Re: [CentOS] C7, removing zoom problem
I've made to move to Rocky 8 after it was released and there is support for MATE and if you prefer lightdm as a window manager. It has some minor quirks, but all in all it works just fine. I've not tried it yet but there is also a Rocky 9 MATE live image available https://docs.rockylinux.org/en/guides/desktop/mate_installation/ Pete On 2/7/23 23:53, Fred wrote: ah, that's OK for now, as long as it works. I'm trying to build up the courage to do a full system upgrade to Rocky.latest. I hate doing upgrades, it's such a pain in the rear to get everything working again, and get all my tweaks back into place. I despise Gnome 3+, and prefer Mate. Someone (EPEL ??) built Mate for C7, but the existing binaries for C8 don't work very well, there are none that I know of for C9, and AFAIK Rocky is the only Centos clone that supports Mate. there IS Ubuntu Mate, but I am more comfy with RH-derived systems. One thing I won't have to do anymore is set up email (used to have my own domain for email, but moved and can't get a static IP anymore, decided it was too much bother to do the ddns thing) along with POP3 for my wife to use. We now just use gmail. But I see that the time for said upgrade is drawing nearer and nearer. Fred On Tue, Feb 7, 2023 at 9:22 PM Ian Mortimer wrote: On Mon, 2023-02-06 at 21:13 -0500, Fred wrote: well, as one of the earlier posters showed how, I did remove the existing one then installed the new one (the one that Zoom offers for Centos- 7, not the one for Centos-8, which has the problem you describe) and voila, works like a charm! Yes but that's the old version - 5.13.4.711 not the latest 5.13.7.683. "Check for Updates" will tell you there's a new version but you'll be stuck with that old version until you upgrade from CentOS 7 to something newer. -- Ian ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LibreOffice on CentOS 7
Why not simply download the latest and greatest version LibreOffice from their we site I've been doing that for several years on both Centos 7 and now Rocky 8 and it has worked without fail. On 11/3/22 10:46, H wrote: On 11/02/2022 03:53 PM,jefflp...@twc.com wrote: 3.10.0-1160.76.1.el7.x86_64. I check for updates every day. Jeff -From: "H" To: "CentOS mailing list" Cc: Sent: Wednesday November 2 2022 6:28:52AM Subject: Re: [CentOS] LibreOffice on CentOS 7 On November 1, 2022 5:13:49 PM EDT, Josh Boyer wrote: >On Tue, Nov 1, 2022, 5:05 PM H wrote: > >> I am running the default version of LibreOffice 5.3.6.1 on CentOS 7. >This >> is quite an old version and has a serious bug in Calc, possibly an >errant >> pointer, that frequently locks up spreadsheets. >> >> Has anyone installed a later version of LO on CentOS 7? I would >prefer a >> version that is not flatpak, snap or appimage etc... >> > >Could you elaborate why you would like to avoid those packaging >formats? > >josh >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos /> A general dislike of anything that gets between the operating system and an application potentially introducing its own complications. Does anyone happen to know what the latest native version for CentOS 7 is? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos /> ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos That seems to be version 3.10.0, or? As I wrote, I am running 5.3.6.1... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package of GCC 12 on CentOS 7
On Mon, 2022-06-20 at 09:20 -0400, Mike Burger wrote: > On 2022-06-20 05:03, Pete Biggs wrote: > > On Mon, 2022-06-20 at 09:31 +0100, david allan finch wrote: > > > Is there an rpm of GCC 12 (or at least higher than 9) available to > > > download and install, or is it a case of downloading and build from > > > the > > > source yourself? > > > > > That's what Software Collections is for. > > > > https://www.softwarecollections.org/ > > > > Specifically you need one of the devtoolset collections - it goes up to > > 11 which, unsurprisingly, provides gcc-11 on CentOS 7. So: > > > > # yum install centos-release-scl > > # yum install devtoolset-11 > > # scl enable devtoolset-11 bash > > > > Pete, > > As David was asking about obtaining and installing GCC 12, wouldn't > installing GCC 11, as noted above, leave him downlevel? > He said "or at least higher than 9". P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Package of GCC 12 on CentOS 7
On Mon, 2022-06-20 at 09:31 +0100, david allan finch wrote: > Is there an rpm of GCC 12 (or at least higher than 9) available to > download and install, or is it a case of downloading and build from the > source yourself? > That's what Software Collections is for. https://www.softwarecollections.org/ Specifically you need one of the devtoolset collections - it goes up to 11 which, unsurprisingly, provides gcc-11 on CentOS 7. So: # yum install centos-release-scl # yum install devtoolset-11 # scl enable devtoolset-11 bash and gives: # gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/opt/rh/devtoolset-11/root/usr/libexec/gcc/x86_64-redhat-linux/11/lto-wrapper Target: x86_64-redhat-linux Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,lto --prefix=/opt/rh/devtoolset-11/root/usr --mandir=/opt/rh/devtoolset-11/root/usr/share/man --infodir=/opt/rh/devtoolset-11/root/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --with-default-libstdcxx-abi=gcc4-compatible --enable-plugin --enable-initfini-array --with-isl=/builddir/build/BUILD/gcc-11.2.1-20210728/obj-x86_64-redhat-linux/isl-install --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux Thread model: posix Supported LTO compression algorithms: zlib gcc version 11.2.1 20210728 (Red Hat 11.2.1-1) (GCC) P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Compatible SATA controller needed
I've gone through the BIOS and tried all the combinations that were available but still no joy. I used ELRepo's method of determining the card type, and the result was none yielded a positive result. After trying all combinations my only course of action is to fins a card that is compatible and ignore the controllers that I currently have. Thanks On 3/27/22 16:08, Robert Heller wrote: At Sun, 27 Mar 2022 12:23:21 -0700 CentOS mailing list wrote: On Sun, Mar 27, 2022 at 11:55 AM Pete Geenhuizen wrote: I'm trying to install Centos 8 on an older PC but it fails because the SATA controller isn't supported. Anyone have a source for a PCI/ePCI controller card that is compatible with Centos 8? Thanks Pete Your controller might be supported by one of the ELRepo's kmod packages. This can be checked if you provide the device ID pairing [:] as reported by 'lspci -nn'. Also: what BIOS mode is the SATA controller operating in? The SATA firmware in some PCs implement various "weird" modes, including "RAID" (no, not really hardware RAID, just some kind of half BIOS half MS-Windows driver software RAID hack), Make sure the SATA controller is in AHCI mode and not in some other mode. If it is in AHCI mode, it might just work out-of-the-box. Akemi ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Compatible SATA controller needed
I've already checked ELRepo for a possible driver and have tried some that looked promising but no success. Thanks On 3/27/22 15:23, Akemi Yagi wrote: On Sun, Mar 27, 2022 at 11:55 AM Pete Geenhuizen wrote: I'm trying to install Centos 8 on an older PC but it fails because the SATA controller isn't supported. Anyone have a source for a PCI/ePCI controller card that is compatible with Centos 8? Thanks Pete Your controller might be supported by one of the ELRepo's kmod packages. This can be checked if you provide the device ID pairing [:] as reported by 'lspci -nn'. Akemi ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Compatible SATA controller needed
I'm trying to install Centos 8 on an older PC but it fails because the SATA controller isn't supported. Anyone have a source for a PCI/ePCI controller card that is compatible with Centos 8? Thanks Pete -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Stream 8 dnf fails
On Mon, 2022-02-14 at 06:36 -0600, Bill Gee wrote: > H. I thought I was already on stream, but apparently not. > /etc/redhat-release says it is not stream. > > I looked for a method to upgrade. Found some notes at techrepublic. > The first step is to install centos-release-stream, which fails. So > what is the method for doing an upgrade? I gave you the link for the official way of doing it: https://centos.org/download/ Click on the "CentOS Stream" purple bit at the top, then on the '8' purple bit. Then scroll down to "Converting from CentOS Linux 8 to CentOS Stream 8". If your machine hasn't been updated for a while, you might need to add '--allowerasing' to the comand line to swap the distros. If it doesn't work, then please let the list know any error messages so someone can help you. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Stream 8 dnf fails
On Mon, 2022-02-14 at 05:55 -0600, Bill Gee wrote: > Every time I run dnf, I get this: > > = > [root@vmhost2 ~]# dnf upgrade > CentOS Linux 8 - AppStream >70 B/s | 38 B 00:00 > Error: Failed to download metadata for repo 'appstream': Cannot prepare > internal mirrorlist: No URLs in mirrorlist > = > > I tried disabling the repository, but that only gives me exactly the > same error for the baseos repository. I doubt it is a problem in the > .repo files. Something else is going on. > > Ping to mirrorlist.centos.org works on both ipv4 and ipv6, so I know > that both name resolution and network connectivity are working. > That's because you are still on CentOS 8 not 8-stream. The C8 repositories are now empty. (The equivalent repo for 8-stream is labelled "CentOS Stream 8 - AppStream".) To move to 8 Stream, see https://centos.org/download/ You will also probably soon get some recommendations to not move to 8 stream and to use one of the other clone distros ... P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] printing on C8S
On Fri, 2022-01-07 at 10:21 -0500, Fred wrote: > John, it is a Brother DCP7065DN, on the hardwired network and visible to > all the computers here. > > Actually, I just installed Mate (can't stand that Gnome-thing) but neither > it nor Gnome shows any printer config utilities. > > Barry, I'll check into lpadmin. Still, I'd think there would be something > actually visible in one of the menus, and as far as I can see there isn't. In Gnome it's in Settings - i.e. top bar, right menu -> settings. It changes position sometimes it might be at the top level of settings or under devices. The "official" way of dealing with CUPS printers is to use the web interface - i.e. http://localhost:631 - that should work on all systems and all environments so long as you have cuspd running. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 on Dell after update and reboot running at HZ not Mhz
On Wed, 2021-12-22 at 22:02 -0500, Jerry Geis wrote: > I have a Dell R320 > > > What on earth is making this machine run sooo slow ??? > > Its OFF by a factor of 10 - it should be 1800 mhz > I have lots of R440 and one of them went like this. I tried lots of things to get it back up to full speed, in the end the only thing that worked was to completely remove power - not just reboot or power off or IPMI power control, completely remove power for 10 mins. When it came back it was full speed again. I suspect it had got confused in the BIOS or something. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Gnome unlocks all desktop sessions
All, I am trying to figure out the logic of why Gnome is unlocking all of my desktop sessions. In my office I am logged into a CentOS 7 Gnome desktop, X :0. I then lock the screen and go home. Once home, I log into my work computer and start a new vncserver on :1. If I lock and then unlock :1, ALL desktop sessions are unlocked, including :0. This can be observed with a laptop and watching :0 unlock when unlocking VNC session :1, or by launching multiple VNC servers. In one test I created vnc sessions on :1, :2, :3, :4, I connected to each and locked each desktop. I then unlocked one session and noticed all sessions unlocked at the same time. While the unlocking of VNC :1-:4 is quirky, at least it is still protected by the authentication provided by VNC; the unlocking of :0 is the trouble. Can anyone provide clarity or a work around to this? -Pete tigervnc-server.x86_64 1.8.0-22.el7 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] hosts.deny, fail2ban etc.
On Tue, 2021-07-27 at 16:43 -0400, H wrote: > > Running CentOS 7. I was under the impression - seemingly mistaken - > > that by adding a rule to /etc/hosts.deny such as ALL: aaa.bbb.ccc.* > > would ban all attempts from that network segment to connect to the > > server, ie before fail2ban would (eventually) ban connection > > attempts. > > This, however, does not seem correct and I could use a pointer to > correct my misunderstanding. How is hosts.deny used and what have I > missed? hosts.deny is only used by specific programs that use TCP wrappers. It is not a general "deny this host access". Also note that fail2ban operates on individual hosts, not subnets. > > Is it necessary to run: > > iptables -I INPUT -s aaa.bbb.ccc.0/24 -j DROP > > to drop incoming connection attempts from that subnet? > If you use iptables yes, probably. Firewalld has a specific drop zone that you can use: firewall-cmd --zone=drop --add-source=aaa.bbb.ccc.0/24 (with suitable --permanent flag if you want it permanent). P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Warning: No matches found for: clamav on CentOS Linux release 7.9.2009 (Core)
The latest version in in epel-testing, yum --enablerepo=epel-testing update clam* will do the trick On 7/19/21 5:04 AM, Kaushal Shriyan wrote: Hi, I am running CentOS Linux release 7.9.2009 (Core) and installed epel repository. # rpm -qa | grep epel epel-release-7-13.noarch # cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) #yum search clamav Loaded plugins: fastestmirror Determining fastest mirrors * base: mirrors.piconets.webwerks.in * extras: mirrors.piconets.webwerks.in * updates: mirrors.piconets.webwerks.in base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 elastic-7.x | 1.3 kB 00:00:00 extras | 2.9 kB 00:00:00 ius | 1.3 kB 00:00:00 mariadb | 2.9 kB 00:00:00 nginx | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/10): base/7/x86_64/group_gz | 153 kB 00:00:00 (2/10): extras/7/x86_64/primary_db | 242 kB 00:00:00 (3/10): elastic-7.x/primary | 288 kB 00:00:00 (4/10): docker-ce-stable/7/x86_64/primary_db | 62 kB 00:00:00 (5/10): docker-ce-stable/7/x86_64/updateinfo | 55 B 00:00:00 (6/10): ius/x86_64/primary | 100 kB 00:00:01 (7/10): updates/7/x86_64/primary_db | 8.8 MB 00:00:04 (8/10): base/7/x86_64/primary_db | 6.1 MB 00:00:05 (9/10): nginx/7/x86_64/primary_db | 67 kB 00:00:04 (10/10): mariadb/primary_db | 36 kB 00:00:05 elastic-7.x 880/880 ius 467/467 Warning: No matches found for: clamav No matches found Am I missing anything? Please suggest further. Thanks in Advance. Best Regards, Kaushal ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security Updates not properly flagged
> > There are probably more security updates which should be installed by > yum --security but those are the packages I am most interested in. > > Please change as necessary to allow yum --security to work. > CentOS does not provide the metadata to allow the --security flag to work. It doesn't provide it because that information from Redhat is proprietary and not open source. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where to get reliable/open source license manager
> > If your code is written in Python, what’s to stop users from just > rewriting the license check? In my youth I realised that a licensed package was calling a separate executable to check the license - the return code determined if the product was licensed. I replaced the license code with a shell script that returned '1' and it all worked. Simple, naive days. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] where to get reliable/open source license manager
> > I know flexlm but I never heard of an open source project with the same > functionality. Open source is usually free to use so there is no need to > control the number of licenses used :-) > There is an OpenLM that, ISTR, is a replacement for FlexLM. I've used the tools associated with it to analyse FlexLM logs. However looking at it, it now seems to be a commercial enterprise. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
> > Quite agree. For me, not too knowledgeable in these things person, this > looks exactly what Fedoraa while ago was: huge opening of RedHat to > wide open source community. Maybe Fedora didn't live up to the > expectation, then good luck to CentOS to live up to this expectation. I don't think that is the case, quite the opposite. Fedora is way more bleeding edge than RHEL/Stream, Fedora leads to a version that will form the basis of the next major version of RHEL. My feeling (without any real knowledge) is that the community involvement with Fedora was seen as a benefit and now they are doing the same thing with RHEL - that community input into RHEL is via Stream. It has been said a few times that Stream is, in effect, the distro that RH develops on: it used to be internal to RH, now it's not. It was RH's own internal rebuild of RHEL. Opening up this to the outside world allows other people (SIGs, spins etc.) to produce code on a level playing field with RH developers. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
> > > > My comment was just to balance Pete's as the truth between Pete's > statement and Carlos feelings is where I'm sure my comment pointed... > Out of interest, do you think my statement is factually incorrect? If so, in what way? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On Tue, 2021-04-27 at 09:36 -0400, Carlos Oliva wrote: > Thank you for your response Rich. I have heard that Stream is beta > releases of RH -- rather distressing. Is this a proper characterization? > You heard wrong. Stream is effectively a rolling early release of the next point release of RHEL. The packages in stream are fully tested and have gone through QA. They are not beta releases. The disadvantage of Stream is that it doesn't have the full 10 year support of RHEL and doesn't have the full binary compatibility to RHEL. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] R730xd & SD card identfication
> > I am beginning to be persuaded you are right. However, I have seen > some posts about putting vmware either on the SD card or internal usb > stick that made me think the SD card could be addressable. If Dell has > this limited to Dell flash cards instead of a regular SD card that > might explain some of what I am seeing. > You can get an Internal Dual SD Module (IDSDM) addon for those machines - they are different to the iDrac based vFlash card. And yes, you can boot a hypervisor from the internal SD card. Also, apparently, neither the vFlash slot nor the IDSDM are hot- pluggable. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] R730xd & SD card identfication
On Sun, 2021-03-07 at 11:17 -0600, Gregory P. Ennis wrote: > Everyone, > > We have migrated a platform to a Centos 8 host using kvm guest machines > > Recently I tried to copy one of the guests to the external SD card on > the back of the Dell R730xd, but I have not been able to get the Centos > 8 host to recognize the SD card. > > I can use DRAC interface of the R730xd to see that the SD card is being > recognized and the status of the external SD slot is turned from > inactive to active when the card is inserted. > I have a nagging feeling at the back of my mind that that slot is associated with the iDrac system and not the main board. In any case doesn't that need a vFlash card not a standard SD/SDHC card? From Wikipedia: https://en.wikipedia.org/wiki/Dell_DRAC To take advantage of storage greater than 256 MB on the iDRAC6 enterprise, Dell requires that a vFlash SD card be procured through Dell channels. As of December 2011, Dell vFlash SD cards differ from consumer SD cards by being over-provisioned by 100% for increased write endurance and performance.[21] While there are no other known functional differences between a Dell-branded vFlash SD card and a class 2 or greater SDHC card, the use of non-Dell media prevents the use of extended capacities and functions. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Transition test report going from CentOS8 to Debian 10.
> > I did the move and also looked at several source RPMs. One thing to note > is that by default, you'll end up with packages replaced by updated > packages from UEK repository. I've removed the UEK repo and replaced all > packages with the corresponding base packages. That brings you very close > to what you have with RHEL/CentOS. Additionally what I found in the source > RPMs is that Oracle decided to add some patches/changes fixings issues > tracked in Oracle tracking system. > > I don't think these changes are a problem because they mostly fix things > which maybe RedHat voted not to fix. At least that's my impression. > If you mean that Oracle has patched the base packages, then surely it is then no longer a RHEL clone. The whole point of CentOS was that it was a RHEL clone, warts and all. In that context it doesn't matter how close you get to RHEL, it still isn't the same. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LTS
On Tue, 2021-01-12 at 14:47 +0530, Thomas Stephen Lee wrote: > On Tue, Jan 12, 2021 at 12:39 PM John R. Dennison wrote: > > > > On Tue, Jan 12, 2021 at 12:00:00PM +0530, Thomas Stephen Lee wrote: > > > > > > CentOS Linux can continue as Fedora LTS or something similar with a > > > five-year life cycle. After five years, users can opt for paid upgrades. > > > We can also work with System manufacturers to pre-install the free LTS on > > > their products, which will increase our user base. > > > > Who is this "we" you speak of? > > Anybody connected to CentOS (Users, Developers, Companies, SIGs ...) > > CentOS is a RedHat entity these days. They already have an LTS product called RHEL which you can pay for, why would they create another one? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Stream suitability as a production webserver
> > Given we are not developing drivers or applications (other than websites > and web applications), is the change a non-issue for my use-case? I've seen > it written that CentOS Stream is the "development version" of RHEL but also > that we shouldn't have considered RHEL to be the beta for CentOS. Others > have said to think of CentOS more like RHEL RC-1. I just don't know how the > stability will compare and we have historically always chosen CentOS for > its stability (and of course price). There's been a lot of information and mis-information being bandied around on websites from people who don't really quite understand what's going on. I hope I don't contribute to the confusion! It wasn't helped by the, frankly, heavy-handed way it was handled by RH. One of the problems is that people are trying to put a label on what 8- stream is - such as development version, or RC, or beta version or whatever. To be honest all we can do is to try and understand what RH want. As far as I understand it, 8-stream accumulates new versions of packages that will collectively go to make up the next point release of RHEL8. We have been told, and we can only take it at face value, that the versions that go into 8-stream will be final, QC'd packages: they are not test, development or beta versions, nor are they "work in progress". 8-stream will be a complete and functioning, stable distro. So rather than waiting to get the new versions of things once every 6 months, 8-stream gets them when they are ready. The confusion about the "development" label is that RH said that 8- stream will be the distro used for their development process. So internally things will be developed and compiled in an 8-stream environment. They have never said that the development packages will ever be visible or available in 8-stream itself until they are ready to be set free. TBH I would have thought that this exactly how RH operate internally at the moment - they must have, say, a pre-8.3 environment that they put packages in so that when new packages are developed that can be compiled and everything is compatible. I really can't imagine that packages are developed in isolation until there's a big 8.3 compile time. All they are doing is making that internal system a public thing. Now it's certainly possible that from RH point of view, releasing the packages into the wild is a very good way of finding bugs that might have slipped through QC - there is after all already a steady stream of updates between point releases. So the benefit for RH is that paying customers get potentially fewer updates between releases, but the implication is that 8-stream will be no less stable than CentOS 8 currently is. The rhetoric from RH is that the tooling of the 8-stream system is not fully in place yet, but should be soon. Again, we can only take them at their word and watch what happens. And I must stress that I am no RH apologist: I think it was all handled incredibly badly by them and they desperately need to get some change management experience!! If you are considering using 8-stream then you need to understand that there is no specific point-release configuration that you can base things on - you cann't say that this is "equivalent to RHEL 8.5" or whatever; this is important if you need to use 3rd party drivers during install as they are based on specific configurations (but hey, install CentOS 8.2 and move to 8-stream from there and upgrade). Also the lifetime of 8-stream is half what you've been used to - so come 2024, it will die; but 9-stream will have existed for at least a couple of years by then, so there is a roadmap. As for what you should do, than no one can really tell you. My advice to others has been to watch, evaluate, test. If you are running bog standard web servers with nothing exotic, then I have a feeling that 8- stream will work; if you are running 3rd party apps on a web service where versions matter, then you need to think carefully and consider switching to one of the rebuild distros. > > Of course, a lot of this is somewhat dependent on what DigitalOcean will > decide to provide image wise moving forward. I suspect that as more and more things become containerised (and boy do I dislike containers), the actual underlying OS will become considerably less important. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rare but repeating system crash in C7
> > I commented out those entries in /etc/auto.master before modifying the > fstab entry: > > UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf /mnt/backup > ext4,x-systemd.automount,x-systemd.idle-timeout=15min noauto 0 2 That's not correct. See 'man fstab'. It should be device mount-point filesystem-type options dump fsck So you should have: UUID=259ec5ea-e8a4-465a-9263-1c06217b9aaf /mnt/backup ext4 x-systemd.automount,x-systemd.idle-timeout=15min,noauto 0 2 > > which is exactly as it was before except for the x-systemd entries as you > described. Yeah, you put them in the wrong place. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 future
At 13 December, 2020 Simon Avery wrote: > Reply-To: CentOS mailing list > > On Sat, 12 Dec 2020 at 23:55, edward via CentOS wrote: > > > appears facebook is running centos stream and also helping developing > > centos. > > A small but important point of order on that statement, based on the > article you link; > > "an operating system they derive from CentOS Stream. " > > So Stream is the starting point which Facebook then does "facebook things" > to and forms their own in-house distro. They're not running Stream. A few engineers from the OS team at fb gave a talk in brussels earlier this year. It explains what's different from vanilla stream and what the facebook things that go into it are: https://www.youtube.com/watch?v=cA_Nd3crBuA Skip to 23:30 where they start talking about stream. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] question centos stream 8 applying updates
On Fri, 2020-12-11 at 22:05 +0100, Gionatan Danti wrote: > Il 2020-12-11 19:26 Walter H. ha scritto: > > with CentOS Stream there are only updates till 2024(!) not 2029 as it > > be expected ... > > Is that officially confirmed? If RHEL 8 is expected to have an 8.10 > release sometime in the 2028-2029 timeframe, and if any updates should > really hit Stream-8 before, the latter should have the same EOL date. > Somewhere in amongst the vast number of posts, someone said that the release cadence for point releases was 6 months with the final release being 8.10 in 2024. After that RHEL 8 goes into maintenance mode and there will be no more content added to 8-stream (because it had reached the end of it's useful life as a pre point release distro). I think it's still not clear what exactly will be the fate of 8-stream after 2024. The implication is that 9-stream will be active by then and 8-stream will just disappear. In some ways it would be nice if it was frozen but kept, but it won't receive any bug/security fixes, so it may be deemed too "dangerous" to allow people access to it. I suppose it's natural home would be vault.centos.org, but we will have to see what RH think of that. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 8-stream dnf overly verbose
On Fri, 2020-12-11 at 11:13 -0500, Matthew Miller wrote: > On Fri, Dec 11, 2020 at 03:53:04PM +, Randal, Phil wrote: > > Funnily enough mere mortals like me aren't allowed to view that bug report. > > Are you sure? I am able to see it without logging in. > > > > I've filed a bug: https://bugzilla.redhat.com/show_bug.cgi?id=1906839 > > on CentOS Stream distribution. > It's been changed. I couldn't see it either when it was first posted. It's open now. One might cynically think that not all ducks were correctly lined up for this brave new world scenario. :-) P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] 8-stream dnf overly verbose
In moving a test machine from 8.3 to 8-stream the main thing I've noticed is that dnf has become very verbose. It's as if someone has turned on the -v permanently. I've tried using '-q' (it says nothing then) and I've tried adjusting the debuglevel, but nothing seems to affect it. I get things like this: Downloading: http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=BaseOS&infra=stock Downloading: http://mirror.cov.ukservers.com/centos/8-stream/BaseOS/x86_64/os/repodata/repomd.xml| 0 B --:-- ETA Downloading: http://mirror.cov.ukservers.com/centos/8-stream/BaseOS/x86_64/os/repodata/c2f9210df3e5c24d45228e360eb1f405367c1286d36ec91bf930abb944e3ac44-primary.xml.gz Downloading: http://mirror.cov.ukservers.com/centos/8-stream/BaseOS/x86_64/os/repodata/b412debc52ee7c094b8de2c57a0d6d8827828154a6cd0e1995d588273028a4fe-filelists.xml.gz Downloading: http://mirror.cov.ukservers.com/centos/8-stream/BaseOS/x86_64/os/repodata/6cd252c469b0dd0c67bc8d8b4ab2df44fb24de52c93decdfe7acc77b97361490-comps-BaseOS.x86_64.xml.xz CentOS Stream 8 - BaseOS 13 MB/s | 2.3 M For every repo when there's nothing cached. It never used to do this. How can I turn off the "Downloading:" messages? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update path question in connection with CentOS Stream?
> when someone has installed a CentOS 7.1 in the past, > > and did 'yum update' regularily, his/she got a CentOS 7.8 now without > any reinstallation procedure or other complications; > > when the same wanted to update to CentOS 8 he/she had to do a new install; > > what happens to CentOS Stream? > > when some is now installing CentOS Steam and will do > > 'dnf update' or 'yum update' regularily in the future, > > what does he/she get till the "end"? > > is this a rolling release like Win10 which doesn't need to be > reinstalled now and in future? > (the fact that hardware can break is not the question) Yes, you just continually get updates in 8-stream. There's no quantised point releases. A fully updated 8-stream install is the equivalent of the last point release of RHEL8 plus some other bits and those other bits will accumulate over the 6 months and eventually form the next point release. You will continue to get updates in 8-stream until the last RHEL8 point release (8.10) in 2024. It is unclear to me what will happen then - will 8-stream remain dormant and get security fixes only? Will it be removed completely (either deleted or put in vault)? Will there be an "upgrade" mechanism to get to 9-stream? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Moving to CentOS 8 Stream
Johnny - Thanks for that. It did mostly work - it wasn't keen on installing the RPM you pointed to, but once it did the distro swap worked and the system is now only using 8-stream as its repositories. Thanks P. > sure .. you can manually add the one repo required to manually do the > swap command .. > > Or maybe just install this package and then remove the other one: > > you want: > > http://mirror.centos.org/centos/8- stream/BaseOS/x86_64/os/Packages/centos-stream-repos-8-2.el8.noarch.rpm > > installed first > > Then remove centos-repos > > Or you could manually create a CentOS-Stream-BaseOS.repo (you could even > name it test.repo and remove it later once switched) this will work: > > [baseos] > name=CentOS Stream $releasever - BaseOS > mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch &repo=BaseOS&infra=$infra > #baseurl=http://mirror.centos.org/$contentdir/$stream/BaseOS/$basearch/ os/ > gpgcheck=1 > enabled=1 > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial > > > in /etc/yum.repos.d/.repo > > then once the distro-sync command works, remove > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Moving to CentOS 8 Stream
On Wed, 2020-12-09 at 11:00 -0600, Johnny Hughes wrote: > > Put this line : > > dnf swap centos-{linux,stream}-repos > > after > > dnf install centos-release-stream > Is there away to recover the system I tried it on - if I run that command now I get No match for argument: centos-stream-repos Error: Unable to find a match: centos-stream-repos If I try to install centos-release-stream I get Package centos-stream-release-8.4-1.el8.noarch is already installed. I can't remove it because it would result in removing a protected package. Oh well, a wipe and re-install tomorrow probably. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Moving to CentOS 8 Stream
> > > > > I thought I saw a reply from Johnny that streams wasn't quite ready, maybe > > he will chime in but that's what I thought I saw in a response. What, in amongst the hundreds of messages, he said it wasn't ready!! Why publish a FAQ and a web page telling you how to migrate without a great big banner across it saying "don't rush, it's not ready yet". Or better, don't publish anything if the instructions don't work. Sheesh. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Moving to CentOS 8 Stream
It's got to be done, so may as well test it ... The FAQ says to do: dnf install centos-release-stream dnf distro-sync This I did and everything went fine. I checked before doing the distro- sync and there was a load of new Stream repos in /etc/yum.repos.d Rebooted the machine and dnf has gone back to only looking in 8.3, and the stream repos had disappeared. Looking in the logs I can see this: 2020-12-09T12:28:42Z DEBUG ---> Package centos-stream-release.noarch 8.4-1.el8 will be installed 2020-12-09T12:28:42Z DEBUG ---> Package centos-linux-release.noarch 8.3-1.2011.el8 will be obsoleted 2020-12-09T12:28:42Z DEBUG ---> Package centos-release-stream.x86_64 8.1-1.1911.0.7.el8 will be obsoleted and Installing: centos-stream-release noarch 8.4-1.el8 Stream-BaseOS 21 k replacing centos-linux-release.noarch 8.3-1.2011.el8 replacing centos-release-stream.x86_64 8.1-1.1911.0.7.el8 The centos-stream-release RPM does not contain any repo information, that was all in centos-release-stream that has been removed. So stream has deleted itself. It's not a good start. I also can't seem to get back to a sensible system and have now got a system with a mixture of CentOS 8 and CentOS 8 Stream RPMs with no way of installing the Stream repos from an RPM. I see that "subscription-manager" has been installed on this system now which it never was. Is CentOS also going to be part of that ecosystem as well? Fortunately this was a throw-away install. I hope no one has tried the instructions in the FAQ on an important machine! P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/
> > I think what a lot of people are concerned about is the rolling-release > > aspect of this. There will be no definitive versioning of CentOS in the > > future - all you will be able to say is "fully updated" and it won't be > > possible to slot a CentOS system in to exactly match a RHEL version. > > Will third party RPMs built against RHEL 8.x be installable on a CentOS > > 8 Stream system? The answer is surely "it depends", but there are a lot > > of hardware vendors that target drivers to RHEL releases, which may > > well make CentOS non-viable for hardware that doesn't have drivers > > built in to the kernel. > > > > Generally if they follow the ABI guidelines I would expect it to work. > Those are here: https://access.redhat.com/articles/rhel8-abi-compatibility > > For loadable kernel modules there's a kernel ABI. Yes, and many things work well. My most recent issue was that kit supplied by HPE (sorry, it's pain is stuck in my mind) had a RAID controller that needs a driver disk during install - doing the install time drivers is not a problem, the problem is that they don't support CentOS, hence I had to use a RHEL driver and out of the 5 available for RHEL7/8, only one of them worked with a CentOS release. HPE support don't want to know because they don't support CentOS. I know this comes under the heading of "Corporate RedHat Policy", but is RedHat going to do the right thing by CentOS 8 Stream to the level of lobbying other behemoth corporations such as HPE or Dell to support it? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/
On Tue, 2020-12-08 at 19:52 -0800, Brendan Conoboy wrote: > On Tue, Dec 8, 2020 at 6:00 PM Pete Biggs wrote: > > > The problem is that we won't know if it will work. When CentOS matched > > the RHEL point releases we knew that an RPM/driver targeted for RHEL > > 8.2 has a good chance of working on CentOS 8.2 - but that versioning > > match is lost with Stream. So vendors will either have to produce > > another version of their RPM for CentOS 8 Stream (and continuously > > check to see if it needs to be updated) or, more likely, just not > > bother to support CentOS. It already happens - HPE won't support > > CentOS, but they do support RHEL and those RHEL RPMs work with CentOS. > > The only Linux they support is RHEL, so we're stuck with our HPE kit. > > > > Cool, I understand where you're coming from. If the world remained static > after this announcement I would be more concerned about this scenario. As > it is, we're in a dynamic space, and CentOS Stream will be a place that > hardware vendors can participate as well. What will be the incentive for vendors to participate? Sure you can talk the corporate talk about opportunities and ecosystems, but the bottom line is that it requires investment (at least in time) when they could just continue supporting RHEL point releases, or possibly every other point release. I understand that the reason HPE, for example, don't support CentOS is that there is no verification suite to ensure compatibility. Since CentOS is a different beast to RHEL now, are things like that going to looked at? > > > But I will absolutely say that the things they are rolling into RHEL 8.4 > > > in a few months are not inherently less stable or less secure or > > > whatever else you want to call it .. when compared to other Linux > > distros. > > > > So instead of keeping everything back for a point release, the packages > > are set free once they are ready. Stream is a rolling release. And > > that's fine, but it's not what people thought they were getting when > > committing to CentOS. It has always been promoted as point release > > compatible with RHEL and that was it's main attraction to many people. > > > > It's certainly a change. Yes, yes it is. It's a major change in philosophy for the distro. It's a change that should not have been thrown at the community in such a way. There are ways of delivering and transitioning; there are such things as change managers to bring the community along with you. Working to make this change for CentOS 9 in 2023/4 could have been delivered without much backlash - I don't think I have seen a single positive comment about this other than from people directly involved with RedHat/CentOS. There's politics and corporate managers behind this somewhere. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/
> > It is not the same as Rawhide is all I am saying. > > It is based on the current release and it is being modified for some reason. > > That modification can be a bugfix from a reported bug, it can be an > enhancement for a given package or it can be a security update. > > Each of these updates will be rolled in one at a time. > > It is what will eventually become the next rhel source code in a few > months for the next point release. > > Only you will know if this will work for your situation. The problem is that we won't know if it will work. When CentOS matched the RHEL point releases we knew that an RPM/driver targeted for RHEL 8.2 has a good chance of working on CentOS 8.2 - but that versioning match is lost with Stream. So vendors will either have to produce another version of their RPM for CentOS 8 Stream (and continuously check to see if it needs to be updated) or, more likely, just not bother to support CentOS. It already happens - HPE won't support CentOS, but they do support RHEL and those RHEL RPMs work with CentOS. The only Linux they support is RHEL, so we're stuck with our HPE kit. > > But I will absolutely say that the things they are rolling into RHEL 8.4 > in a few months are not inherently less stable or less secure or > whatever else you want to call it .. when compared to other Linux distros. So instead of keeping everything back for a point release, the packages are set free once they are ready. Stream is a rolling release. And that's fine, but it's not what people thought they were getting when committing to CentOS. It has always been promoted as point release compatible with RHEL and that was it's main attraction to many people. A separate question. Will a point release of RHEL 8.x be directly a snapshot of 8Stream on a specific date? Or will RedHat pick and choose which versions from 8Stream they put into 8.x? i.e. Would it be possible to clone the 8Stream tree on the date that, say, 8.6 is released and call it 8.6.stream - would 8.6 be the same as 8.6.stream? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/
On Tue, 2020-12-08 at 17:54 -0500, Matthew Miller wrote: > On Tue, Dec 08, 2020 at 03:15:17PM +0000, Pete Biggs wrote: > > "CentOS will become the developer playground" > > This one is categorically not the case. Even Fedora isn't a developer > playground. Everything landing in CentOS Stream is actually *planned* (with > emphasis intentional) to go in a future RHEL release. It's all the talk of SIGs and developing and testing and that Stream will be the centerpiece of that. That's what I meant. > > Previously, all the development around RHEL releases was done in secret, in > the Red Hat black box. Now it's out of the box and can be watched. There may > be some launch pains, but I expect the average quality of an update hitting > CentOS Stream to be very high. I don't get that from the documents released today. If Stream is *not* a test-bed, then surely the code that appears in Stream must be fully formed in secret behind the scenes first. Yes, it will appear piecemeal rather than in one big chunk, but it has been categorically denied that Stream is not a RHEL 8.n+1 beta and is more a RHEL 8.n+1 RC/rolling release. I think what a lot of people are concerned about is the rolling-release aspect of this. There will be no definitive versioning of CentOS in the future - all you will be able to say is "fully updated" and it won't be possible to slot a CentOS system in to exactly match a RHEL version. Will third party RPMs built against RHEL 8.x be installable on a CentOS 8 Stream system? The answer is surely "it depends", but there are a lot of hardware vendors that target drivers to RHEL releases, which may well make CentOS non-viable for hardware that doesn't have drivers built in to the kernel. I suspect that for a large proportion of scenarios Streams will be perfectly OK. But we still get software/instruments that specifically say "only RHEL 7.4" or something like that (yes, it's a support nightmare). P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/
> > FAQ:"Updates for the CentOS Stream 8 distribution continue through the > full RHEL support phase." > > What does this "full" exactly means? Will C8S be "closed" in May 31, > 2024 [*] but RHEL8 still supported through Maintenance support mode > until 2029? I too would be interested to know what happens to CentOS 8 Stream once focus of RedHat moves to RHEL 9? The life cycle document says the last release of RHEL8 will be 8.10, that's a five year road map (since point releases seem to be every 6 months), so the point releases will end in 2024, presumably the end of the point releases means the end of Stream updates? Have these things been thought out that far ahead? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/
Forgive a bit of cynicism ... On Tue, 2020-12-08 at 09:06 -0500, Rich Bowen wrote: > The future of the CentOS Project is CentOS Stream, and over the next > year we’ll be shifting focus from CentOS Linux, the rebuild of Red Hat > Enterprise Linux (RHEL), to CentOS Stream, which tracks just ahead of a > current RHEL release. CentOS Linux 8, as a rebuild of RHEL 8, will end > at the end of 2021. CentOS Stream continues after that date, serving as > the upstream (development) branch of Red Hat Enterprise Linux. "If you want to keep using RHEL for free, you will have to put up with making sure that our paying customers get better quality releases" > > Meanwhile, we understand many of you are deeply invested in CentOS Linux > 7, and we’ll continue to produce that version through the remainder of > the RHEL 7 life cycle. > https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates "If you really want to have a stable release for free, stick to 7" > > CentOS Stream will also be the centerpiece of a major shift in > collaboration among the CentOS Special Interest Groups (SIGs). This > ensures SIGs are developing and testing against what becomes the next > version of RHEL. This also provides SIGs a clear single goal, rather > than having to build and test for two releases. It gives the CentOS > contributor community a great deal of influence in the future of RHEL. "CentOS will become the developer playground" > And it removes confusion around what “CentOS” means in the Linux > distribution ecosystem. Was there any confusion? If there is, then it's caused by the introduction of things like "CentOS Stream". There was never any confusion when it was a straight rebuild. > > When CentOS Linux 8 (the rebuild of RHEL8) ends, your best option will > be to migrate to CentOS Stream 8, which is a small delta from CentOS > Linux 8, and has regular updates like traditional CentOS Linux releases. > If you are using CentOS Linux 8 in a production environment, and are > concerned that CentOS Stream will not meet your needs, we encourage you > to contact Red Hat about options. "If you want a production environment, pay for it" > > We have an FAQ - https://centos.org/distro-faq/ - to help with your > information and planning needs, as you figure out how this shift of > project focus might affect you. The FAQ generally says "if you want a RHEL environment, then pay for it" > > [See also: Red Hat's perspective on this. > https://www.redhat.com/en/blog/centos-stream-building-innovative-future-enterprise-linux] > Red Hat's perspective is "CentOS is ours now; IBM have told us to make sure it's pulling its weight or we aren't allowed to put any resources into it" So as far as I can see all the RHEL rebuilds are dead now - WhiteBox, Scientific Linux, now CentOS. Are there any left? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Thanks a lot for 8.3 Update
> > Thanks a lot for the 8.3 update.😊 > I would like to point out one thing I faced. > I downloaded the iso from one mirror. > After installing, I installed a package (rsync). > Then some packages, including dnf, got downgraded to 8.2. > Just a test server, not production. > I suspect that not all mirrors are fully synced yet. My local mirror (which I sync from an institutional mirror) still has the default 8 version pointing to 8.2.2004 not 8.3.2011 P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting up NIS on Centos 8
> > I found this: > > https://www.server-world.info/en/note?os=CentOS_8&p=nis&f=1 > > I've been told in the past that NIS should not be used because of some > supposed security issues. > > Can someone site any authoritative documentation concerning the security > issues extant in NIS? There's a lot of documentation out there. Basically YP/NIS transmits everything over the network in plain text, including password hashes. combined with no authentication/authorisation mechanism, out of the box NIS will give your password hashes to anyone who asks for them. Clearly once a username/password hash has been discovered, it's only a matter of time before a password is found. NIS+ is very different in that it is much more security aware, but consequently much more complex. > My plan is to set up NIS and NFS on my home network server where I plan > to host all the local home network /home directories. I'll use > automount on all the other nodes to mount up the home directories when a > user logs on. > If you have a fully private network, then the security issues are not so bad. It still has its place in things like clusters, but even then it is being superseded by LDAP. If you are setting up a system from scratch, then you really should be looking at using LDAP, it's not that difficult and there are plenty of tools around to help you manage it all. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Run as root on reboot
> > By "initial setup", I meant during the initial install of the > operating system, starting from "net-install". Maybe one user is > defined. The reboot command is issued from a script that was > initiated by hand. > So you want it to run as the final part of the install process?? If that's the case, then you should create a kickstart file with the post installation script in it: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax#sect-kickstart-postinstall If you want/need it to run the script after the install has completed and the first reboot, then you need to look at the FirstBoot scripts https://access.redhat.com/solutions/2028143 P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to Migrate Wordpress Website from 32-bit CentOS Linux 6.3 to 64-bit CentOS Linux 8.2 (2004)
> Why are you even posting this to a public list? Use your blog for > this kind of thing. I know you have one, you post it repeatedly to > random lists. > At least posting to a public list like this means that there is some chance people will read the subsequent posts and realise the quality of instructions. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installing devtoolset-6 on CentOS 8
On Mon, 2020-08-17 at 19:28 -0400, Eric Gervais-Despres wrote: > Has anybody tried (and succeeded) to get gcc 6.3.1 (or devtoolset-6) to > work on CentOS 8? As far as I can see SCL & devtoolset are not available for CentOS 8 - the toolsets are integrated as part of the main distro, and they are only for newer versions of GCC and not older ones. > > In the Animation and Visual Effect industry, gcc 6.3.1 is still the current > recommended compiler (see www.vfxplatform.com), and is required to build > many plugins. Unfortunately, it is not a "minimum requirement"... It is THE > requirement. > > So I tried to get it from the vault: > -- > sudo dnf config-manager --add-repo= > http://vault.centos.org/7.6.1810/sclo/x86_64/rh/ > sudo dnf install devtoolset-6 > -- > but I get these messages: > -- > Error: > Problem: package devtoolset-6-6.1-1.el7.x86_64 requires > devtoolset-6-runtime, but none of the providers can be installed > > conflicting requests > nothing provides policycoreutils-python needed by > devtoolset-6-runtime-6.1-1.el7.x86_64 > (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to > use not only best candidate packages Yes, you are trying to install a CentOS7 package on CentOS8. It probably won't work. > > > I hate having to install something not officially supported anymore, but > still officially required for many current software. > It depends what it is about GCC v6 you need - you can control the dialect of C that GCC act as using the '-std='. Ultimately though, just download that particular version of GCC and compile/install it, it's not a difficult thing to do and most of it is automated. Strangely though, GNU doesn't seem to think that 6.3.1 exists, the nearest on the GCC downloads is 6.3.0. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 DNS resolution not working as expected
> > man host > > > >-N ndots > >The number of dots that have to be in name for it to be > > considered absolute. The default value is that defined using > >the ndots statement in /etc/resolv.conf, or 1 if no ndots > > statement is present. Names with fewer dots are interpreted > >as relative names and will be searched for in the domains listed > > in the search or domain directive in > >/etc/resolv.conf. > > As per man resolv.conf, the default setting hasn't changed. It is n=1 on all > of CentOS 6/7/8. > Does host -N2 foo.subdomain work on CentOS 8? Does it work if you put ndots: 2 in resolv.conf? There may have been a change in behaviour - from the tests I've done it seems more like it's fixing a bug/inconsistency somewhere because doing host -N1 foo.subdomain should not work, but it does on CentOS 7. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 DNS resolution not working as expected
On Thu, 2020-08-06 at 10:26 +0100, isdtor wrote: > [root@localhost ~]# lsb_release -d > Description: CentOS Linux release 8.2.2004 (Core) > [root@localhost ~]# cat /etc/resolv.conf > # Generated by NetworkManager > search subdomain.company.com company.com > nameserver 1.2.3.4 > nameserver 5.6.7.8 > > [root@localhost ~]# host foo > foo.subdomain.company.com has address 1.2.3.4 > > [root@localhost ~]# host foo.subdomain > Host foo.subdomain not found: 3(NXDOMAIN) > > [root@localhost ~]# host foo.subdomain.company.com > foo.subdomain.company.com has address 1.2.3.4 > [root@localhost ~]# > > The expected result is that the lookup for foo.subdomain works, like it does > under CentOS < 8. man host -N ndots The number of dots that have to be in name for it to be considered absolute. The default value is that defined using the ndots statement in /etc/resolv.conf, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the search or domain directive in /etc/resolv.conf. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 8.2.2004 Latest yum update renders machine unbootable
> > You just need to reinstall the kernel and it should work. > > Is it possible to bump the kernel version number to make sure the kernel gets re-installed on automated installs? Or would this break the compatibility with RHEL? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Boot failed on latest CentOS 7 update
> On the side note: it is Microsoft that signs one of Linux packages > now. We seem to have made one more step away from “our” computers > being _our computers_. Am I wrong? > Secure booting using UEFI requires that the code is signed - that is the "secure" bit. Microsoft are the CA for that signing. There's nothing sinister about it, they aren't signing the RPM package just one of the bits of code in the package. I seem to remember that Microsoft were the most vocal advocates for secure booting to get around boot sector viruses and in order to facilitate a more universal uptake they committed to signing any UEFI boot code from other OSes so long as it came from a bona fide source. You don't have to use UEFI secure booting - most machines can fall back to legacy booting using BIOS settings. If you do that, you won't use any Microsoft signed code. I haven't looked in detail at the bug this all was supposed to fix, but I think it had the capability of by-passing the UEFI security checking, hence why the release of the advisory was delayed until the OSes were patched and why there was a scramble to get everything out in time. It's a nasty bug and was difficult to fix from what I've heard. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 rsyslog and ELK
On Fri, 2020-07-10 at 16:44 -0400, Jason Edgecombe wrote: > I don't use ELK at the moment, but is this helpful? > > % journalctl -f --output=json > > The above command prints the continuous output of the systemd journal in > json format. > Thanks. The problem is getting that into logstash. But it's actually quite useful anyway as it's another method of monitoring what is supposed to be logged. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 rsyslog and ELK
> > What do people do to get their syslog messages on CentOS 7 into a > > remote ELK stack. I've tried lots of things involving rsyslog, > > filebeat, redis, logstash and so on in lots of different configurations > > but nothing really works. > > > > I can get rsyslog to talk directly to logstash (acting as a syslog > > server) but the messages don't have facility or severity codes in them > > which makes it considerably more difficult to manage the messages. > > > > The section "b – Routing from rsyslog to Logstash" of the article > seems to cover a filter that needs to be added. You may have already > tried this.. but that is about all i can help with currently. > Thanks. Yes, I was trying to get rsyslog to send JSON to logstash and I have tried that template. A bit more investigation though and it turns out that the firewall on the logstash server was only letting through tcp packets and it needs udp. Now I've fixed that, they appear to be talking to each other, but it certainly doesn't seem to be logging everything. Progress of sorts! P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 7 rsyslog and ELK
I asked a similar question about a year ago and didn't get any answers. So I thought I'd try again. What do people do to get their syslog messages on CentOS 7 into a remote ELK stack. I've tried lots of things involving rsyslog, filebeat, redis, logstash and so on in lots of different configurations but nothing really works. I can get rsyslog to talk directly to logstash (acting as a syslog server) but the messages don't have facility or severity codes in them which makes it considerably more difficult to manage the messages. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to find the used space
> > # du -sh /* Use 'du -xh --max-depth=1 /' it will clean up your output and show you only things on the root partition. And as someone else said, deleted but open files are not removed until the file handle is closed. This is used by some applications to "hide" totally temporary files. Do 'lsof | grep delete' to see such files. (This technique is also used by malware to hide their files.) P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Wrong version of php
> I have googled without finding the answer but how do I make sure > /all/ processes use php72 rather than the default 54 in CentOS 7? > Surely there must be a better way than overwriting /usr/bin/php. What > have I forgotten to do? > You can't/shouldn't do that. The point of the Enterprise OS is that versions are consistent throughout the lifetime of the OS, so packages don't change the default versions because things may break because something is expecting PHP 5.4 and not 7.2. If you have an application that needs PHP 7.2, then change the way it is invoked so it runs using 'php72' instead of just 'php'. Now, in all honesty I suspect that changing the default version of PHP isn't going to break many things at the system level; at least not in the same way as it would if you changed the default python to python3. But it is something that may save you problems in the future. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewall questions
On Sun, 2020-06-21 at 16:47 -0400, mailist wrote: > On 2020-06-21 15:33, Chuck Campbell wrote: > > I'm running Centos 7.8.2003, with firewalld. > > > > I was getting huge numbers of ssh attempts per day from a few specific > > ip blocks. > > If you can control the ssh clients, switch your port number to a > non-standard > port. Pick one in /etc/services that does not seem to be allocated. > Then change > "Port" in ssh_config and sshd_config; If other clients are being used > (like Putty), > it is easy to change it there. > > We used to get at least 50 probes per day on port 22. Now we get zero. > I used this technique for a number of years - then it got leaked to the script kiddies the port that was used. We don't have anything particularly valuable that they were looking for (I don't think!), but there are lists of subnets & ports out there that the kiddies use so once one found it, the flood gates opened. SSH is now protected behind a VPN. It's a valid thing to do and makes things much saner, but don't assume it is a forever solution and don't use it as an excuse to reduce other protections you may have. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewall questions
On Sun, 2020-06-21 at 14:33 -0500, Chuck Campbell wrote: > I'm running Centos 7.8.2003, with firewalld. > > I was getting huge numbers of ssh attempts per day from a few specific > ip blocks. > > The offenders are 45.0.0.0/24, 49.0.0.0/24, 51.0.0.0/24, 111.0.0.0/24 > and 118.0.0.0/24, and they amounted to a multiple thousands of attempts > per day. It seems oddly coincidental that they are all x.0.0.y addresses - the netblocks they belong to are all much bigger than /24. I can understand getting attacks from a range of IPs from an ISP or the like, but the 51.0.0.0/24 is part of a UK government network and I think they would be all over it if a range of their network was being used for naughty purposes. > > I did some more research, and decided to use a few rich rules to block > these attempts. I currently have these in place: > > #firewall-cmd --list-all > public (active) >target: default >icmp-block-inversion: no >interfaces: p3p1 >sources: >services: dhcpv6-client ftp http https imap imaps pop3 pop3s > smtp-submission smtps ssh >ports: 110/tcp 995/tcp 143/tcp 993/tcp 25/tcp 21/tcp >protocols: >masquerade: no >forward-ports: >source-ports: >icmp-blocks: >rich rules: > rule family="ipv4" source address="49.0.0.0/24" reject > rule family="ipv4" source address="51.0.0.0/24" reject > rule family="ipv4" source address="111.0.0.0/24" reject Is that the correct interface referred to in the zone? Can you see the rich rules implemented properly in the output of 'iptables -L'? (They should be in the chain IN_public_deny.) > > But I still get hundreds of attempts reported in my fail2ban logs from > these ip blocks. How is it that the rich rules don't drop these packets > before pam/ssh/fail2ban ever get to see them? Is fail2ban stopping the individual hosts? Do you have the recidive rule enabled to permaban them? Do you get legitimate SSH connections from anywhere? Can you remove the ssh service and add rich rules to allow certain hosts or netblocks to connect via port 22? Finally, do you have a network firewall that can be used to block the connections? > There must be some precedence in the firewalling I don't understand. Yes, there is a precedence, but it should be working in your favour - the chain 'IN_public' contains the public inbound chain and it should contain: # iptables -L IN_public Chain IN_public (2 references) target prot opt source destination IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere So it should be denying packets before the allowing them (and the IN_public_allow chain is what contains your ssh service definition). P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blog article about the state of CentOS
> About Oracle as alternative. Oracle Linux is not an alternative to > CentOS but for RHEL and if I will force to pay for enteprise system > currently I will pay RHEL, not OL. Over this, OL is not the only > enterprise distro that a "user" could choose. If support is needed there > are SUSE (SLES) and Ubuntu. For who that don't need support there are > Debian, Ubuntu, OpenSUSE (I'm talking about the most used but you know > that slackware,FreeBSD are in that list), so many alternatives are in place. I think it's particularly disappointing *if* this is a "policy" from RH since the other major RHEL clone, Scientific Linux, has not produced an EL8 offering in favour of using CentOS. I think all of us here understand the hugely complex process of producing a quality OS, even when it's "just" a clone of another one. The official sanctioning from RH was touted as a two-way process: community input into RHEL and RH support and help of the cloning and build process. It would be a bit underhand if it turned out that it was RH's way of creating a two tier system: buy RHEL+support and get timely updates; use CentOS for free, get security updates, but wait two months for each upgrade. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] halt versus shutdown
> I'm quite sure that in original Berkeley Unix, as on the VAX 11/780, halt > was an immediate halt of the CPU without any process cleanup or file system > umounting or anything. Early SunOS (pre-Solaris) was like this, too. > The SunOS 4.1.2 man page for halt says NAME halt - stop the processor SYNOPSIS /usr/etc/halt [ -oqy ] DESCRIPTION halt writes out any information pending to the disks and then stops the processor. halt normally logs the system shutdown to the system log daemon, syslogd(8), and places a shutdown record in the login accounting file Ivar/admlwtmp. These actions are inhibited if the -0 or -q options are present. The BSD 4.3 (that ran on VAXen) man pages say largely similar things: https://www.freebsd.org/cgi/man.cgi?query=halt&apropos=0&sektion=0&manpath=4.3BSD+Reno&arch=default&format=html Everything is somewhere on the net :-) P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] halt versus shutdown
> fwiw, i've always used 'init 0' to shut down all sorts of unix/linux > systems. In EL7/EL8, init is now a symlink as well because everything is controlled by systemd. > On old school unix, and I think even early Linux, halt was an > /immediate/ halt, as in catch fire. might as well hit the power switch. > Not quite. Shutdown is a timed thing so you can tell it to shutdown or reboot at a certain time or after a certain delay and it can broadcast messages to the users - it's useful on multi-user systems to be able to warn users that the system is about to go down. Halt is an immediate thing without any broadcast messages or delay but it does do the halt cleanly. There is an option to halt to not sync the disks - this is not a wise thing to do and is an emergency option - certainly the original man pages for halt said something like "only do this if your disks are on fire". P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] halt versus shutdown
On Mon, 2020-06-15 at 01:32 +0200, Leon Fauster via CentOS wrote: > Working with different OSs can be quite challenging (mentally :-)). > > I wonder why the command "halt" has not same result between EL6 and EL8. > > To shutdown the vm or workstation in EL8 i must use "shutdown now". > > Who mandates this behavior in terms of configuration file? > It's to do with systemd. EL6 used SysV based init and runlevels, EL7 & EL8 use systemd targets. If you look at the halt and shutdown commands they are symlinks to /usr/bin/systemctl now and they are implemented as shims that replicate the effect of the old SysV processes. So the following have the same effect: "systemctl isolate halt.target" "halt" "shutdown -H now" "systemctl halt" there are equivalents for "poweroff" and "reboot" as well. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Modifying username
On Sun, 2020-06-14 at 17:26 -0400, Jay Hart wrote: > > On 6/14/20 1:39 PM, Jay Hart wrote: > > > You may need to modify /etc/shadow for consistency. > > > > > > I don't know what to do here. Need some guidance please. > > > > Run "vipw -s" and make the same change to that file's record for ABCLast. > > > > In /etc/passwd the directory was shown in plain text. So I just moved over > in the line and > changed /home/ABCLast to /home/ALast. Saved file, and exited. > > I don't see a directory name in /etc/shadow using 'vipw -s' > No, there's no directory in /etc/shadow, but the username (the first field) will need to be changed to match with the one in /etc/passwd. Apologies if you know this: /etc/passwd contains account information and is world readable because lots of programs need the information in it, the encrypted password use to be in that file (hence the name) but it too was visible and hence available for cracking; /etc/shadow is not world readable and holds all the "secret" password info; the only thing linking the two databases is the username, hence that has to match in the two files. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] migrating from sendmail to postfix, centos 6 to centos 8
On Fri, 2020-06-05 at 07:32 -0500, Chuck Campbell wrote: > On 6/4/2020 8:58 AM, Pete Biggs wrote: > > > Fair enough, and I now understand the issues with root receiving and > > > handling emails. The problem with the alias is that ALL emails are being > > > sent out to my ISP, and on to the particular user. > > Even for local users that are in /etc/passwd? > Yes, I only have two local users, and email I send on the box ends up at > the outside ISP, then comes back via fetchmail, and procmail. I can read > it with IMAP from outside. I guess I'll live with this. So even if you do something like mail chuck at the command line (with whatever user has a local account) it still gets sent to the ISP? > I'm sure it is the RelayHost or RelayDomains that forwards the email > outbound to my ISP. relay_host is the host that mail is sent to if it can't be delivered elsewhere. relay_domains is a list of domains the host will relay mail to. > If I set up a local only account, those emails try > to go outbound as well, but are rejected as there is no registered user > of that name at my ISP. In /etc/postfix/main.cf what is 'local_recipient_maps' set to? Also, what about 'mydestination' If you look in /var/log/maillog what does a message log for a local user look like when sent using the mail command? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] migrating from sendmail to postfix, centos 6 to centos 8
> > Fair enough, and I now understand the issues with root receiving and > handling emails. The problem with the alias is that ALL emails are being > sent out to my ISP, and on to the particular user. Even for local users that are in /etc/passwd? > > I would like to make this user receive emails locally only, obviously > not root (for all the very good reasons you pointed out), but some other > non-privileged user. I don't know how to get a user setup only for local > only delivery to the machine in question, not sent out of the local network. > So something in the postfix configuration is telling it to send mail elsewhere. Have you changed the postfix config at all? Because usually it is happy to deliver local mail for local users. The aliases file should have something like root: chuck where 'chuck' is the local user; that will put the message in /var/mail/chuck. There's a postfix config variable called 'local_recipient_maps' that determines what is a local recipient - but the default uses, amongst other things, the standard unix passwd file. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] migrating from sendmail to postfix, centos 6 to centos 8
> > I am getting new hardware for this machine, and plan to setup centos 8, > which uses postfix, not sendmail. sendmail is also available - postfix is just the default. > I've been trying to provision a vm > with the proper configuration, but cannot get any emails delivered to root. > > Is there a pointer to a configuration guide that will help me do what I > want? I have googled about 100 setups, none of which are what I'm trying > to achieve. They all suggest using an alias for root to a normal user, > but them that user gets all of the cron, fail2ban, etc emails, instead > of delivering them to root on the local machine. > The fact that they are all saying to use an alias must surely be telling you something! The issue is that if root is receiving mail, then you must be reading it as root and that is a really bad thing to be doing. If you don't want the mail to go to a user, then setup another account purely to receive the root mail that doesn't have elevated privs. BTW, other than the fact you shouldn't login as root, the reason for this is that the mailbox that receives the mail is owned by the user and the delivery process is run as that user - except for root, which is run as a non-privileged user: the last thing you want is for some random email to possibly be processed as root, especially as you say you are using procmail. There is a note in the main.cf file: # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] user names
On Mon, 2020-06-01 at 13:13 -0400, Jerry Geis wrote: > How can I define a local use with "@" in the name > > useradd "bob@myname" gives error. > > I "need" to have the @ sign in the name -is that possible. Silly reason - > the system I am trying to send emails to the linux server has a bug. I'm > trying to get around it. > useradd is just a program that manipulates the underlying files - so if you really want to create a user with that name, then manually edit /etc/passwd and /etc/shadow. However, at the risk of telling you things you already know, the '@' is definitely not a standard character in Unix usernames and it may, or may not, cause problems elsewhere. (TBH, the only character which will almost certainly break things is '/'!) P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recover from an fsck failure
> > I ran mke2fs to locate the backup superblocks: > > mke2fs -n /dev/mapper/vg_voinet01-lv_log That will only tell you what mke2fs would do on that machine. I don't know if it will be the same on every machine. You should probably run dumpe2fs /dev/mapper/vg_voinet01-lv_log | grep superblock If that doesn't work, then I suspect it's not recoverable using fsck. If you are sure that it is an ext2/3/4 filesystem on there, then you can try using something like TestDisk to scan for partitions. It should be in epel. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ether-wake
> actually using UDP. What I am NOT looking for is some patronizing answer > disconnected from the question. > > > I really wonder why you feel the need to go out on a branch to start > lecturing and quoting answers that are not asked for. > > > If you don't know the answer, simply don't reply. No one benefits, by > you sending email here that doesn't > > have much of anything to do with the topic. Oh, well. You try and be helpful, get abuse back. That's life I suppose. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ether-wake
On Sun, 2020-05-17 at 20:25 -0600, R C wrote: > Ok, I get that, found it before; "typically sent as a UDP datagram to > port 0, 7 or 9, or directly over Ethernet as EtherType 0x0842" > > > The keyword being 'typically', but what is it that ether-wake actually > uses/does? (I need to forward a WOL packet to a different > > vlan on some Cisco hardware, between two Centos machines). > WoL packets are not routeable/forwardable. They are Layer 2 broadcast packets that contain the MAC address of the machine that needs to be woken up. But since you quoted the Wikipedia article on WoL you would know that and it specifically says what the magic packet is and does. The format of the packet is unimportant, all that happens is that the ethernet *card* receives the packet, sees that it's a magic WoL packet for that card and turns on the hardware "wakeup" line to the machine. The packets need to be sent on the same network as the target computer - we did it a while ago for a very large complex network and it needed a box behind every single router that could be commanded to send out the WoL packet for a specific MAC address. We eventually abandoned it. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 disable the the hot corner
On Tue, 2020-05-12 at 16:52 -0400, Jerry Geis wrote: > I have loaded the gnome-shell-extension-no-hot-corner-3.28.1-11.el7.noarch > and also the gnome-tweaks. > > When I run gnome-tweaks no where in there do I find the disable hot corner. > > where is that ? It should be under "Extensions" in gnome-tweaks. It may be better to install extensions from https://extensions.gnome.org/ using the Firefox or Chrome extensions. > > Its annoying when the mouse goes to the upper left and all the windows > shrink. I wish to disable it. Thanks. > If you are used to other UIs, then it is strange, possibly annoying. I now get really frustrated when I use Windows and KDE that nothing happens with the top left corner. YMMV (This is NOT a queue for a desktop war.) P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for C8 AMD help
Hmm, I guess that I have something wrong with my kickstart configuration because all that I can find is libsss_autofs-2.2.0-19.el8_1.1.x86_64. Thanks for the heads up Pete On 4/23/20 9:08 PM, Chris Schanzle wrote: On 4/23/20 4:23 PM, Pete Geenhuizen wrote: I'm migrating from C7 to C8. I'm currently using autofs, but alas autofs has been dropped in C8 for the AMD automounter. Nope, it's in there! 8/BaseOS/x86_64/os/Packages/autofs-5.1.4-35.el8.x86_64.rpm I have some very ancient knowledge of AMD, I used it when it was first introduced many years ago on Solaris and moved to Sun's automounter when it was introduced. So now it's back to square one. I used automount2amd to convert one of my existing maps, included it in the amd.conf file and tried it out. I don't get any syntax errors so I guess that the map syntax is correct, but amd fails to mount the remote filesystem and generates these errors in messages. Apr 23 16:04:29 localhost.my.domain amd[19389]: matched default selectors "type:=nfs;opts:=rw,grpid,nosuid,utimeout=600" Apr 23 16:04:29 localhost.my.domain amd[19389]: key new: map selector host (=localhost) did not match remotehost Apr 23 16:04:29 localhost.my.domain amd[19389]: merge rem/opts "rw,grpid,nosuid,utimeout=600" add "fstype=nfs,vers=4,soft,intr" => "rw,grpid,nosuid,utimeout=600,fstype=nfs,vers=4,soft,intr" Apr 23 16:04:29 localhost.my.domain amd[19389]: Map entry host==remotehost;type:=link;fs:=/export/data/& for /repo/new did not match Apr 23 16:04:29 localhost.my.domain amd[19389]: merge rem/opts "rw,grpid,nosuid,utimeout=600" add "fstype=nfs,vers=4,soft,intr" => "rw,grpid,nosuid,utimeout=600,fstype=nfs,vers=4,soft,intr" Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: returning NFS(4,tcp) on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(4,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(3,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(2,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: returning NFS(0,udp) on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: Using NFS version 4, protocol tcp on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: changing remotehost.my.domain's ping value from 30 to 30 Apr 23 16:04:29 localhost.my.domain amd[19389]: Trying mount of remotehost:/export/data/& on /.automount/remotehost/export/data/& fstype nfs mount_type non-autofs Apr 23 16:04:31 localhost.my.domain amd[19389]: Trying mount of remotehost:/export/data/& on /.automount/remotehost/export/data/& fstype nfs mount_type non-autofs Apr 23 16:04:32 localhost.my.domain amd[19389]: file server remotehost.my.domain, type nfs, state starts down Apr 23 16:04:49 localhost.my.domain amd[19389]: "/repo/new" on //nil// timed out (flags 0x20) I'm using firewalld on both hosts and allow these services mountd nfs rpc-bind and protocols 111/tcp and 111/udp all of which allow autofs to work flawlessly, I've tried turning firewalld off which made no difference. Here's my /etc/amd.remote file looks like new \ -addopts:=fstype=nfs,vers=4,soft,intr \ host==remotehost;type:=link;fs:=/export/data/& \ rhost:=remotehost;rfs:=/export/data/& Any assistance in pointing me in the right direction would be greatly appreciated. Pete sudo dnf -y install autofs # for the win! consider removing what I think you have is am-utils. -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Looking for C8 AMD help
I'm migrating from C7 to C8. I'm currently using autofs, but alas autofs has been dropped in C8 for the AMD automounter. I have some very ancient knowledge of AMD, I used it when it was first introduced many years ago on Solaris and moved to Sun's automounter when it was introduced. So now it's back to square one. I used automount2amd to convert one of my existing maps, included it in the amd.conf file and tried it out. I don't get any syntax errors so I guess that the map syntax is correct, but amd fails to mount the remote filesystem and generates these errors in messages. Apr 23 16:04:29 localhost.my.domain amd[19389]: matched default selectors "type:=nfs;opts:=rw,grpid,nosuid,utimeout=600" Apr 23 16:04:29 localhost.my.domain amd[19389]: key new: map selector host (=localhost) did not match remotehost Apr 23 16:04:29 localhost.my.domain amd[19389]: merge rem/opts "rw,grpid,nosuid,utimeout=600" add "fstype=nfs,vers=4,soft,intr" => "rw,grpid,nosuid,utimeout=600,fstype=nfs,vers=4,soft,intr" Apr 23 16:04:29 localhost.my.domain amd[19389]: Map entry host==remotehost;type:=link;fs:=/export/data/& for /repo/new did not match Apr 23 16:04:29 localhost.my.domain amd[19389]: merge rem/opts "rw,grpid,nosuid,utimeout=600" add "fstype=nfs,vers=4,soft,intr" => "rw,grpid,nosuid,utimeout=600,fstype=nfs,vers=4,soft,intr" Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: returning NFS(4,tcp) on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(4,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(3,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: NFS(2,udp) failed for remotehost.my.domain: RPC: Unable to receive Apr 23 16:04:29 localhost.my.domain amd[19389]: get_nfs_version: returning NFS(0,udp) on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: Using NFS version 4, protocol tcp on host remotehost.my.domain Apr 23 16:04:29 localhost.my.domain amd[19389]: changing remotehost.my.domain's ping value from 30 to 30 Apr 23 16:04:29 localhost.my.domain amd[19389]: Trying mount of remotehost:/export/data/& on /.automount/remotehost/export/data/& fstype nfs mount_type non-autofs Apr 23 16:04:31 localhost.my.domain amd[19389]: Trying mount of remotehost:/export/data/& on /.automount/remotehost/export/data/& fstype nfs mount_type non-autofs Apr 23 16:04:32 localhost.my.domain amd[19389]: file server remotehost.my.domain, type nfs, state starts down Apr 23 16:04:49 localhost.my.domain amd[19389]: "/repo/new" on //nil// timed out (flags 0x20) I'm using firewalld on both hosts and allow these services mountd nfs rpc-bind and protocols 111/tcp and 111/udp all of which allow autofs to work flawlessly, I've tried turning firewalld off which made no difference. Here's my /etc/amd.remote file looks like new \ -addopts:=fstype=nfs,vers=4,soft,intr \ host==remotehost;type:=link;fs:=/export/data/& \ rhost:=remotehost;rfs:=/export/data/& Any assistance in pointing me in the right direction would be greatly appreciated. Pete -- Unencumbered by the thought process. -- Click and Clack the Tappet brothers -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 NIS
On Sun, 2020-04-12 at 08:13 -0400, Jonathan Billings wrote: > On Apr 12, 2020, at 05:47, Pete Biggs wrote: > > There are other options than LDAP, and servers other than OpenLDAP, but > > LDAP is the de facto standard. > > Unfortunately, OpenLDAP as a server is deprecated in C8, and isn’t > packaged anymore. Upstream they point customers to their directory > service, which is based on 389 directory service. > Why on Earth is deprecated? I suppose they want people to use FreeIPA, which is a bit of a steam-hammer-to-crack-wallnut type thing. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 NIS
> Yes, let me validate Mr. Kovacs comment. I am aware of the shortcomings > of NIS in the area of security. Let me provide some information on the > topography of my network and my reasoning for choosing NIS/NFS. Perhaps > an alternative may be suggested to meet my needs without totally > confounding me when it comes to configuration. The good thing about YP/NIS is that it's simple - if all you want is for your clients to get user info it is ideal. Unfortunately it was designed in a time when passwords were hard to crack and "script kiddie" was a yet to be invented term. Some of my systems still use NIS+. but they are isolated and legacy. > > Now that I've bored you to tears, are there any suggestions as to what I > should use as a replacement for NIS/NFS for sharing and mounting of > /home directories on the other three machines on my network? Consider > that you are probably going to end up holding my hand in this endeavor > so choose something that you would want to configure and use. > I think your best bet is to see what's supported in sssd - that will at least give you some hope of getting some level of consistency. Pick something that takes your fancy and isn't too complex. TBH you are probably going to settle on some implementation of LDAP - probably OpenLDAP - yes, I know you've tried it before, but it should work. Configuring the clients to use LDAP via SSSD is not a problem; your issue is going to be setting up the LDAP server. It's a long time since I've done it so I'm not a person to hand hold, but your needs are simple and there will be plenty of tutorials and guides and how-to's out there to step you through the process. Once the LDAP server is setup you basically never have to touch it - all configuration is done through processes interacting with the server, including provisioning accounts and so on - even the initial configuration is done by talking to the server. There are other options than LDAP, and servers other than OpenLDAP, but LDAP is the de facto standard. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 Gstreamer and Mplayer
On Sun, 2020-03-29 at 23:18 -0400, Mark LaPierre wrote: > On 2020-03-29 18:42, Frank Cox wrote: > > On Sun, 29 Mar 2020 18:34:20 -0400 > > Mark LaPierre wrote: > > > > > What replaced Gstreamer and Mplayer in CentOS 8. RPM finder finds both > > > for CentOS 6 and 7 but not 8. There must be a replacement for them but > > > I don't know what. > > > > rpmfusion might be what you're looking for. > > > > I'm assuming that rpmfusion is a repository that I have to set up on my > new squeaky clean freshly installed machine and then proceed to pollute > it with questionable packages. ;-) > > I'll look into that tomorrow. > > What I would really like to know is, were these applications replaced > with something else that I should be using instead? > mplayer always has been in rpmfusion - it contains support for codecs that are classed as non-free such as MPEG. I don't know about CentOS8 'cos I've never looked, but the default video player in Fedora is Totem (aka "Videos"). P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help to fix bug in rsync
On Wed, 2020-03-25 at 19:15 +0100, Simon Matter via CentOS wrote: > > On Wed, 2020-03-25 at 14:39 +, Leroy Tennison wrote: > > > Since you state that using -z is almost always a bad idea, could you > > > provide the rationale for that? I must be missing something. > > > > > I think the "rationale" is that at some point the > > compression/decompression takes longer than the time reduction from > > sending a compressed file. It depends on the relative speeds of the > > machines and the network. > > > > You have most to gain from compressing large files, but if they are > > already compressed, then you have nothing to gain from just doing small > > files. > > > > It obviously depends on your network speed and if you have a metered > > connection, but does anyone really have such an ancient network > > connection still these days - I mean if you have fast enough machines > > at both ends to do rapid compression/decompression, it seems unlikely > > that you will have a damp piece of string connecting them. > > I really don't understand the discussion here. What is wrong with using -z > with rsync? We're using rsync with -z for backups and just don't want to > waste bandwidth for nothing. We have better use for our bandwidth and it > makes quite a difference when backing up terabytes of data. I don't really care if you use -z, but you asked for the rationale, and I gave you it. I'm not telling you what you should do. I'll try and make it simpler - if rsync takes 1 second to compress the file, then 1 second to decompress the file, and the whole transfer of the file takes 11 seconds uncompressed vs 10 seconds compressed, then dealing with file takes overall 12 seconds compressed, vs 11 seconds uncompressed. It's not worth it. But as I said it depends on your network and your machine speeds. It's up to you to decide what is best in your own situation. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help to fix bug in rsync
On Wed, 2020-03-25 at 14:39 +, Leroy Tennison wrote: > Since you state that using -z is almost always a bad idea, could you > provide the rationale for that? I must be missing something. > I think the "rationale" is that at some point the compression/decompression takes longer than the time reduction from sending a compressed file. It depends on the relative speeds of the machines and the network. You have most to gain from compressing large files, but if they are already compressed, then you have nothing to gain from just doing small files. It obviously depends on your network speed and if you have a metered connection, but does anyone really have such an ancient network connection still these days - I mean if you have fast enough machines at both ends to do rapid compression/decompression, it seems unlikely that you will have a damp piece of string connecting them. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] signing modules
On Mon, 2020-03-16 at 12:42 -0400, Jerry Geis wrote: > > You need to turn off secure booting - you can still boot using UEFI, > > but if secure booting is turned on the kernel doesn't allow unsigned > > modules. > > Thanks - so is that command line to run ? Config file to edit ? > It's a BIOS setting. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] signing modules
> > I'm getting an error about a module not being signed so not loading. > CentOS 7.7 UEFI booting. (I cannot remove UEFI as hardware does not allow > it). > You need to turn off secure booting - you can still boot using UEFI, but if secure booting is turned on the kernel doesn't allow unsigned modules. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] System Time
On Sun, 2020-03-08 at 17:59 +, Chris Olson via CentOS wrote: > A few years ago, one of our interns was curious about system > time keeping features in computer systems. This intern was > also the proud owner of an inexpensive Radio-Controlled Clock. > The intern wondered why computer motherboards were not just > equipped with a chip like the ones in the RCC so that their > system time would always be correct. > > > This large response was a bit of a surprise and included a > bunch of time related horror stories. It became clear why > using an RCC chip on motherboards would NOT be a good idea. > GPS network time servers seemed to be a preferred choice. > The problem with radio time signals is that they just aren't accurate enough. Your bedroom clock needs to be correct to within a minute or so, but they are generally correct to about +/- 5 seconds. That's just not good enough for system times. There's also a massive problem with signal strength in the UK - the (singular) time transmitter is in the middle of the country in Cumbria and in the south it's virtually impossible getting a signal any further than about 2 feet from a window - not a hope of getting anything in an office building! GPS times also have problems. They are very accurately wrong! The atomic clocks on the satellites haven't been updated since they were launched, so no leap seconds. There are corrections that can be applied once the time has been received but it depends on a knowledge of leap seconds - I think they are currently about 18 seconds out. But they are accurate to about 10-100ns. You also need a decent antenna to get the high accuracy, which again means that you need to be near a window to see the satellites. Generally much easier to use NTP! P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [External] Re: Installing a single rpm package from desktop/browser on CentOS 7
> In many case, but in the situations I'm talking about here is really a > lot more cumbersome to use. To use the command line to install a a > package from a website, I have to > > 1. Right-click > 2. Select Save Link As > 3. Enter filename/directory > 4. Open a terminal > 5. Remember where I put the bloody file > 6. Run yum to actually install it. yum (and rpm) can install from the web 1. Right-click 2. Copy link location 3. yum install > > Compare that to > > 1. Click on the link > 2. Hey, there's no step 2. > > The 2nd variant is something that's was working for about 15 years, but > I guess that was before someone decided to make the system "user > friendly"... > Without getting emotional about it you need to think what happens when you click on a link in a web browser, i.e. how does the browser know to install this link you've just clicked on and what does it have to do in order to install it. Personally, I think having RPMs installable with a single click is a bad idea - they are as dangerous as .exe on Windows systems. Having said that, on my Fedora system clicking on an RPM downloads it (with a warnning), then double clicking on the downloaded RPM in the browser launches "Gnome Software" to install it: no terminals involved and you never have to take your hand off the mouse. Things may be different if you aren't using Gnome or it may be different for another browser. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Encrypted container on CentOS VPS
> > What is a "loop way"? I googled it together with Linux and file and > did not find anything. The proper term is "loopback filesystem". > Is this simply like a separate file that is LUKS-encrypted and I > would then mount it for remote access? Yes, it's a filesystem in a file that you mount with '-o loop'. > If so, what would prevent the hosting company - which I presume is > the root user - from also accessing it? You provide the decryption password when you mount it. Once the filesystem is mounted anyone with the appropriate permissions can read it. You can reduce the opportunity of someone accessing it by only mounting it when you need it and unmounting it as soon as possible. TBH, if you don't trust the root user of a system, then there's not much you can do - there are just so many ways a privileged user can get access to things, both "legitimately" because of their absolute access or "covertly" using trojans and so on that you would never know about. If you have legitimate concerns about the hosting company, then find a different one. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C8 network install
On Sun, 2020-02-23 at 02:58 -0600, Robert G (Doc) Savage via CentOS wrote: > I'm building a new storage server. I was unable to use the CentOS-8- > x86_64-1905-dvd1.iso image written to a 256GB thumb drive. It kept > failing the integrity check. I had to use the much smaller CentOS-8- > x86_64-1905-boot.iso image and do a network install from a mirror site. > That's a first for me. > > Even though I selected "Server with GUI", the resulting installation > boots to a text prompt. I've installed the GNOME and GNOME Applications > groups, and I can get to them by typing 'startx'. > > How do I change this behavior and make it boot directly to a graphical > desktop? > What you are asking is to change the systemd default target. You want systemctl set-default graphical.target Just Google for something like "centos 8 graphical login" or "centos 8 gui login" and you get vast numbers of hits. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Relabel /usr directory
On Wed, 2020-02-05 at 12:59 +0300, Dimitri Zelenkin via CentOS wrote: > Pete Biggs wrote: > >> The -X option to rsync will copy all extended attributes from the old to > >> the new filesystem. > > Yes, I discovered this when I rsync'd a whole 4Tb filesystem and the > > backup system decided everything had changed because the attributes had > > changed. I've settled on using "rsync -avHAX ..." and that seems to > > keep everything preserved. > > The most important question here is obvious: have you lost your data? > Me? No. It was just annoying that I had to re-backup 4Tb of data to a remote server that only allowed me to send 200Gb a day when the only thing that had changed was the ACL and SELinux labelling that we don't even use on the filesystem. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Relabel /usr directory
> The -X option to rsync will copy all extended attributes from the old to > the new filesystem. > Yes, I discovered this when I rsync'd a whole 4Tb filesystem and the backup system decided everything had changed because the attributes had changed. I've settled on using "rsync -avHAX ..." and that seems to keep everything preserved. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Switching from lokkit (iptables) to firewalld
On Mon, 2020-02-03 at 19:04 -0500, Jerry Geis wrote: > Hi All, > > Over the last 20 some years I have a file with about 200K worth of address > that have "wrongly" tried to connect to my boxes running centos. So the > file has one line per address or group of addresses like: > 2.244.112.0/24 > > So using the OLD iptables I would run through my file build the > iptables.txt file and start that with DROP for the IP address. iptables ran > through the big list in no time. > > I was trying to run a script to go through each line and run: > firewall-cmd --zone=drop --add-source="$ipblock" --permanent > but this takes a long time. > > What is a "better" way or more efficient way to keep my long list of bad > addresses and apply them? Thanks, > To some extent you need to ask yourself if a 20 year old blacklist is really effective these days. Lots will have changed in that time and many of the addresses will have been reassigned. Also, a 200k lump of addresses will surely slow down the processing of incoming packets? Perhaps it's time to rethink what you do. Can you define what addresses would "rightly" try and connect to your machine and whitelist those on a normally closed system (rather than blacklisting those on a normally open system). If you need the system to be open, then I find Fail2Ban useful in blacklisting addresses that are being naughty. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8.1 and NVIDIA support
On Sat, 2020-02-01 at 19:11 -0500, Jerry Geis wrote: > Does CentOS 8.1 support OLDER generate NVIDIA ? > Like NVIDIA Corporation GF119M [GeForce GT 520M] > > I'm looking for hardware acceleration H264 type support. > As far as I know CentOS (i.e. RHEL) never supported accelerated nVidia drivers because they are all closed source. Non-accelerated nVidia drivers are provided by the nouveau packages. The accelerated proprietary drivers are available from rpmfusion, but with old cards you have to be careful which version you install as nVidia are very quick to drop "old" cards from their most recent drivers. There are packages that integrate with yum/dnf to make the version selection automatic. You can, of course, download the drivers directly from nVidia, but you then have to manage the kernel modules yourself when the kernel is updated. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7: UPD packet checksum verification?
First of all - disclaimer - I'm no network specialist, I just read and am interested in it. I may get things wrong!! > > > Both physical interfaces show the same. But does this mean it's on as in "rx- > checksumming: on" or off as in "tx-checksum-ipv4: off [fixed]"? As far as I understand it rx-checksum is the underlying wire checksumming - and from what I've read about it, disabling that disables the UDP checksums. > > Assuming that I do not receive packets with invalid UPD checksums, then the > packages must be somehow altered and their UPD checksums recalculated to > arrive here. Does bad hardware etc. do that? Why would the UDP checksums > just happen to get recalculated correctly but like randomly without intent? I'm not sure I understand what you are asking. But it's unlikely (very unlikely) that the checksums are randomly correct. But packet checksums are recalculated when packets are forwarded by layer 4 switches - the contents of the package are inspected as part of the switching process. > > Only when asterisk (i. e. libsrtp) finally verifies the authentication tag of > an SRTP package against the authenticated part of the package --- which, > according to RFC 3711, seems to be the entire payload of the UPD package --- > the verfication fails. > > How is that possible? > If it's SRTP checksum error, then that checksum is part of the packet payload at the application level - the UDP checksum is for the whole packet. Presumably the contents of the application payload were altered after the SRTP checksum was calculated but before the UDP packet checksum. It could be a bad layer 4 switch I suppose. Probably your best bet is to use wireshark to decode the packets to see what the raw data looks like. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7: UPD packet checksum verification?
> what does Centos 7 do with UPD packets having invalid checksums? By default I assume they are just dropped - that's what should happen. > > Are such packets inevitably dropped? Applications can specifically disable checksum checking for the kernel network stack on a per application basis, but the default is to check and drop if in error. > Does a network card drop them when it > does checksum verification in hardware even before the packets go anywhere? Depends on the hardware. I suspect that most modern cards allow the OS to offload the checksum functions. You can check with, e.g., ethtool --show-offload eth0 > > In general, if someone were to send me UPD packets with invalid checksums > over > the internet, how far would such packets get? As far as the checksumming code - either in the hardware or kernel network stack. They should be dropped as soon as the checksum fails because at that point it shows that the contents are flawed. > > In particular, how likely it is that SRTP packets sent over the internet over > UPD could be damaged in such a way that the verification of the > authentication > tag fails when they arrive at the receiver, and how might such damage be > caused? > Don't know - how does any network packet get corrupted? Bad hardware, cosmic rays, bad cables, bad source? I would doubt there would be anything malicious: why do something to a packet such that it is almost guaranteed to be dropped. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 Lyx - installing templates and class files
> It appears that most of the class files don't exist in the form of a > rpm. In fact, some of this stuff doesn't seem to be downloadable as > a .cls file (which is the format that lyx expects to see). Somehow > (that I haven't yet read up on) you are to convert a tex file that > you download from a random ftp site into a cls file and that goes > into a directory that lyx can see. > > Obviously, I have some more reading and figuring out to do here. A > lot of this stuff was apparently never packaged for easy installation > on a rpm-based system. > LyX is just a front end GUI editor for LaTeX/TeX. You could try installing some other TeX packaging system - on CentOS7, that would be texlive - and that will give you many of the other files and classes you may need. Other non-packaged files can be downloaded from CTAN. I think what you need to get your head around is that these aren't "LyX files", they are "TeX/LaTeX files" that LyX uses. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C8 Question
> I noticed a strange behaviour (don't know if this is the wanted > default). If I try ,from normal user shell, to run command like "reboot" > or "shutdown -h now" system will reboot/shutdown. This happens on tty > console, on xfce terminal and ssh session. I've just created a normal user on my test system and when I try to reboot or halt the system when logged in via ssh I get: $ reboot Failed to set wall message, ignoring: Interactive authentication required. Failed to reboot system via logind: Interactive authentication required. Failed to open initctl fifo: Permission denied Failed to talk to init daemon. Which is correct behaviour. However, a user logged in at the machine as GUI console session has always been able to halt or reboot the system. > > Why on CentOS a normal user can shutdown the system without root > privileges? I think that on any server normal user should not be able to > shutdown the system without privileges. > If it's a desktop machine, then the console logged in user should be able to shutdown the machine - at least then it means they don't resort to pulling the plug. Presumably you don't allow users physically near a server? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blocking attacks from a range of IP addresses
> > > > > As far as I can see fail2ban only deals with hosts and not networks - I > > suspect the issue is what is a "network": It may be obvious to you > > looking at the logs that these are all related, but you run the risk > > that getting denied accesses from, say, 1.0.0.1 and 1.1.0.93 and > > 1.2.0.124 may be interpreted as a concerted attack and you banning half > > the internet - but that may not be a bad thing :-) > > > > Since you can configure fail2ban to invoke scripts, I would think it > would be possible to get it to block CIDRs (variable size subnets, i.e. > 12.12.0.0/20). That said, I don't have a quick and easy implementation > on hand. The OP was looking for an automated way of fail2ban doing it - he had already sorted out the network range and had stopped this particular DoS attack. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Blocking attacks from a range of IP addresses
> Has anyone created a fail2ban filter for this type of attack? As of > right now, I have manually banned a range of IP addresses but would > like to automate it for the future. > As far as I can see fail2ban only deals with hosts and not networks - I suspect the issue is what is a "network": It may be obvious to you looking at the logs that these are all related, but you run the risk that getting denied accesses from, say, 1.0.0.1 and 1.1.0.93 and 1.2.0.124 may be interpreted as a concerted attack and you banning half the internet - but that may not be a bad thing :-) What I've done in times of trouble is to be a bit more aggressive in why and how hosts are banned. It depends on how you are being attacked, but setting the threshold to 1 or 2 failures resulting in a ban and then setting the ban time to something fairly short. Repeat offenders will then quickly be picked up by the recidive filter and permanently banned. A downside to this is that your firewall filters get very large and things will inevitably slow down, but it will at least give you the chance to manually block a whole range but still give you a level of automated protection. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Raspberri PI 4B 4GB install image
On Wed, 2019-12-25 at 20:33 -0500, MAILIST wrote: > You will have better luck with Raspbian. Just sayin' Yes, absolutely. I know it's appealing to install an OS you know and love, but the tweaks that the RasPi Foundation have put into the Raspbian kernel and utilities make it a no brainer. I run Fedora on my own desktops, CentOS everywhere at work, but I still use Raspbian on the Pi's. > > I have installed 16 Rapberry Pi's > Only 16? :-) P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] State of CentOS 8
On Mon, 2019-12-23 at 09:16 +0100, Nicolas Kovacs wrote: > Le 23/12/2019 à 02:48, Akemi Yagi a écrit : > > You may want to watch the "CR work" on that wiki page. > > CR seems to be empty right now. > I thought that was the role of 8-stream now? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemctl behaves like it is being piped to less in centos 8?
On Fri, 2019-12-13 at 16:44 +, Tony Mountifield wrote: > In article <5c2439dc6351659900b0c7ef421ae3f1e7b84fe4.ca...@biggs.org.uk>, > Pete Biggs wrote: > > > is what is annoying me. That seems to be what I would expect if I > > > piped it to less. I checked a fedora 31 and another centos 8 box and > > > am seeing the same behaviour. Am I missing something? > > > > > > > The environment variable $PAGER determines what pager to use. The > > default is 'less'. User > > > > export PAGER=more > > > > to use 'more' instead. Or > > > > export PAGER= > > > > to not pipe to a pager. > > This would also affect "man". Better to use SYSTEMD_PAGER. > That is probably a beneficial side-effect. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] systemctl behaves like it is being piped to less in centos 8?
> > is what is annoying me. That seems to be what I would expect if I > piped it to less. I checked a fedora 31 and another centos 8 box and > am seeing the same behaviour. Am I missing something? > The environment variable $PAGER determines what pager to use. The default is 'less'. User export PAGER=more to use 'more' instead. Or export PAGER= to not pipe to a pager. P, ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] External HD partitioning & formatting considerations
> > I would instead recommend getting/building a NAS aka file server and using > the network to share files, or make backups, or whatever. > And if the machines aren't on a network? P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CLAMD and EXIM - anyone got it working`
On Fri, 2019-11-29 at 09:56 +, Gary Stainburn wrote: > Has anyone actually got CLAMD and EXIM working? > > I've just had a go on a new VPS server without success. The only > thing that happened was that my server slowed because clamd was > hogging CPU. > > I have done a lot of googling and all I found was a couple of howto's > that said the same thing, and my questions from 2015 which is the > last time I tried this. > > I can get clamd / freshclam etc installed, although from the two > howto's I worked from I had to edit / create service files and edit > config files. However, I still do not manage to get a clamd.exim > socket created on my system. > I have clamd and exim on some of my systems. However, clamd is not called directly from exim. I use Mailscaner (https://www.mailscanner.info/) - it works using two exim queues so that one exim receives the mail and places it into a "received" queue, Mailscanner does various things to the messages including virus & spam scanning, then places it into the "scanned" queue and triggers a delivery. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] printer only prints one page, if anything
> I had tried that also, but tried it again. > before my last try, I power-cycled the printer. > This time it worked. > For some reason CUPS now shows two queue names: > HL-L2360D-series Brother HL-L2360D series localhost.localdomain > HL-L2360D HLL2360D > both Brother HL-L2360D for CUPS. > > 'Tain't as big a deal as having none, > but why does CUPS have two queue names for the printer? Do you have CUPS autodiscover turned on? (AKA Avahi on Linux systems), if so CUPS will have automatically added the printer in addition to the one you manually added. > > I think they were the same packages that I tried to use. > In any case, they both ended in 386. Once again, do you have a 64 bit system? If so, then any executables in the RPMs won't work unless you have added the 32-bit compatibility stuff. RPMs aren't magic, they need to have the requirements added by the packager and if the requirements aren't mentioned in the RPM, it will still install, but none of the executables will run. They will come up with Bad ELF errors. > > Had not heard of system-config-printer . > Neither man, info nor --help helped. > What is it suppoded to do? > Google suggests it is a GUI. > Google also suggests that it is always started through a GUI. The god Google is not infallible. system-config-printer is the old way of adding and managing printers. It's a GUI, but you can start it from a command line in a GUI environment (i.e. it's not a command line program). But it's just a front end, you still need the underlying drivers there before it can configure a printer. However, system-config-printer is deprecated in CentOS 7 and I believe it's not in CentOS 8 (I could be wrong though). The official way to manage printers in CentOS 8 is either via CUPS or cockpit. P. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos