[CentOS] PXE configuration
Hi guys, I have a Centos 7.9 TFTP/PXe server that I use to serve ISO installers. I can properly serve installers but not live CDs. But I want to add a live cd, I'm using this but is not working. Can someone suggest a fix? label 2 menu label ^2) Run Centos LiveCD 79 x64 kernel centos7_x64_livecd_genome/isolinux/vmlinuz0 append initrd=centos7_x64_livecd_genome/isolinux/initrd0.img rootfstype=auto ro rd.live.image method=http://192.168.1.83/centos7_live/LiveOS/squashfs.img devfs=nomount -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] guidance on enabling 2FA at Linux GUI level
Hi all, running a machine with Centos 7.6 that already has a 2FA PAM- enabled module for SSH logins. Is there a document that talks about configuring Centos 7.6 default GUI (Gnome) to use 2fa with PAM? thanks, -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using CentOS 7 to attempt recovery of failed disk
@tonymountifield Does this still hold true? https://superuser.com/a/1075837 On Sun, Sep 27, 2020 at 7:21 AM Tony Mountifield wrote: > In article , > Valeri Galtsev wrote: > > > > > > > On Sep 26, 2020, at 8:05 AM, Jerry Geis wrote: > > > > > > I have a disk that is flagging errors, attempting to rescue the data. > > > > > > I tried dd first - if gets about 117G of 320G disk and stops > incrementing > > > the save image any more. > > > > did you try > > > > dd conv=noerror … > > > > this flag makes dd not stop on input error. Whatever is irrecoverable is > irrecoverable, but this way you will get stuff > > beyond failure point. > > You need conv=noerror,sync so that unreadable sectors get replaced by > zeros instead of not being written out at all. > Without sync, the filesystem geometry on the destination image will be > wrong after the first error. > > You also need bs=4096 so that ONLY the bad sector(s) get zeroed, and not > the surrounding ones. If you have, say, > bs=1M, then you will get a megabyte of zeros if any block within that > megabyte is bad. > > I'm speaking from recent experience! > > Cheers > Tony > > -- > Tony Mountifield > Work: t...@softins.co.uk - http://www.softins.co.uk > Play: t...@mountifield.org - http://tony.mountifield.org > _______ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Using CentOS 7 to attempt recovery of failed disk
I will suggest using dmesg -w to monitor during dd the sector numbers that fail in order to skip them. Also, perhaps the timeout of each read error is killing you (default 30 seconds) and you may have thousands. On linux, /sys/block//device/timeout (such as /sys/block/sda/device/timeout) is the timeout setting in seconds, which currently defaults to 30. As root, echo 1 > /sys/block//device/timeout will change the timeout to 1 second. Perhaps this will help you achieve a DD without waiting for the read timeouts. Erick. On Sat, Sep 26, 2020, 2:27 PM Fred wrote: > Well, I'm not a noted expert on ddrescue, but my limited experience tells > me that when it hits bad spots (or a big cluster of them) it can go very > slowly as it tries multiple times to read each sector (or track, I'm not > sure which, in this case). It keeps a list of bad spots and goes back at > the end to try again to read something from them. Of course, if you've had, > eg. a head crash, there's probably nothing there to read. > > On Sat, Sep 26, 2020 at 1:41 PM Jerry Geis wrote: > > > Hello > > > > I did try the "dd conv=noerror …" > > The ddrescue - doesnt stop - it just doesnt "continue" past a certain > > point. Somewhere around the 117G mark - it just doesnt go past that . > > (same with dd, gets to 117G and just doesnt continue. > > I have let the dd run all night - did not go past the 117G. > > > > Thanks for any suggestions. > > > > Jerry > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] erasing a disk
what if you just dd the first 1GB of the disk and the last GB of the disk (the last because of RAID signatures of some controllers that write to the end of the disk) Look at this article and modify accordingly https://zedt.eu/tech/linux/using-dd-to-repeatedly-erase-a-specific-range-of-sectors-on-the-hard-disk/ Also, use wipefs -a (Gordon Messmer answered faster than me) On Mon, Sep 14, 2020 at 3:18 PM david wrote: > Folks > > I've encountered situations where I want to reuse a hard-drive. I do > not want to preserve anything on the drive, and I'm not concerned > about 'securely erasing' old content. I just want to be able to > define it as an Physical Volume (in a logical volume set), or make it > a ZFS disk, or sometimes make it a simple EXT3, ExFAT or NTFS > disk. However, old 'signatures' get in the way and Linux sometimes > refuses to let me proceed. I know that a fool-proof solution is to > use the "dd if=/dev/zero bs=32768 oflag=direct" on the disk, but when > we're talking USB-connected hard drives of 8 TB, that's an operation > that can take days. > > The disk in question might even have been corrupted. This would make > using 'zpool destroy' to clear out a ZFS disk, or > > I've tried erasing the first megabyte of the disk, but there are ZFS > or LVM structures that get in the way. So, does anyone have an > efficient way to erase structures from a disk such that it can be reused? > > Something like >-erase first N blocks (block defined as 4096) >- Erase blocks starting at block >- erase last blocks > > At least such an algorithm would be quicker than erasing 8 TB of data. > > David > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Opinions on storage options such as gateways or like-systems
Hi all, I'm looking for some comments regarding options related to storage. We have a number of Apache web servers (24) running on (24) Centos 7.x systems, fully patched running a sort of MySQL, Java and PHP applications. All as virtual machines on top of Vmware ESX. When the Apache/MySQL R/W data, Data storage is provided as a single NFS volume mounted across the VMs. That storage space is provided by an aging (and expensive) netapp unit. What we are looking for are ideas of scaling our storage. Shall we continue to add disks to the netapp so we can increase the NFS volume size? Shall we do Gluster? CEPH? Is there something like a storage gateway for Centos? where I can centralize several storage types and present them in a centralized way? NFS, SCSI, FC ? No Cloud solutions. As we cannot go cloud (business rules). All solutions have to be local. Not sure if it makes sense. -- - Erick Perez - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow terminal response Centos 7.7 1908
"si / software interrupts" value was 0.0 and right now with all working fine, continues to be 0.0 On Fri, Jul 3, 2020 at 11:23 AM Strahil Nikolov wrote: > Hi Erick, > > what was the value of 'si' in top ? > > Best Regards, > Strahil Nikolov > > На 3 юли 2020 г. 18:48:30 GMT+03:00, Erick Perez - Quadrian Enterprises < > epe...@quadrianweb.com> написа: > >It was found that the software NIC team created in Centos was having > >issues due to a failing network cable. The team was going berserk with > >up/down changes. > > > > > >On Fri, Jul 3, 2020 at 10:12 AM Erick Perez - Quadrian Enterprises < > >epe...@quadrianweb.com> wrote: > > > >> Hey! > >> I have a strange condition in one of the servers that I don't where > >to > >> start looking. > >> I login to the server via SSH (cant doit any other way) and anything > >that > >> I type is slow > >> HTTP sessions timeout waiting for screen redraw. So, the server is > >acting > >> "slow". > >> > >> server is bare metal. no virtual services. > >> no alarms in the disk raid > >> > >> note: server was restarted because of power failure. > >> > >> Some outputs from this server that is a mail server: > >> [root@correo ~]# top > >> top - 09:54:43 up 23:51, 2 users, load average: 0.18, 0.23, 0.28 > >> Tasks: 210 total, 1 running, 209 sleeping, 0 stopped, 0 zombie > >> %Cpu(s): 0.2 us, 0.1 sy, 0.0 ni, 99.8 id, 0.0 wa, 0.0 hi, 0.0 > >si, > >> 0.0 st > >> KiB Mem : 32606084 total, 25106412 free, 5932244 used, 1567428 > >buff/cache > >> KiB Swap: 16449532 total, 16449532 free,0 used. 26282624 > >avail Mem > >> > >> **iostat** > >> [root@correo ~]# iostat -y 5 > >> Linux 3.10.0-1062.12.1.el7.x86_64 (correo.binal.ac.pa) 07/03/2020 > >> _x86_64_(4 CPU) > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.050.000.050.050.00 99.85 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 0.00 0.00 0.00 0 > >0 > >> dm-0 0.00 0.00 0.00 0 > >0 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.050.000.050.050.00 99.85 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 21.40 0.00 169.60 0 > >848 > >> dm-0 21.40 0.00 169.60 0 > >848 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.600.000.050.450.00 98.90 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 1.2016.80 0.00 84 > >0 > >> dm-0 1.2016.80 0.00 84 > >0 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.050.000.000.050.00 99.90 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 8.00 0.00 100.20 0 > >501 > >> dm-0 9.00 0.00 100.20 0 > >501 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> avg-cpu: %user %nice %system %iowait %steal %idle > >>0.450.000.350.050.00 99.15 > >> > >> Device:tpskB_read/skB_wrtn/skB_read > >kB_wrtn > >> sda 1.00 0.80 3.20 4 > >16 > >> dm-0 1.00 0.80 3.20 4 > >16 > >> dm-1 0.00 0.00 0.00 0 > >0 > >> > >> > >> **dstop** > >> [root@correo ~]# dstat -cd --disk-util --disk-tps > >> total-cpu-usage -dsk/total- sda- -dsk/total- > >> usr sys idl wai hiq siq| read writ|util|reads writs > >> 1 0 99 0 0 0|
Re: [CentOS] Slow terminal response Centos 7.7 1908
It was found that the software NIC team created in Centos was having issues due to a failing network cable. The team was going berserk with up/down changes. On Fri, Jul 3, 2020 at 10:12 AM Erick Perez - Quadrian Enterprises < epe...@quadrianweb.com> wrote: > Hey! > I have a strange condition in one of the servers that I don't where to > start looking. > I login to the server via SSH (cant doit any other way) and anything that > I type is slow > HTTP sessions timeout waiting for screen redraw. So, the server is acting > "slow". > > server is bare metal. no virtual services. > no alarms in the disk raid > > note: server was restarted because of power failure. > > Some outputs from this server that is a mail server: > [root@correo ~]# top > top - 09:54:43 up 23:51, 2 users, load average: 0.18, 0.23, 0.28 > Tasks: 210 total, 1 running, 209 sleeping, 0 stopped, 0 zombie > %Cpu(s): 0.2 us, 0.1 sy, 0.0 ni, 99.8 id, 0.0 wa, 0.0 hi, 0.0 si, > 0.0 st > KiB Mem : 32606084 total, 25106412 free, 5932244 used, 1567428 buff/cache > KiB Swap: 16449532 total, 16449532 free,0 used. 26282624 avail Mem > > **iostat** > [root@correo ~]# iostat -y 5 > Linux 3.10.0-1062.12.1.el7.x86_64 (correo.binal.ac.pa) 07/03/2020 > _x86_64_(4 CPU) > > avg-cpu: %user %nice %system %iowait %steal %idle >0.050.000.050.050.00 99.85 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 0.00 0.00 0.00 0 0 > dm-0 0.00 0.00 0.00 0 0 > dm-1 0.00 0.00 0.00 0 0 > > avg-cpu: %user %nice %system %iowait %steal %idle >0.050.000.050.050.00 99.85 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 21.40 0.00 169.60 0848 > dm-0 21.40 0.00 169.60 0848 > dm-1 0.00 0.00 0.00 0 0 > > avg-cpu: %user %nice %system %iowait %steal %idle >0.600.000.050.450.00 98.90 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 1.2016.80 0.00 84 0 > dm-0 1.2016.80 0.00 84 0 > dm-1 0.00 0.00 0.00 0 0 > > avg-cpu: %user %nice %system %iowait %steal %idle >0.050.000.000.050.00 99.90 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 8.00 0.00 100.20 0501 > dm-0 9.00 0.00 100.20 0501 > dm-1 0.00 0.00 0.00 0 0 > > avg-cpu: %user %nice %system %iowait %steal %idle >0.450.000.350.050.00 99.15 > > Device:tpskB_read/skB_wrtn/skB_readkB_wrtn > sda 1.00 0.80 3.20 4 16 > dm-0 1.00 0.80 3.20 4 16 > dm-1 0.00 0.00 0.00 0 0 > > > **dstop** > [root@correo ~]# dstat -cd --disk-util --disk-tps > total-cpu-usage -dsk/total- sda- -dsk/total- > usr sys idl wai hiq siq| read writ|util|reads writs > 1 0 99 0 0 0| 20k 17k|0.14| 1 1 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 4 0 84 11 0 0|2512k 228k|52.3| 123 2 > 31 4 58 7 0 0|1912k 1026k|38.1| 13223 > 0 0 99 0 0 0| 0 0 | 0| 0 0 > 1 0 99 1 0 0|4096B 3819k|22.5| 1 270 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 13 1 83 4 0 0| 148k 2304k|15.3| 18 214 > 1 0 98 1 0 0| 140k 499k|9.70| 14 8 > 26 5 69 0 0 0| 0 1260k|1.30| 046 > 56 7 38 0 0 0| 0 204k|0.30| 012 > 14 11 75 0 0 0| 0 0 | 0| 0 0 > 22 10 68 0 0 0| 0 0 | 0| 0 0 > 16 10 71 3 0 0| 192k 37k|14.0| 12 2 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 0 0 100 0 0 0| 0 152k| 0| 0 2 > 0 0 100 0 0 0| 0 0 | 0| 0 0 > 1 1 98 1 0 0| 16k 2569k|14.8| 1 207 &g
[CentOS] Slow terminal response Centos 7.7 1908
Hey! I have a strange condition in one of the servers that I don't where to start looking. I login to the server via SSH (cant doit any other way) and anything that I type is slow HTTP sessions timeout waiting for screen redraw. So, the server is acting "slow". server is bare metal. no virtual services. no alarms in the disk raid note: server was restarted because of power failure. Some outputs from this server that is a mail server: [root@correo ~]# top top - 09:54:43 up 23:51, 2 users, load average: 0.18, 0.23, 0.28 Tasks: 210 total, 1 running, 209 sleeping, 0 stopped, 0 zombie %Cpu(s): 0.2 us, 0.1 sy, 0.0 ni, 99.8 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem : 32606084 total, 25106412 free, 5932244 used, 1567428 buff/cache KiB Swap: 16449532 total, 16449532 free,0 used. 26282624 avail Mem **iostat** [root@correo ~]# iostat -y 5 Linux 3.10.0-1062.12.1.el7.x86_64 (correo.binal.ac.pa) 07/03/2020 _x86_64_(4 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.050.000.050.050.00 99.85 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 0.00 0.00 0.00 0 0 dm-0 0.00 0.00 0.00 0 0 dm-1 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.050.000.050.050.00 99.85 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 21.40 0.00 169.60 0848 dm-0 21.40 0.00 169.60 0848 dm-1 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.600.000.050.450.00 98.90 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 1.2016.80 0.00 84 0 dm-0 1.2016.80 0.00 84 0 dm-1 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.050.000.000.050.00 99.90 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 8.00 0.00 100.20 0501 dm-0 9.00 0.00 100.20 0501 dm-1 0.00 0.00 0.00 0 0 avg-cpu: %user %nice %system %iowait %steal %idle 0.450.000.350.050.00 99.15 Device:tpskB_read/skB_wrtn/skB_readkB_wrtn sda 1.00 0.80 3.20 4 16 dm-0 1.00 0.80 3.20 4 16 dm-1 0.00 0.00 0.00 0 0 **dstop** [root@correo ~]# dstat -cd --disk-util --disk-tps total-cpu-usage -dsk/total- sda- -dsk/total- usr sys idl wai hiq siq| read writ|util|reads writs 1 0 99 0 0 0| 20k 17k|0.14| 1 1 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 4 0 84 11 0 0|2512k 228k|52.3| 123 2 31 4 58 7 0 0|1912k 1026k|38.1| 13223 0 0 99 0 0 0| 0 0 | 0| 0 0 1 0 99 1 0 0|4096B 3819k|22.5| 1 270 0 0 100 0 0 0| 0 0 | 0| 0 0 13 1 83 4 0 0| 148k 2304k|15.3| 18 214 1 0 98 1 0 0| 140k 499k|9.70| 14 8 26 5 69 0 0 0| 0 1260k|1.30| 046 56 7 38 0 0 0| 0 204k|0.30| 012 14 11 75 0 0 0| 0 0 | 0| 0 0 22 10 68 0 0 0| 0 0 | 0| 0 0 16 10 71 3 0 0| 192k 37k|14.0| 12 2 0 0 100 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 152k| 0| 0 2 0 0 100 0 0 0| 0 0 | 0| 0 0 1 1 98 1 0 0| 16k 2569k|14.8| 1 207 1 1 98 0 0 0|4096B0 |1.10| 1 0 1 0 99 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 600k|1.30| 051 2 0 98 0 0 0| 0 0 | 0| 0 0 4 0 96 0 0 0| 0 0 | 0| 0 0 0 0 100 0 0 0| 0 0 | 0| 0 0 -- - Erick Perez - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewall questions
Please take a look at https://www.wireguard.com/quickstart/ we now reduced the attack vector to only the things offered to the public (https, smtp tls and imaps/s) On Sun, Jun 21, 2020 at 3:58 PM Pete Biggs wrote: > On Sun, 2020-06-21 at 16:47 -0400, mailist wrote: > > On 2020-06-21 15:33, Chuck Campbell wrote: > > > I'm running Centos 7.8.2003, with firewalld. > > > > > > I was getting huge numbers of ssh attempts per day from a few specific > > > ip blocks. > > > > If you can control the ssh clients, switch your port number to a > > non-standard > > port. Pick one in /etc/services that does not seem to be allocated. > > Then change > > "Port" in ssh_config and sshd_config; If other clients are being used > > (like Putty), > > it is easy to change it there. > > > > We used to get at least 50 probes per day on port 22. Now we get zero. > > > I used this technique for a number of years - then it got leaked to the > script kiddies the port that was used. We don't have anything > particularly valuable that they were looking for (I don't think!), but > there are lists of subnets & ports out there that the kiddies use so > once one found it, the flood gates opened. SSH is now protected behind > a VPN. > > It's a valid thing to do and makes things much saner, but don't assume > it is a forever solution and don't use it as an excuse to reduce other > protections you may have. > > P. > > > ___________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LUKS layer / best practice
Also, if you want to use deduplication (via VDO) then you must remember to "dedupe then encrypt" Storage > LUKS > VDO > LVM old but good reference to: https://access.redhat.com/articles/2106521 On Tue, Jun 16, 2020 at 3:00 PM Jason Edgecombe wrote: > > I recommend having LUKS be "under" LVM. the layers would be: > /dev/sda -> partition (/dev/sda1) -> LUKS (/dev/sda1_crypt) -> LVM physical > volume -> volume group -> logical volume -> filesystem > > The layers described above are how the Ubuntu installer sets up an > encrypted LVM filesystem. As far as I know, TRIM is passed through LUKS and > the LVM layers if it's available in the hardware. > > Sincerely, > Jason > > --- > Jason Edgecombe | Linux Administrator > UNC Charlotte | The William States Lee College of Engineering > 9201 University City Blvd. | Charlotte, NC 28223-0001 > Phone: 704-687-1943 > jwedg...@uncc.edu | http://engr.uncc.edu | Facebook > --- > If you are not the intended recipient of this transmission or a person > responsible for delivering it to the intended recipient, any disclosure, > copying, distribution, or other use of any of the information in this > transmission is strictly prohibited. If you have received this transmission > in error, please notify me immediately by reply e-mail or by telephone at > 704-687-1943. Thank you. > > > On Tue, Jun 16, 2020 at 1:42 PM Leon Fauster via CentOS > wrote: > > > Hi all, > > > > with regard to LUKS; should it placed before LVM or after? Any > > recommendations? TRIM command fully supported through all layers etc? > > > > -- > > Leon > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Jitsi Meet on CentOS 7 ?
Hi, see my answers below. On Tue, May 12, 2020 at 7:41 PM H wrote: > On 05/05/2020 04:43 AM, Erick Perez - Quadrian Enterprises wrote: > > Benson, no SELINUX was not enabled. The instance was selected without it > > just to make things easier. > > I do not have a pull request for the installation manual yet. > > > > On Tue, May 5, 2020 at 1:21 AM Benson Muite > > wrote: > > > >> On Mon, May 4, 2020, at 10:38 PM, Erick Perez - Quadrian Enterprises > wrote: > >>> Hi Centos friends. > >>> I had some time to write a spartan tutorial on running the latest > stable > >>> Jitsi Video Bridge and Jitsi Meet and Centos 7.7. > >>> I wrote it while testing it so this WORKS and I am currently using it > for > >>> fun with the kids. > >>> > >>> I do have the server currently running but blocked by my firewall. I am > >>> willing to allow a few of the people such a Kovacs and others to > connect > >> to > >>> my Jitsi server to test usability. But this is a 1CPU/2GBRAM VM in > >> vultr.com > >>> so we cannot expect premium video quality and maybe no more than 10 > >> people > >>> at the same time. > >>> > >>> Do note that in order to provide access, I need an IP and will open the > >>> server to connect from that IP. > >>> > >>> My Wordpress template is not the best so sorry for the formatting. I > Will > >>> work on that tomorrow. > >>> > >>> here is the tutorial > >>> https://www.nubeinterna.com/2020/05/03/centos-7-7-and-jitsi/ > >>> > >>> hope it helps. > >>> > >>> > >>> > >> Awesome will test it out. Was SE-Linux enabled? Default on Vultr is > >> usually disabled? Do you have a pull request open in Jitsi Github for > the > >> installation manual ( > >> https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md)? > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > > I started looking at installing Jitsi on my hosted CentOS 7 server and > have a few questions after reading your tutorial: > > - Why are you disabling IPv6? Is this required? > I do not need IPv6. It is not needed to disable it. I just wanted to make > it simpler. > > - I already have Apache running, should I install nginx in addition to > Apache? > No. You can adapt the rules to apache. > > - Where do I add the required Jitsi DNS entries? > in your domain dns provider such as GoDady, AWS, Azure,etc. > > Thank you. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Jitsi Meet on CentOS 7 ?
Benson, no SELINUX was not enabled. The instance was selected without it just to make things easier. I do not have a pull request for the installation manual yet. On Tue, May 5, 2020 at 1:21 AM Benson Muite wrote: > > On Mon, May 4, 2020, at 10:38 PM, Erick Perez - Quadrian Enterprises wrote: > > Hi Centos friends. > > I had some time to write a spartan tutorial on running the latest stable > > Jitsi Video Bridge and Jitsi Meet and Centos 7.7. > > I wrote it while testing it so this WORKS and I am currently using it for > > fun with the kids. > > > > I do have the server currently running but blocked by my firewall. I am > > willing to allow a few of the people such a Kovacs and others to connect > to > > my Jitsi server to test usability. But this is a 1CPU/2GBRAM VM in > vultr.com > > so we cannot expect premium video quality and maybe no more than 10 > people > > at the same time. > > > > Do note that in order to provide access, I need an IP and will open the > > server to connect from that IP. > > > > My Wordpress template is not the best so sorry for the formatting. I Will > > work on that tomorrow. > > > > here is the tutorial > > https://www.nubeinterna.com/2020/05/03/centos-7-7-and-jitsi/ > > > > hope it helps. > > > > > > > Awesome will test it out. Was SE-Linux enabled? Default on Vultr is > usually disabled? Do you have a pull request open in Jitsi Github for the > installation manual ( > https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md)? > ___________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Jitsi Meet on CentOS 7 ?
Hi Centos friends. I had some time to write a spartan tutorial on running the latest stable Jitsi Video Bridge and Jitsi Meet and Centos 7.7. I wrote it while testing it so this WORKS and I am currently using it for fun with the kids. I do have the server currently running but blocked by my firewall. I am willing to allow a few of the people such a Kovacs and others to connect to my Jitsi server to test usability. But this is a 1CPU/2GBRAM VM in vultr.com so we cannot expect premium video quality and maybe no more than 10 people at the same time. Do note that in order to provide access, I need an IP and will open the server to connect from that IP. My Wordpress template is not the best so sorry for the formatting. I Will work on that tomorrow. here is the tutorial https://www.nubeinterna.com/2020/05/03/centos-7-7-and-jitsi/ hope it helps. On Sun, May 3, 2020 at 12:11 PM Nicolas Kovacs wrote: > Le 03/05/2020 à 18:07, H a écrit : > > I am also interested in installing Jitsi server on CentOS 7, as well as > > running the desktop app on C7. > > According to the Jitsi developers, you shouldn't even use that and prefer > using > a browser. > > Though I'd take that information with a grain of salt, because the > developer I > talked to yesterday on IRC called my browser (Firefox 68.7.0 ESR) > "hopelessly > obsolete". > > Have you ever tried to explain concepts like long term support and > Enterprise > Linux to a 20 year old Arch user ? > > Here in France we call that "pissing in a violin". :o) > > Cheers, > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > Mob. : 06 51 80 12 12 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding VDO vs ZFS
Strahil, I am using about 1012MB for the first ISO. I believe it's because of compression. From there vdostats --hu reports 5.0G usage and 12% in percentage. With savings of 89% for original + 9 copies of the same ISO. On Sun, May 3, 2020 at 1:17 AM Strahil Nikolov wrote: > On May 3, 2020 8:33:33 AM GMT+03:00, Erick Perez - Quadrian Enterprises < > epe...@quadrianweb.com> wrote: > >sorry corrections: > >For this test I created a 40GB lvm volume group with /dev/sdb and > >/dev/sdc > >then a 40GB LV > >then a 60GB VDO vol (for testing purposes) > > > >vdostats --verbose /dev/mapper/vdoas | grep -B6 'saving percent' > >output from just created vdoas > > > >[root@localhost ~]# vdostats --verbose /dev/mapper/vdoas | grep -B6 > >'saving > >percent' > >physical blocks : 10483712 > > logical blocks : 15728640 > > 1K-blocks : 41934848 > > 1K-blocks used : 4212024 > > 1K-blocks available : 37722824 > > used percent: 10 > > saving percent : 99 > >[root@localhost ~]# > > > >FIRST copy CentOS-7-x86_64-Minimal-2003.iso (1.1G) to vdoas from source > >outside vdo volume > >[root@localhost ~]# vdostats --verbose /dev/mapper/vdoas | grep -B6 > >'saving > >percent' > > 1K-blocks used : 4721348 > > 1K-blocks available : 37213500 > > used percent: 11 > > saving percent : 9 > > > >SECOND copy CentOS-7-x86_64-Minimal-2003.iso (1.1G) to vdoas form > >source > >outside vdo volume > >#cp /root/CentOS-7-x86_64-Minimal-2003.iso > >/mnt/vdomounts/CentOS-7-x86_64-Minimal-2003-version2.iso > > 1K-blocks used : 5239012 > > 1K-blocks available : 36695836 > > used percent: 12 > > saving percent : 52 > > > >THIRD copy CentOS-7-x86_64-Minimal-2003.iso (1.1G) to > >vdoas form inside vdo volume to inside vdo volume > > 1K-blocks used : 5248060 > > 1K-blocks available : 36686788 > > used percent: 12 > > saving percent : 67 > > > >Then I did this a total of 9 more times to have 10 ISOs copied. Total > >data > >copied 10.6GB. > > > > > >Do note this: > >When using DF, it will show the VDO size, in my case 60G > >when using vdostats it will show the size of the LV, in my case 40G > >Remeber dedupe AND compression are enabled. > > > >The df -hT output shows the logical space occupied by these iso files > >as > >seen by the filesystem on the VDO volume. > >Since VDO manages a logical to physical block map, df sees logical > >space > >consumed according to the file system that resides on top of the VDO > >volume. > >vdostats --hu is viewing the physical block device as managed by VDO. > >Physically a single .ISO image is residing on the disk, but logically > >the > >file system thinks there are 10 copies, occupying 10.6GB. > > > >So at the end I have 10 .ISOs of 1086 1MB blocks (total 10860 1MB > >blocks) > >that yield these results: > > 1K-blocks used : 5248212 > > 1K-blocks available : 36686636 > > used percent: 12 > > saving percent : 89 > > > >So at the end it is using 5248212 1K blocks minus 4212024 initial > >used 1K > >blocks, gives (5248212 - 4212024) = 1036188 1K blocks / 1024 = about > >1012MB > >total. > > > >Hope this helps understanding where the space goes. > > > >BTW: Testing system is CentOS Linux release 7.8.2003 stock. with only > >"yum > >install vdo kmod-kvdo" > > > >History of commands: > >[root@localhost vdomounts]# history > >2 pvcreate /dev/sdb > >3 pvcreate /dev/sdc > >8 vgcreate -v -A y vgvol01 /dev/sdb /dev/sdc > >9 vgdisplay > > 13 lvcreate -l 100%FREE -n lvvdo01 vgvol01 > > 14 yum install vdo kmod-kvdo > > 18 vdo create --name=vdoas --device=/dev/vgvol01/lvvdo01 > >--vdoLogicalSize=60G --writePolicy=async > > 19 mkfs.xfs -K /dev/mapper/vdoas > > 20 ls /mnt > > 21 mkdir /mnt/vdomounts > > 22 mount /dev/mapper/vdoas /mnt//vdomounts/ > > 26 vdostats --verbose /dev/mapper/vdoas | grep -B6 'saving percent' > > 28 cp /root/CentOS-7-x
Re: [CentOS] Understanding VDO vs ZFS
--hu 60 vdostats 61 vdostats --verbose /dev/mapper/vdoas | grep -B6 'saving percent' 62 cat /etc/centos-release 63 history [root@localhost vdomounts]# On Sat, May 2, 2020 at 10:07 PM Erick Perez - Quadrian Enterprises < epe...@quadrianweb.com> wrote: > My two cents: > 1- Do you have an encrypted filesystem on top of VDO? If yes, you will see > no benefit from dedupe. > 2- can you post the stats of vdostats –verbose /dev/mapper/x (replace > with your device) > > you can do something like: "vdostats -verbose /dev/mapper/ | grep > -B6 'save percentage' > > > > > On Sat, May 2, 2020 at 9:54 PM david wrote: > >> Folks >> >> I'm looking for a solution for backups because ZFS has failed on me >> too many times. In my environment, I have a large amount of data >> (around 2tb) that I periodically back up. I keep the last 5 >> "snapshots". I use rsync so that when I overwrite the oldest backup, >> most of the data is already there and the backup completes quickly, >> because only a small number of files have actually changed. >> >> Because of this low change rate, I have used ZFS with its >> deduplication feature to store the data. I started using a Centos-6 >> installation, and upgraded years ago to Centos7. Centos 8 is on my >> agenda. However, I've had several data-loss events with ZFS where >> because of a combination of errors and/or mistakes, the entire store >> was lost. I've also noticed that ZFS is maintained separately from >> Centos. At this moment, the Centos 8 update causes ZFS to >> fail. Looking for an alternate, I'm trying VDO. >> >> In the VDO installation, I created a logical volume containing two >> hard-drives, and defined VDO on top of that logical volume. It >> appears to be running, yet I find the deduplication numbers don't >> pass the smell test. I would expect that if the logical volume >> contains three copies of essentially identical data, I should see >> deduplication numbers close to 3.00, but instead I'm seeing numbers >> like 1.15. I compute the compression number as follows: >> Use df and extract the value for "1k blocks used" from the third column >> use vdostats --verbose and extract the number titled "1K-blocks used" >> >> Divide the first by the second. >> >> Can you provide any advice on my use of ZFS or VDO without telling me >> that I should be doing backups differently? >> >> Thanks >> >> David >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > > -- > > - > Erick Perez > > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Understanding VDO vs ZFS
My two cents: 1- Do you have an encrypted filesystem on top of VDO? If yes, you will see no benefit from dedupe. 2- can you post the stats of vdostats –verbose /dev/mapper/x (replace with your device) you can do something like: "vdostats -verbose /dev/mapper/ | grep -B6 'save percentage' On Sat, May 2, 2020 at 9:54 PM david wrote: > Folks > > I'm looking for a solution for backups because ZFS has failed on me > too many times. In my environment, I have a large amount of data > (around 2tb) that I periodically back up. I keep the last 5 > "snapshots". I use rsync so that when I overwrite the oldest backup, > most of the data is already there and the backup completes quickly, > because only a small number of files have actually changed. > > Because of this low change rate, I have used ZFS with its > deduplication feature to store the data. I started using a Centos-6 > installation, and upgraded years ago to Centos7. Centos 8 is on my > agenda. However, I've had several data-loss events with ZFS where > because of a combination of errors and/or mistakes, the entire store > was lost. I've also noticed that ZFS is maintained separately from > Centos. At this moment, the Centos 8 update causes ZFS to > fail. Looking for an alternate, I'm trying VDO. > > In the VDO installation, I created a logical volume containing two > hard-drives, and defined VDO on top of that logical volume. It > appears to be running, yet I find the deduplication numbers don't > pass the smell test. I would expect that if the logical volume > contains three copies of essentially identical data, I should see > deduplication numbers close to 3.00, but instead I'm seeing numbers > like 1.15. I compute the compression number as follows: > Use df and extract the value for "1k blocks used" from the third column > use vdostats --verbose and extract the number titled "1K-blocks used" > > Divide the first by the second. > > Can you provide any advice on my use of ZFS or VDO without telling me > that I should be doing backups differently? > > Thanks > > David > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 on USB disk
That happened to me several times My USB was "burned" and never displayed new data copied to it. By "burned" I mean the flash drive was faulty up to a point where it always showed a phantom image of what WAS in the pen drive. But YMMV On Wed, Jan 29, 2020, 11:56 AM J Martin Rushton via CentOS < centos@centos.org> wrote: > What's your dd command? Are you sure you are writing to the raw disk > and not inside a partition? > > On 29/01/2020 16:30, Jerry Geis wrote: > > Well after a closer look - Seems like the OLD 8.0 iso image is still on > the > > USB. Not the new 8.1 > > > > I have tried to redo the dd command to copy the 8.1 iso - I get no > errors - > > but it still comes up with the 8.0 > > I then tried to remove the partitions, save and recopy. still same old > boot > > menu. > > > > Is there a trick to write over the UEFI stuff ? > > > > Jerry > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > -- > J Martin Rushton MBCS > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM Random Reboots AMD EPYC Server
I had issues with Supermicro and EPYC in the past year and it was isolated to a faulty 16GB ECC RAM module and the error was just showing in the log of the super micro web-based BMC and nowhere else. The fault was neither Supermicro nor AMD. The brand of the ECC module was Samsung.it failed after 1 year of use. the bad batch I assume because the other 25 pieces of ECC RAM from Samsung that we use in the other servers have no issue. The behavior was that randomly, the server suddenly rebooted with no message at all at Centos level. I realize that the BMC error log is far (very very far) from perfect but perhaps the error is in a strange message lying there. Hope this helps On Wed, Jan 1, 2020 at 10:09 AM Simon Matter via CentOS wrote: > > our new Server with AMD EPYC and super micro board reboots ramdonly. > > There is no error message before the reboot in /var/log/messages. > > Anything in the hardware logs of the server like memory error or so? Any > watchdog on the servers acting bad? > We run CentOS 7 and KVM on AMD Opteron and AMD EPYC servers without issues. > > Regards, > Simon > > > > > we are running 2 Server with VMWare workstation without any problem. > > > > The new server should run KVM. > > > > older servers with AMD (before EPYC) running KVM without any problem. > > > > any idea or recommendation? > > > > -- > > Viele Grüße > > Helmut Drodofsky > > > > Internet XS Service GmbH > > Heßbrühlstraße 15 > > 70565 Stuttgart > > > > Geschäftsführung > > Helmut Drodofsky > > HRB 21091 Stuttgart > > USt.ID: DE190582774 > > Fon: 0711 781941 0 > > Fax: 0711 781941 79 > > Mail: i...@internet-xs.de > > www.internet-xs.de > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Fixed It turns out that the gnutls library installed on the system was somehow damaged. It took the installation of gnutls-cli to list supperted protocols and ciphers. I had to yum reinstall gnutls to fix it. Now the ssl.conf has: [Service] Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, (NONE), Cipher is (NONE) Protocol : TLSv1.1 Cipher: [root@cockpit ~]# Thanks It was a pleasure working with you and it was a great learning experience! On Fri, Dec 27, 2019 at 6:43 PM Erick Perez - Quadrian Enterprises wrote: > > Sure did! > I am even playing with different options (including NONE) and it seems > to ignore the contents of ssl.conf > > I have tried > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA > Environment=G_TLS_GNUTLS_PRIORITY=PFS > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0: > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0 > Environment=G_TLS_GNUTLS_PRIORITY=SECURE192:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2 > > And my last one: > Environment=G_TLS_GNUTLS_PRIORITY=NONE:+SECURE128:-VERS-ALL:-SHA384:-SHA256 > systemctl daemon-reload > systemctl restart cockpit > > [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 > -tls1_1 2>&1 | grep -e Protocol -e Cipher > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA > Protocol : TLSv1.1 > Cipher: ECDHE-RSA-AES256-SHA > > > [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 > -tls1_2 2>&1 | grep -e Protocol -e Cipher > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > Protocol : TLSv1.2 > Cipher: ECDHE-RSA-AES256-GCM-SHA384 > [root@cockpit ~]# > > It is my understanding that -VERS-ALL will disable TLS at all and > produce no output from the above tests. This does not seem to be the > case. > Also, If I did -SHA384 and -SHA256 then why the cipher in TLS1_2 test > is ECDHE-RSA-AES256-GCM-SHA384 > > It seems it is completely ignoring the Environment variable. > > > On Fri, Dec 27, 2019 at 5:18 PM Jonathan Billings wrote: > > > > On Dec 27, 2019, at 16:28, Erick Perez - Quadrian Enterprises > > wrote: > > > > > > [root@cockpit ~]# cat /etc/systemd/system/cockpit.service.d/ssl.conf > > > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > > > > > [root@cockpit ~]# > > > [root@cockpit ~]# systemctl start cockpit > > > [root@cockpit ~]# systemctl status cockpit -l > > > > Did you run: > > > > # systemctl daemon-reload > > > > ... before starting cockpit? > > > > -- > > Jonathan Billings > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > -- > > - > Erick Perez > Quadrian Enterprises S.A. - Panama, Republica de Panama > Skype chat: eaperezh > WhatsApp IM: +507-6675-5083 > - -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Sure did! I am even playing with different options (including NONE) and it seems to ignore the contents of ssl.conf I have tried Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA Environment=G_TLS_GNUTLS_PRIORITY=PFS Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0: Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0 Environment=G_TLS_GNUTLS_PRIORITY=SECURE192:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2 And my last one: Environment=G_TLS_GNUTLS_PRIORITY=NONE:+SECURE128:-VERS-ALL:-SHA384:-SHA256 systemctl daemon-reload systemctl restart cockpit [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Protocol : TLSv1.1 Cipher: ECDHE-RSA-AES256-SHA [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_2 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Protocol : TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 [root@cockpit ~]# It is my understanding that -VERS-ALL will disable TLS at all and produce no output from the above tests. This does not seem to be the case. Also, If I did -SHA384 and -SHA256 then why the cipher in TLS1_2 test is ECDHE-RSA-AES256-GCM-SHA384 It seems it is completely ignoring the Environment variable. On Fri, Dec 27, 2019 at 5:18 PM Jonathan Billings wrote: > > On Dec 27, 2019, at 16:28, Erick Perez - Quadrian Enterprises > wrote: > > > > [root@cockpit ~]# cat /etc/systemd/system/cockpit.service.d/ssl.conf > > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > > > [root@cockpit ~]# > > [root@cockpit ~]# systemctl start cockpit > > [root@cockpit ~]# systemctl status cockpit -l > > Did you run: > > # systemctl daemon-reload > > ... before starting cockpit? > > -- > Jonathan Billings > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- - Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Thanks, Randal for the response. But it did not work. Here the results: #yum info cockpit Name: cockpit Arch: x86_64 Version : 195.1 Release : 1.el7.centos.0.1 Size: 51 k Repo: installed From repo : extras Summary : Web Console for Linux servers URL : https://cockpit-project.org/ License : LGPLv2+ [root@cockpit ~]# cat /etc/systemd/system/cockpit.service.d/ssl.conf Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 [root@cockpit ~]# [root@cockpit ~]# systemctl start cockpit [root@cockpit ~]# systemctl status cockpit -l ● cockpit.service - Cockpit Web Service Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static; vendor preset: disabled) Drop-In: /etc/systemd/system/cockpit.service.d └─ssl.conf Active: active (running) since Fri 2019-12-27 16:23:21 EST; 1min 25s ago Docs: man:cockpit-ws(8) Process: 3564 ExecStartPre=/usr/sbin/remotectl certificate --ensure --user=root --group=cockpit-ws --selinux-type=etc_t (code=exited, status=0/SUCCESS) Main PID: 3573 (cockpit-ws) CGroup: /system.slice/cockpit.service └─3573 /usr/libexec/cockpit-ws Dec 27 16:23:21 cockpit.localdomain systemd[1]: Starting Cockpit Web Service... Dec 27 16:23:21 cockpit.localdomain systemd[1]: Started Cockpit Web Service. Dec 27 16:23:21 cockpit.localdomain cockpit-ws[3573]: Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert Dec 27 16:23:30 cockpit.localdomain cockpit-ws[3573]: received invalid HTTP request line [root@cockpit ~]# [root@cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Protocol : TLSv1.1 Cipher: ECDHE-RSA-AES256-SHA On Fri, Dec 27, 2019 at 10:09 AM Randal, Phil wrote: > > Oops, excuse my typo > > Create /etc/systemd/system/cockpit.service.d/ssl.conf containing > > [Service] > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > Then > > systemctl daemon-reload > systemctl restart cockpit > > To verify that TLS 1.1 is disabled, > > echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e > Protocol -e Cipher > > The expected result is: > > New, (NONE), Cipher is (NONE) > Protocol : TLSv1.1 > Cipher: > > Cheers, > > Phil > > -Original Message- > From: Randal, Phil > Sent: 27 December 2019 15:04 > To: 'CentOS mailing list' > Subject: RE: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit > > Try creating /etc/system/system/cockpit.service.d/ssl.conf and putting this > in it: > > [Service] > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > Then > > systemctl daemon-reload > systemctl restart cockpit > > Cheers, > > Phil > > > -Original Message- > From: CentOS On Behalf Of Erick Perez - Quadrian > Enterprises > Sent: 27 December 2019 03:26 > To: centos@centos.org > Subject: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit > > CAUTION: This email originated from outside of the organisation. Do not click > links or open attachments unless you recognise the sender and know the > content is safe. > > Hi, I'm using cockpit in standard port 9090 in a Centos 7 system. > Due to a suggestion from management, they want TLS 1.1 disabled system-wide > in all Linux boxes and TLS 1.2 enabled. > > I have not found proper documentation on how to disable it for cockpit > (version 195.1 ships with Centos 7) > > So far I have tried (https://cockpit-project.org/guide/149/https.html): > > /usr/lib/systemd/system/cockpit.service > [Service] > Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 > > And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf > and added: > [Service] > Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 > > after that, I systemctl restart cockpit > > But if I do > #openssl s_client -connect localhost:9090 -tls1_1 I get a proper response (a > certificate), so TLS 1.1 is being accepted. > > Suggestions? > > Thanks. > > -- > > - > Erick Perez > - > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Hoople Ltd, Registered in England and Wales No. 7556595 > Registered office: Plough Lane, Hereford, HR4 0LE > > "Any opinion expressed in this e-mail or any attached files are those of the > individual and not necessarily those of Hoople Ltd. You should be aware that > Hoople Ltd. monitors its email service. This e-mail and any attached files > are c
[CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Hi, I'm using cockpit in standard port 9090 in a Centos 7 system. Due to a suggestion from management, they want TLS 1.1 disabled system-wide in all Linux boxes and TLS 1.2 enabled. I have not found proper documentation on how to disable it for cockpit (version 195.1 ships with Centos 7) So far I have tried (https://cockpit-project.org/guide/149/https.html): /usr/lib/systemd/system/cockpit.service [Service] Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf and added: [Service] Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 after that, I systemctl restart cockpit But if I do #openssl s_client -connect localhost:9090 -tls1_1 I get a proper response (a certificate), so TLS 1.1 is being accepted. Suggestions? Thanks. -- - Erick Perez - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Place to run script command for all user/sessions
Hi all, I would like to record user commands in terminal mode for remote supporters. I currently do that with the command "script - make typescript of terminal session". So far so good as long as I run a combo os screen/script at the command prompt, allow remote worker to control screen session and then at the end I do ctrl-d to save the script session. This however do not work (or at least is not practical) when I want to allow someone to login via SSH directly and unattended. What will be the place to insert "script" in order to call it for each login/logoff and sudo executions? As an alternative for my fellow coworkers I have setup a Windows 10 PC with putty and Teamviewer/AnyDesk on it. Remote supporters go into the Teamviewer/AnyDesk pc and then SSH using putty into the specified Linux box. Putty is setup as to record the entire session automatically. Linux boxes dont have GUI. Linux Boxes are Centos 7 x64 and only 3 are Centos 8 x64. Thanks for your comments. -- - Erick Perez - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C8: Wayland Session / Cut and Paste
I am going to check on that as well because I'm using Fedora 31/wayland as desktop and I experienced the same behavior On Thu, Nov 7, 2019, 3:13 PM Leon Fauster via CentOS wrote: > Is this the normal behavior now? Cutting text in gedit and pasting it > into the terminal needs that the source application stays running? > > -- > Leon > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] UEFI booting
On Thu, Sep 19, 2019 at 6:43 AM Jerry Geis wrote: > > I installed my first UEFI disk yesterday. Seemed to go fine. CentOS 7.6 > x86_64 > I then took that disk "out" of that machine and put it another machine - it > seems to not even boot. > I put the original disk back in that machine and it boots fine. > > I put the UEFI disk back in the machine I built it on and it works fine. > They are similar machines either and i3 and i7. > > Shouldn't that work? Build a UEFI disk on machine A - move it to machine B? > > Thanks > > Jerry > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Perhaps a silly question but 1- Does your new machine has EFI mode enabled on BIOS and not CSM? 2- is it at the same port/bay as the original one? 3- When do you say "not even boot" what do you mean? any messages on screen? past POST/BIOS/EFI does it gets to the linux bootloader? -- - Erick Perez ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] File server as host for a Windows Server VM?
I did that kind of in the past. Now I dont because I have plenty of resoruces available. But. So far you have not provided stats on server usage (cpu,ram) over a 24hour or 7 day 8am-5pm timeframe. So I will asume you have plenty of usage/performance to spare. I suggest you to -if possible- replicate the current server setup somewhere else and then install the KVM and dependencies via yum. That way you will spot potential problems if any library changes and its being used by samba. Unless using SSDs when creating the VM pleae do not use dynamic disk allocation. MS SQL may be very intensive and you are already sharing resources, lets not be the i/o intensity of the expanding disk one of them. remember SQL server is all about RAM, the more the merrier. is your partition aligned? - Erick Perez - On Sat, Sep 14, 2019 at 10:23 AM miguel medalha wrote: > > I hope that someone here can give some advice on the following: > > I have a Samba based Active Directory. A CentOS 7.6 machine runs as a > file server and hosts the Windows user profiles for all the Windows > workstations. > > Now management has decided that they need a Windows server for a couple > of administrative applications, which need MS SQL Server. That would be > the only role of this Windows. Since the above mentioned server has > enough resources (2x Quad Core Xeon 2.66 GHz with HT and 48 GB of RAM, a > dual port 10 Gb NIC) I thought of making it a host for a Windows virtual > machine using KVM. Given the resources and current setup we have, at the > moment it wouldn't be practical to implement both servers as VMs on top > of a bare metal hypervisor. > > According to your experience, is there any motive why I shouldn't use > such a setup? > > Thank you for any insights. > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS Server on Centos 7.6.1810 dying without reason
kernel: e820: BIOS-provided physical RAM map: - Erick Perez - On Fri, Aug 30, 2019 at 11:27 AM Erick Perez - Quadrian Enterprises wrote: > > Good morning, > in order to post proper documentation, what logs (or log level) do I > need to troubleshoot a Centos 7.6.1810 3.10.0-957.27.2.el7.x86_64 tha > tis running a NFS server on top LVM on top of XFS on top of VDO on top > of MDAM on a 6 SSD disk RAID6 ? > > This physical NFS server is servign 2 NFS v4.2 shares to 2 physical > KVM virtualization hosts. > > When remote NFS clients start doing intensive stuff (massive writes) , > the NFS server crashes and sometimes make the Linux server reboot. > > form KVM side this is all I get: hvm002 kernel: nfs: server 10.10.10.2 > not responding, timed out > > thanks > > - > Erick > - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] NFS Server on Centos 7.6.1810 dying without reason
Good morning, in order to post proper documentation, what logs (or log level) do I need to troubleshoot a Centos 7.6.1810 3.10.0-957.27.2.el7.x86_64 tha tis running a NFS server on top LVM on top of XFS on top of VDO on top of MDAM on a 6 SSD disk RAID6 ? This physical NFS server is servign 2 NFS v4.2 shares to 2 physical KVM virtualization hosts. When remote NFS clients start doing intensive stuff (massive writes) , the NFS server crashes and sometimes make the Linux server reboot. form KVM side this is all I get: hvm002 kernel: nfs: server 10.10.10.2 not responding, timed out thanks - Erick - ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
