> This is my basic find operation (without the exclusion)
>
> # find . -type d  |tail -10
> ./d20160124-1120-df8mfb/deployments
> ./d20160124-1120-df8mfb/releases
> ./d20160131-16993-vazqg5
> ./d20160131-16993-vazqg5/metadata
> ./d20160131-16993-vazqg5/deployments
> ./d20160131-16993-vazqg5/releases
> ./logs
> ./d20160203-27735-1tqbjh6
> ./d20160125-1120-1yccr9p
> ./d20160131-16993-1yf9lnc

crude thing I would do is:

find . -type d  | grep -v logs

, but that will also exclude other names containing "logs" it is like:

Semilogs2
logs4me



#just skip the local logs dir
find . -type d -not -wholename ./logs
#skip dirs that start with /logs any where in the search
find . -type d -not -wholename \*/logs\*
#skip dirs that have log anywhere in their name, like Valeri's
find . -type d -not -wholename \*logs\*

and to actually get rid of the found _empty_dirs_ that are not logs...
find . -type d -not -wholename \*logs\* -exec rmdir {} \;
note 1: as written would have to be ran multiple times to empty deeper 
directory trees.
note 2: just because a logs dir is not shown/passed by the above command, does 
not mean that there was not one deep within a tree, so recursive removals might 
do more than you want. See recent UEFI thread. :)
note 3: rmdir can be replaced with your favorite destruction command, choose 
wisely.
note 4: I recommend when using an rm command, use a specific directory _name_ 
to find instead of '.', so there is _less_ chance of using it where you don't 
want to.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, 327 kernel still crashing

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

> -Original Message-
> From: Wes James [mailto:compte...@me.com]
> Sent: Wednesday, January 27, 2016 7:04 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] CentOS 7, 327 kernel still crashing
> 
> 
> > On Jan 27, 2016, at 1:47 PM, m.r...@5-cent.us wrote:
> >
> > I've just added the following to the CentOS bugtracker for CentOS-7
> > 0009860. I admit to not being sure if it's the same issue, or a separate
> > one, but this and other Dell servers - I *think* they're all R420's, but I
> > could be wrong, just all do the same thing on boot.
> > *
> > I've just updated a CentOS 7 server to the latest kernel,
> > vmlinuz-3.10.0-327.4.5.el7.x86_64, and the server fails to boot. It has
> > failed on every 327 kernel.
> >
> > Server: Dell R420, 2 Xeons, 124G RAM.
> >
> 
> I have the same issue on a 2011 iMac.  Usually a it takes one or two rounds 
> of kernels more and it starts working, but I have to stay on
> 3.10.0-229.20.1 right now.  All the 327’s crash on boot.
> 
> -wes

The `rpm -q --changelog ` of the 327 kernel looks like they only made three 
'important' changes, and I think gives pointers to kernel.org changes you could 
use find the offending patches.  
Have you folks considered grabbing the srpm, backing out the each of the 
(three) changes between the pre 327 and 327 and building it yourself to figure 
out which thing broke your systems?
Do either of you have any of the equipment listed in the 327 change?  If so, 
that equipment patch is the patch I would focus on.
Of course this will have you stepping off the CentOS reservation (thus use 
caution), but seeing as you are hanging back at 229, you are already on the 
fence. :)

When you can point to the problem
http://thread.gmane.org/gmane.linux.network.drbd/9973/focus=9996
sometimes folks will get it fixed quickly
http://thread.gmane.org/gmane.linux.network.drbd/9973/focus=9996 
I grant you, it was much easier back then, because the fedora and RH folks 
would have the
 patches as ... patches ... in the rpm that you could take out with a comment, 
but it can still be done with a more research.
Even more fun might be to see if the elrepo kernel-lt or kernel-ml would work.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel Xorg driver for Intel HD graphics

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

I have an older intel card (845G) that works _correctly_ only with the newer 
kernels (3.17+) with everything else being CentOS 6 stock.
The elrepo kernel-ml made this much easier to support.
http://elrepo.org/tiki/kernel-ml
http://elrepo.org/tiki/kernel-lt
I don't know if you need all the other new packages you built and installed, 
but at least you will not have to be compiling the kernel for yourself if you 
use the elrepo packages. 
Note: although I am using the el6 packages, they have el7 packages.
http://elrepo.org/linux/kernel/el7/x86_64/RPMS/

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


> -Original Message-
> From: Jerry Geis [mailto:ge...@pagestation.com]
> Sent: Sunday, January 24, 2016 10:20 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Intel Xorg driver for Intel HD graphics
> 
> > i915.preliminary_hw_support=1
> 
> Adding this to the boot - does not make it work on straight 7.2
> 
> I saw information about this - but it is mentioned on the page I
> included that this was no longer needed with the files listed in the
> link.
> 
> 
> The kernel 4.4 installs and runs fine on the NUC5C. Its the
> xorg-server package that is is my issue. Everything else ran fine.
> 
> 
> The problem I'm trying to solve is getting the NUC 5C to run X on 7.2.
> 
> I "realize" that is all newer hardware - but if its possible it's beneficial.
> 
> 
> I just need to figure out how to compile the X server it was giving an error.
> 
> 
> Thanks,
> 
> 
> Jerry

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7, ATI card, 30" monitor

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

> -Original Message-
> From: m.r...@5-cent.us [mailto:m.r...@5-cent.us]
> Sent: Thursday, November 05, 2015 10:23 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] Centos 7, ATI card, 30" monitor

> That's why I said that at some point I was going to hand-craft an
> xorg.conf. Do you know if there's a way to dump the current settings to a
> file? I know I can do it with NVidia, but this is just KDE's settings.

Last I knew, you could
1) go into multi user mode (no x running)
  systemctl isolate multi-user #graphical is probably the default
2) Ask Xorg what it would do by default
 run 'Xorg --config > mynewxorg.conf.file' #this is IIRC without looking at man 
or Xorg --help
 #but I think you'll get the idea here. :)
3) go back to graphical
 systemctl isolate graphical

hope this helps

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7, ATI card, 30" monitor

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

> -Original Message-
> From: m.r...@5-cent.us [mailto:m.r...@5-cent.us]
> Sent: Tuesday, November 03, 2015 11:58 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] Centos 7, ATI card, 30" monitor
> 
> John R Pierce wrote:
> > On 11/3/2015 8:11 AM, John R Pierce wrote:
> >> On 11/3/2015 7:33 AM, m.r...@5-cent.us wrote:
> >>> Well, I got my user back to being able to use his system, but I've
> >>> still got one issue: it's running on the VESA driver - there is
> >>> *no* Catalyst build for this monitor, for CentOS 7. From a lot of
> >>> googling, nothing's been done since the summer of '14 (lspci
> >>> reports it as a FirePro V3900).
> >>>
> >>> Any thoughts, or pointers, as to if/how I can get X - he's running KDE
> >>> - to see the full width of the monitor, not just about 4" less, or is
> >>> that not possible with the VESA driver?

> Btw, I spoke to Dell
> - this box is theirs, but of course the people supporting workstations
> *still* don't have a clue about Linux, unlike the server people, and they
> couldn't find a recent driver, either.
> 
> I *really* dislike ATI/AMD video. At least with NVidia, the proprietary
> driver builder *always* works, once you've got the right one, whatever
> folks bitch and moan about it.
> 
>  mark
> 

Have you considered using the elrepo packaged version, or at least reading 
their pages to see which chips are 
still supported by the proprietary driver?
For me their (elrepo) packages seem the sanest way to manage an EL system with 
either nvidia or ati/amd proprietary driver.
Also there are some notes on this page relating to a change in X protocol on EL 
6 which caused some grief there, 
perhaps EL 7 has that same change and thus you may be in the list of " older 
chipsets".   
At least by reading the pages you might be able to quicker come to the 
conclusion that the proprietary driver will 
no longer work for you?
http://elrepo.org/tiki/kmod-fglrx
http://elrepo.org/tiki/kmod-fglrx-legacy



Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos wiki strangeness.

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Thanks Mike and Johnny for taking a look.
It appears to be something in the way THIS windows and IE are locked down, when 
I dragged myself off to the lab and used EL it looked good too, I guess I'll 
just have to use CentOS to view it (which is generally my preference anyway).

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


> -Original Message-
> From: Denniston, Todd A CIV NAVSURFWARCENDIV Crane
> Sent: Tuesday, October 20, 2015 12:45 PM
> To: CentOS mailing list
> Subject: centos wiki strangeness.
> 
> In preparing to answer a question about some yum undesired behavior, I wanted 
> to reference fastest mirror info, but when I went to
> https://wiki.centos.org/PackageManagement/Yum/FastestMirror
> I find all the text has been squished to the right hand side of the page and 
> made 1 word wide all the way down.
> The https://wiki.centos.org/FrontPage looks similar but perhaps it is a 
> little better?
> 
> Or is this an issue of looking at it with IE?
> 
> 
> Even when this disclaimer is not here:
> I am not a contracting officer. I do not have authority to make or modify the 
> terms of any contract.
> 

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can I force yum to only use http.

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

> -Original Message-
> From: Styma, Robert E (Robert) [mailto:robert.st...@alcatel-lucent.com]
> Sent: Monday, October 19, 2015 5:12 PM
> To: CentOS@centos.org
> Subject: [CentOS] Can I force yum to only use http.
> 
> Our outsourced IT department has decided to use white listing on the 
> firewalls for outbound ftp.  I was given a list of sites our lab
> had accessed via ftp and eventually tracked them down to Linux machines 
> running yum.  They are all CentOS 5 or 6 with a smattering
> of 7.  It is impractical to list all the possibilities since they change on a 
> regular basis.  Also any 3rd party repos we need are another
> ball of wax.
> 
> Various Google searches and the manual page have not shown me how to avoid 
> using ftp mirrors.  I have considered taking out the
> ftp-proxy information so that the ftp cannot get out, but I suspect it will 
> just hang waiting for a response.
> 
> Does anyone have any suggestions on ways to tell yum not to use ftp as the 
> download mechanism?

On the machines that are using ftp, do the contents of 
/etc/yum.repos.d/Centos-Base.repo look the same as the machines that are not 
using FTP?  Perhaps include the Centos-Base.repo file from ONE of the offending 
machines in an email.
Baseurl can be used to force where and how to connect, but because are getting 
ftp instead of http connections I am suspecting someone has probably already 
forced it the other way, the files may tell.  

Another possibility is that on those machines once-upon-a-time they found that 
the ftp host had the fastest _ping_ time, and have used it ever since. You may 
be able to log into those machines, `cat /var/cache/yum/timedhosts.txt` and see 
ftp hosts listed.
If so try [large hammer warning] `yum clean all; yum update` and see if they 
try going back to the ftp site or pick a new http one.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] centos wiki strangeness.

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

In preparing to answer a question about some yum undesired behavior, I wanted 
to reference fastest mirror info, but when I went to
https://wiki.centos.org/PackageManagement/Yum/FastestMirror
I find all the text has been squished to the right hand side of the page and 
made 1 word wide all the way down.
The https://wiki.centos.org/FrontPage looks similar but perhaps it is a little 
better?

Or is this an issue of looking at it with IE?


Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C6 firefox esr h.264 support on youtube

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

> -Original Message-
> From: John Hodrien [mailto:j.h.hodr...@leeds.ac.uk]
> Sent: Friday, September 11, 2015 6:39 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] C6 firefox esr h.264 support on youtube
> 
> On Fri, 11 Sep 2015, Robert Arkiletian wrote:
> 
> > does anyone running C6 have h.264 check box on www.youtube.com/html5 ?
> >
> > if yes, can you please post the output of
> 
> My understanding, which may be incorrect, was that the firefox in EL6 wasn't
> built with gstreamer support, so adding that library isn't sufficient.
> 
> jh

"You always need native OS support to be able to play media files with the 
HTML5 media player"
https://support.mozilla.org/en-US/questions/1068031#answer-743907

I found this because I was looking for a (legal in the US) way to look at h264 
streams from local net video encoders on EL6, without having to resort to 
expensive decoder software which I can't get anytime soon.  Initially I thought 
that I might get Firefox to do it for me with the openh264 plugin, but then I 
found the above link.   I am currently looking at how possible/painful it is to 
get the gstreamer openh264 plugin [1] built on EL6 (to go with the existing 
0.10 gstreamer), such that I can use openh264 [2][3], which if I understand it 
would allow me to have a legal and working viewer (sans sound, which I don't 
need anyway).  It would be nice (from a functional point of view) if Red Hat 
could get us an audio codec for h264 licensed in a similar way.

If anyone has clues on how to build and add  just a portion of gst-plugins-bad 
into the existing EL OS set of gstreamer plugins, please share (even URL 
pointers).

[1] http://cgit.freedesktop.org/gstreamer/gst-plugins-bad/tree/ext/openh264
[2] https://en.wikipedia.org/wiki/OpenH264
[3] http://www.openh264.org/

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] NVidia on encrypted Q. RE: Intel Displayport on Centos 7

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Lamar Owen [mailto:lo...@pari.edu]
 Sent: Saturday, January 31, 2015 1:53 PM
 To: CentOS mailing list
 Subject: Re: [CentOS] Intel Displayport on Centos 7
 
SNIP
 the stock ATI drivers.  I haven't tried with the fglrx driver; it seems
 to be a bit of a problem child on C7 at the moment.  For that matter,
 the nVidia proprietary driver is a bit of a problem child if you have
 any encrypted partitions like I do.
SNIP

I have not gotten to testing C7 (or RHEL7 for that matter) yet, but I expect to 
need the NVidia driver (from elrepo) on them and for the drives to be 
encrypted, SO ...
What kinds of issues do the proprietary drivers and encrypted partitions 
together seem to be causing?

Are your problems all related to:
https://www.centos.org/forums/viewtopic.php?f=49t=47460
http://elrepo.org/bugs/view.php?id=496
https://www.centos.org/forums/viewtopic.php?f=47t=49304start=10

Or are there other issues?

Thanks for the feedback.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Radeon graphics problems with CentOS 6.6

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Darby Vicker [mailto:darby.vic...@gmail.com]
 Sent: Tuesday, January 06, 2015 12:24 AM
 To: centos@centos.org
 Subject: Re: [CentOS] Radeon graphics problems with CentOS 6.6
 
 On Sat, Jan 3, 2015 at 2:27 PM, Darby Vicker darby.vic...@gmail.com wrote:
  On Saturday, December 20, 2014, Darby Vicker darby.vic...@gmail.com wrote:
 
  I thought about trying centos 7.  But in the end that doesn't really
  help me since I'm trying to keep my current centos 6 installation
  working.  I don't really have the time/energy to reinstall everyting
  under CentOS 7 right now.
 
  I was able to get a 6.6 LiveCD built myself.  The liveCD has the same
  problem - X doesn't work.  I can boot the Basic Video option from the
  LiveCD and I can at least get to the desktop but there are several odd
  video problems when I do that.  But I think that means that there is a
  genuine problem with Xorg on my hardware.  Does anyone know who I should
  submit this bug to - AMD or Xorg?
 
  Any other ideas for workarounds in the mean time?
 
 
  The xorg ati developer doesn't think it's a driver problem.
 
   http://lists.x.org/archives/xorg-driver-ati/2014-December/026948.html
 
  Any other ideas for tracking this down?
 
 After a little more conversation with the ati developer, he thinks its
 a problem with the kernel.
 
 http://lists.x.org/archives/xorg-driver-ati/2015-January/026986.html
 
 He is suggesting I get in touch with the people who maintain the
 CentOS kernel.  What is the best way to do this?  Submit a bug on
 https://bugs.centos.org?

Two things I think you should consider doing...
1) in your next post (and any bugs you open), include the `uname -a` of the 
last known to work correctly CentOS/RHEL kernel, and the `uname -a` of the 
first known to not work correctly CentOS/RHEL kernel and the respective 
versions of radeon | flrgx drivers.

2) try out elrepo's el6 kernel-lt  kernel-ml and see if they work correctly 
for you.  I suggest this, because for me it did workaround an issue with intel 
chips (I guess I need to see what it will take to get the elrepo folks to make 
just a back-ported intel driver from 3.17 [first known to work again, 3.16 does 
not]) .
http://lists.centos.org/pipermail/centos/2014-November/147579.html


Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dell Dimension 2400 W/Intel 845-G Video

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Here is some hope for you.
I too have been fighting with an intel 845G, but mine is in an IBM built 
machine.
I just loaded the elrepo kernel-ml on a CentOS 6.6 system with an intel 845-G 
and now the X comes up correctly, i.e., at boot gdm is available visually for 
login.  YYEEESS!!!

With either kernel, if you want any GL performance, you do _not_ want to use 
nomodeset, i.e., with nomodeset tux racer renders ~1FPS @800x600.  Vesa is in 
the same boat and eats your main cpu to render anything.

With the standard _2.6_ kernels with CentOS 6.[56], even though the screen was 
blank (but with a mouse pointer) you could log in by simply typing the first 
letter of your username, press enter, enter your password, press enter, then 
wait for login, and because characters were messed up logout, at which point 
the restarted gdm and X would be working fine and you could login for a nice 
session. 
Found this trick somewhere in the archives of this list IIRC. 
 Note:` telinit 3; telinit 5` OR  `killall gdm-binary` do *NOT* help.

I don't have an xorg.conf or anything in xorg.conf.d, and I don't have any 
changes to the kernel line since install, i.e., using CentOS defaults.

With the elrepo kernel-ml, it does seem like there is a little more load on the 
system, but login has become normal and I see ~14FPS in tux racer @800x600  (OK 
it is not a speed daemon, but at least it is smoothed).  After login the screen 
res defaults to 1920x1080 IIRC.
After login I have been using xrandr to change the screen res I want for each 
task (many web sites don't look right at anything above 1024x768).
xrandr -q #to see available sizes
and
xrandr -s 1024x768

good luck, and if this works for you and/or you find a better way, please let 
us know.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

 -Original Message-
 From: Mark LaPierre [mailto:marklap...@gmail.com]
 Sent: Sunday, November 02, 2014 9:35 PM
 To: Mark LaPierre; Mail List CentOS Users
 Subject: Re: [CentOS] Dell Dimension 2400 W/Intel 845-G Video
 
 On 10/05/14 22:47, Mark LaPierre wrote:
  Hey Y'all,
 
  I've been Googeling and experimenting for two days trying to find a way
  to deal with the Intel 845-G video chipset in this Dell Dimension 2400.
SNIP
 
  There's a lot a cruft on the internet about problems with the Intel
  845-G chipset but no solutions that work for me.  Does anyone know
  how to get an successful installation on this hardware?
 
 
 First I want to thank all of you who have offered up proposed solutions.
 
 I got the netinstall to work.  Then used yum update to bring it up to
 the latest and greatest.  I worked with 6.5 but got nowhere there.  Then
 the 6.6 point release was ready so I did the yum update dance in hopes
 that 6.6 would be more cooperative.
 
 Today I've been googling, experimenting, and pretty much failing
 miserably.  The best I've managed to get is to set the boot command to
 nomodeset, and the xorg.conf Device driver to vesa.  I got 640x480
 resolution with the image offset to the left and down.  Pretty much
 unusable.  No improvement from my previous best effort documented above.
 
 I am able to open System/Preferences/Display where I could select a
 different resolution if I could see and reach the [Apply] button.  That
 really doesn't matter since the only resolution available on the pull
 down is 640x480.
 
 I can't get the intel driver to yield a screen at all.
 
 I experimented with many VGA=NNN modes in combination with the vesa
 driver.  No joy there.  Not even the GDM screen comes up.  The best I've
 been able to get from the intel driver is a mouse pointer in the middle
 of an otherwise black screen.
 
 When the graphics come up I can check the Xorg.0.log where I can see
 that the vesa driver says that resolutions including 1280x1024, 104x768,
 and 800x600 are viable options.  I can't get it to use any of them.
 
 What think yee?  Is there any hope of getting any resolution greater
 than 640x480 out of this thing?
 
 --
 _
°v°
   /(_)\
^ ^  Mark LaPierre
 Registered Linux user No #267004
 https://linuxcounter.net/
 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rsync question: building list taking forever

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: John Doe [mailto:jd...@yahoo.com]
 Sent: Monday, October 20, 2014 5:30 AM
 To: CentOS mailing list; Tim Dunphy
 Subject: Re: [CentOS] rsync question: building list taking forever
 
 Are you allowed to temporarily run an ssh tunnel (or stunnel) on your 
 jumpbox?
 So connecting from host1 to jumpbox on port XXX would be tunneled to ssh port 
 on host2...
 
 Or with netcat (if you can mkfifo)?
   mkfifo backpipe
   nc -l 12345 0backpipe | nc host2 22 1backpipeBut you will have to trick 
 ssh into accepting your jumpbox fingerprint...
 
 JD
 

Or perhaps easier (depending on how paranoid sshd configs are) with 
ProxyCommand in ssh/config, i.e., setup config so one ssh command can get you 
logged onto the final target and then use rsync across ssh as per normal:

http://sshmenu.sourceforge.net/articles/transparent-mulithop.html

Then rsync will be running on both ends, where the data (filesystem 
information) is LOCAL, i.e., fast.

I would use, if possible/allowed,  key[s] with ssh(-agent) to make the whole 
connect to multiple hosts thing easier (i.e., fewer passphrase requests).

[OP: `they don't allow ssh between the datacenters` ...but... they nfs between 
them...??? ME: much head scratching.]

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dell Dimension 2400 W/Intel 845-G Video

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Mark LaPierre [mailto:marklap...@gmail.com]
 Sent: Wednesday, October 08, 2014 7:52 PM
 To: Mail List CentOS Users
 Subject: Re: [CentOS] Dell Dimension 2400 W/Intel 845-G Video
 
 On 10/06/14 21:45, Peter wrote:
  On 10/06/2014 03:47 PM, Mark LaPierre wrote:
  I've been Googeling and experimenting for two days trying to find a way
  to deal with the Intel 845-G video chipset in this Dell Dimension 2400.
   First, it doesn't have a DVD drive so I have to install from a CD.
  When I try to boot into the Live CD I get a video error something like,
  Undefined video mode number: 317.  It hangs at the splash screen.
 
  Lots of solutions for this in google:
  https://www.google.co.nz/search?q=%22Undefined+video+mode+number%3A+317%22
 
  The driver for that chipset is just the regular intel driver:
  yum install xorg-x11-drv-intel
 
  You never mentioned which version of CentOS you're trying to install.
 
 
  Peter
 
 Hey Peter,
 
 Thanks for the link.  I'm working with CentOS 6.5.
 
 I changed the boot command from nomodeset to vga=normal
 
 I changed the Xorg.config device from VESA to Intel
 
 I rebooted the machine.
 
 I now have a desktop at a usable resolution.  Thank you there!!
 
 But, there's always a but, the text displayed on that screen is not
 usable.  The text on the top bar that should say:
 Applications   Places   System
 says:
 A  PSm
 
 The icon that is supposed to say Computer says C m
 
 There's a dialogue box in the middle of the screen with various and
 assorted consonants spread about.  I have no idea what it's supposed to say.
 
 Any clue as to how I can fix this?

I have a similar Intel card on a machine (not near it right now) which has the 
same kind of text issues.
The trick I learned was to log out and log back in.
i.e., you have to know which  ys em and  og O t menu items get you to  log 
out and do that.
When GDM comes up the next time it will be good.

Be glad your GDM comes up so you can see it for the first login, Mine was a 
black screen with a pointer.

Wish I knew how to tell X to just restart itself after initializing the card.  
BTW if I recall correctly, telinit 3  sleep 5  telinit 5 ;  will return me 
to broken text so no help there.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] el6 crash-trace-command vendor?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

I was running a 
rpm -qa  --qf %{vendor} \t\t%{name}\n |sort|grep -v CentOS
looking for packages from other vendors installed on  a machine and noticed a 
curious sight:
Fujitsu Limited crash-trace-command

It appears I am not the only one who has crash-trace-command from Fujitsu 
Limited 
https://www.centos.org/forums/viewtopic.php?f=13t=1081start=0#p6688
That is a good thing right? :)

I was curious however to find it in my centos mirror, and apparently signed by 
the centos crew[2].
Would one of our gentle OS maintainers be kind enough to confirm this is just 
an extension of the issues in bug 5967[1]? (which I found near the end of my 
web search)

Looking a little deeper it appears that there are a couple of other packages 
(rome) with odd vendors in the 6.5 tree:
for i in centos/6/os/i386/Packages/*rpm; \
 do rpm -q --qf %{vendor} \t%{name}\n  -p $i; \
done |grep -v CentOS 
Fujitsu Limited crash-trace-command
Red Hat, Inc.   python-qpid-qmf
Red Hat, Inc.   qpid-qmf
(none)  rome
(none)  rome-javadoc
Red Hat, Inc.   ruby-qpid-qmf



[1] http://bugs.centos.org/view.php?id=5967




[2] 
$ rpm -qa gpg-pubkey\*
gpg-pubkey-c105b9de-4e0fd3a3

$ for i in centos/6/os/*/Packages/crash-trace-command-*; \
 do echo $i;rpm -q --qf %{vendor} \t%{name}\n  -p $i;done
centos/6/os/i386/Packages/crash-trace-command-1.0-4.el6.i686.rpm
Fujitsu Limited crash-trace-command
centos/6/os/x86_64/Packages/crash-trace-command-1.0-4.el6.x86_64.rpm
Fujitsu Limited crash-trace-command
##Note the lack of 
##warning:  centos/6/os/i386/Packages/crash-trace-command-1.0-4.el6.i686.rpm: 
Header V3 RSA/SHA1 signature: NOKEY, key ID c105b9de
## which I did get on a CentOS 5 machine doing the same check.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] MySQL - replication - how to restore master?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: John Horne [mailto:john.ho...@plymouth.ac.uk]
 Sent: Wednesday, August 13, 2014 7:53 AM
 To: CentOS list
 Subject: [CentOS] MySQL - replication - how to restore master?
 
 Hello,
 
SNIP
 However, I am having trouble finding out what to do should we lose the
 master server. Typically mysqldump backups of the master are done
 overnight, so a failure during the day would mean that the slave is
 ahead of the master backup. So this poses two questions:
 
SNIP

Note: I have not been running MySQL or HA systems for a very good while now.  
Salt appropriately.

Perhaps the following URL can help:
http://dev.mysql.com/doc/refman/5.0/en/replication-solutions-switch.html

I believe  useful sets of key words for the searching the web would be:
mysql master slave promotion
and
mysqldump  slave

http://dev.mysql.com/doc/refman/5.0/en/replication-solutions-backups-mysqldump.html

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyone using CentOS 6 on PC104 stacks?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Lamar Owen [mailto:lo...@pari.edu]
 Sent: Saturday, July 19, 2014 9:28 AM
 To: CentOS mailing list
 Subject: Re: [CentOS] Anyone using CentOS 6 on PC104 stacks?
 
 On 07/18/2014 05:34 PM, Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote:
  Is anyone using CentOS 6 on PC104 stacks?
  I have tried a couple of different CPU cards with CentOS 6.5 [no updates].  
  I can install with the Install DVD to the PATA hard drive
 just fine, but they each hang up while the installed system is trying to get 
 UDEV going.   And by hang up I mean a) leave the
 machine setting for hours and it never gets udev started, AND b) the keyboard 
 has gone non-responsive (power switch is the only
 way out).
 
 
 Todd, can you give us more details on the PC104 CPU hardware?
 Manufacturer and model would be nice, too.
 
 My only PC104 CPU's here are 486's, and thus C6 is not going to boot (C6
 requires PAE and i686).
 

Sorry for the delay, I had a couple of other interrupts to deal with.
As can be seen below, both CPU cards include PAE support. Both were running 
with just the CPU card (with its built-in peripheral interfaces), hard-drive 
and power supply.
While collecting the information below, I played with kernel options and 
happened to find that with the 
RTD cme37786hx I could get it to boot reliably from the hard-drive if I 
included 
 noapic nomodeset udevtrace (in that order) replacing the quiet rhgb *AND* 
either use the
 CentOS 6.3 install kernel or update to the latest CentOS 6.5 kernel. 
 The CentOS 6.5 DVD installed kernel would pause forever just after trying 
'edd'.

As for the VL-EPMs-21b, even though it worked OK in CentOS 5.9, it would always 
stop in the UDEV 
startup of CentOS 6.5 even after updating to the latest 6.5 kernel and using 
the above kernel options. Interestingly though while working with it, I noticed 
a little brown cube on the ESD bench where the 
board had been setting.  Who would think that a missing capacitor might stop a 
new kernel,
 with a much faster IO engine, from accessing all the hardware in parallel (max 
power pull) at 
entry into user space? :)  
Beginning to think this one is not CentOS's fault. :) 
Fortunately I am expecting to get a new, not used before I got it, version ... 
sometime. :)

So I guess it is sort of solved for now.
Thanks for taking  a look.
-
Drive (320GB) used in both settings
WD3200BEVE
500M boot
1GB swap
minimal install, and using chroot in rescue, added: sos, pciutils, usbutils, 
ntpdate,  openssh-clients, 
dmidecode, lynx
-
CPU card #1
Versa Logic Corp (Ocelot)
VL-EPMs-21b
http://www.versalogic.com/oce
Intel Atom Z520, 1.33 GHz
http://ark.intel.com/products/41174/Intel-Atom-Processor-Z520PT-512K-Cache-1_33-GHz-533-MHz-FSB
2GB ram
cpu family  : 6
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc 
arch_perfmon pebs bts aperfmperf 
pni dtes64 monitor ds_cpl vmx est tm2 ssse3 xtpr pdcm movbe lahf_lm dts 
tpr_shadow vnmi flexpriority

CPU card #2
RTD cme37786hx
http://www.rtd.com/manuals/archive/archive.htm
http://www.rtd.com/manuals/archive/CME37786HX.pdf  pdf page 14 has specs.
VIA Eden CPU with Twister-T Chipset, 400 MHz to 1 GHz clock speed
500MB ram
flags   : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov 
pse36 mmx fxsr sse up

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Anyone using CentOS 6 on PC104 stacks?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Is anyone using CentOS 6 on PC104 stacks?
I have tried a couple of different CPU cards with CentOS 6.5 [no updates].  I 
can install with the Install DVD to the PATA hard drive just fine, but they 
each hang up while the installed system is trying to get UDEV going.   And by 
hang up I mean a) leave the machine setting for hours and it never gets udev 
started, AND b) the keyboard has gone non-responsive (power switch is the only 
way out).

Note1: each board and drive works fine under CentOS 5.9.
Note2: for the purposes of this test all other boards have been removed, it is 
just the CPU board and an power supply. Granted that does leave the video chip, 
serial chip, audio chip, usb chip, and memory (which was memtest86 for 50 hours 
in this config).

Has 6 dropped support for ISA somehow?

Any ideas on what might be wrong or where to start debugging?

I have tried:
Setting selinux to permissive (there was a udev issue in 6.0 where this was 
needed)

Removing quiet and RHGB from the boot, so I can see what is going on

In /etc/udev/udev.conf  set udev_log=debug, but this seems to just 
information overload, AND
It never stops at the same set of messages.  Even booted with udevtrace.

Syslog has not started, so there is nothing in /var/log/messages

Moved /etc/udev/rules.d/* to /etc/udev/rules.distro/ so that rules created at 
install time, under the install dvd's kernel, are not causing issues. Though I 
did move one file per boot attempt, newest first. (yes I have reached desperate 
stage)

Thanks for any pointers.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question about clustering

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Digimer [mailto:li...@alteeve.ca]
 Sent: Monday, June 16, 2014 3:20 PM
 To: CentOS mailing list
 Subject: Re: [CentOS] Question about clustering
 
 On 16/06/14 02:55 PM, m.r...@5-cent.us wrote:
SNIP
  One can also set the cluster nodes to failover, and when the failed node
  comes up, to *not* try to take back the services, leaving it in a state
  for you to fix it.
 
   mark, first work on h/a clusters 1997-2001
 
 Failover and recovery are secondary to fencing. The surviving node(s)
 can't begin recovery until the lost node is in a known state. To make an
 assumption about the node's state (by, for example, assuming that no
 access to the node is sufficient to determine it is off) is to risk a
 split-brain. Even something as relatively minor as a floating IP can
 potentially cause problems with ARP, for example.
 
 Cheers

Having operated a file serving cluster for a few years (~2001-2006) without ANY 
fencing device, I can tell you that it causes split-brain in the admins too, 
i.e., I AGREE. 
Earlier, Alessandro Baggi wrote:
 there is a chance to make fencing without hardware, but only software?
To which Digimer, answered: No. SNIP info about fence device independence

However, there is an *Almost* software only fence.
 Unfortunately  for me I learned about (or at least understood) the stonith 
devices late in the above system's life.  I expect even meatware stonith[1]  
could have saved me considerable pain five or six times. 
Understand that I am not recommending meatware stonith to be a good operational 
stonith device, see [2] for how much subtle understanding the meat has to have, 
but it would be much better than NO operational stonith device.

[1] http://clusterlabs.org/doc/crm_fencing.html#_meatware
[2] http://oss.clusterlabs.org/pipermail/pacemaker/2011-June/010693.html

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 Manuals

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Mark LaPierre [mailto:marklap...@aol.com]
 Sent: Tuesday, May 20, 2014 7:55 PM
 To: Mail List CentOS Users
 Subject: [CentOS] CentOS 6 Manuals
 
 Hey all,
 
 I just went looking for some manuals for a friend of mine who is new to
 Linux.  I installed CentOS 6.5 on his machine.  The CentOS.org web site
 has documentation up to CentOS 5.
 
 Where can I look to find the manuals for CentOS 6?
 

Just how NEW to Linux is this friend?

It might be better to introduce them to some easier guides first instead of the 
SysAdm level docs that comes for CentOS 6.
http://www.tldp.org/guides.html#intro-linux


And although written for the purpose of someone looking to pass the Linux+ 
exam, I found that Roderick W. Smith's ...Linux+ Study Guide... (I think mine 
was 3rd edition) did a good job of explaining WHY you use certain commands to 
do things.  To me that book provided information in an easy enough to read 
manner. 


Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] ISA connected CF card not found by CentOS 6

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

I am attempting to install CentOS 6 on a PC104 stack and am experiencing issues 
with anaconda not being able to find the Compact Flash (CF) card hosted in an 
IDE-CF board connected via the ISA bus.  Did someone finally remove the ISA 
capability from the kernel?

On the same hardware I have been able to install CentOS 5.

With the CentOS 6 install DVD, the system boots up and proceeds until it tries 
to find devices with 'existing CentOS  installs', then after a about a minute 
pops a message indicating it can't find any media to install on, and gives you 
a choice of trying again or exiting the install.
I would try on Alt-F2, to modprobe a driver if only I knew which one to use... 
the driver set for PATA has changed a lot between 5  6.


I also tried booting with the CentOS 6.5 Live CD, to try probing the system a 
bit farther, but the Live CD seems to fail while either loading the 
kernelinitrd to memory or when attempting to boot the kernel. when it makes 
changes operations, the screen res changes and goes black but I see no further 
CD drive activity and keyboard presses are ignored (even CapsLock  NumLock 
don't change their LEDs).

Anyone with clues or solutions on either issue?

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PXE booting UEFI

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

IIRC the line
  49 RRQ /pxelinux/efidefault octet tsize 0 blksize 512
In the output below means look in
/var/lib/tftpboot//pxelinux/efidefault
Not
/var/lib/tftpboot//pxelinux/pxelinux.cfg/efidefault
i.e. it is rooted at the root of your tftpboot structure.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


 -Original Message-
 From: Adam Bishop [mailto:adam.bis...@ja.net]
 Sent: Monday, April 14, 2014 10:57 AM
 To: centos@centos.org
 Subject: [CentOS] PXE booting UEFI
 
 Good Afternoon,
 
 As per the installation guide, section 30.2.2 I’ve created an efidefault file 
 at /var/lib/tftpboot/pxelinux/pxelinux.cfg/efidefault
 
 However, this file is never requested by the 64 bit PXE loader (bootx64.efi), 
 as shown by tcpdump:
 
   75 RRQ /pxelinux/42272635-0011-5053-ACF2-82A100E615F2 octet tsize 0 
 blksize 512
   59 RRQ /pxelinux/01-00-50-56-A7-BA-BF octet tsize 0 blksize 512
   47 RRQ /pxelinux/C13F3F6E octet tsize 0 blksize 512
   46 RRQ /pxelinux/C13F3F6 octet tsize 0 blksize 512
   45 RRQ /pxelinux/C13F3F octet tsize 0 blksize 512
   44 RRQ /pxelinux/C13F3 octet tsize 0 blksize 512
   43 RRQ /pxelinux/C13F octet tsize 0 blksize 512
   42 RRQ /pxelinux/C13 octet tsize 0 blksize 512
   41 RRQ /pxelinux/C1 octet tsize 0 blksize 512
   40 RRQ /pxelinux/C octet tsize 0 blksize 512
   49 RRQ /pxelinux/efidefault octet tsize 0 blksize 512
 
 I’ve worked around this by placing a separate efidefault in the root of the 
 pxelinux directory - however this is undesirable as this
 means I have to maintain separate configs for BIOS and UEFI.
 
 Does anyone know why this is not behaving as documented?
 
 Regards,
 
 Adam Bishop
 Systems Development Specialist
 
   gpg: 0x6609D460
 t: +44 (0)1235 822 245
  xmpp: ad...@jabber.dev.ja.net
 
 Janet, the UK's research and education network.
 
 
 Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
 not-for-profit company which is registered in England under No. 2881024
 and whose Registered Office is at Lumen House, Library Avenue,
 Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] GLIBC_2.7 not found

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Hersh Parikh [mailto:hershparik...@yahoo.com]
 Sent: Friday, March 28, 2014 7:05 AM
 To: CentOS mailing list
 Subject: Re: [CentOS] GLIBC_2.7 not found
 
 Sure. Will do so.
 
 Thanks!! :)
 
 
 
 On Friday, 28 March 2014 4:18 PM, Tru Huynh t...@centos.org wrote:
 
 On Fri, Mar 28, 2014 at 02:33:05AM -0700, Hersh Parikh wrote:
 
  Hi Guys,
 
  Thanks for your valuable suggestion. I will keep them in mind. I have
  checked whether there is a way to update to Centos to 5.10 without
  damaging the cluster suite and I was suggested the best way is to
  reinstall the entire cluster suite. There are few suggestions around
 ...
 Next time, just say that your are using Rocks which is managing your
 CentOS distribution and not a plain CentOS-5 setup ;)
 
 Cheers,
 
 Tru
 

if you MUST have the cluster accessible by the internet, or even much of the 
institution's intranet, definitely consider options for keeping it up to date.  
Or at least it's accessible nodes.
I noticed when I looked at rocks[1]  a while back, that there are folks in that 
community which have been _looking_ at how to safely do some updates:
https://wiki.rocksclusters.org/wiki/index.php/Software_Update_%28SUWG%29
Note that it looks like they have not updated the page in a while, so I would 
use on a test cluster and do a small compute job that is in line with what your 
 institution often does first. And of course see if that group could be 
reinvigorated. :)

Oh, and no I don't run a rocks myself, but had looked into one around the time 
of the formation of the above group.

[1] http://www.rocksclusters.org/wordpress/

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NFS hard mount

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Rita [mailto:rmorgan...@gmail.com]
 Sent: Tuesday, November 12, 2013 7:22 PM
 To: CentOS mailing list
 Subject: Re: [CentOS] NFS hard mount
 
 Yes, unmount the share and error to the client app.
 

Sounds like you want to have a combination of mounting with the intr flag[1] 
and use autofs[2] so that the file system is not mounted ALL the time, but not 
so soft as to loose data all the time. I have seen soft loose data reliably, 
were in the same environment (and same equipment) hard,intr does not loose 
data.  
My experience is that intr is useful in situations where servers go down/have 
link issues frequently, and autofs with short timeouts (~15s  timeout ~60s) 
makes those issues even less _visible_.
It will not get you an automatic unmount of the share and error to the client 
app in the case of server down, but it will /allow/ you to terminate the client 
and unmount as needed IIRC.

[1] nfs mounting page with thanks to zGreenfelder 

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-nfs-client-config-options.html
[2] autofs page

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/s1-nfs-client-config-autofs.html

 
 
 On Tue, Nov 12, 2013 at 6:25 PM, John R Pierce pie...@hogranch.com wrote:
 
  On 11/12/2013 3:18 PM, Rita wrote:
   Is there a tunable to set NFS hard mount time out? For instance, if the
   server becomes unavailable for extended amount of time, say 1 hour. I
  would
   like to timeout after 30 secs.
 
  timeout and do what, unmount the share, and error to the client app
  thats trying to do a read(),write(),open(),stat(),etc ?
 
 
 
  --
  john r pierce  37N 122W
  somewhere on the middle of the left coast
 
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 
 
 
 
 --
 --- Get your facts first, then you can distort them as you please.--


Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How should I reinstall CentOS?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Les Mikesell [mailto:lesmikes...@gmail.com]
 Sent: Tuesday, October 29, 2013 5:25 PM
 To: CentOS mailing list
 Subject: Re: [CentOS] How should I reinstall CentOS?
 
 On Tue, Oct 29, 2013 at 3:47 PM, Michael Hennebry
 henne...@web.cs.ndsu.nodak.edu wrote:
 
SNIP
 
  I'm not willing to put in another week of
  effort out of a probably vain hope of discovery.
 
 You might try running 'rpm -Va' to see if there are any surprises in
 the list of differences between the current state and what was
 installed.
 
 --
Les Mikesell
 lesmikes...@gmail.com

Note on the rpm -Va... I had an issue recently where a package
(openoffice) would not work correctly and:
yum reinstall openoffice\* #did not help
rpm -Va #did not find ANY issues (which surprised me when I did figure
out what was wrong)

however doing a (I did a more restricted, to openoffice files, version
of)
find /usr/ -not -perm -o+r -exec ls -lhd {} +
find /usr/ -type d -not -perm -g+x -exec ls -lhd {} +
find /usr/ -type d -not -perm -o+x -exec ls -lhd {} +
found files that were not even set to write for ROOT (and in general had
NO permission for anyone else)!
The idea is basically that almost all files in /usr/ should be READABLE
by any user and almost all directories should be READABLE  EXECUTABLE
by all so that they can list and read the files in them.

I don't know if the commands at 
http://www.cyberciti.biz/tips/reset-rhel-centos-fedora-package-file-perm
ission.html
would have fixed the issue, because I brute forced the perms to root
writeable and then reinstalled the packages again.

BTW, I still feel a little confused on what the OP's original problem
was and why they are headed in the direction of a 'reinstall the
system'.  Seems a bit overkill for most problems.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or
modify the terms of any contract.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion Handshakes

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

No, Nessus should not in general be ignored.
_My_ *personal* experience has been that if Nessus is reporting a
PACKAGE out of date on CentOS, then it IS out of date [the patch and
CESA has been released by the CentOS team].

As has been indicated earlier in the thread you need to update your
system for ALL the security issues[1] (which don't break the operation
of the system), because you are running CentOS 5.8 [with no updates
presumably[2]].  You might be misunderstanding the purpose point
releases[3].

Can you tell us *why* you are forcing your machine to be stuck at a
particular point release?
It is generally bad practice to not install the updates, at least after
testing on a test rig that represents your deployed machine.
If you were up-to-date then this PCI audit [4] info on the wiki might
apply to your situation.

Perhaps you should read these
http://www.redhat.com/advice/speaks_backport.html
https://access.redhat.com/security/updates/backporting/?sc_cid=3093

and skim these
https://www.centos.org/modules/newbb/viewtopic.php?topic_id=16723
http://www.centos.org/modules/newbb/viewtopic.php?topic_id=33190forum=1
4


[1] try googling, with a limiter of in the last year, for:
CESA +CentOS 5 site:lists.centos.org/pipermail/centos-announce/
These will point to most of the security updates for CentOS 5, which
you may not have applied.



[2]... to confirm you really are running with no/very few 5.9 updates
you could run
rpm -qa --last \*release\*
which will tell you what release the machine thinks it is at.
And then look at 
rpm -qa --last |less 
to see what if anything has been updated since a few *days* after the
release.

[3]
http://wiki.centos.org/FAQ/General#head-6e2c3746ec45ac3142917466760321e8
68f43c0e

[4]
http://wiki.centos.org/FAQ/General#head-3dad8cb98ac535185e58e882a23ca4b0
96cbff2f


Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or
modify the terms of any contract.


 -Original Message-
 From: Anumeha Prasad [mailto:anumeha.pra...@gmail.com]
 Sent: Tuesday, August 06, 2013 7:18
 To: CentOS mailing list
 Subject: Re: [CentOS] Openssl vulnerability - SSL/ TLS Renegotion
 Handshakes
 
 Thank You.
 
 Support for RFC 5746 in OpenSSL was introduced upstream in version
 0.9.8m
 mentioned in the Redhat article made me think that I would require
this
 version. Stephen, as per what you explained, I should be fine with
 openssl-0.9.8e-22.el5.
 Right? So, can the vulnerability reported by Nessus scanner ignored?
 
 
 On Tue, Aug 6, 2013 at 4:20 PM, Stephen Harris li...@spuddy.org
 wrote:
 
  On Tue, Aug 06, 2013 at 04:01:12PM +0530, Anumeha Prasad wrote:
   Hi,
  
   I'm currently at CentOS 5.8. I'm using openssl version
   openssl-0.9.8e-22.el5. The following vulnerability was reported by
 a
  Nessus
   security scan:
 
  Don't trust Nessus scans
 
   As per following link, Redhat has introduced openssl-0.9.8m which
 fixes
   this specific issue:
  
  
 

https://access.redhat.com/site/articles/20490#Updates_adding_RFC_5746_s
 upport
 
  If you follow that link it points to
https://rhn.redhat.com/errata/RHSA-2010-0162.html(openssl-0.9.8e-
 12.el5_4.6)
  as having the fix.
 
  Which is superceded by
https://rhn.redhat.com/errata/RHSA-2013-0587.html(openssl-0.9.8e-
 26.el5_9.1)
 
  The version numbers reported by RedHat do not always match the
 version
  numbers reported by upstream because RedHat backports fixes into
 older
  versions.
 
  According to the very pages you linked to, the flaw has been
 addressed
  by RedHat in the 0.9.8e-12 and newer packages.
 
  --
 
  rgds
  Stephen
  ___
  CentOS mailing list
  CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Understanding RPM trigger scripts?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: James Pearson [mailto:jame...@moving-picture.com]
 Sent: Monday, July 08, 2013 11:45
 To: CentOS mailing list
 Subject: [CentOS] Understanding RPM trigger scripts?
 
 I'm trying to get my head around RPM trigger scripts - but currently
 getting very confused ...
 
 I have a custom RPM which has in its spec file a '%triggerin' script
 for
 the 'kernel' RPM - i.e. a script that I want to run when the kernel
RPM
 is upgraded/installed
 
 This works OK - once my custom RPM is installed, if the kernel is
 subsequently upgraded/installed, my trigger script is run
 
 However, the same trigger script is also run when I upgrade my custom
 RPM - which I don't want - and so far, I can't find a reliable way of
 making sure it isn't run in this case. The more I search for an
answer,
 the more I get confused :-)
 
 I know this is a bit off-topic and obscure, but does anyone know how
to
 make sure such a trigger script is only run when the RPM that triggers
 it is upgraded/installed - and not when the RPM that contains the
 trigger script is upgraded?
 
 Thanks
 
 James Pearson

While looking into doing similar things a few years ago I ran across the
following PDF.
It has several pages on doing triggers, and looked promising to help my
understanding, I just got pulled onto a different project before getting
to test out the ideas.
I think page 25 would be of interest to you.

http://www.redhat.com/promo/summit/2010/presentations/summit/opensource-
for-it-leaders/thurs/pwaterma-2-rpm/RPM-ifying-System-Configurations.pdf


I hope this pointer to info helps.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or
modify the terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CESA-2013:0898 CEBA-2013:0902, centos 5.9 repodata not pushed?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Johnny Hughes [mailto:joh...@centos.org]
 Sent: Tuesday, June 11, 2013 12:16
 To: centos@centos.org
 Subject: Re: [CentOS] CESA-2013:0898  CEBA-2013:0902,centos 5.9
 repodata not pushed?
 
 On 06/11/2013 11:07 AM, Denniston, Todd A CIV NAVSURFWARCENDIV Crane
 wrote:
  Johnny ( other CentOS folks),
  Am I being fooled by some proxies between me and centos (and all the
 centos mirrors, which what I normally use), or has the repodata for
 CentOS 5.9 updates not been updated since 03-Jun-2013 12:08?
 
  I was under the impression that the repodata on the main centos
 servers was updated about the same time as any CentOS-announce message
 going out, unless I also see a message from one of the admins
 indicating an issue, so I am very confused.
 
  Thanks for the feedback.
 
  repodata[1] 03-Jun-2013 12:08
  CESA-2013:0898 mesaemail[3] Jun 3 22:45:12 UTC 2013, rpm[2]
 03-Jun-2013 22:45
  CEBA-2013:0902 gfs2-utils  email[4] Jun 6 14:55:49 UTC 2013, rpm[2]
 06-Jun-2013 14:55
 
  [1] http://mirror.centos.org/centos/5.9/updates/i386/repodata/
  [2] http://mirror.centos.org/centos/5.9/updates/i386/RPMS/?C=M;O=D
  [3] http://lists.centos.org/pipermail/centos-announce/2013-
 June/019773.html
  [4] http://lists.centos.org/pipermail/centos-announce/2013-
 June/019779.html
 
 
 I have just pushed a metadata update to clear out any possible issues
 as
 it was easy to do and should make all the mirrors update, etc.
 
 Should be on all mirror.centos.org in 30 minutes.

Thanks for clearing that up.

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or
modify the terms of any contract.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CESA-2013:0898 CEBA-2013:0902, centos 5.9 repodata not pushed?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Johnny ( other CentOS folks),
Am I being fooled by some proxies between me and centos (and all the centos 
mirrors, which what I normally use), or has the repodata for CentOS 5.9 updates 
not been updated since 03-Jun-2013 12:08?

I was under the impression that the repodata on the main centos servers was 
updated about the same time as any CentOS-announce message going out, unless I 
also see a message from one of the admins indicating an issue, so I am very 
confused.

Thanks for the feedback.

repodata[1] 03-Jun-2013 12:08
CESA-2013:0898 mesaemail[3] Jun 3 22:45:12 UTC 2013, rpm[2] 03-Jun-2013 
22:45
CEBA-2013:0902 gfs2-utils  email[4] Jun 6 14:55:49 UTC 2013, rpm[2] 06-Jun-2013 
14:55

[1] http://mirror.centos.org/centos/5.9/updates/i386/repodata/
[2] http://mirror.centos.org/centos/5.9/updates/i386/RPMS/?C=M;O=D
[3] http://lists.centos.org/pipermail/centos-announce/2013-June/019773.html
[4] http://lists.centos.org/pipermail/centos-announce/2013-June/019779.html

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] TPM and secure boot

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: John R Pierce [mailto:pie...@hogranch.com]
 Sent: Sunday, May 19, 2013 17:57
 To: CentOS mailing list
 Subject: Re: [CentOS] TPM and secure boot
 
 On 5/19/2013 2:41 PM, Reindl Harald wrote:
  your question was*clearly*  secure boot
  and before UEFI secure boot*nobody*  cared about TPM on OS systems
 
 so basically, you're saying you can't use a TPM to secure a linux
 system?   hey, saves me a lot of work. I'll tell my boss it can't
 be
 done.
 

As seen on LWN http://lwn.net/Articles/549597/ 
Matthew Garrett has been messing with TPM again
http://mjg59.dreamwidth.org/24818.html

You can secure a Linux system Quite well using TPM, but it takes work
and you need to know the capabilities of your TPM chip... Matthew
Garrett indicated that they are not all loaded the same.
For the purposes of doing ssl, I am wondering if you need the
Endorsement Key (EK), which Matt indicated some chips don't have. I know
you *can* get a system all the way through booting from tpm using
trusted grub and tpm-luks.
Matt indicated that The Linux kernel has support for measuring each
binary run or each module loaded and extending PCRs accordingly, so you
can go deeper.


Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or
modify the terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] floppy drives

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: m.r...@5-cent.us [mailto:m.r...@5-cent.us]
 Sent: Tuesday, April 09, 2013 12:21
 To: CentOS mailing list
 Subject: Re: [CentOS] floppy drives
 
 Frank Cox wrote:
  On Tue, 9 Apr 2013 10:19:33 -0400
  m.r...@5-cent.us wrote:
 
  Hmmm... didn't see it mounted, but I'll try more tonight. Last night
  included a) playing with system, and b) finishing up our federal
  taxes
 
  If you're going to use mtools to do your copying, you don't need to
 mount
  the disks.
 
 mtools is a desperation move, since I haven't actually read anything
 from
 anything yet. As I mentioned, I *may* have an old drive head cleaner
 somewhere - since it's not been used in about a decade, I'm thinking of
 corrosion or crud.
 
 I also can't seem to find the USB 3.5 drive I borrowed - lsusb sees it
 (at least since the last reboot), but trying to find it to mount it is
 something I'm still digging at, and I doubt mtools can find it.
 
  mark
 

Note: the USB floppy may be showing up as /dev/sd[bcd...n]
At least that is what happened when I used one on RHEL/CentOS5 a while back.

I suggest unplugging the USB floppy, execute `ls /dev/sd* /dev/fd*`, 
plug it in and execute `ls /dev/sd* /dev/fd*`, and then note the differences.

{there are probably hal/udev/inotify games you could do, but I like old 
fashioned things.}

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] escd daemon

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

esc can let you look at your card in ways that are similar to what 
firefox-edit-prefrences-advanced-encryption can, except it is 
more limited, 
not as reliable (for instance right now FF is seeing my card details, but esc 
is not), 
and is more annoying (i.e. pops up in your way *every* time the card insertion 
is detected).

My standard thing to do with esc is `yum remove esc`.
every time I see it get installed on machines I use, I hope that it has finally 
got something I want, but in the RHEL 5.X series it has not.

 Todd - Mr. admin *_why_* did you reinstall that!?

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.




-Original Message-
From: m.r...@5-cent.us [mailto:m.r...@5-cent.us]
Sent: Thu 10/11/2012 09:15
To: CentOS mailing list
Subject: Re: [CentOS] escd daemon
 
Helmut Drodofsky wrote:
 Sorry, I had searched linux esc with the result:
 Definition: ESCD: Extended System Configuration Data (BIOS, PNP)=-O

 I have never used smart cards and I will not handle smart cards.

I must be missing something - for smart cards, you need pcscd, and
probably openct, opensc, ccid

   mark why would you think I need to know this...?




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] chmodding SCP

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Turnbough, Bradley E. wrote:
 I have two machines, and I am trying to copy files from one to the other
 via SCP.
snip
From a different machine, I'm trying to scp to that machine, but I'm
 receiving an access denied.

 My ssh key is in the authorized users file in the root profile.
snip

So your setup is while setting at host1 you execute
scp root@host3:myfile root@host2:
and get access denied?

further I expect you are using ssh-agent.

if so, I expect it has something to do with scp dropping agent forwarding.
search 'scp agent forwarding'
I once found a script to work around it, but that is painful.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configuration Compliance auditing for many CentOS 5.x boxes

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Tom H
 Sent: Wednesday, February 01, 2012 14:54
 To: CentOS mailing list
 Subject: [CentOS] Configuration Compliance auditing for many CentOS
5.x
 boxes
 
 Hi CentOS experts,*
 
 Short Version*
 
 I would like to produce a weekly report in HTML for each CentOS 5.x
 server we have indicating configuration compliance with some industry
 benchmark. I am looking for a tool or tools to implement this, I am
 happy to use 3rd party proprietary stuff if necessary.


 Current progress is...
 
 I see that OPENSCAP and OVAL have tools in CentOS-base or EPEL, such
as
 
  OpenSCAP-utils
  ovaldi - oval reference interpreter
 
 Which can be used to create reports. However they seem a little
 unrefined.
 
 For SCAP and OVAL content I have found the following.
 
 1. NIST provide SCAP content for RHEL desktop, which is kinda close;
 2. http://usgcb.nist.gov/usgcb/rhel_content.html
 3. There is a tool called sectool in the fedora repos, but I can't get
 it to run on CentOS due to a missing python-slip module.
 
 Any suggestions on functioning stacks for this problem would be
 helpful.

Sorry about no suggestions, but seeing where you are I have a question
back at you:
The http://usgcb.nist.gov/usgcb/rhel_content.html seemed to me to be a
newer schema than the openscap in RH/CentOS 5, did you find a way to run
it on 5?

And I sort of assume you have seen 
http://www.redhat.com/security/data/oval/?C=M;O=D
for the RHEL boxes...

Thanks for any pointers.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Machine becoming irresponsive

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Dotan Cohen
 Sent: Monday, January 23, 2012 10:14
 To: CentOS mailing list
 Subject: Re: [CentOS] Machine becoming irresponsive
 
 On Mon, Jan 23, 2012 at 16:23, Phil Schaffner
 philip.r.schaff...@nasa.gov wrote:
  I'd have a look at why an apparently Internet-facing server is 5
 point
  releases, plus a lot of subsequent errata, behind the current 5.7
  release level; and what resultant vulnerabilities might have been
 exploited.
 
 
 Thanks. There are a lot of very specific software on that server that
 precludes it from being updated. I believe that 5.2 still is seeing
 security updates, no?
 

No.
The minor release 5.2 (exactly) is no longer getting updates, but the
major release it is in (5) is up to minor release 5.7.
If you are using the CentOS update mechanisms in the standard configured
way, then you may already be up to 5.7, but simply do not understand the
fact.

What is the versioning/release scheme of CentOS and how does it compare
to the upstream vendor?
https://www.centos.org/modules/smartfaq/faq.php?faqid=34

How do I get updates for CentOS?
https://www.centos.org/modules/smartfaq/faq.php?faqid=8


The upstream vendor has some information that may help you understand EL
OS minor revisions (or point releases):
Red Hat Enterprise Linux Life Cycle
https://access.redhat.com/support/policy/updates/errata/?cid=332371

'Red Hat Enterprise Linux Compatibility Policies'
https://access.redhat.com/kb/docs/DOC-5155

Too bad I can't find a centos FAQ pointing to these or explaining it at
a CentOS level, as I am beginning to think My ancient version of CentOS
is still getting updates, right? or I installed X.y of CentOS is it
possible to upgrade to X.(y+1) of CentOS without a full reinstall? are
becoming FAQ but keep being stated in slightly different ways.

 In any case, a complete reinstall with either 5.2 or a latter version
 is pretty much out of the question for now, though I will try to see
 what needs to be done in that direction. In the meantime, where should
 I concentrate my efforts?

I would suggest investigating the advice of those who are suggesting you
look at the possibility of the box already being compromised. (as it is
better to _KNOW_ for sure.)

Also understanding the actual version of your system may help you.
These three commands may help (if the machine is not compromised, and
perhaps even if it is):
rpm -qa \*release\* 
rpm -qa --last |head
uname -r

Studying for the Linux+ exam (or similar) may point you in many
directions you have not yet known existed.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] EPEL not working ... is it just me?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Alan McKay
 Sent: Wednesday, January 11, 2012 9:36
 To: CentOS mailing list
 Subject: [CentOS] EPEL not working ... is it just me?
 
 This is very strange - has been happening the last few days.   I just
 upgraded this system from 5.3 to 5.7 on Monday and the problem started
 some
 time after that (but not immediately because I know I used yum Monday
 evening after the upgrade)
 
 I get the following error from yum, but it goes away if I --
 disablerepo=epel
 
 The funny thing is that the listed xml file I can easily wget from
this
 system.
 

You mean in the terminal on solexa-db you just issued the yum install
in, you can issue as the next command
wget http://fedora.mirror.nexicom.net/epel/5/x86_64/repodata/repomd.xml

and it gets the xml file?

 Also having the issue with other 5.7 systems that were upgraded from
 5.3
 several weeks ago and had been working fine since.
SNIP yum and rpm cleans 
 
 [root@solexa-db varlog]# yum -y install hddtemp
 Loaded plugins: downloadonly, rhnplugin, security
 http://fedora.mirror.nexicom.net/epel/5/x86_64/repodata/repomd.xml:
 [Errno
 4] IOError: urlopen error (111, 'Connection refused')
 Trying other mirror.
 Error: Cannot retrieve repository metadata (repomd.xml) for
repository:
 epel. Please verify its path and try again


It seems a bit strange to me that there is only one mirror tried...
As a quick temporary fix/test I would comment mirrorlist and uncomment
baseurl in epel.repo and see if the yum command worked.

BTW it seems solexa-db may be a RH machine instead of a CentOS machine.
see the rhnplugin get loaded? Could that be a difference between the
working and non working machines (granted I have not seen any problems
with RH machines and epel)?

I think it might be good to take this question over to epel-devel (AFAIK
the appropriate list) and see if they can help figure out why you are
having trouble with THEIR infrastructure.
https://www.redhat.com/mailman/listinfo/epel-devel-list

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances (not OT)

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of m.r...@5-cent.us
 Sent: Tuesday, January 10, 2012 12:48
 To: CentOS mailing list
 Subject: Re: [CentOS] USB install annoyances (not OT)
 
 John Doe wrote:
  From: m.r...@5-cent.us m.r...@5-cent.us
 
  I've retried again, and it still fails. I see that it's mounted
  /dev/sda2, which is where I've got the contents of a DVD, as
 /mnt/isolinux.
 
  Unless you specifically need the DVD contents, maybe try with
  the ISOs instead...
 
 This doesn't vaguely answer my question. 

I think it does, but not to the detail level you need.  Details below.

 The install.img mounted the
 partition, by itself, as /mnt/isolinux. That's what *IT* did. I
thought
 I
 had the partition as a clone of the dvd by mount -o loop and rsync.
 
 But I've just rebuilt the USB key partition from the latest 2 DVDs we
 have
 locally (I rsync'd Pagckages/. from the second one into the Packages
 directory I made when I rsync'd the first DVD, so it should look like
a
 one-disk DVD. As soon as that finishes, I'll try another time
 
 Unless someone has the explicit answer to what is the image, or
 directory,
 the install.img wants to mount to get the repo, please don't reply.
 

 From what I recall: you can 
   * boot the USB
   * layout and format the disks (we assume using anaconda)
  And when you  get towards package selection, anaconda fails indicating
' that it can't find image# 1.'

The image# 1 it is looking for is the .iso which could have been burnt
to a DVD for doing the install, i.e., not something from the images
directory from THAT iso.

As RHEL6 anaconda derives from something post the rawhide that I
submitted the following bug on, it may help you understand.
https://bugzilla.redhat.com/show_bug.cgi?id=435976

summary: anaconda will not trust any mounted file system for the rpm's
to install, it only trusts media images and http.


I hope this helps you, of course I could always be wrong.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Corrupt mbr and disk directory map

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of m.r...@5-cent.us
 Sent: Thursday, January 05, 2012 15:33
 To: CentOS mailing list
 Subject: Re: [CentOS] Corrupt mbr and disk directory map
 
 Billy Davis wrote:
  On 1/5/2012 11:20 AM, m.r...@5-cent.us wrote:
  Billy Davis wrote:
  We are running Centos 5.6.  All was fine until yesterday.  I
 attempted
  to tar a 14KB work file to a USB floppy  (/dev/sdb) for transport
 to
  another server.  Unfortunately, I keyed in 'tar cvf /dev/sda
 filename'
  instead of 'tar cvf /dev/sdb filename'.   /dev/sda is our main
 tail o' woe elided
SNIP
 
  Next, I reinstalled grub.  All seems normal now, at least until I
  shutdown and reboot.  I'll wait until the weekend to do that, just
in
  case I still have to do a disk restore for some reason.
 
 Best of luck, and let us know how things turn out.
 
 If things go south, there *are* tools that will let you scan a raw
 disk,
 and you could look for the superblock or the first dup, then calculate
 where the fs  partition should start, but that would be *real* work.

The OP might want to look at the archives of this list for the somewhat
recent data recovery thread before rebooting.
I thought Lamar Owen's 9/23/2011 15:35 post was particularly good,
because it mentioned some of the tools and processes.

And as Mark said... I hope it works.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] turning off udev for eth0

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Les Mikesell
 Sent: Tuesday, January 03, 2012 22:24
 To: CentOS mailing list
 Subject: Re: [CentOS] turning off udev for eth0
 
 On Tue, Jan 3, 2012 at 5:13 PM, Peter Larsen
 plar...@famlarsen.homelinux.com wrote:
 
  Is there no way to alter udev's behaviour?  Is udev even
  needed on a server system using virtual hardware?
  Altering the rules file not a big deal in itself but it
  adds needless busywork when setting up a new guest.
SNIP
  It's a very common problem. Another way is to have a %post script in KS
  or after initial startup as a VM, that fixes the file based on what the
  VM properties are.
 
 It happens in real hardware too if you move a disk to a different
 chassis, clone a drive, restore a backup to similar hardware, etc.
 
 Where is the best documentation on what triggers the rules to be
 rewritten, how the bios location works, etc.?

I gave up on tricking UDEV, it was easier to work with the system with my 
clones.
`system-config-network-cmd -e` yields a text file that, you can have either a 
firstboot script or the booting sysadm,
`system-config-network-cmd -i -c -f file.txt` will pull back in and reconfigure 
the system after ifdown'ing eth0.
For good measure I also blanked (and restorecon'd) resolv.conf and hosts prior 
to pulling in the file.

Good luck.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Network Situation

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Gene Poole
 Sent: Wednesday, December 14, 2011 13:08
 To: centos@centos.org
 Subject: [CentOS] Network Situation
 
SNIP
 If I install CentOS 6.0 and sometime later upgrade to CentOS 6.2, will
 the fact that I'm running software raid-1 on the /boot partition 
 cause me grief?
SNIP

6.2 is the kind of release that those in the community and TUV call a
'point release'.
Reading the FAQ may help you.
14. What is the versioning/release scheme of CentOS and how does it
compare to the upstream vendor?
http://wiki.centos.org/FAQ/General#head-6e2c3746ec45ac3142917466760321e8
68f43c0e

And I think the backport link to redhat in the following FAQ could be
useful for you to understand.
20. Where can I get the latest version of XyZ.rpm for CentOS? I cannot
find it anywhere.
http://wiki.centos.org/FAQ/General#head-472ce8446ebcfc82ca1800f775ba0e62
9ac835c7

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Group permission problems [RESEND]

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Michael Velez
 Sent: Tuesday, December 13, 2011 8:14
 To: centos@centos.org
 Subject: Re: [CentOS] Group permission problems [RESEND]
 
 
  This seems to be ok but these:
 
   $ groups
   michael adm
  
   $ id
   uid=500(michael) gid=500(michael) groups=4(adm), 500(michael)
 
  Say otherwise.
 
  Might sound stupid but... did you make sure to logoff and back in
 with your user?
 
  Regards
 Ok.  I did not know I needed to log back off and on.  OK.  I'll try
 that although I can't do it now due to a currently running process.
 I'm actually accessing the machine through VNC.  Could this be part of
 the issue as well? The session needs to be closed and re-opened before
 the new groups will take effect? Thanks,Michael

With Unix unless you are changing X or the kernel, you can most times
just start a new instance of you. :)
i.e., `xterm -ls -sb` or 
(in gnome) 
start a terminal
click Edit - Current Profile 
click 'Title and Command' 
make sure Run command as login shell** is checked, and click close.
Start a new gnome terminal.

**you'll have to look back into the mists of time to see the argument
about why neither gdm nor gnome-terminal made this the default.  You may
or may not want to undo the change later.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can rpm %{SUMMARY} not be consistent?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Denniston, Todd A CIV NAVSURFWARCENDIV Crane
 Sent: Wednesday, November 16, 2011 16:37
 To: CentOS mailing list
 Subject: RE: [CentOS] How can rpm %{SUMMARY} not be consistent?
  -Original Message-
  From: centos-boun...@centos.org [mailto:centos-boun...@centos.org]
On
  Behalf Of Akemi Yagi
  Sent: Wednesday, November 16, 2011 11:20
  To: CentOS mailing list
  Subject: Re: [CentOS] How can rpm %{SUMMARY} not be consistent?
 
  On Wed, Nov 16, 2011 at 6:56 AM, John Hodrien
 j.h.hodr...@leeds.ac.uk
  wrote:
   On Wed, 16 Nov 2011, Akemi Yagi wrote:
  
   What you are seeing is indeed odd. I see 'version 3.1' but not
'3.2'
   anywhere on the Summary line of bash. 
 
 I would have said you also seeing 'version 3.1.' is one of the very
odd
 things, but then I check the bash rpm in a repo and it has 'version
 3.1.' in the 3.2-32.el5 rpm.
 

I think I know some of what is causing what is going on now...
After a little testing with a format string of 
 
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{INSTALLTIME:date}\n'
I found I got different results based on the LANG environment setting,
which led me to try it with the SUMMARY field too.

###start with a normally configured terminal
$ cd /to/your/CentOS/mirror/
$ locale |grep LANG
LANG=en_US.UTF-8
$ rpm -q \
  --qf
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{SUMMARY}\n'  \
  -p 5.7/os/i386/CentOS/bash-3.2-32.el5.i386.rpm
CentOS,bash,3.2,3.2-32.el5,i386,The GNU Bourne Again shell
(bash) version 3.1.

#now change LANG to what I see from cron
$ export LANG=
$ locale |grep LANG
LANG=
$ rpm -q \
  --qf
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{SUMMARY}\n'  \
  -p 5.7/os/i386/CentOS/bash-3.2-32.el5.i386.rpm
CentOS,bash,3.2,3.2-32.el5,i386,The GNU Bourne Again shell
(bash) version 3.2

Why does a number in a text string change based on LANG?

and for added fun... look at an agg package from epel
$ export LANG=en_US.UTF-8
$ rpm -q --qf
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{SUMMARY}\n' agg
Fedora Project,agg,2.5,2.5-9.el5,i386,Anti-Grain Geometry
$ export LANG=
$ rpm -q --qf
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{SUMMARY}\n' agg
Fedora Project,agg,2.5,2.5-9.el5,i386,Anti-Grain Geometry
graphical rendering engine

Why does the string length change this dramatically based on LANG?


Well I guess I at least know what I need to do to the script to have it
be consistent.

I might even get around to filing a RH bug, because this does not seem
to me to be a correct behavior to me. does anyone here see these changes
as correct behavior (and why)?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can rpm %{SUMMARY} not be consistent?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: Denniston, Todd A CIV NAVSURFWARCENDIV Crane
 Sent: Tuesday, November 29, 2011 10:54
 To: 'CentOS mailing list'
 Subject: RE: [CentOS] How can rpm %{SUMMARY} not be consistent?
 
 and for added fun... look at an agg package from epel
 $ export LANG=en_US.UTF-8
 $ rpm -q --qf '%{VENDOR},%{NAME},%{VERSION},%{VERSION}-
 %{RELEASE},%{ARCH},%{SUMMARY}\n' agg
 Fedora Project,agg,2.5,2.5-9.el5,i386,Anti-Grain Geometry
 $ export LANG=
 $ rpm -q --qf '%{VENDOR},%{NAME},%{VERSION},%{VERSION}-
 %{RELEASE},%{ARCH},%{SUMMARY}\n' agg
 Fedora Project,agg,2.5,2.5-9.el5,i386,Anti-Grain Geometry
 graphical rendering engine
 
 Why does the string length change this dramatically based on LANG?

###And even more fun... try compat-db
$export LANG= ;rpm -q --qf
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{SUMMARY}\n'  compat-db
CentOS,compat-db,4.2.52,4.2.52-5.1,i386,The Berkeley DB
database library for Red Hat Linux 7.x compatibility.
$ export LANG=en_US.UTF-8 ;rpm -q --qf
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{SUMMARY}\n'  compat-db
CentOS,compat-db,4.2.52,4.2.52-5.1,i386,The Berkeley DB
database library for CentOS 2.1 compatibility.

Yep that seems a strange one.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] megaraid/PERC

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of m.r...@5-cent.us
 Sent: Tuesday, November 29, 2011 15:36
 To: CentOS mailing list
 Subject: [CentOS] megaraid/PERC
 
 I've got two drives from a now-dead server, they were RAIDed, a
mirror,
 I'd assume. I need to see if there's anything on them I need to
 transfer
 to the replacement, so I just shoved them into another Dell server,
 with a
 PERC 5 controller - I think that's what the dead one had. I fired up
 MegaRAID storage manager... but can't see any way to tell it to
 recreate
 that RAID. Anyone done this?
 

Recent experience indicates... if the machine had any kind of warranty
with Dell, an authorized owner/technician should call Dell before doing
ANYTHING more with the drives.

use this info at your own risk
With the dell system I was working with, I was walked through booting
into the raid controller software (bios level prior to OS boot) and
having THAT reassemble the array.
/use this info at your own risk

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can rpm %{SUMMARY} not be consistent?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Phoenix, Merka
 Sent: Tuesday, November 15, 2011 18:48
 To: CentOS mailing list
 Subject: Re: [CentOS] How can rpm %{SUMMARY} not be consistent?
 
 -Original Message-
  Denniston, Todd A CIV NAVSURFWARCENDIV  Crane wrote:
  Sent: Tuesday, 15 November, 2011 12:57
  To: CentOS@centos.org
  Subject: [CentOS] How can rpm %{SUMMARY} not be consistent?
 
SNIP
  rpm -qa \
   --qf
  '%{VENDOR},%{NAME},%{VERSION},%{VERSION}-
 %{RELEASE},%{ARCH},%{SUMMARY}\n' \
| sort -t\ -k3  ${OUTFILE}
 
  Stuff the resulting ${OUTFILE} in an rcs file.
 
  And some days the rcs file will show deltas such as the following
 (which
  was pulled from a rather recent set of flipflops):
 
  --- mach.csv2011/11/15 10:50:04
  +++ mach.csv2011/11/15 09:22:53
 
  -CentOS,bash,3.2,3.2-32.el5,i386,The GNU Bourne Again
 shell
  (bash) version 3.1.
  +CentOS,bash,3.2,3.2-32.el5,i386,The GNU Bourne Again
 shell
  (bash) version 3.2
 snip
 
 Using the double quote () as a delimiter, the third key would be a
 comma (,) (see below for an example)
 
  A,B,C,D,E,...
 123456789AB...
 
 And since your sort command is sorting only on the fifth key, all the
 commas are already in order (unless there is a blank line in there
 somewhere). The order of the re cords within a sorted group may or may
 not be guaranteed to change.
 
 Change your sort order from '-k3' to '-k2 -k4 -k6 -k8 -k10 -k12' to
 sort by Vendor, Name, Version, Version-Release, Arch, Summary and see
 if that helps.


Although you may be correct on the need to sort the NAME field using -k4
instead of -k3 ***, the question was not about the sort order, but about
the *content* of the SUMMARY fields being different between multiple
runs against the same database information for the same package, i.e.
notice the difference in the summary fields for the same bash package
above.


*** and this seems to explain a different but MUCH less annoying
confusion.

Thanks for that bit of help.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How can rpm %{SUMMARY} not be consistent?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Akemi Yagi
 Sent: Wednesday, November 16, 2011 11:20
 To: CentOS mailing list
 Subject: Re: [CentOS] How can rpm %{SUMMARY} not be consistent?
 
 On Wed, Nov 16, 2011 at 6:56 AM, John Hodrien
j.h.hodr...@leeds.ac.uk
 wrote:
  On Wed, 16 Nov 2011, Akemi Yagi wrote:
 
  What you are seeing is indeed odd. I see 'version 3.1' but not
'3.2'
  anywhere on the Summary line of bash. What is your kernel by the
way?

I would have said you also seeing 'version 3.1.' is one of the very odd
things, but then I check the bash rpm in a repo and it has 'version
3.1.' in the 3.2-32.el5 rpm.

  uname -mr ?
 
  Have you cleared yum cache? Not just running a 'yum clean all' but
  emptying the /var/cache/yum directory ?
 
  Why would yum cache have any bearing on what rpm reported?
 
 In my attempts to reproduce what you are seeing, I used 'yum info' a

It takes days/weeks of collecting the data via cron.daily and (I think)
having a few updates/installs happen between some of the runs.
On the boxes where I see it more, I often run the data collection script
immediately following updates.  I almost think there is some kind of rpm
housekeeping that gets done on a daily basis that could affect it, but I
can't figure out what it would be, because the rpm script in cron.daily
only dumps data (similar to what mine dumps) to /var/log/rpmpkgs... it
does not issue any rpm clean up commands. as I understand anacron, each
of the scripts should finish before anacron starts the next, so there
should not be any DB contention, between the rpm script and mine, I
would think.

At one time (in the mists of history, probably around RHEL 1|2) I
thought there was a daily rpm cleanup task, but I can't find it on Cent
5 systems.

 few times for the packages that were not on my systems. But in your
 case (pure rpm operations) yum cache will not be relevant. 

That is my thought too.
But I don't know where rpm could be getting the different info.

 By the way
 I looked at both CentOS 5 and 6 but did not see any inconsistency. 

I am on CentOS 5.

 And
 the reason why I asked about the kernel version was because it was not
 clear which version/release of CentOS you are running. Sorry for the
 noise. I will shut up now.
 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] How can rpm %{SUMMARY} not be consistent?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

I have been seeing something for quite some time which has confused me
considerably for over a year, perhaps one of you can help me understand.

Assumed: rpm queries are against _a_ database.
Assumed: database queries against the same database, without changes to
the data in the database, will return the same data.

Confusion: then why are some of the summaries reported by rpm different?

Each day I (cron.daily) run the following command
rpm -qa \
 --qf
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{SUMMARY}\n' \
  | sort -t\ -k3  ${OUTFILE}

Stuff the resulting ${OUTFILE} in an rcs file.

And some days the rcs file will show deltas such as the following (which
was pulled from a rather recent set of flipflops):

--- mach.csv2011/11/15 10:50:04 
+++ mach.csv2011/11/15 09:22:53 

-CentOS,bash,3.2,3.2-32.el5,i386,The GNU Bourne Again shell
(bash) version 3.1.
+CentOS,bash,3.2,3.2-32.el5,i386,The GNU Bourne Again shell
(bash) version 3.2

-CentOS,compat-db,4.2.52,4.2.52-5.1,i386,The Berkeley DB
database library for CentOS 2.1 compatibility.
+CentOS,compat-db,4.2.52,4.2.52-5.1,i386,The Berkeley DB
database library for Red Hat Linux 7.x compatibility.

-CentOS,firefox,3.6.24,3.6.24-3.el5.centos,i386,Mozilla
Firefox Web browser.
+CentOS,firefox,3.6.24,3.6.24-3.el5.centos,i386,Mozilla
Firefox Web browser

-Adobe Systems
Inc.,flash-plugin,11.1.102.55,11.1.102.55-release,i386,Adobe
Flash Player 7.0
+Adobe Systems
Inc.,flash-plugin,11.1.102.55,11.1.102.55-release,i386,Adobe
Flash Player 11.1

-CentOS,gdb,7.0.1,7.0.1-37.el5_7.1,i386,A GNU source-level
debugger for C, C++, Java and other languages.
+CentOS,gdb,7.0.1,7.0.1-37.el5_7.1,i386,A GNU source-level
debugger for C, C++, Java and other languages

-CentOS,gettext,0.17,0.17-1.el5,i386,GNU libraries and
utilities for producing multi-lingual messages.
+CentOS,gettext,0.17,0.17-1.el5,i386,GNU libraries and
utilities for producing multi-lingual messages

-CentOS,htmlview,4.0.0,4.0.0-2.el5,noarch,Tools for launching
Preferred Applications
+CentOS,htmlview,4.0.0,4.0.0-2.el5,noarch,Launcher of
Preferred Web Browser

rpm -q --last compat-db htmlview
compat-db-4.2.52-5.1  Tue 17 Mar 2009 02:32:59
PM EDT
htmlview-4.0.0-2.el5  Tue 17 Mar 2009 02:21:59
PM EDT
i.e. these have been there, at this version, since machine install.

poking around in /var/lib/rpm/, with strings and grep, the only file I
find Adobe Flash Player  in is Packages and I only find the Adobe
Flash Player 11.1 variant of the string.
Yet at the same time
rpm -q \
 --qf
'%{VENDOR},%{NAME},%{VERSION},%{VERSION}-%{RELEASE},%{ARCH},%
{SUMMARY}\n' \
 flash-plugin 

displays:
Adobe Systems
Inc.,flash-plugin,11.1.102.55,11.1.102.55-release,i386,Adobe
Flash Player 7.0

/var/tmp/rpm* is nonexistent.

Note: rpm does seem to be fairly consistent in its inconsistency, the
above applications are a small sampling of a larger *set* (out of ~180
packages that show this) that seems to keep flip flopping from one
SUMMARY to the other, *usually* in the day or two post a yum update (not
sure if reboots also affect it). 
The summaries always bounce between the same text, i.e., htmlview has
always used either Launcher of Preferred Web Browser or Tools for
launching Preferred Applications and bash has always used either The
GNU Bourne Again shell (bash) version 3.1. or The GNU Bourne Again
shell (bash) version 3.2 (and a 3.1 version has never been installed on
the system).

RHEL machines show the same flip flops with the same packages and same
flopping summary texts.

So where is rpm getting the bad information from?
Can it be cleaned out? What would be lost by cleaning it out?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum segmentation fault updating from 5.6 to 5.7

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of sebasti...@datafaber.net
 Sent: Friday, September 16, 2011 11:27
 To: centos@centos.org
 Subject: Re: [CentOS] Yum segmentation fault updating from 5.6 to 5.7
 
 I've finally managed to update one of my boxes to 5.7. I did it in a
 very roundabout way, which however confirms that at least in my boxes
 there's something wrong in the way yum creates the sqlite databases.
 
 I've basically followed the guide at
 http://wiki.centos.org/HowTos/CreateLocalMirror to create my own mirror

Which uses rsync instead of http.

 of the 5.7 'os' and 'updates' directories, created the yum repository
 with 'createrepo -d' to pre-create the sqlite database and made this
 mirror accessible to the other boxes via HTTP.
 
 I then created a /etc/yum.repos.d/Local.repo file which specifies my
 private mirror for the [base] and [updates] repositories, commented out
 everything in the /etc/yum.repos.d/CentOS-Base.repo and ran
 
 yum clean all
 yum update
 
 Everything updated flawlessly and the box restarted normally with the
 newer kernel.
 
 Now, this doesn't solve the original yum problem, but at least confirms
 that the creation of a corrupted sqlite database was indeed the real
 issue.
 
 Many thanks to all the people on the list who have suggestions and
 advice, particularly to Alain Péan who pointed me in the right
 direction.
 

For, what to me is, an interesting data point, I would suggest doing the 
following now that you have a local known good copy:
On a machine that was still faulting:

for i in /var/cache/yum/base/ \
  /PATHTOLOCALREPO/5.7/os/arch/repodata/ \
  /var/cache/yum/updates/ \
  /PATHTOLOCALREPO/5.7/updates/arch/repodata/
do 
ls -l $i
md5sum $i/*
done
#you may want to unroll the for, into four terminals, for your own sanity.
#you'll have two sqlite files in each /var/cache dirs you can ignore

My bet... some isp between you and the internet is transparent proxying*** to 
reduce their downloading bandwidth, and they keep cache too long, the error 
will clear just as soon as their cache clears or you force it by wgeting the 
broken file with the --no-cache flag. [got the tee-shirt] 

But now that you have a local mirror, the updates should go faster in the 
future. :)

*** I know you keep indicating no proxy is _known_ to you in the path to the 
mirrors, but it is pretty much the only thing that makes any sense.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UPS issues with PFC PSU

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of m.r...@5-cent.us
 Sent: Wednesday, August 24, 2011 13:43
 To: CentOS mailing list
 Subject: Re: [CentOS] UPS issues with PFC PSU
 
 Robert Arkiletian wrote:
 snip
  Anyway, have you anything experience with CyberPower UPS's?
 
 Small ones, for workstations? Yep, I've got one on mine at home. Been
 good.

Have you found a program to communicate with it for getting it's/line's
status, and causing shutdown to occur gracefully? And what program was
it? :)
That was the issue I had with one a few years ago.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to assign program to run on dedicate CPU ?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of mcclnx mcc
 Sent: Thursday, July 21, 2011 14:19
 To: centos@centos.org
 Subject: [CentOS] how to assign program to run on dedicate CPU ?
 
 We have CENTOS 5.X on DELL servers.  I know on Windows environment I
 can use imagecfg.exe to assign program run on dedicate CPU.
 
 Can anyone tell me how to do this on LINUX?
 

I should probably have just answered `man taskset`, but the below got
typed too quickly.

CONTROLEDPID=`ps aux |grep 'name of process I want to control`
PROCESSORTORUNON=3
Taskset -p -c $PROCESSORTORUNON $ PROCESSORTORUNON
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Memory Usage in Top and System Monitor?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Robert Nichols
 Sent: Thursday, July 21, 2011 14:32
 To: centos@centos.org
 Subject: Re: [CentOS]Memory Usage in Top and System Monitor?
 
 On 07/20/2011 07:09 PM, Michael McNulty wrote:
  I think I found my problem. I did not realize using /dev/shm as a
 ramdisk will
  create swap space. Is there a way to prevent the ramdisk from
 swapping to disk?

SNIP
 If
 programs and I/O buffers need more than the other memory you have
 available, what option is there besides swap?
 

what option is there besides swap [to disk]?

Compcache, Compressed Caching for Linux?

But last I read, it needed a newer kernel than was in 5.x.
So no I have not tried it. :)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to assign program to run on dedicate CPU ?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Ljubomir Ljubojevic
 Sent: Thursday, July 21, 2011 15:11
 To: CentOS mailing list
 Subject: Re: [CentOS] how to assign program to run on dedicate CPU ?
 
 Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote:
SNIP
  I should probably have just answered `man taskset`, but the below
got
  typed too quickly.
 
  CONTROLEDPID=`ps aux |grep 'name of process I want to control`
  PROCESSORTORUNON=3
  Taskset -p -c $PROCESSORTORUNON $ PROCESSORTORUNON
 
 You meant:
 taskset -p -c $PROCESSORTORUNON $CONTROLEDPID
 

Yep, yet more evidence that it got typed to quickly. :)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing from CD

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of david
 Sent: Monday, July 11, 2011 17:13
 To: CentOS mailing list
 Subject: Re: [CentOS] Installing from CD
 
 At 02:10 PM 7/11/2011, you wrote:
 david wrote:
   Folks
  
   The machine I'm trying to load does not have a DVD reader, but
only
 a
   CD reader.
  
   Are the multiple CD images of CENTOS 6 available somewhere?
 Earlier
   versions had them.
  
   Thanks
  
   David
  
 As far as I know, this was not planed, at least not yet. For now, all
 you can do is to use USB DVD and install from those.
 
 Ljubomir
 
 
 I wish I could, but this machine can boot only from a CD, a diskette
 or a HardDrive.  USB is not an option.
 
Boot with boot.iso
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Instal
lation_Guide/Making_Minimal_Boot_Media.html

But you will have to find some way to get the rest of the install to the
machine, such as 
A local hard, USB
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Instal
lation_Guide/s1-begininstall-hd-x86.html
NFS
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Instal
lation_Guide/s1-begininstall-nfs-x86.html
HTTP
...
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Instal
lation_Guide/s1-installationmethod-x86.html


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] There ain't a CentOS autotools bug!

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Lars Hecking
 Sent: Friday, July 08, 2011 18:40
 To: centos@centos.org
 Subject: Re: [CentOS] There ain't a CentOS autotools bug!
 
 
  Ah that Windows. Someone should incorporate dos2unix conversion as
an
  standard step in some of the make/config process.
 
  On the contrary - something like this should not happen behind the
 user's
  back, considering the platform where configure scripts are built can
 be
  different from the target platform.
 
  I'd also love to teach vim how sto how those pesky ^M characters. It
 doesn't,
  and that's perceived user-friendliness gone too far. Proper vi on
Unix
  does the right thing.
 

I believe I have seen vim do it, but only when some lines were CR-NL and
the others were NL, so there is probably a way to convince it to always
do it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Year in log files

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Fajar Priyanto
 Sent: Wednesday, June 22, 2011 22:23
 To: CentOS mailing list
 Subject: Re: [CentOS] Year in log files
 
 On Thu, Jun 23, 2011 at 10:18 AM, lists-centos
 replies-lists-b3z2-cen...@listmail.innovate.net wrote:
  You should set that log to rotate annually. That should address your
  issue, in addition to keeping logwatch from picking up year-old
  entries.
 
 Yes it's rotated annually.
 That's why I can argue based on common sense, by comparing the CESA
 date and the occurance in the log file.
 But if there is year, I don't have to argue at all with the auditor.

Two suggestions,
1) look for 'yum: Updated:' in the messages log, which should be rotated
a bit more often (and the auditor was probably fine with the time stamps
there), and if syslog is being directed to a log collector the log
collector may have different settings.

2) look at `rpm -qa --last` for at least the currently installed
versions, it does include the full year stamp.
   If needed the auditor could link timestamps from the rpm database to
the yum log.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum check-updates script not working correctly

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Daniel De Marco
 Sent: Thursday, May 26, 2011 8:42
 To: CentOS mailing list
 Subject: Re: [CentOS] yum check-updates script not working correctly
 
 Brian,
 
 you have a syntax error in the second if. The yum update is being
 executed every time. Move the fi just before the else to the end.
 


Make that, a probable, two syntax errors in the second if.
The single '=' sign does assignment, a double '==' does string compare.

Plus I think there is a simpler way to control yum, than adding all
these scripts that I don't think came in the base install.  Modify
/etc/yum/yum-updates.conf, which comes in the yum-updatesd package, and 
`ckconfig yum-updatesd on` #note you probably only want one or the other
of either yum-updatesd or the scripts you have.

On some of the systems I run, the run_interval is set ~22000 and
do_update is set to no, which achieves near what I think the OP was
after.
I am not sure if setting emit_via to email or syslog would get the final
bit of what the OP was after.


 Daniel.
 
 * brian tu...@talstar.com [05/24/2011 18:53]:
  if [ -f /var/lock/subsys/yum ]; then
 
if [ ${CHECKONLY} = yes ];then
 
   /usr/bin/yum-check
fi
else
   /usr/bin/yum -R 10 -e 0 -d 0 -y update yum
   /usr/bin/yum -R 120 -e 0 -d 0 -y update
  fi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum check-updates script not working correctly

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Leonard den Ottolander
 Sent: Thursday, May 26, 2011 12:23
 To: CentOS mailing list
 Subject: Re: [CentOS] yum check-updates script not working correctly
 
 Hello Tod,
 
 On Thu, 2011-05-26 at 10:53 -0400, Denniston, Todd A CIV
 NAVSURFWARCENDIV Crane wrote:
  The single '=' sign does assignment, a double '==' does string
 compare.
 
 No, with the spaces around the '=' and the dollar before the variable
 name this actually is a test not an assignment. But using double '='
is
 more clear, agreed. Try
 
Thanks for the info.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] calendar

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of m.r...@5-cent.us
 Sent: Thursday, May 26, 2011 16:43
 To: CentOS mailing list
 Subject: Re: [CentOS] calendar
 

 CentOS does what RHEL does, and RHEL 5.x *only* provides thunderbird
 2.x.
 Further, in Linux, they do build seperately for 64 bit vs. 32 bit.
 

I was going to suggest loading the 32bit version like you can do for
Firefox, and then when I looked I noticed that only the 64bit version of
thunderbird is placed in the x86_64 portion of the repo.

I would be tempted to try:
a) install the 32bit version of Firefox (to pull in all the 32bit moz
libs you'll need)
b) grab the 32bit version of thunderbird (from the centos
5.6/updates/i386 repo) and install it
c) test and see if it will work for you.
d) 
1) see if your boss has a problem with you having to remember to
update thunderbird from the i386 updates directory.
2) see if you could (gently) convince the centos guys to put it
also in one of the centosplus or extras x86_64 portions of the repo. [I
doubt that they would put it in the 5.6/os/x86_64 and 5.6/updates/x86_64
directories only because I would have expected to see it there already
if TUV was putting it there, and for the os  updates directories I
expect they want to closely match TUV.]

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] calendar

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of m.r...@5-cent.us
 Sent: Thursday, May 26, 2011 17:21
 To: CentOS mailing list
 Subject: Re: [CentOS] calendar
 
 snip
 Would be nice. Trouble is, we've got what, 60? 70? people in the
 division

With that many you obviously have a local mirror that they all update
from, right?
 cd pathtomirror/5/updates/x86_64/RPMS
 find ../../i386 -name thunderbird\* -exec ln -s {} \;
 cd ..
 createrepo -v --update -d -o repodata x86_64

And get your boss happy with _that_  but only if the 32bit version
worked.

 who have Linux workstations, and then rolling it all out, and no one
 wants
 to deal with 32-bit apps on 64 bit systems (we won't mention
 npviewersegvsegvsegv)
 
 Lightening and lightening-exchange looked really good
 


Any chance you could get the source of those and recompile for 64?
Yeh Yeh, maintenance headache, but can that set of headaches (work [and
more at each update of the tool] and IA) be balanced against the
alternatives and be a win for the division.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] User accounts management for small office

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

Salt below appropriately to the fact that I have only looked at using
these, I have not yet done the implementation I want to do.

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Jeff Boyce
 Sent: Wednesday, April 27, 2011 14:54
 To: centos@centos.org
 Subject: Re: [CentOS] User accounts management for small office
 

 The opinions both for and
 against
 OpenLDAP have made me take a little closer look at it, but my
 conclusion is
 that it is more cumbersome than what I really want to handle right now
 for
 the size of the network.  I have looked closer at Samba/Wins/Winbind,
 etc.

In the LDAP arena 398 [2] looks to me like it should ease a) the
mysteries of configuring LDAP, and b) integrate with AD. 389 is in EPEL.


 and it looks like the main source of my current problem is that my
 Samba
 network is setup now as a Workgroup and not as a Domain.  I didn't
 understand that difference when I ran across the quote I included
 above.  It
 looks like if I change to a Domain and configure it properly with
 Wins/Winbind that I should be able to have the single point password
 changing option occur from the Windows desktop.  I am now re-reading
 sections of my copy of the Definitive Guide to Samba 3 which should
 help me
 (although it was published before Vista and 7, which all my
 workstations are
 now).
 

You may also want to look at the samba Franky[1] which could get you
enough of samba4 to (from what I understood and want it for) become the
full PDC for the windows system, but it is as the name suggests a
monster.

[1] https://wiki.samba.org/index.php/Franky
https://wiki.samba.org/index.php/Main_Page#Franky
https://wiki.samba.org/index.php/Combined_build_issues

[2] http://directory.fedoraproject.org/


In any case, when you get something working, I would like to see the
success story here.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cacti rpm for el5.6 with php53

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: On Behalf Of Pasi Kärkkäinen
 Sent: Tuesday, April 26, 2011 11:13
 
 On Tue, Apr 26, 2011 at 04:34:53PM +0200, Ljubomir Ljubojevic wrote:
  Pasi Kärkkäinen wrote:
   Hello,
  
   Does someone know if there's a cacti rpm available
   that works (=installs and doesn't conflict) when php53 rpm
   is installed, instead of the older php rpm ?
  
   cacti rpms from rpmforge/dag have these requirements:
   php
   php-mysql
   php-snmp
  


 Hey,
 
 Yep, I know I can create my own version of cacti,
 but I was trying to avoid exactly that :)
 
 Thanks for the heads up about rpmforge mailing list,
 I wasn't aware of it.
 
 -- Pasi
 

Not being a PHP developer, I was under the impression that many/most of these 
packages were interpreted scripts which probably would work fine under php53 
vs. the php installed by default.
I have been wondering from afar about this thread and the discussions over in 
the EPEL list, if someone could create a meta rpm that required php53 and 
provided php (and similar for php-mysql  php-snmp) and have the system 
continue to work.  This is of course under the assumptions of:
a. the packages are interpreted scripts
b. the syntax has only added, and not changed or removed functionality since 
the stock php. 

Is this a not_bright idea in the php package world?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOs 5.6 and Time Sync

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Mailing List
 Sent: Monday, April 25, 2011 13:57
 To: CentOS mailing list
 Subject: Re: [CentOS] CentOs 5.6 and Time Sync
 
 On 4/13/2011 7:35 AM, Mailing List wrote:
  Hi,
 
I have upgraded my Dell C521 to the latest 5.6. I have always used
  ntp to sync this machine and then the rest of the machines in the
  network would sync from it. Since the update I cannot keep the right
  time on the machine. This is with / without ntp. I have attempted
  various scenario's with no luck. I am now trying the old kernel now

  AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
  3gb of ram.
 
  TIA.
 
  Brian.
 
 
  List,
 
  I was not able to resolve my issue with the time on this machine.
 I
 went ahead and rolled the update back to 5.5 and disabled the update
to
 5.6.
 
 What I would like to know is if CentOS 6 might be ok when it rolls
 out, or am I just going to have to keep with 5.5 till EOL?
 
Thanks to all with there help.
 

1) I hope you are only talking about having rolled back to the last
working for you kernel from 5.5, not the whole distribution.

2) If I was in your position and had time, my method would be[1] 
 a) get the srpm for the last known working kernel (2.6.18-194.32 ???)
 b) get the srpm for the first known not working kernel (2.6.18-238 ???)
 c) expand each of the above srpms into their own rpm build tree 
i.e., rpmdev-setuptree;rpm -i kern1; mv rpmbuild rpmbuild.kern1; 
  rpmdev-setuptree;rpm -i kern2; mv rpmbuild rpmbuild.kern2
 d) start looking at the differences in the patches applied in kern1 vs.
those in kern2, i.e., read/diff the kernel.spec files
   see if there were any new ones that seemed likely to be causing the
problem...
   RTFS if necessary to make better guesses.
   Rebuild kernel 2 with patches taken out/modified based on my
investigations and test them and see if I guessed right.
   If no luck, think about opening an TUV bug with lots of the info you
have sent here, they may be interested even if you don't have a
subscription.

[1] Been there, done that:
http://www.gossamer-threads.com/lists/drbd/users/9616

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOs 5.6 and Time Sync

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Mailing List
 Sent: Wednesday, April 13, 2011 16:23
 To: CentOS mailing list
 Subject: Re: [CentOS] CentOs 5.6 and Time Sync
 
   /etc/ntp;
 
 restrict default kod nomodify notrap nopeer noquery
 restrict -6 default kod nomodify notrap nopeer noquery
 restrict 127.0.0.1
 restrict -6 ::1
 server 0.centos.pool.ntp.org
 server 1.centos.pool.ntp.org
 server 2.centos.pool.ntp.org
 server  127.127.1.0 # local clock
 fudge   127.127.1.0 stratum 10
 driftfile /var/lib/ntp/drift
 keys /etc/ntp/keys
 
 There is no /etc/ntp/ntpservers
 
 /etc/ntp/step-tickers is an empty file.
 
 /var/lib/ntp/drift;
-65.219
 
 I have no /var/log/ntpd.log
 
 /varlog/messages;  This is the log using stock updated kernel.
 
 Apr 12 03:32:35 Server ntpd[2797]: synchronized to LOCAL(0), stratum
10
 Apr 12 03:33:36 Server ntpd[2797]: synchronized to 173.9.142.98,
 stratum 2
 Apr 12 15:51:56 Server ntpd[2797]: time reset +43208.248852 s

Wow! That is a big jump.

 Apr 12 15:51:56 Server ntpd[2797]: kernel time sync enabled 0001
 Apr 12 15:56:03 Server ntpd[2797]: synchronized to LOCAL(0), stratum
10
 Apr 12 15:56:26 Server ntpd[2797]: synchronized to 169.229.70.183,
 stratum 3
 Apr 12 16:00:22 Server ntpd[2797]: synchronized to 173.9.142.98,
 stratum 2
 Apr 12 16:16:59 Server ntpd[2797]: synchronized to 169.229.70.183,
 stratum 2
 Apr 12 16:16:57 Server ntpd[2797]: time reset -1.830305 s
 Apr 12 16:20:27 Server ntpd[2797]: synchronized to LOCAL(0), stratum
10

SNIP log of ntpd jumping from server to server (fairly often) including
LOCAL host 

It seems that the connections to the external ntp servers are not good
enough to keep you off LOCAL, and once on local you will drift at the
rate the system last had, and that drift rate can be quite large when
the system is first trying to come into sync. (and often quite a bit
larger than the steady state drift rate once synced)

 
Selinux is disabled, and just a note also. This is a stock install
 of
 of ntp. I never had to do any fudging with it cause it just worked up
 until the update.
 
   I also have no /var/log/audit/audit.log.
 
 tia.
 
 Brian

We still don't know why the machine is losing time, but it might help to
have some more data to compare with
IIRC you indicated you had two other servers in your environment that
were still keeping time good...
I would suggest adding something like:
echo server myotherserver  /etc/ntp.conf
echo restrict myotherserver mask 255.255.255.255 notrap 
/etc/ntp.conf

you may also have to add restrict a line on myotherserver such that
your timeloosingserver can get info, i.e. on myotherserver
echo restrict timeloosingserver mask 255.255.255.255 nomodify notrap
 /etc/ntp.conf

[please evaluate the above restrict lines to verify they are good enough
security for your environment, I am doing them from memory]

so that you have a local host which is not bouncing all over the place,
with respect to connectivity, to check against.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOs 5.6 and Time Sync

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Peter Brady
 Sent: Wednesday, April 13, 2011 18:39
 To: CentOS mailing list
 Subject: Re: [CentOS] CentOs 5.6 and Time Sync
 
 On 14/04/11 7:42 AM, Mailing List wrote:
remote   refid  st t when poll reach   delay
 offset
  jitter
 

===
 ===
 
bindcat.fhsu.ed 132.163.4.1012 u 1015 1024  377   49.987  -
 15082.
  6919.88
216.45.57.38108.71.253.182 u  998 1024  377   83.112  -
 15139.
  6900.14
javanese.kjsl.c 69.36.224.15 2 u1 1024  377  109.083  -
 29233.
  7285.83
  *LOCAL(0).LOCL.  10 l   13   64  3770.000
 0.000
  0.001
 
 snip
 
 Glad you've got a fix but you should keep an eye on it.
 
 If you look at the output for ntpq you have three stratum 2 servers
 which differ by ~15s from both you and each other.  Stratum 2 servers
 should be a lot closer than 15s given that they are only one link
 removed from some form of atomic clock.
 

I think you may be comparing a couple of rotting apples to one that is
just now ripening.
whenoffset
101515082
998 15139
1   29233

i.e., the samples that are 17 seconds apart in the taking are .057S
apart in value, and trending longer.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 32-bit compat-gcc on 64-bit CentOS?

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Alan M. Evans
 Sent: Wednesday, March 30, 2011 12:48
 To: CentOS mailing list
 Subject: Re: [CentOS] 32-bit compat-gcc on 64-bit CentOS?
 
 On Tue, 2011-03-29 at 17:43 -0500, Jeff wrote:
  On Tue, Mar 29, 2011 at 5:35 PM, Alan M. Evans a...@extratech.com
wrote:
 
  , but
  have  you tried the -m32 flag with gcc. that will tell it to create
  32-bit code. You will also need to pass that option to the linker
and
  be sure any dependent libraries have the 32 bit versions installed.
 
 I've tried the -m32 flag, along with CC=gcc34 to actually cause it
to
 use the compat compiler instead of the new one. The build process
 produces a lot of warnings that may or may not have been there before,
 then bails out with:
 
 make: *** No rule to make target `/usr/lib/gcc/i386-redhat-
 linux/3.4.6/include/stdarg.h', needed by `hostcom.o'.  Stop.
 
 On the old server, which I have limited access to, that file is owned
 by
 the compat-gcc-34 package. And the 64-bit version of this package is
 installed on the new server, so the directory is x86_64-redhat-linux
 instead of i386-redhat-linux.
 

Unfortunately, from what I see, the x86_64 yum repos only offer an
x86_64 version of compat-gcc-34.
compat-gcc-34.x86_64 has
/usr/lib/gcc/x86_64-redhat-linux/3.4.6/include/stdarg.h

*Perhaps* this (that it does not provide the *gcc/i386-* include tree,
or that the i386 version is not also in the x86_64 repo) can be seen as
a bug in the x86_64 package, to report upstream???

The error above looks like either by specifying the -m32 flag or by a
hard code in either hostcom.c (or one of its included files) the 32bit
version of the stdarg.h header is included instead of the available
x86_64 version.

Seeing as you have source I would first try to compile it as 64bit and
if the build works, then test heavily to verify the functionality.  
The drawback is that we have seen several open source projects*** with
issues while they ported their software from 32 to 64.  Perhaps there is
a URL of Frequently seen 32 to 64 bit porting problems, that you could
look at to be aware of the kinds of errors others have seen.

Again my first option would be try to go native (x86_64) and see if it
works correctly.

Another option to keep from reinstalling, granted only slightly easier
than reinstalling, is setup a KVM or XEN virtual machine on the server
and install enough of the 32 bit CentOS to allow you to compile the
source in a 32 bit environment and then install the binary onto the 64
bit system and make sure all the needed 32bit libs are available. You
might even be able to fallback to running just that application in the
VM while running everything else in the bare metal, granted then you get
twice the effort for securing the OS (it IS another machine) and keeping
the OS up to date.

Third option may be as others suggested, try to use mock to build the
32bit binary using the 64bit system.  You would still need to make sure
all the needed 32bit libs are available on the 64bit machine. [I have
not used mock yet so I am unsure of the ability for it to provide the
cross environment needed.]


*** ( the closed ones probably had issues too, but well being closed we
don't hear about them. :)

My opinions, YMMV and all that jazz.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] {OT] Re: Installing IMA (Integrity Measurement Architecture) on CentOS 5.5

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Rajagopal Swaminathan
 Sent: Thursday, March 24, 2011 14:49
 To: CentOS mailing list
 Subject: [CentOS] {OT] Re: Installing IMA (Integrity Measurement
 Architecture) on CentOS 5.5
 
 Greetings,
 


 Having said that, I have this troubling thought for last decade: What
 exactly is high availability: is it 24/7 power on time? or is ti when
 needed. Please not it am not talking about the maybe arrogant  on
 demand attitude of a human.
 

You probably don't want it to be your only reference, but in my opinion
Wikipedia has a pretty good first pass definition of high availability
[1] means between you and your boss, i.e., ...a prearranged level of
operational performance will be met during a contractual measurement
period.

 This under extreme circumstances in India like 4 hours of (Electrical
 Power Load Shedding) outage every day

So have you and your boss prearranged a level of operational
performance will be met during a contractual measurement period?
Something like: The system will be available to the users in the
building 90% of the time when the local power grid is powered up?


[1] http://en.wikipedia.org/wiki/High_availability
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] debugging auto mount configuration

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Boris Epstein
 Sent: Friday, March 11, 2011 8:23
 To: CentOS mailing list
 Subject: [CentOS] debugging auto mount configuration
SNIP
 I have tried running
 
 automount --debug
 and
 automount --verbose
 
 and thus far have not seen any messages that would shed any light on
 what's going on.
 
 So I am a bit lost at the moment. Any advice on how to proceed would
 be much appreciated.
 
 Boris.

It looks like you have started down this road, but jmoyer 
(IIRC one of the guys Red Hat has working on autofs) 
has a page of things that he wants to see when trying to debug your
autofs problems.
Perhaps taking a look here might help.
http://people.redhat.com/jmoyer/


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Server locking up everyday around 3:30 AM - (INFO: task wget:13608 blocked for more than 120 seconds) need sleep, help.

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of PJ
 Sent: Friday, March 11, 2011 12:34
 To: centos@centos.org
 Subject: [CentOS] Server locking up everyday around 3:30 AM - (INFO:
task
 wget:13608 blocked for more than 120 seconds) need sleep, help.
SNIP
 There are no cron jobs that run at 3:30, no backups, the server has a
 load of 0, nothing is scheduled around that time...
 
SNIP

Are you sure the stuff in /etc/cron.daily/ is done by then or not
started yet?
Could be something like the mlocate or makewhatis chewing up CPU/Mem.
IIRC the stuff in /etc/cron.daily/ runs in alphabetic order so, are you
(root) getting the logwatch messages, and at what time?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Updating hardware clock from cron

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane]

 -Original Message-
 From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On
 Behalf Of Kenneth Porter
 Sent: Friday, March 04, 2011 14:15
 To: CentOS mailing list
 Subject: [CentOS] Updating hardware clock from cron
 
 Is there a package to do this?
 
 Normally the hardware clock is set during shutdown if one is running
 ntpd.

No, 
hwclock --systohc is only called at start time (in
/etc/rc.d/init.d/ntpd), and only if ntpdate got a good time, which is a
good thing.

 But if a long-running server shuts down unexpectedly, this isn't done,
 and
 the hardware clock might be off by a lot when it comes back up. 

Not if you are running ntp and it was able to sync, because ntpd
activates a mode in the kernel that sets the hwclock every 11 minutes
when ntp declares it got synced.

If your hwclock is off by a lot when it comes up I believe it is from
one of the following:
A) bad cmos battery.
B) poor cmos clock
C) confusing info in /etc/adjtime due to using both hwclock --adjust [at
boot] and ntp (long story, but it is due to both tweaking the clock
without coordination between them).
D) booting a different OS with different ideas of timezones.
E) manual tweaking of time via bios.

 So setting
 it periodically from a cron job could be useful.
 
 What do others do? Adding a one liner to /etc/cron.daily that invokes
 /etc/rc.d/init.d/ntpd would do it but it seems heavyweight to restart
 ntpd.
 Alas, the script doesn't export just the sync_hwclock function.

Recommendation,
Understand `hwclock --systohc` should _only_ be called when the admin
knows a good system time was *_JUST_* set from a good source, i.e.,
following a successful call to ntpdate or the admin setting the systime
with date.

On some systems that do NOT have ntpd service available (not on a
network with a time server), I will have them do a sequence of
hwclock --hctosys
hwclock --adjust
hwclock --hctosys
in /etc/rc.d/rc.sysinit where it already does the hwclock --hctosys so
that once I have set the time from a known source a few times the box
will reasonably self correct time on boot, I will even on some of those
systems have that sequence in a cronjob that gets run once a week.  If
this is on a network, I have the box that is doing this serve ntp (via
local clock) to the rest of the network, so they drift together.

Reminder: `hwclock --systohc` should _only_ be called when the admin
knows system time was JUST set from a good source, i.e., NOT from a cron
job that is not also making sure the ntpdate worked.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos