Re: [CentOS] Centos versions in the future?

2021-07-08 Thread Rainer Duffner 


> Am 08.07.2021 um 17:38 schrieb Nikolaos Milas :
> 
> On 8/7/2021 6:19 μ.μ., Valeri Galtsev wrote:
> 
>> ...
>> Of course, tastes differ, but still, only those who tasted both things can 
>> have fairly say what is better to one's own taste.
>> ...
>> But even as part of our infrastructure fled to FreeBSD...
>> ...
> 
> As a side note:
> 
> l never used FreeBSD, even though I've heard good things about it. Frankly, I 
> loathe its devil logo. I know it's probably derived from the Unix "daemons", 
> yet I fail to get reconciled with it. It's simply appalling to me (even if 
> it's smiling) :(
> 
> I don't require any reply on my above comment (I might even be called naive 
> or whatever). It's some kind of personal confession which I feel I need to 
> express somehow. I simply wish FreeBSD people changed this logo at some 
> point...
> 
> I wonder whether FreeBSD users are expressing similar concerns... I am not 
> following any FreeBSD activity or discussion.
> 
> Cheers,
> Nick



There was a contest to change the logo a while (10-12-ish years) ago, and the 
official logo is now that:

https://freebsdfoundation.org/about-us/about-the-foundation/project/

However, that logo wasn’t universally liked by some core-members and it looks 
like the „Daemon“ is thus still in use.

The „Daemon“ is IMO somehow more approachable and „cute“ if you want to say 
that.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Expand XFS filesystem on CentOS Linux release 8.2.2004 (Core)

2021-03-12 Thread Rainer Duffner 


> Am 12.03.2021 um 15:23 schrieb Thomas Mueller :
> 
> On 3/12/21 1:45 PM, Kaushal Shriyan wrote:
>> Is there a way to expand xfs filesystem /dev/nvme0n1p2 which is 7.8G and
>> occupy the remaining free disk space of 60GB?
> 
> parted porbably could do it. there is also a gparted gui 
> (https://gparted.org/ ), but doesn't seem to be in 
> CentOS 8.
> 
> Maybe boot from a livecd that includes the gui tool, like 
> https://gparted.org/livecd.php  or 
> https://www.system-rescue.org/ 


If the downtime is acceptable, that’s almost always the smartest thing to do, 
IMO.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel/64 CentOS VM running on a Mac M1?

2021-01-29 Thread Rainer Duffner 


> Am 29.01.2021 um 10:27 schrieb Thomas Bendler :
> 
> On Fri, Jan 29, 2021 at 10:06 AM Rainer Duffner 
> wrote:
> 
>> [...]
>> Apple’s M1 are (probably) great - but only if you want to run macOS on it.
>> Anything else and the compromises will likely be even more severe than
>> those that had to be made in the earliest days of running Linux on a laptop.
>> [...]
> 
> 
> Did you try it or is this just a guess? I use Ubuntu in a VM on the M1.
> As I mentioned there are currently some restrictions but the direction
> already looks quite promising. At least far away from any earliest
> days …
> 

It’s an assumption.


If it works, that’s great. I use a 2018 MacMini (with 32GB RAM) and run VMs on 
it.

I do like macOS, I just wouldn’t want to run a server on it ;-)

The 16GB RAM limit would be a show-stopper for me.

Unfortunately, Apple don’t have Fusion or Parallels or VirtualBox installed on 
their demo-units.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel/64 CentOS VM running on a Mac M1?

2021-01-29 Thread Rainer Duffner 


> Am 29.01.2021 um 02:11 schrieb Lists :
> 
> My Dell Precision M3800 running Fedora works great but is really starting to 
> show its age, and I'm thinking about getting a new Mac M1-based laptop as it 
> would really be useful for Video production. 
> 
> But I really need to have a IA64 CentOS 7/8 VMs running locally for 
> development as I'm often on the road and flaky Internet makes it a necessity 
> to 
> keep productivity up. I've been unable to officially confirm that VMWare/
> Parallels/VirtualBox intend to support IA64 based OS's and it *needs* to be 
> an 
> exact (VM) copy of production so I can trial environments and builds prior to 
> roll out. 
> 
> Calling around, I actually got ahold of a sales staff at Parallels who 
> assured 
> me (in broken India-accent English) that "of course all OS will supported 
> when 
> the trial complete" but given that I wasn't sure that he really understood my 
> question I remain uncertain. 



If you need Intel VMs, there’s no way around Intel hardware at the moment. 
Especially, if performance matters.

I would wait until 11th generation Intel CPUs or even better AMD Ryzen are 
available for Dell’s mobile workstation-line (if you want to stay in that 
product-line, which is not the worst thing to do).

Apple’s M1 are (probably) great - but only if you want to run macOS on it. 
Anything else and the compromises will likely be even more severe than those 
that had to be made in the earliest days of running Linux on a laptop.

Personally, I would also consider the Lenovo E15 (AMD Ryzen), it mostly seems 
to work with Ubuntu, which means you would likely have to use Fedora for the 
time being.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I'm looking forward to the future of CentOS Stream

2020-12-13 Thread Rainer Duffner 


> Am 13.12.2020 um 20:44 schrieb Simon Avery :
> 
>> 
>>> And there's *a lot* more than five of us.
>> 
>> Here is number six.
>> 
> 
> Just one of those groups energised from this decision is Rocky Linux. There
> are 4,606 people on their Slack right now, which did not even exist a week
> ago.



IIRC, one of the reasons cited that CentOS „merged“ with RedHat back then was 
that a lot of people were using CentOS, but there wasn’t enough money generated 
to pay the developers.

A lot of them were basically working for free.

That is never sustainable. At least not for a long time.

It’s also not often the case that you can split this kind of work into a 
thousand work-packages and have everybody just work 1/2 hour a day on it.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS-devel] https://blog.centos.org/2020/12/future-is-centos-stream/

2020-12-08 Thread Rainer Duffner 


> Am 08.12.2020 um 18:02 schrieb Phelps, Matthew :
> 
> The whole point of CentOS was so that we didn't have to "engage." We don't
> have time for that.
> 


You do understand that Open Source does not work like that?


> We just want a stable re-compile of RHEL, as promised. CentOS has been
> diverging from this for a while (note the change in version names/numbers)
> and we DON'T WANT THAT!


If you cannot justify the expenses for RHEL, then you need to compromise.
That’s like requesting free Windows licenses.

Either use Fedora, or CentOS Stream or something different.

You will likely find, however, that most Open Source software is driven by the 
people who commit code (the successful ones at least).

Those who commit code are nowadays usually employed by a company, which in 
itself either makes money directly or indirectly from the work of the people 
who commit the code.

So, you will quickly be back to square one, unless you want to run stuff like 
Debian or Ubuntu, which are mainly Linux-kernel+some stuff nowadays, whereas 
RHEL + CentOS forms a complete system (with additional software that RedHat has 
developed or acquired over the years).

Debian + Ubuntu are no replacements for CentOS/RHEL, IMO. They are something 
different.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS-devel] https://blog.centos.org/2020/12/future-is-centos-stream/

2020-12-08 Thread Rainer Duffner 


> Am 08.12.2020 um 15:32 schrieb Phelps, Matthew :
> 
> This is really, really bad for the majority of us using CentOS.
> 



Of course it is.


> Is there any way we can lobby for the reversal of this decision? Remember
> that the -devel mailing list, and IRC channels *do not* represent the vast
> majority of CentOS users. Most of us are just sysadmins trying to keep our
> systems that have been using CentOS for many, many years running and our
> procedures for installing, and patching systems working after whatever
> changes have been mysteriously decided upon, and forced on us.
> 
> We will be forced to look at other distributions now; and forced to do a
> ton of unnecessary work to deal with this.



The reality is that it was always on borrowed time.

Getting RHEL without paying for it and with slight delays in updates (most 
people don’t even update that often anyway) wasn’t going to be sustainable, 
ever.

If your business case resolves around being able to freeload on the work of 
others, then there’s a serious problem with the business case.

And I say that as somebody who has installed a large portion of the CentOS8 
(and 7) servers at work.

Not sure what we ourselves are going to do about it, though.

I would hate to switch to Ubuntu for the stuff I like CentOS most for (for 
some, it’s arguably not the greatest distro).

We might end up licensing RHEL for that - and the rest maybe Fedora.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OwnCloud vs NextCloud

2020-02-22 Thread Rainer Duffner 



> Am 23.02.2020 um 03:02 schrieb bryn1u85 . :
> 
> The Nextcloud has more features and all are for free. The ownCloud has some
> for enterprise features which are paid. Soo i think the choice is clear.


Really depends on those features - and their price.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] upgrading from CentOS 7 to 8

2019-10-01 Thread Rainer Duffner 


> Am 01.10.2019 um 22:19 schrieb Valeri Galtsev :
> 
> I routinely upgrade FreeBSD. Last time it was 11.3 to 12.0. Always smooth. 
> Maybe I'm just lucky...



No, it works very well.

But it’s designed with an eventual upgrade in mind.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] AnyConnect on C8??

2019-09-28 Thread Rainer Duffner 


> Am 29.09.2019 um 03:15 schrieb Fred Smith :
> 
> the AnyConnect vpn doesn't appear to be available on C8. Looked at
> rpmfusion and don't see it there either.
> 
> anyone know when/if it might ever be? or where?
> 
> thanks in advance!
> -- 




Even the latest version is only supported on RHEL7 (and 6, surprisingly)

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect48/feature/guide/anyconnect48features.html

You can only download it with an active subscription, though.

However, you’re looking for openconnect anyway:
https://www.infradead.org/openconnect/packages.html


Have you tried rebuilding one of the „matching“ Fedora SRPMs?



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8.0 1905 is now available for download

2019-09-24 Thread Rainer Duffner 


> Am 24.09.2019 um 21:11 schrieb Phil Perry :
> 
> Mainline kernel packages are available from elrepo for el8. Current version 
> is kernel-ml-5.3.x:
> 
> https://elrepo.org/linux/kernel/el8/x86_64/RPMS/ 
> 
> 
> Is that new enough for you?


Sorry to ask this dumb question, but what’s the disadvantage of using such a 
kernel?

I assume, some of the newer kernel-features would need special utilities or 
upgraded versions of the utilities included?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Where to buy S/MIME ??

2018-11-27 Thread Rainer Duffner 


> Am 28.11.2018 um 00:47 schrieb Alice Wonder :
> 
> On 11/27/2018 03:33 PM, Gordon Messmer wrote:
>> On 11/25/18 5:35 AM, Alice Wonder wrote:
>>> The "free for personal" S/MIME from Comodo didn't work. Browser said it did 
>>> but there was nothing to export for me to then import. I suspect it is 
>>> because I used private browser window,
>> Probably, yes.  I've used that service in the past without issue.
>>> I really don't like the idea of a private key stored in browser anyway. And 
>>> it never asked for a password to encrypt the private key
>> Setting a password will protect all of the certificates stored by Firefox.  
>> Select: Preferences -> Privacy and Security -> Security Devices (under 
>> Certificates) -> Software Security Device -> Change password
>> Chrome may have a similar option, but I don't see it and I don't see 
>> documentation for it.\
>>> nor let me specify key strength (only let me choose between medium and high 
>>> - I assume high is 4096 but I don't know, it didn't say)
>> There's very little harm in getting a certificate and examining it to find 
>> out.  You can destroy it later with no ill effect.
> 
> I actually went for a more complex scenario, I've created my own CA complete 
> with CRL.
> 
> It's nice because with S/MIME you really want two certs - one for signing 
> (where ecdsa can be used) and one for when you need to receive encrypted. And 
> I have multiple e-mail accounts I want to do thus with.
> 
> Could have done self-signed too but this at least allows me to revoke if a 
> device like laptop or phone w/ private key is stolen.
> 
> Does mean those who want to confirm my messages have to import my root key 
> but that's for them to decide.
> 
> Web browsers are applications that exist for the explicit purpose of 
> downloading and executing untrusted code. It does not seem like that is a 
> very wise environment to use for generating long term cryptography keys. It 
> really doesn't.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


Well, your own CA’s certificates are basically self-signed.

It’s of course a free country and you can do what you want - but in your case, 
you could just as well use GPG and be done with it. You could place your GPG 
public key where your root-certificate is placed and people could download and 
import that public key.
The point of S/MIME is that there is a central authority to validate the owners 
of the certificates and no peer-to-peer fingerprint checking etc. a la GPG/PGP 
is needed.

It does have better native support in MUAs, I’ll give you that.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Where to buy S/MIME ??

2018-11-25 Thread Rainer Duffner 


> Am 25.11.2018 um 14:35 schrieb Alice Wonder :
> 
> Hi, I'm getting increasingly paranoid.
> 
> Something I said on a certain social media site several months ago was 
> modified - then reported - then by account was banned until I agreed to 
> delete it.
> 
> Obviously since what I said was modified I didn't have any issue with 
> deleting it but I want more than just DKIM sigs on my e-mail now.
> 
> Anyway looking for S/MIME I can use to sign and/or encrypt but mostly sign. 
> Not interested in GnuPG or self-signed S/MIME - I want something that can be 
> trusted because someone else that is trusted actually vouched for me.
> 
> The "free for personal" S/MIME from Comodo didn't work. Browser said it did 
> but there was nothing to export for me to then import. I suspect it is 
> because I used private browser window, I really don't like the idea of a 
> private key stored in browser anyway. And it never asked for a password to 
> encrypt the private key, nor let me specify key strength (only let me choose 
> between medium and high - I assume high is 4096 but I don't know, it didn't 
> say)
> 
> Didn't like the "browser generated" process, even if it had worked and 
> generated the final product I could export - I really didn't like the process 
> and have serious questions about the wisdom of a private key without a pass 
> phrase stored in an application that interacts with web sites.
> 
> Anyway so used openssl to create private key (with aes-256 encryption and 
> pass phrase) and then a CSR.
> 
> But I can't find anyone who sells certs for S/MIME to send the CSR too.
> 
> Globalsign but they wanted $89 - no one else.
> 
> Found a few sites that offered to "send me a quote" that I think were 
> intended for corporate accounts.
> 
> Where do regular users who just want an inexpensive certificate usable for 
> S/MIME from a CSR generated the traditional way go to buy a cert?
> 
> -=-
> 
> Off Topic 2
> 
> I'm going to strangle whoever it is at Google that thinks it is a good idea 
> to put so many video results at the top of search results for this kind of 
> thing. I'm really getting sick of how highly ranked videos now are in search 
> engines.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



Good question.

Usually, these are more targeted towards businesses, ordering a number of 
client-certificates (not just one or two).

Do you have a business (your website looks like a business)?

Here in Switzerland, we use QuoVadis for these certificates (and the normal 
ones). I’m not sure if they provide service to US citizens.

I suggest you consider subscribing to ProtonMail, if nothing else comes 
forwards.

They’ve got a „2 years for 1“ special up for another couple of hours.



Best Regards
Rainer



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Video from the CentOS Dojo at CERN now available

2018-11-22 Thread Rainer Duffner 


> Am 22.11.2018 um 22:41 schrieb Frank :
> 
> Is it only me or are the talks not public on YouTube. When I open the
> link, it says "Private Video" for every entry in the playlist.


Nope.

Probably need an account.
Which I don’t have.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024

2018-11-02 Thread Rainer Duffner 


> Am 02.11.2018 um 21:02 schrieb Frank Cox :
> 
> But it's interesting nonetheless.


AFAIK, Gnome was favored vs. KDE because of some accessibility issues.

Yet, I once read a review that claimed that even though Gnome was the 
„official“ desktop of RHEL, their KDE implementation was more feature-complete 
than SuSE’s on SLES.

Which was pretty depressing to read, TBH.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IBM buying RedHat

2018-10-30 Thread Rainer Duffner 


> Am 30.10.2018 um 20:37 schrieb mark :
> 
>> 
> Unless I'm misremembering, these are midway between small server and
> mainframe. I just did a search, and only found used systems, never new,
> and they were all "refurbed", starting at $1500, and going up to $22k...
> and still refurbed.
> 
> I think my guess of new, > $100k is about right.
> 
>mark
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



Found something:

https://www.nextplatform.com/2018/02/15/ins-outs-ibms-power9-zz-systems/


That’s the entry-level, I presume?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] email Server for CentOS 7

2018-10-01 Thread Rainer Duffner 


> Am 01.10.2018 um 18:54 schrieb Kenneth Porter :
> 
> --On Monday, October 01, 2018 6:37 PM +0200 Peter Eckel  
> wrote:
> 
>> I fully agree with most of the former, except for the Google part. Google
>> is to privacy what a shark pool is to a carp. If possible, avoid Google
>> at all cost, and particularly for E-Mail. There are services around that
>> cost a very small amount of money (e.g. mailbox.org or posteo.de),
>> provide a very reasonable service and do *not* peek into your mail for
>> advertisement targets and sell your data to their customers.
> 
> Fastmail looks attractive to me as it's IMAP-friendly. I run my own server 
> but I'm recommending to my family that they move their accounts there if I 
> "get hit by a bus".
> 
> 
> 
> I mostly run my own server because it's easy to create an infinite number of 
> disposable "plussed" addresses as website login names. I've got a sendmail 
> rule that lets me use a dot instead of a plus sign in such addresses to get 
> around the websites that refuse a plus sign in an address.
> 
> 
> 
>> You should also run your own DNS in that case, as many modern features of
>> secure mail services are tightly linked to DNS (e.g. SPF, DKIM, DMARC
>> etc.). DNSsec is preferred.
> 
> This can be split. I let my hosting provider host my public domain name on 
> their DNS servers. But I run a caching nameserver on my mail server to do the 
> various lookups it requires. A forwarding nameserver for blacklist lookups is 
> NOT recommended because of the way the various DNS-based blacklisting 
> databases license their service.
> 


I run my own mail-server on FreeBSD and qmail (setup mostly using a script from 
Matt Simerson: https://github.com/msimerson/Mail-Toaster-6).
I need to re-do it at some point.

I’m always debating moving to Zimbra (OpenSource Edition, or Zimbra Suite).

If I wouldn’t run my own, I’d probably switch to Protonmail. 
Fastmail is also an option.

DNS (authority) is best run at your hosting-provider or even at a specialized 
DNS provider, depending on requirements.

Everything else is just asking for trouble.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Certificates

2018-09-01 Thread Rainer Duffner 


> Am 01.09.2018 um 18:00 schrieb Leon Fauster via CentOS :
> 
> Out of curiosity - do you change also the private key every time? 



I’m pretty sure LE creates a new private key, too.
From a cursory glance at lego’s certificate directory on a server with a couple 
of dozens of LE certificates at least.
 
After all, changing the private key is what this is all about (showing that 
you’re still in charge).


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Certificates

2018-09-01 Thread Rainer Duffner 


> Am 01.09.2018 um 12:51 schrieb Pete Biggs :
> 
> That was until LetsEncrypt comes along - it has the backing of some big
> names and *IS* an effective business model for small and private
> customers.


What *is* the business model of Let’s Encrypt?

Are they going to issue „Pro“ certificates at some point that cost money?

Running a CA is not expensive per se - it’s the audits that the CAB 
(CA+Browser) Forum mandates that are expensive.

In the beginning, the certificates had a certain level of trust with them that 
came both from the high prices (deterring drive-by crooks) and the fact that 
some sort of vetting was made to ensure that nobody could have issued a 
certificate for a domain they didn’t really control.

But the later step is not very friendly to automation. And CAs can principally 
issue certificates for any domain - a fact brought home by the compromise of 
Dutch CA DigiNotar in the Fall 2011.
Adding to the fact is a concentration-process in the industry that leads to 
fewer and fewer companies that know less and less of their customers.

These days, a certificate just shows that the communication is encrypted. 
Whether the other endpoint is what it claims to be is of no concern to any 
third-party involved in setting up that communication-process.

There’s even talk about deprecating the special handling browsers have for 
EV-certificates from future versions of Mozilla.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install C7 on HP DL360e G8

2018-06-27 Thread Rainer Duffner 



> Am 27.06.2018 um 22:11 schrieb mark :
> 
> Dumb question: is the RAID set up? Some controllers will not even show the
> drive if you haven't at least set it as RAID 0.


Well, OP says that BIOS reports one drive - so it seems to be setup.


Screenshot of the boot-up screen where the controller shows the logical drive 
would help.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wildcard certificate

2018-06-16 Thread Rainer Duffner via CentOS 


> Am 17.06.2018 um 00:24 schrieb Keith Keller via CentOS :
> 
> On 2018-06-16, Gordon Messmer via CentOS  wrote:
>> 
>> https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
>> 
>> Wildcard support is new, but it's available!  :)
> 
> Cool!  I had read about wildcard support being planned a few months ago
> but totally forgot about it.
> 


AFAIK, it’s only available with the DNS-challege.

You must have authority over your DNS and use one of the supported providers 
(or build your own).




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wildcard certificate

2018-06-15 Thread Rainer Duffner 


> Am 15.06.2018 um 21:07 schrieb Jerry Geis :
> 
> They are all just - BEGIN CERTIFICATE    and everything else is
> encrypted of course.
> 


No, it’s not.

You can look at it with

openssl x509 -text -in file.crt -noout


> They did not give a private key - I presumed with a wild card it was not
> needed? again -never done this so just guessing.


No. The certificate itself is what gets sent to every browser. It’s not secret 
or encrypted.

You need a certificate, the corresponding private key and in almost all 
instances the intermediate certificate (or certificates, depending on how many 
sub-CAs below the Root-CA it was issued from).


Normally (well, for certain definitions of normal), you generate the private 
key yourself and generate a CSR, a certificate signing request from that key.
The key is just 2048 bytes of random data.

The CSR is what get’s signed by the CA’s private key and contains all the 
information in the certificate that you can view by clicking on the lock-icon 
in the browser.

I usually do this like below

bla=the_domain.toplevel
openssl req -newkey rsa:2048 -nodes -out $bla.csr -keyout $bla.key -sha256

(for wildcard, I usually call the files „star.domain.toplevel“)

And then you can send the CSR to whoever has it signed, or in our case, I log 
into my managed PKI console and submit it myself for my supervisor to confirm 
it and then I download the certificate.


This is done because  the private key should in theory never leave the system 
it was generated on, to ensure its secrecy.


Sending a private key by email is NOT secure.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wildcard certificate

2018-06-15 Thread Rainer Duffner 


> Am 15.06.2018 um 20:37 schrieb Jerry Geis :
> 
> Hi all - I am trying to figure out how to add a wild card certificate given
> to me for a CentOS installation.   I have a script that sets up HTTPS so I
> am a little familiar with things - but they provided me two files:
> name_ee.crt
> name_i1.crt
> 
> I'm not sure how to apply that to the /etc/httpd/conf.d/ssl.conf file?
> Anyone done that before ?
> 
> My initial searches were not helpful. Thanks,



And where’s the private key?


Can you post the lines in the files that start with five (or so) dashes („-„)?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

2018-05-08 Thread Rainer Duffner 


> Am 08.05.2018 um 21:34 schrieb m.r...@5-cent.us:
> 
> Anyone have any clues about how to sanitize a dead SSD? We haven't had it
> yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
> dead disk gets deGaussed, but what the hell do you do with a SSD?
> 

If you don’t want to shred, use full-disk-encryption (laptop/pc).

In a server, shredding is probably the sanest option.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Document/collaboration server advise needed

2018-01-22 Thread Rainer Duffner 


> Am 22.01.2018 um 21:50 schrieb Valeri Galtsev :
> 
> Dear All,
> 
> Three groups of scientists need to write documents collaboratively. They are 
> going to use MS PowerPoint, Word, also store PDF files. They want to be able 
> to add external people from other groups they collaborate with and give them 
> access to some areas or "projects". In other words, they want some 
> collaborative work environment, mostly to work on documents.
> 
> In the past scientists were using TeX, and one of version control systems 
> (CVS, subversion,...). And all was great, as TeX files (pretty much like 
> programs software developers write) are ASCII text files, and diff of two 
> version is rather small...
> 
> Unlike the past scientists I work for plan to use MS PowerPoint, Word, also 
> store PDF files. All these are effectively binary files for version control 
> systems, then versions will not be stored as a small diff, but each version 
> ends up being the whole document.
> 
> One obvious solution may be: just buy office365.com  
> service, or set up MS server on our own machine. And these are the two things 
> I am trying to avoid.
> 
> Could someone recommend open source software? Some collaborative suite 
> focused mostly on working on documents, with web based interface.
> 
> I run owncloud server for my Department, and one in general can use that, but 
> I hope to find something more focused towards collaborative work.
> 
> Thanks a lot for your advises and pointers.





Well, there’s Collabra Online - 
https://www.collaboraoffice.com/collabora-online/ 
 - but I think it just 
allows you to edit documents on the browser.
It can’t really allow two people editing the same document at the same time and 
then merge it - something that AFAIK Sharepoint can do. At least, I was under 
the impression that it can do that.

You can download their CODE VM and check it out.

For just file-sharing, there’s also SeaFile.

But I see they also integrate with Collabra these days….
https://www.seafile.com/en/features/


For project management, there’s stuff like Project Open 
(http://www.project-open.com  ) - but you have to 
see for yourself if it fits your use-case.


Good luck and keep us updated about what you ended up doing.






___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question about a bug in bugzilla

2017-10-31 Thread Rainer Duffner 

> Am 31.10.2017 um 12:17 schrieb James Pearson :
> 
> That BZ has a status of 'ON_QA' - so I guess Redhat haven't released 
> '-3' yet ...
> 
> When they do, they normally update the BZ - and make the source 
> available - at which point, CentOS will rebuild the update and make it 
> available
> 
> James Pearson


Ah, OK.
Thanks.

In the meantime, I downgraded to the working version.




Regards
Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Question about a bug in bugzilla

2017-10-31 Thread Rainer Duffner 
Hi,

I have a CentOS 7 server which shows bug 1487266

https://bugzilla.redhat.com/show_bug.cgi?id=1487266 



It says, it’s fixed in 
java-1.8.0-openjdk-1.8.0.151-3.b12.el7

I updated this package, and now it shows as

java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.x86_64

So, is there another update coming or are these the same packages?

Because the „-1“-version didn’t fix the problem.




Best Regards
Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] scp setup jailed chroot on Centos7

2017-10-20 Thread Rainer Duffner 

> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer :
> 
> Dear all
> 
> I'm looking for instructions on how to setup a jailed chroot directory for 
> user which needs to upload via scp to the server.
> Especially I miss clear instructions about what needs to be in the jailed 
> directory available, like binaries, libraries, etc...
> Without jail I get it to work, but I want to prevent user downloading for 
> example /etc folder from the server.
> 
> Does anybody have a link or list valid for Centos7
> 



Can’t you use SFTP?

AFAIK, sftp automatically chroots a user with no valid shell (provided the home 
directory is owned by root and not writeable by the user and you use Subsystem 
internal-sftp).



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache 2.2 EOL - what is Red Hat's story for RHEL6?

2017-09-12 Thread Rainer Duffner 

> Am 12.09.2017 um 21:34 schrieb Warren Young :
> 
> I’d assume they’re just going to make their own fixes,


I would be really surprised if they wouldn’t be among the main contributors 
already (if not the main contributor) - or at least have staff that are very 
familiar with the source.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cyrus spool on btrfs?

2017-09-09 Thread Rainer Duffner 

> Am 09.09.2017 um 19:22 schrieb hw :
> 
> Mark Haney wrote:
>> On 09/08/2017 01:31 PM, hw wrote:
>>> Mark Haney wrote:
>>> 
>>> I/O is not heavy in that sense, that´s why I said that´s not the 
>>> application.
>>> There is I/O which, as tests have shown, benefits greatly from low latency, 
>>> which
>>> is where the idea to use SSDs for the relevant data has arisen from.  This 
>>> I/O
>>> only involves a small amount of data and is not sustained over long periods 
>>> of time.
>>> What exactly the problem is with the application being slow with spinning 
>>> disks is
>>> unknown because I don´t have the sources, and the maker of the application 
>>> refuses
>>> to deal with the problem entirely.
>>> 
>>> Since the data requiring low latency will occupy about 5% of the available 
>>> space on
>>> the SSDs and since they are large enough to hold the mail spool for about 
>>> 10 years at
>>> its current rate of growth besides that data, these SSDs could be well used 
>>> to hold
>>> that mail spool.
>> See, this is the kind of information that would have made this thread far 
>> shorter.  (Maybe.)  The one thing that you didn't explain is whether this 
>> application is the one /using/ the mail spool or if you're adding Cyrus to 
>> that system to be a mail server.
> 
> It was a simple question to begin with; I only wanted to know if something 
> speaks
> against using btrfs for a cyrus mail spool.  There are things that speak 
> against
> doing that with NFS, so there might be things with btrfs.
> 
> The application doesn´t use the mail spool at all, it has its own dataset.
> 
> Do you use hardware RAID with SSDs?
 We do not here where I work, but that was setup LONG before I arrived.
>>> 
>>> Probably with the very expensive SSDs suited for this ...
>> Possibly, but that's somewhat irrelevant.  I've taken off the shelf SSDs and 
>> hardware RAID'd them.  If they work for the hell I put them through 
>> (processing weather data), they'll work for the type of service you're 
>> saying you have.
> 
> Well, I can´t very well test them with the mail spool, so I´ve beeing going
> with what I´ve been reading about SSDs with hardware RAID.


It really depends on the RAID-controller and the SSDs.
Every RAID-controller has a maximum number of IOPS it can process.


Also, as pointed out, consumer SSD have various deficiencies that make them 
unsuitable for enterprise-use:


https://blogs.technet.microsoft.com/filecab/2016/11/18/dont-do-it-consumer-ssd/ 



Enterprise SSDs also fail much more predictably. You basically get an SLA with 
them about the DWPD/TBW data.

For small amounts of highly volatile data, I recommend looking into Optane SSDs.



> 
> Well, that´s a problem because when you don´t want md-RAID and can´t do 
> hardware RAID,
> the only other option is ZFS, which I don´t want either.  That leaves me with 
> not using
> the SSDs at all.
> 



As for BTRFS: RedHat dumped it.
So, it’s a SuSE/Ubuntu thing right now.
Make of that what you want ;-)

Personally, I’d prefer to use ZFS for SSDs. No Hardware-RAID for sure. Not sure 
if I’d use it on anything else but FreeBSD (even though a Linux port is 
available and code-wise it’s more or less the same).

From personal experience, it’s better to even ditch the non-RAID HBA and just 
go with NVMe SSDs for the 2.5“ drive slots (a.k.a. 8639 a.k.a U.2 form factor).
If you have spare PCIe slots, you can also go for HHHL PCIe NVMe cards - but of 
course, you’d have to RAID them.






___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?

2017-07-27 Thread Rainer Duffner 

> Am 27.07.2017 um 22:48 schrieb vychytraly . :
> 
> Maybe CentOS 7.4 would have backported compatibility for your hardware. I
> had similar issues with Intel GPU not being recognized, which was solved by
> "i915 preliminary hw support enabled" method. Try to have a look on that.


https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_hardware_enablement.html
 



Well, the only thing that catches my eye here is the support for newer Intel 
PCHs.

Skylake (Purley) servers exist, so I would assume that RHEL would need to 
support these chipsets.

Wireless, GPUs etc - that’s something different.


Of course, there’s always SLES (or SLED, in the OPs case), which has a somewhat 
more recent kernel, AFAIK - if we’re playing „Anything but Ubuntu“.
;-)

The above beta came out in May. So I’d hazard a guess and say it’ll be late 
autumn before we see a release and I’d hope for a pre-christmas CentOS 7.4 
release….



Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need a bit of 'archeocomputing' help on CentOS 7.

2017-04-22 Thread Rainer Duffner 

> Am 22.04.2017 um 15:42 schrieb Lamar Owen :
> 
> On 04/21/2017 12:11 PM, Lamar Owen wrote:
>> ...
>> The latest version of libc5 I know of that was shipped by Red Hat is in RHL 
>> 6.2, libc-5.3.12.  (There is a 5.4, but not sure of stability or 
>> compatibility).
>> ...
>> I've successfully set up the bridging; a CentOS 7 VM on the same host has 
>> full connectivity.  So it's something about the rtl8139 and the 2.0.36 
>> kernel.  What is the oldest distribution you've done on KVM on C7?
> Ok, so I've progressed somewhat on this.  Here's what I've so far found:



Silly question: isn’t there something like a „compat-CentOS5“-package one can 
install and that contains all the base-libraries for CentOS 5?

I run a FreeBSD 6 (32 bit) binary on a 64 bit FreeBSD 11 VM (because the 
source, if we had it, would most likely not compile with whatever LLVM ships 
with 11 …).
FreeBSD offers „compat“ packages down to version 4. These are libraries that 
install into /usr/lib/compat.

Obviously, the system is designed for this - but why is nobody doing this for 
Linux?

I just looked it up:
FreeBSD 4.0 was released over 17 years ago, around the same time as RHL 6.2…



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install Centos 6 x86_64 on Dell PowerEdge 2970 and a SSD (hardware probing issues)

2014-08-31 Thread Rainer Duffner 

Am 31.08.2014 um 21:52 schrieb Jason Pyeron jpye...@pdinc.us:

 I have a fleet of 2970s and we are upgrading the hardrives on the motherboard 
 SATA ports (A/B not the PERC backplane) when a detecting hardware is 
 performed the system crashes, reboots and gives an E1422 error code (useless 
 video: https://www.youtube.com/watch?v=PhyMeUHJar4).
 
 We narrowed it down to a motherboard BIOS issue, if we remove the SSD or add 
 noprobe to the kernel the installer does not crash. 




Is that actually a supported configuration (in the Dell-sense)?.

Which is the „primary hard drive then? SATA or PERC?

Have you booted any other OS on it?
FreeBSD 10?
CentOS7?

Ubuntu?

Note that I have no idea about Dell servers. I’ve never worked with them in my 
professional life - but my experience is that trying the same thing more than 
three times in a row is a waste of time (and nerves: I can literally see my 
life being shortened by watching server-BIOS boot-up screens…)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install Centos 6 x86_64 on Dell PowerEdge 2970 and aSSD (hardware probing issues)

2014-08-31 Thread Rainer Duffner 

Am 31.08.2014 um 23:03 schrieb Jason Pyeron jpye...@pdinc.us:


 
 Is that actually a supported configuration (in the Dell-sense)?.
 
 
 Yes. They support internal SATA drives, we are changing from spinning drives 
 to SSD. I am working with Dell to get a BIOS patch, but I wont hold my breath.
 
 





You can always try to install RHEL6 and open a ticket with RedHat if that 
fails, too….


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] latest freeIPA on CentOS

2014-07-14 Thread Rainer Duffner 
Am Mon, 14 Jul 2014 11:47:32 -0400
schrieb Johnny Tan johnnyd...@gmail.com:

 We're looking to run freeipa on CentOS-6.5.
 
 It seems the version available for 6.5 is 3.0, whereas the latest 3.x
 is 3.3.5 (available in F19  20). And now I see 4.0 was just released
 and will be in F21 (with support for native OTP-based 2FA!).
 


CentOS7 has 3.3

I don't know if RedHat will backport it to 6.x like they did previously.

I think we will start with what is in CentOS 7.0 and see how far we get.
We will even buy RHEL-lics for it.

I certainly don't want to run Fedora in production - and I don't want
to do the backport for  such a complicated piece of software myself.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] latest freeIPA on CentOS

2014-07-14 Thread Rainer Duffner 

Am 14.07.2014 um 21:02 schrieb Jitse Klomp jitsekl...@gmail.com:

 2014-07-14 17:57 GMT+02:00 Rainer Duffner rai...@ultra-secure.de:
 
 CentOS7 has 3.3
 
 I don't know if RedHat will backport it to 6.x like they did previously.
 
 I think we will start with what is in CentOS 7.0 and see how far we get.
 We will even buy RHEL-lics for it.
 
 I certainly don't want to run Fedora in production - and I don't want
 to do the backport for  such a complicated piece of software myself.
 
 
 ​RH will *not* do a backport of 3.3 to RHEL 6.x.


I was pretty certain about it, too - but I don’t read the free-ipa lists 
(already too many subscriptions I can barely glance over…).

So, thanks for bringing it to everyone’s attention ;-)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

2014-07-12 Thread Rainer Duffner 

Am 12.07.2014 um 17:08 schrieb Lamar Owen lo...@pari.edu:

 [I wasn't going to reply; but after thinking about it for quite a while, 
 there are a few points here that deserve just a bit of level-headed 
 attention.]
 
 On 07/11/2014 10:53 AM, David G. Miller wrote:
 Les Mikesell lesmikesell@... writes:
 
 Or, if you want things to respawn, the original init handled that 
 very nicely via inittab.
 
 Replying to Les' comment:  the original inittab respawn method is 
 completely brain-dead, blindly respawning without any thought for what 
 conditions might need to be checked, etc.



That’s probably true.

But still, I believe that much of the complexity of systemd (that it apparently 
has) comes from the fact that it’s most intended to provide a „smooth“ desktop 
experience.

Now, it looks like almost everything is a „service“.

Can I pick an example?

[root@ipa ~]# systemctl list-unit-files |grep ssh
sshd-keygen.service static  
sshd.serviceenabled 
sshd@.service   static  
sshd.socket disabled


What is the difference between sshd.service and sshd@.service?
Am I right in assuming that the sshd-keygen.service is responsible for creating 
the initial host-keys?

I may be wrong, but sshd works nice on my 100+ servers without a special 
service for this. In fact, I loathed the Solaris-behavior, where you had to 
„refresh“ the service for this (or something to this effect)
On FreeBSD, if I want to create new keys, I delete the old ones and restart the 
service.
I very rarely need that, so I just assume it’s the same on RHEL. 

Can anyone give an example from a stock RHEL7 install that could not have been 
done with a traditional SysV-init?




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] block level changes at the file system level?

2014-07-03 Thread Rainer Duffner 

Am 03.07.2014 um 21:19 schrieb John R Pierce pie...@hogranch.com:

 On 7/2/2014 12:53 PM, Lists wrote:
 I'm trying to streamline a backup system using ZFS. In our situation,
 we're writing pg_dump files repeatedly, each file being highly similar
 to the previous file. Is there a file system (EG: ext4? xfs?) that, when
 re-writing a similar file, will write only the changed blocks and not
 rewrite the entire file to a new set of blocks?
 
 Assume that we're writing a 500 MB file with only 100 KB of changes.
 Other than a utility like diff, is there a file system that would only
 write 100KB and not 500 MB of data? In concept, this would work
 similarly to using the 'diff' utility...
 
 you do realize, adding/removing or even changing the length of a single 
 line in a block of that pg_dump file will change every block after it as 
 the data will be offset ?
 
 may I suggest that instead of pg_dump, you use pg_basebackup and WAL 
 archiving...  this is the best way to do delta backups of a sql database 
 server.
 
 


Additionally, I’d be extremely careful with ZFS dedup.

It uses much more memory than „normal“ ZFS and tends to consume more I/Os, too.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Information Week: RHEL 7 released today

2014-06-11 Thread Rainer Duffner 

Am 10.06.2014 um 22:28 schrieb Eero Volotinen eero.voloti...@iki.fi:

 direct use of Microsoft's Active Directory sounds intresting? via samba
 4? or via other implementation?
 
 Eero



It comes with IPA:
http://www.freeipa.org/page/Main_Page
RHEL7 comes with a pretty recent version, from what I could see in the RC.

It’s basically AD rebuilt with Open Source tools.
It’s an impressive undertaking.


Too bad all our RHEL subscriptions at work seem to have run out….
So I actually have to wait for CentOS ;-)



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mother board recommendation

2014-06-03 Thread Rainer Duffner 

Am 03.06.2014 um 20:26 schrieb Lists li...@benjamindsmith.com:

 On 05/16/2014 11:23 AM, m.r...@5-cent.us wrote:
 hardware doesn't support ECC.
 snip
 Oh, right, *all* the servers here use ECC DIMMs. And you really, REALLY
 don't want to go there: a) price, b) n/s is not buffered is not
 registered, none of the above compatible in the same bank, and oh, yes,
 dual rank is *not* compatible with single rank or quad rank... I kid you
 not. I've had servers simply not boot by mixing two of those, and let's
 not forget not fitting in the slot, and c) see a).
 
 
 ECC is such a horrible pain in the rear. If you don't have things like 
 SLA in your casual vocabulary, pretty much any desktop board works 
 find for Centos6. For spare/personal/backups servers, I use whatever old 
 hardware sits in the junk room.
 
 Anything using ECC is such a pain to match up correctly that I tend to 
 buy motherboard/RAM/CPU from a vendor as a package unit so it's 
 warranted to work together. Registered/Unregistered, CAS timing, 
 single/double/quad ranked, never mind voltages, and making sure your CPU 
 supports it!
 
 For all the promises of better uptimes, I've had far more trouble with 
 mis-matched  ECC than I've ever experienced in bad non-ECC RAM. Truly, 
 this is a sorry showing for ECC.


It’s also a bit of a sorry showing for the admin putting together the system.

As for the original request:
Maybe take a look at a HP Microserver or one of the entry-level ML-servers?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mother board recommendation

2014-06-03 Thread Rainer Duffner 

Am 03.06.2014 um 22:39 schrieb m.r...@5-cent.us:

 Warren Young wrote:
 On 6/3/2014 12:26, Lists wrote:
 
 Registered/Unregistered, CAS timing,
 single/double/quad ranked, never mind voltages, and making sure your CPU
 supports it!
 
 All of those specs are listed in the motherboard manual.  If you're
 buying your RAM from a reseller that doesn't give you the corresponding
 specs to match up against the mobo specs, stop buying from that vendor.
 
 There are vendors that will match up your specific motherboard with the
 RAM that works in it, and will exchange the RAM for the right stuff if
 by some tiny chance they specified the wrong stuff.  (e.g. Crucial)
 
 Buried in some of them, and others, well, it tells you what it will
 take... and it *assumes* that you're just building the system, and buying
 all the DIMMs as one batch, *not* that you're replacing a failed DIMM. But
 you've got to match even things like cl2whatever. If it doesn't have
 *exactly* what's on the other DIMMs, it won't work.



That’s why you replace both.
Or, if you build your own servers in significant quantities, you’ve got to do 
you’re own stock-keeping.
Need 24 hard drives? Buy 30!
Need 12 PSUs for 6 servers? Buy 16.

That, or buy COTS-hardware from Dell, HP, IBM, Fujitsu with a support-contract….




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OEM suggestions

2014-06-01 Thread Rainer Duffner 

Am 30.05.2014 um 20:28 schrieb John R Pierce pie...@hogranch.com:

 On 5/30/2014 11:14 AM, Rainer Duffner wrote:
 Also, due to the fact that they don’t offer a SAS-Controller that does JBOD, 
 you have to setup each drive individually as a RAID0
 
 hmm?
 
 The HP H220, H221, H220 are SAS2 HBAs.   also the S08e but thats older, 
 and was only sold to support a specific P2000g3 array. AFAIK, the H22x 
 are LSI 2008 based (9211-xx)




Interesting.
Thanks a lot.

It’s sometime very difficult to find HP products that aren’t by default in 
their servers.


AFAIK, the 9211-series card don’t have the „right“ firmware for „IT-mode“ that 
would be required for an „ideal“ ZFS setup.

I’m not sure if one could flash those - they probably have an OEM firmware.


Maybe I can have one ordered to try it out.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OEM suggestions

2014-05-30 Thread Rainer Duffner 

Am 30.05.2014 um 19:34 schrieb John R Pierce pie...@hogranch.com:

 On 5/30/2014 5:28 AM, Andrew Holway wrote:
 
 As I think about it, the control node for the UV 2000 looks an*awful*  lot
 like a Penguin
 
 SuperMicro gear is only as good as the server integration company selling
 it.
 
 bingo.I think too many people buy 'whitebox' supermicro stuff direct 
 and self-integrate, then are surprised when there are issues.   
 Integration needs to include testing.   All that integration and testing 
 is why brands like HP are more expensive, you can usually assume its 
 going to work.




True.
The thing I hate about HP is that their SSD offerings are IMO a joke.

Not only are they several times as expensive as an equivalent Intel SSD (even 
taking into account that we don’t pay list-price) but in addition, they perform 
only half as well (in terms of IOP/s).

I suspect it’s because HP does not include a super cap and thus their SSDs 
don’t do write-caching (which the Intel does).

Also, due to the fact that they don’t offer a SAS-Controller that does JBOD, 
you have to setup each drive individually as a RAID0 - which is totally stupid, 
once you run something like FreeBSD where HPACUCLI is not available. Each 
failed drive necessitates a reboot then.

I could of course buy an LSI JBOD controller (which would also allow me to buy 
Intel SSDs) - but what’s the point of buying a HP server then?

IMO, HP does not want you to actually make good use of current-generation 
enterprise-SSDs - they’d prefer you buy a couple of dozens of P2000 arrays 
instead…

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Old HP Xeon server blade with only SCSI HDD ports CentOS

2014-04-11 Thread Rainer Duffner 
Am Fri, 11 Apr 2014 11:40:30 -0300
schrieb Fernando Cassia fcas...@gmail.com:

 On Fri, Apr 11, 2014 at 11:28 AM, m.r...@5-cent.us wrote:
 
  Again, you could hit eBay for a power supply. But all the servers,
  including blades, that I ever worked with were 120v or 220V (ok,
  this is the US). Is the psu in the box dead?
 
 
 There's no PSU in the box. I've got the enclosure as well! It's one
 of these
 http://www.harddrivesdirect.com/product_info.php?products_id=142183
 
 In the back all the blades are connected to an interconnect power
 regulator board that goes to two large round prongs the kind used in
 20 AMP 220/240 V AC plugs. But right now I'm 99% sure right now that
 this works with 48VDC. The blades have tiny power regulator boards
 next to the (proprietary?) blade power connector...  and on the
 internal side of such connector the markings say 48V for the white
 wire and 0V for the black wire.



What about networking?

They either have shared networking (AFAIK) or there needs to be a
module the lets you connect the blades to a switch...

If you have no budget, blades are the worst to work with ;-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading Perl (modules) / RequestTracker

2014-02-05 Thread Rainer Duffner 
Am Wed, 05 Feb 2014 06:23:25 +0100
schrieb Chris ch2...@arcor.de:

 Well, it seems you have to install RT manually on CentOS 6 [1].
 
 On 02/05/2014 12:33 AM, Rainer Duffner wrote:
  I have no experience with Debian/Ubuntu, but I’d really only use
  packages in case I could package them up myself, specifically for
  this task.
 
 For Debian, there are packages readily available, which get updated
 automatically.

Well, there are also packages for FreeBSD.
RT and all dependencies.

 I had not any problems with dependencies. You don't
 have to do anything. Sorry, to say this on this list, but this is a
 task I would choose Debian for [2].


The reason I wouldn't just blindly install or update packages is that I
don't believe that even the Debian guys do sufficient testing to ensure
that RT actually works after the update.


This is, of course, a highly RT-specific discussion.
But in defense of CentOS, I don't see a fundamental problem running RT
on it - actually, due to the long support-cycles, it might even be
better suited than e.g. Ubuntu LTS. Ticketing-Systems usually have
exceptionally long replacement-cycles.
You just have to make sure you know what you are doing and find a
usable change-management strategy.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading Perl (modules) / RequestTracker

2014-02-04 Thread Rainer Duffner 

Am 04.02.2014 um 22:49 schrieb Michael Mol mike...@gmail.com:

 I'm attempting to install RequestTracker on CentOS 6.5. Running make
 testdeps as recommended by RT's installation guide, I'm presented with
 lists of missing Perl modules.
 
 One of these lines reads:
 
Encode = 2.39 ...MISSING
 
 
 Now, yum whatprovides '*/Encode.pm'  informs me that that module is
 part of the core Perl distribution, and is installed on my system.
 Opening the file itself reveals:
 
 # $Id: Encode.pm,v 2.35 2009/07/13 00:49:38 dankogai Exp $
 
 so I know that I have version 2.35 of that module installed, and
 obviously that's  2.39. So I need to get 2.39 installed.
 
 What is the correct way to do this on CentOS? The last time I had to do
 anything like this, it was on a Debian box, I went through the process
 recommended by the guys in #perl, and was left with a broken system
 that was a real joy to piece back together…


I’m not sure about CentOS.
This guide:
http://binarynature.blogspot.pt/2013/05/install-request-tracker-4.html

suggest installing all the modules via CPAN (onto the original installation).

I don’t believe this is going to work very well, once it touches modules 
already part of the initial installation (as in your case).

Historically, you were best off with installing a perl from source into a 
different directory and using RT’s installer to fix all the dependencies.

You can then update these modules as needed or required by security-issues / RT 
updates/upgrades, without interfering with the base OS update mechanism.

If you choose this route, I would suggest using the NGINX+fast-cgi 
implementation, as you don’t have to worry about the mod_perl from base etc.

Admittedly, this reduces CentOS to little more than a kernel+filesystem+sshd - 
but unless you find a repository that provides all the modules (well over a 
hundred last time I counted, significantly more if you enable all the optional 
dependencies) in all the right versions, all of the time, you will have a hell 
of a problem keeping RT running smoothly.

I have no experience with Debian/Ubuntu, but I’d really only use packages in 
case I could package them up myself, specifically for this task.





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS-announce] CentOS Project joins forces with Red Hat

2014-01-16 Thread Rainer Duffner 

Am 17.01.2014 um 01:18 schrieb Karanbir Singh mail-li...@karan.org:

 On 01/13/2014 09:14 AM, Andreas Kasenides wrote:
 Apparently nto all is well with the take-over.
 Here is an example. Should I stop mirroring CentOS in the fear of being
 arrested next time a I visit the US on vacation?
 
 
 I dont understand your question or statement, what are you saying here ?
 Can you say the same thing, but a bit in a more verbose manner ?
 



I think he refers to:

You may not provide CentOS software or technical information to individuals or 
entities located in one of these countries or otherwise subject to these 
restrictions.“

He fears that he’s held responsible if someone from Iran uses e.g. his mirror 
to download the stuff.

Maybe thinking of this incident:
http://www.huffingtonpost.com/2012/06/19/apple-store-refuses-to-sell-ipad-to-iranian_n_1609734.html

Though the ban on iPhones seems to have been lifted, actually:

http://appleinsider.com/articles/13/08/27/apple-to-start-sales-of-devices-going-to-iran-after-us-sanctions-lifted

Can you check with „your“ legal department if Open Source operating systems are 
still not allowed to be exported to „certain countries?

I really hope someone at the treasury department gets the irony of not allowing 
a „free“ operating system being exported from a „free“ country to an „unfree“ 
country….



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] A question about 7

2014-01-15 Thread Rainer Duffner 
Am Wed, 15 Jan 2014 16:25:04 +0200
schrieb JC Putter jcput...@gmail.com:

 How about using ethtool -p which causes the LED of the NIC to blink?
 



Very useful, unless the datacenter isn't in the basement ;-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ZFS on Linux in production?

2013-10-24 Thread Rainer Duffner 

Am 25.10.2013 um 00:47 schrieb John R Pierce pie...@hogranch.com:

 On 10/24/2013 2:59 PM, Lists wrote:
 (*) ran into a guy who had 100s of zfs 'file systems' (mount points),
 per user home directories, and was doing nightly snapshots going back
 several years, and his zfs commands were taking a long long time to do
 anything, and he couldn't figure out why.  I think he had over 10,000
 filesystems * snapshots.
 Wow. Couldn't he have the same results by putting all the home
 directories on a single ZFS partition?
 
 I believe he wanted quotas per user.   ZFS quotas were only implemented 
 at the file system level, at least as of whatever version he was running 
 (I don't know if thats changed, as I never mess with quotas).
 
 


User and group quotas have been possible for some time.

ZFS is cool. But there are a lot of issues and stuff that needs to be tuned but 
is difficult to find out if it needs to be tuned.


Especially, if you run into performance-problems.

Once you have some experience with it, I recommend reading this blog:
http://nex7.blogspot.ch

and of course, the FreeNAS forum, where you can read about stuff like that:

https://bugs.freenas.org/issues/1531

On the surface, ZFS is great. But god help you if you run into problems.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kvm cluster w/ c6

2013-10-20 Thread Rainer Duffner 
Am Sat, 19 Oct 2013 23:22:12 -0700
schrieb John R Pierce pie...@hogranch.com:

 In our development lab, I am installing 4 new servers, that I want to 
 use for hosting KVM.   each server will have its own direct attached 
 raid.   I'd love to be able to 'pool' this storage, but over gigE, I 
 probably shouldn't even try.


I'm not sure if somebody has re-built RHEV on CentOS (couldn't find it
with a quick google-search).

RHEV = http://www.redhat.com/products/cloud-computing/virtualization/

Then, on top of that you'd need RedHat Storage Server. It's a
stabilized build of GlusterFS with Enterprise-Support - and
Enterprise-price...


Also, you could try OpenStack - but I'm not sure if it's worth the
hassle and if four noodes is actually enough to have a usable setup.

RedHat Storage Server recommends 10G ethernet, BTW.

For your setup, I'd invest more in the hardware itself (redundant PSU,
more redundancy in the disks, more powerful RAID-controller with
battery-backed cache, the more hardware is hot-pluggable, the better
etc..)

Oh, and I'd love to hear success-stories of people who actually use
RHEV+RHSS.
Any kind of distributed storage, actually.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyone using CentOS Active Directory like system?

2013-09-30 Thread Rainer Duffner 

Am 30.09.2013 um 07:34 schrieb Gordon Messmer gordon.mess...@gmail.com:

 On 09/29/2013 09:56 PM, John R Pierce wrote:
 I'd test this over Samba as a AD replacement.   but, if your
 environment includes a lot of windows client systems, and expects to use
 Active Directory group policies to closely manage those windows
 systems,  none of these solutions will come close to what the 'real
 thing' offers.
 
 I agree.  If you're managing Windows clients and need Group Policy, 
 there's very little reason not to run AD.
 
 If you don't like giving money to Microsoft, then ditch the clients. 
 Even if you replace AD with Samba, you still need a management 
 workstation to handle all of the tools that would otherwise be present 
 on an AD system.  Most of the time, that means you haven't actually 
 saved any money on Windows licenses.



Yes.
If you need to have Windows-Clients around, you need to have a native AD 
around, too.
Period.
Both FreeIPA and RHIPA state rather prominently on their web-pages that they 
are not a replacement for the former.
Rather, they are meant as an alternative.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DL380g8 - smart array B320i - CentOS 6.4

2013-07-01 Thread Rainer Duffner 

Am 01.07.2013 um 20:39 schrieb John R Pierce pie...@hogranch.com:

 On 7/1/2013 11:30 AM, Nathan Duehr wrote:
 The significant problem we ran into was someone at an upstream vendor orders 
 HP stuff via individual part numbers in a specific configuration for us, so 
 we get a server, some disks, whatever... and assemble them on-site.  They 
 didn't know (bad vendor, no donut) about the change or spaced it... and 
 didn't send licenses... so you're sitting there with disks in a new server, 
 all ready to load the OS as usual... and the OS can't find any disks.
 
 that sounds like a VAR problem.  if I'm buying from a VAR, I expect the 
 system to arrive as ordered and configured.
 
 As we buy direct from HP (big corp), I *ALWAYS* go through the entire 
 'quickspec' page on any HP gear, carefully studying the options and 
 SKU's, any such licenses should be clear there.For example, I 
 *always* get the full ILO license.


Somebody correct me, but the B320 controller only comes in the e-type models 
of DL3x0 servers, right?
We only order the p models and we generally don't need to enter licenses to 
access hard-drives, unless we want to create a RAID6…

They are nice machines, but I'm not sure if they are worth the price - as we 
don't do Windows and don't install the HP-agents, most of the feature that 
these agents offer go unused (but paid-for).

The good thing about them is that spares are available very long and work 
through different generations (Gen8 is the first since G5 that changed almost 
everything).

I'm not 100% sure, but I believe, with SuperMicro Servers, I'd  have to have a 
much larger (and better organized) inventory of spares that might only fit into 
specific age-group of servers…

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DL380g8 - smart array B320i - CentOS 6.4

2013-07-01 Thread Rainer Duffner 

Am 01.07.2013 um 22:30 schrieb Nathan Duehr denverpi...@me.com:

 
 On Jul 1, 2013, at 12:43 PM, Reindl Harald h.rei...@thelounge.net wrote:
 
 
 
 Am 01.07.2013 20:30, schrieb Nathan Duehr:
 The significant problem we ran into was someone at an upstream vendor 
 orders HP stuff via 
 individual part numbers in a specific configuration for us, so we get a 
 server, some disks,
 whatever... and assemble them on-site.  They didn't know (bad vendor, no 
 donut) about the
 change or spaced it... and didn't send licenses... so you're sitting there 
 with disks in a
 new server, all ready to load the OS as usual... and the OS can't find any 
 disks
 
 *you* are resposible to hire a *qualified* and *certified* HP partner and 
 not the
 cheapest idiot company you are able to find
 
 I'd love to tell you who it is, but I'm not at liberty to say.  Suffice it to 
 say, everyone on this list knows their name, and they're not exactly a small 
 VAR.  Your assumptions are unfounded.



I may have missed it, but did you say why you ordered a 320-type controller?
The i420 is what you need. They are great (unless you want JBOD, then they 
suck).


It's true: DL360/380 is nothing special. But nowadays, they have so much 
performance, they solve maybe 90% of what you need in a datacenter….

Sorry to bring your rant back on topic ;-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Run multiple instance of apache

2013-05-27 Thread Rainer Duffner 
Am Mon, 27 May 2013 08:15:52 +
schrieb HAJJ CHEHADE, Ahmad ahmad.hajj-cheh...@capgemini.com:

 Hello everybody,
 
 I am trying to run 2 instances of apache on centos since 2 weeks with
 no lucks :S, exactly on the same IP address but different port. I've
 set up two configuration as follow: /etc/httpd and /etc/httpd2, and I
 duplicated the httpd service, so now I have 2 httpd service each one
 run an httpd conf.
 


Try to follow this 

http://wiki.apache.org/httpd/RunningMultipleApacheInstances


FreeBSD has support for this out of the box.

You might want to take a look at how exactly FreeBSD handles the
configuration.
You will most likely also need to specify different log-, lock- and
pid-files/paths.

I've done it on FreeBSD and it works like a charm.




Regards,
Rainer

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Run multiple instance of apache

2013-05-27 Thread Rainer Duffner 
Am Mon, 27 May 2013 08:33:39 +
schrieb Woehrle Hartmut SBB CFF FFS (Extern) hartmut.woeh...@sbb.ch:

 Hello everybody,
 
 I am trying to run 2 instances of apache on centos since 2 weeks
 with no lucks :S, exactly on the same IP address but different port.
 I've set up two configuration as follow: /etc/httpd and /etc/httpd2,
 and I duplicated the httpd service, so now I have 2 httpd service
 each one run an httpd conf.
 
 Why two services? 



There are situations where you might want to do this.
In our case, we had a customer running both mod_python and mod_wsgi at
the same time on the same server.
Due to some crashes, we decided to split apache up and add a 3rd
proxy-instance on top of it.
Has been running flawlessly since then.

When your infrastructure is completely virtualized, it may make no
sense.
But some people still prefer to run on real hardware ;-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Run multiple instance of apache

2013-05-27 Thread Rainer Duffner 
Am Mon, 27 May 2013 14:16:45 +0300
schrieb Mihamina Rakotomandimby miham...@rktmb.org:

 On 2013-05-27 14:14, Rainer Duffner wrote:
  When your infrastructure is completely virtualized, it may make no
  sense.
  But some people still prefer to run on real hardware;-)
 
 What about using LXC? You can isolate 2 Apaches.


He doesn't want to dig into lxc either, I assume.
He just wants to run two apache-instances.
;-)
And does CentOS come with lxc?
I don't think so...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ReiserFS - status?

2013-05-21 Thread Rainer Duffner 
Am Tue, 21 May 2013 14:11:31 +0200
schrieb Rafał Radecki radecki.ra...@gmail.com:

 Hi All.
 
 What is the status of ReiserFS in CentOS at the moment? I have some
 servers which use it as a loadable kernel module. I am thinking about
 a filesystem for database systems and would like to know if ReiserFS
 will be maintained in CentOS/Linux kernel in the future?


The author and primary developer of the filesystem has some legal
troubles and does not have an internet-connection at the moment, AFAIK.
Describing the filesystem (and its author's) future as bleak wouldn't
be an understatement IMO.

Insert inappropriate word-plays and connotations here


Is your use-case so extreme that the filesystem actually matters?
It's not 2001 anymore.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Looking for a CentOS-friendly online backup company

2013-05-10 Thread Rainer Duffner 
Am Fri, 10 May 2013 14:46:23 -0400
schrieb Digimer li...@alteeve.ca:

 Hi all.
 
We've got a lot of customers running CentOS 5 and 6 servers. We've 
 been asked by many to provide backup, which is something we don't
 want to do in house. So we started looking for backup companies to
 partner with. The problem is that the ones we've found who support
 RHEL won't support CentOS.
 
So does anyone know of an online backup company that _will_
 support CentOS (and Windows)?
 
Any pointers will be much appreciated!


Have you looked at crashplan?

I haven't really tried it, but it would be something I'd look at.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] New java update?

2013-03-05 Thread Rainer Duffner 

Am 05.03.2013 um 18:51 schrieb m.r...@5-cent.us:

 I see there's a release today 


The question is rather: are there days without new emergency patches for Java?
And at what point does an emergency become a permanent condition….
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 'Best' Platform

2013-02-10 Thread Rainer Duffner 
 
 While I agree that CentOS6 is the new and better OS I should say that
 it has several serious problems (bugs) that have been bugging us for 
 several
 months to the point the we began considering going backwards to 5 which 
 was solid
 as rock from day 1. Apparently these bugs (related to the kernel and 
 possibly nfs4)
 have been fixed in RH EL6 but only to those that maintain a service 
 contract.
 



Are there by chance bugzilla entries for those?
Just out of curiosity - NFSV4 is an area of interest to us, in the future.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anything Like Solaris' Live Upgrade?

2013-01-29 Thread Rainer Duffner 

Am 29.01.2013 um 20:03 schrieb Tim Evans tkev...@tkevans.com:
 
 Thanks to everyone for their replies.  I suppose it's not possible in 
 this forum to ask such a question and not get into religion. Kinda like 
 the U.S. Congress.
 
 No one has yet shown how a byte-for-byte, fully redundant, bootable 
 disk(set) can be created and kept up to date that will allow immediate 
 recovery from a catastrophic failure of the primary disk(set) with 
 nothing more than a reboot.
 
 FWIW, Solaris' problems are not technical.  Rather, they're Oracle's 
 licensing and support policies that have essentially fired all its small 
 system customers.
 


I have to say, in my experience the LU-process works (reasonably) well for 
systems without zones.
Once you have zones, it gets much, much more complicated.

It's a nice idea, though, and to me it makes sense (you don't want the system 
to be in a state where only half the patches are installed, however minuscule 
the effects of that may be).



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SIEM

2012-12-11 Thread Rainer Duffner 

Am 11.12.2012 um 20:38 schrieb John R Pierce pie...@hogranch.com:

 On 12/10/2012 5:10 PM, TFML wrote:
 Any recommendations on a SIEM system?
 
 
 our corporate security people are deploying QRadar from Q1 Labs. this is 
 a commercial package and I know very little about it.
 


What kind of website is that where a data-sheet doesn't even say if it runs 
on Windows or Linux?

OK, so technically it does not matter that much (at a CxO-level). But I hate 
security-vendors who run IIS web servers ;-)
And I don't want to run security-tools on Windows….

Does anyone know more about it?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PHP version dilemma

2012-10-05 Thread Rainer Duffner 

Am 05.10.2012 um 18:57 schrieb Todd Cary t...@aristesoftware.com:

 I am running Centos 5.8; at least
 
 uname -rmi
 
 gives me centos-release-5-8.el5.centos
 
 A CMS package is telling me that I need PHP 5.2x, however yum 
 update says that I am fully up to date.
 
 Is there a safe way to upgrade PHP to 5.2x?
 


Has RedHat ever shipped PHP 5.2?
I thought, I had only seen 5.1 and then 5.3 - but I admit I don't use RedHat or 
CentOS for PHP if I can avoid it.


The PHP project has stopped supporting PHP 5.2 some time ago and it's on life 
support by
the backports-project: http://code.google.com/p/php52-backports/

E.g. it will drop out of FreeBSD's ports-tree sometime spring 2013. Some Debian 
release may keep it alive longer.

Does you CMS absolutely need PHP 5.2 or does it also work with PHP 5.3?



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PHP version dilemma

2012-10-05 Thread Rainer Duffner 

Am 05.10.2012 um 20:38 schrieb Todd Cary t...@aristesoftware.com:

 Concrete5 


http://www.concrete5.org/documentation/background/system_requirements


PHP 5.2.x or 5.3x

So use 5.3, please.

GD is included:

http://mirror.switch.ch/ftp/mirror/centos/5.8/os/x86_64/CentOS/

…
php53-5.3.3-5.el5.x86_64.rpm
23-Feb-2012 11:20  1.3M  
php53-bcmath-5.3.3-5.el5.x86_64.rpm 
23-Feb-2012 11:20   42K  
php53-cli-5.3.3-5.el5.x86_64.rpm
23-Feb-2012 11:20  2.4M  
php53-common-5.3.3-5.el5.x86_64.rpm 
23-Feb-2012 11:20  605K  
php53-dba-5.3.3-5.el5.x86_64.rpm
23-Feb-2012 11:20   39K  
php53-devel-5.3.3-5.el5.x86_64.rpm  
23-Feb-2012 11:20  591K  
php53-gd-5.3.3-5.el5.x86_64.rpm 
23-Feb-2012 11:20  110K  
php53-imap-5.3.3-5.el5.x86_64.rpm   
23-Feb-2012 11:20   52K  
php53-intl-5.3.3-5.el5.x86_64.rpm   
23-Feb-2012 11:20   76K  
php53-ldap-5.3.3-5.el5.x86_64.rpm   
23-Feb-2012 11:20   37K  
php53-mbstring-5.3.3-5.el5.x86_64.rpm   
23-Feb-2012 11:20  1.2M  
php53-mysql-5.3.3-5.el5.x86_64.rpm  
23-Feb-2012 11:20   92K  
php53-odbc-5.3.3-5.el5.x86_64.rpm   
23-Feb-2012 11:20   53K  
php53-pdo-5.3.3-5.el5.x86_64.rpm
23-Feb-2012 11:20   67K  
php53-pgsql-5.3.3-5.el5.x86_64.rpm  
23-Feb-2012 11:20   75K  
php53-process-5.3.3-5.el5.x86_64.rpm
23-Feb-2012 11:20   39K  
php53-pspell-5.3.3-5.el5.x86_64.rpm 
23-Feb-2012 11:20   26K  
php53-snmp-5.3.3-5.el5.x86_64.rpm   
23-Feb-2012 11:20   29K  
php53-soap-5.3.3-5.el5.x86_64.rpm   
23-Feb-2012 11:20  146K  
php53-xml-5.3.3-5.el5.x86_64.rpm
23-Feb-2012 11:20  119K  
php53-xmlrpc-5.3.3-5.el5.x86_64.rpm
….


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PHP version dilemma

2012-10-05 Thread Rainer Duffner 

Am 05.10.2012 um 21:04 schrieb Todd Cary t...@aristesoftware.com:

 
 What is the best way around this problem:
 
 Resolving Dependencies
 -- Running transaction check
 --- Package php53.i386 0:5.3.3-13.el5_8 set to be updated
 -- Processing Dependency: php53-common = 5.3.3-13.el5_8 for package:
 php53
 -- Processing Dependency: php53-cli = 5.3.3-13.el5_8 for package: php53
 -- Running transaction check
 --- Package php53-cli.i386 0:5.3.3-13.el5_8 set to be updated
 --- Package php53-common.i386 0:5.3.3-13.el5_8 set to be updated
 -- Processing Conflict: php53-common conflicts php-common
 -- Finished Dependency Resolution
 php53-common-5.3.3-13.el5_8.i386 from updates has depsolving problems
   -- php53-common conflicts with php-common
 Error: php53-common conflicts with php-common
  You could try using --skip-broken to work around the problem
  You could try running: package-cleanup --problems
 package-cleanup --dupes
 rpm -Va --nofiles --nodigest
 
 
 I ran yum remove php.  Should I have done more?




rpm -qa |grep php |grep -v php53

and remove (that is rpm -e) everything that is php (and not php53).

RHEL5/CentOS5 comes with both php (which is php5.1) and php53 (which is 
php5.3.something).

You can't nor do you want to have both!


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] projects.centos.org - certificate has expired

2012-08-21 Thread Rainer Duffner 
Just FYI

I guess, you could also run your own CA and sign stuff yourself.
After all, your RPMs are also self-signed ;-)



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] DNS DoS attack

2012-08-17 Thread Rainer Duffner 
Am Thu, 16 Aug 2012 22:18:19 -0700
schrieb John R Pierce pie...@hogranch.com:

 On 08/16/12 9:54 PM, Jussi Hirvi wrote:
  Aug 17 07:41:38 mx2 named[6873]: client 205.145.64.200#53: query
  (cache) 'ripe.net/ANY/IN' denied
  Aug 17 07:41:38 mx2 named[6873]: client 204.10.45.5#53: query
  (cache) 'ripe.net/ANY/IN' denied Aug 17 07:41:38 mx2 named[6873]:
  client 78.40.35.212#53: query (cache) 'ripe.net/ANY/IN' denied
  Aug 17 07:41:38 mx2 named[6873]: client 207.207.3.126#53: query
  (cache) 'ripe.net/ANY/IN' denied
  Are there any ways to mitigate this, or do I just have to wait?
 
 
 meh, if its coming from lots of random hosts, then fail2ban style 
 techniques won't work.  I assume this is an authoritative name
 server? does it have recursive queries disabled so it can only return
 results for the domain(s) its authoritative for ?



It's a common attack.

Just search google.
I think, someone mentioned a firewall rule here a couple of weeks ago
to block these types of queries.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Configure LAGG Interface?

2012-08-06 Thread Rainer Duffner 

Am 06.08.2012 um 19:22 schrieb Cal Sawyer ca...@blue-bolt.com:

 In my experience, LAG/LACP won't provide aggregatation, only failover
 and fault tolerance.  For link aggregation, you don't need to configure
 the switch ports - just set bonding to mode=6 for balanced
 transmit/receive and plug up the the NICs to a group of ports on the
 switch.  However, balance-alb doesn't help with single stream rsync/FTP
 sessions, etc, but helps a lot with concurrent transmits/receives as
 encountered in typical fileserver scenarios.
 


On FreeBSD, you don't get 2*1 Gbit from A to B, but 1*1 Gbit from A to B and 
another 1*1 Gbit from C to B.
B being the server with the LAGG interface.

How is that in CentOS?




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyone recognize www-mysql?

2012-03-07 Thread Rainer Duffner 

Am 07.03.2012 um 22:18 schrieb John R Pierce:

 On 03/07/12 1:00 PM, Adam Tauno Williams wrote:
 This a binary that executes HTML
 pages containing embedded SQL statements.
 
 
 I found the debian package here: http://archive.debian.net/etch/www-mysql
 
 ah, and peeking into the source tarball, www-mysql (and www-pgsql) build 
 from www-sql, which comes from here
 http://www.jamesh.id.au/software/www-sql/
 
 this stuff looks really old, like its not been touched since 1998.
 its a pretty simple cgi package written in C, so it probably can be 
 built for newer systems.



It's probably also riddled with buffer-overflows.
Better let it go...



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Can anyone talk infrastructure with me?

2012-01-25 Thread Rainer Duffner 

Am 26.01.2012 um 00:53 schrieb Jason T. Slack-Moehrle:

 Hi All,
 
 I started a 501c3 (not-for-profit) organization back in February 2011 to deal 
 with information archival. A long vision here, I wont bore you with the 
 details (if you really want to know, e-mail me privately) but the gist is I 
 need to build an infrastructure to accommodate about 2PB of data


2PB? At home?

http://www.youtube.com/watch?v=Eu430bqbK5w

Rent a rack somewhere, or three.
Unless nobody is retrieving the data and you are just archiving it.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Dedicated Firewall/Router

2012-01-17 Thread Rainer Duffner 
Am Tue, 17 Jan 2012 10:02:01 +0200
schrieb Rudi Ahlers r...@softdux.com:


 Back to the topic though, how does one guarantee 100% uptime on the
 firewall level when you use a standard dedicated server? 
 


pfSense offers failover via CARP



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] UC What happened to 6.1

2011-11-16 Thread Rainer Duffner 

Am 16.11.2011 um 19:07 schrieb Nataraj:

 On 11/16/2011 02:21 AM, Rushton Martin wrote:
 One exception is those machines behind a firewall that does not allow
 downloads.  The only upgrade path then is to download on another machine
 and burn DVDs.  CR repos are not helpful in such a case!
 Unfortunately, I don't know of any distros that cater to anyone with
 that level of security requirement anymore (or even someone who just
 didn't have an Internet connection).  There used to be distros where you
 could receive updates monthly on a CDROM.  Nowaday's all distros that
 I'm aware of require internet access.  I believe Apple has stopped
 offering CD's or USB sticks of their OS and instead offer a BIOS that
 knows how to install over the Internet.


No, you can still by Mac OS on an USB-stick.

IMO, not letting machines download updates even from an internal, non-public 
mirror is just brain-dead.
Sure, you can put that same mirror onto a large USB-stick, walk up to the 
machine and do a local yum-update.
But that really does not scale at all.
It's a mis-use of the sysadmin's most precious resource: time.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] School cloud solution

2011-11-07 Thread Rainer Duffner 
Am Sat, 05 Nov 2011 19:34:09 -0500
schrieb Doug Coats dcoats...@gmail.com:

 This really isn't a CentOS specific queation but that is our server
 OS of choice.
 
 I manage a student file server and i would like to add cloud access
 to it.  Basically i would like our students to have access to the
 same files at home that they have at school.  This would allow them
 to start an asignment at home, finish it at school, and print it off
 without having to worry about losing their usb drive.  I want it
 housed on our servers for backups and ease of access for our teachers
 when necessary. 
 
  I have looked at Moodle but it has way to many layers that we are
 not interested in. I would like something like squirrel mail.  A
 simple web login that then gives you access to your samba managed
 files.
 
 I have repeatedly searched for such capabilities but i have not found
 any that fit what i outlined above.  Is there such a program out
 there?



I think iFolder would do what you want (someone else mentioned it
already).
I don't know, though, if you need OES (Novell Open Enterprise Server)
to make it useful in a larger environment with more users.

It will take care of the synchronisation in the background.

But I'm not so sure about the longevity of the project as such - I
don't specifically track it, and it looks like not many updates got
published over the last months...



Rainer

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: php-eaccelerator

2011-11-06 Thread Rainer Duffner 

Am 06.11.2011 um 05:01 schrieb Reindl Harald:

 has anybody ever got eaccelerator working with open_basedir on CentOS?
 https://bugzilla.redhat.com/show_bug.cgi?id=751569
 
 i wonder that the last build is more than a yaer ago and nobody hitted until 
 now
 or nobody is secring his vhsost and so did not take notice about it
 http://koji.fedoraproject.org/koji/buildinfo?buildID=181336
 


open_basedir kills the realpath_cache.
If you need security and performance, use php-fpm, which can do a full chroot.



Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 我确定我的 centos6 安装界面没有中文支持

2011-08-17 Thread Rainer Duffner 
Am Wed, 17 Aug 2011 12:45:05 +0200
schrieb Stephen Cox stephencoxm...@gmail.com:


 只有英文请 (English only please)


It translates nicely via translate.google.com
The OP should have done that, of course.

I haven't done a GUI install of CentOS or RedHat for years - and I'm
not planning one either.

He complains that the language-selection dialog does not show some sort
of Chinese as option (CentOS5 apparently did).


Is that correct?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: headless fanless silent 2 HDs micro server/pc...

2011-08-11 Thread Rainer Duffner 
Am Thu, 11 Aug 2011 03:38:10 -0700 (PDT)
schrieb John Doe jd...@yahoo.com:

 From: Digimer li...@alteeve.com
 
  http://h10010.www1.hp.com/wwpc/us/en/sm/WF06a/15351-15351-4237916-4237918-4237917-4248009.html
 
 It looks quite nice, although a tiny bit too big for me (no real need
 the room for 4 HDs + 1 HD or DVD). Saw that one guy was able to
 install a Smart Array P410 with 512MB BBC too (too bad the drives are
 not hot-plug). And there is a remote management optional card (if it
 fits along the P410) which is great since I have no monitor at home.
 Just wondering how noisy 23dbs are... I tend to be very sensitive to
 noise, especially at night.



If you sleep next to it and it is too noisy, chance are you don't need
it and can switch it off at night ;-)
I assume, with SSDs instead of HDs, it will be even more silent.

My ALIX is only noiseless and fanless because it uses a CF as storage.
With a full HD, I doubt I could run it fanless (and at 5W)...
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] would any of you recommend a ticketing system?

2011-07-19 Thread Rainer Duffner 
Am Di, 19.07.2011, 13:32 schrieb Kevin Thorpe:
 Hi all, sorry for being OT but would any of you recommend a ticketing
 system?
 We'd like something pretty comprehensive to cover helpdesk and HR stuff as
 well as software bugs/requests. There seems to be a million variations
 out there.

Only very few are actually worth installing.

http://www.bestpractical.com/rt/  - RequestTracker
http://www.otrs.org/ - OTRS

maybe the one or other commercial one.

I only used RT, but OTRS seems to develop nicely, too.

Both required a lot of Perl-Modules that may or may not exist in the
distribution.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Spamhaus with Zimbra Mail on CentOS

2011-07-18 Thread Rainer Duffner 
Am 18.07.2011 19:43, schrieb Alex Marz:
 Jul 18 13:25:51 phantom postfix/smtpd[4399]: warning: 
 202.200.26.72.zen.spamhaus.org: RBL lookup error: Host or domain name not 
 found. Name service error for name=202.200.26.72.zen.spamhaus.org type=A: 
 Host not found, try again



 After doing some reading I've tried a number of DNS servers ( thinking the 
 issue may have been DNS poisoning )  all of which appear to be unable to 
 preform dig lookups the spamhaus hosts. Is anyone else seeing similar results?



If you query the spamhaus servers too often, you will be banned.
You have to pay (a considerable amount of money, last time we looked).

Other than that, better ask on the Zimbra forum...




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyway to ensure SSH availability?

2011-06-29 Thread Rainer Duffner 

Am 29.06.2011 um 21:50 schrieb Emmanuel Noobadmin:


 Since I'm not the only person who face problems trying to remotely
 access a locked up server, surely somebody must had come up with a
 solution that didn't involve somebody/something hitting the power
 button?



Yes, it's called out of band management.
Have dial-in access to IPMI/iLO interfaces or just an APC remote  
controlled power-switch to power-off the server.



Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyway to ensure SSH availability?

2011-06-29 Thread Rainer Duffner 

Am 29.06.2011 um 22:08 schrieb Max Pyziur:


 Am 29.06.2011 um 21:50 schrieb Emmanuel Noobadmin:


 Since I'm not the only person who face problems trying to remotely
 access a locked up server, surely somebody must had come up with a
 solution that didn't involve somebody/something hitting the power
 button?



 Yes, it's called out of band management.
 Have dial-in access to IPMI/iLO interfaces or just an APC remote
 controlled power-switch to power-off the server.

 Perhaps this suggestion is applicable:
 setup a cron job where the sshd server is restarted (once or several  
 times
 per day, or per week, etc).



If the problem is lack of I/O, only power-on/off will work.
Or shutting down the offending process(es).

OOB-management is a necessity nevertheless.
You don't have to be control-freak to love it ;-)



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyway to ensure SSH availability?

2011-06-29 Thread Rainer Duffner 

Am 29.06.2011 um 22:15 schrieb Emmanuel Noobadmin:

 On 6/30/11, Rainer Duffner rai...@ultra-secure.de wrote:

 Yes, it's called out of band management.
 Have dial-in access to IPMI/iLO interfaces or just an APC remote
 controlled power-switch to power-off the server.

 I don't want to reboot the server everytime something like that
 happens. I'll expect pretty nasty problems will develop after a few
 dozen unclean shutdowns like that.

 Would ILO work on a server that's unresponsive due to heavy load?


ILO used to be a separate board with a separate NIC and a separate CPU  
etc.
Nowadays, it's just an additional chip on the board.

It works until the power-supply is fried.


 The
 actual network access isn't a problem so dial up isn't necessary. The
 other problem is the server in question probably doesn't have ILO
 features on the mainboard.


If it's a server that actually deserves that name, it should have IPMI  
on board.
You can buy add-on PCI-cards for OOB-management, though.





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyway to ensure SSH availability?

2011-06-29 Thread Rainer Duffner 

Am 29.06.2011 um 22:26 schrieb Emmanuel Noobadmin:

 On 6/30/11, Rainer Duffner rai...@ultra-secure.de wrote:
 If it's a server that actually deserves that name, it should have  
 IPMI
 on board.

 Problem is some of us work for budget constraints customers and define
 server by purpose and not specifications. So very often they buy
 servers based on budget and that it's good enough to run most
 applications for X users. Unfortunately, very often I'm the one who
 ends up managing these simply because our applications run on them.



I'd go for a power-switch then.
Less logic.

http://computers.shop.ebay.com/Computers-Networking-/58058/i.html?_nkw=remote+power+switch_catref=1_fln=1_trksid=p3286.c0.m282
http://www.amazon.com/NP-0801D-Switchable-manufactured-Temperature-Monitoring/dp/B002WLQ6ZI



 You can buy add-on PCI-cards for OOB-management, though.

 Thanks for the information, although unless they are really cheap...



Define cheap.
I live and work in 2011's 6th most expensive city of the world

Virtualization is an option, but the trouble is: if the server is I/O- 
constrained anyway, virtualization won't help.
Everything will just be even slower.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Anyway to ensure SSH availability?

2011-06-29 Thread Rainer Duffner 

Am 29.06.2011 um 23:17 schrieb Lamar Owen:

 On Wednesday, June 29, 2011 04:43:09 PM Rainer Duffner wrote:
 Virtualization is an option, but the trouble is: if the server is I/ 
 O-
 constrained anyway, virtualization won't help.
 Everything will just be even slower.

 That depends.  More expensive servers that would be suitable for  
 virtualization host use also tend to have better I/O subsystems and  
 faster disks.  Relative to a 'cheap' system with much poorer base I/ 
 O bandwidth.


The OP clearly stated that he's probably not running a datacenter full  
of DL580g7 servers...

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

2011-06-09 Thread Rainer Duffner 

Am 09.06.2011 um 23:34 schrieb Eero Volotinen:

 Hi,

 How to configure sshd to required both ssh public key and user
 password also? yes, stupid, but required on my setup..

 --
 Eero
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos



Used google lately?
http://www.google.com/search?client=safarirls=enq=sshd+key+passwordie=UTF-8oe=UTF-8#sclient
 
=psyhl=enclient=safarirls=ensource=hpq=ssh+key+and 
+passwordaq=faqi=aql=oq=pbx=1bav=on. 
2,or.r_gc.r_pw.fp=b9cfb64a5f16eb0cbiw=1444bih=948


That's for accelerating my pulse for two seconds.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ultrasecure sshd server

2011-06-09 Thread Rainer Duffner 

Am 10.06.2011 um 00:02 schrieb Eero Volotinen:


 Well, some say that it's possible with pam hacks.

 main problem is that openssh public key does not contains expiry
 information (is not possible to expire public keys).
 it migth be possible with openssh certificates?



As I understand it (following the arstechnica link, then using the  
RequiredAuthentication keyword as a new search term) -
it's only impossible with openssh.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cobbler installation of CentOS-5.5

2011-03-28 Thread Rainer Duffner 

Am 28.03.2011 um 16:49 schrieb Timothy Murphy:

 I'm trying to install CentOS-5.5 on my new HP micro-server,
 which has no CD drive.

 I've set up cobbler and cobbler-web on my old server,
 and can access cobbler-web from my laptop.

 I have 3 queries about the installation.

 1. Is there any advantage is using the 64-bit CentOS
 rather than 32-bit?



I'd use 32bit if you are sure you are never going to use more than 2GB  
RAM.
Ever.


 2. The CentOS OS seems to be available in 7 or 8 CDs.
 (I tried downloading the DVD ISO with ktorrent,
 but this was a complete failure.


I don't know what you did, but when I downloaded  the torrent, it  
created only a handful of files.
The DVD ISOs are available on my local mirror, so they should be  
elsewhere, too.


 It started OK, but then created literally thousands of links
 to one file, which brought my server down,
 and left it in a state which was quite hard to clean up.)

 But how exactly do I cobbler import these?
 I see that for Fedora on my laptop I ran
sudo cobbler import --path=/mnt/dvd --name=F14-i386


Download the DVDs and import them.






___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cobbler installation of CentOS-5.5

2011-03-28 Thread Rainer Duffner 


Am 28.03.2011 um 17:37 schrieb Timothy Murphy:


m.r...@5-cent.us wrote:


2. The CentOS OS seems to be available in 7 or 8 CDs.
(I tried downloading the DVD ISO with ktorrent,
but this was a complete failure.
It started OK, but then created literally thousands of links
to one file, which brought my server down,
and left it in a state which was quite hard to clean up.)


Dunno. Last time I brought down the DVD iso, I had no trouble just  
doing a

straight d/l, no torrent.


Where did you find the DVD ISO?



Here, e.g.:
http://mirror.switch.ch/ftp/mirror/centos/5/isos/x86_64/



I need to indicate where cobbler import should look, I assume.





Normally, you loopback-mount the DVDs at /mnt/bla
and then you point cobbler at /mnt/bla

But, with the 5.5 release consisting of two DVDs, I'm no longer 100%  
sure how I imported them.

Best ask on the cobbler-ML...


Rainer___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cobbler installation of CentOS-5.5

2011-03-28 Thread Rainer Duffner 

Am 28.03.2011 um 17:45 schrieb Timothy Murphy:


 So I'll repeat my query, which as far as I can see no-one has  
 answered:
 how do I use cobbler with 8 CD ISOs?
 To be specific, what exactly do I cobbler import?


You don't.
You import the DVD(s).



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rssh / scponly

2011-03-27 Thread Rainer Duffner 

Am 27.03.2011 um 21:53 schrieb Gregory P. Ennis:

 List,

 I am putting together a sftp server and would like to use a  
 restrictive
 shell with a chroot jail.  I was wondering what members of the list
 thought about rssh as opposed to scponly.


If you use sftp, it can be chroot'ed by default (see man-page).
(In reasonably recent version of sshd)

That is certainly the best - scponly chroot is a hack IMO.

Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rssh / scponly

2011-03-27 Thread Rainer Duffner 

Am 27.03.2011 um 22:57 schrieb John R Pierce:

 On 03/27/11 1:03 PM, Rainer Duffner wrote:
 If you use sftp, it can be chroot'ed by default (see man-page).
 (In reasonably recent version of sshd)

 I gather thats a sshd somewhat newer than the one included in CentOS 5
 ?


I don't know.
;-)
I only used it in FreeBSD - but it's included there since at least 7.2.
That was released in May 2009.
OpenSSH 5.1p1

Looking, sshd in my latest CentOS shows v 4.6p2

Oh-dear.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rssh / scponly

2011-03-27 Thread Rainer Duffner 

Am 28.03.2011 um 00:20 schrieb Gregory P. Ennis:


 I am running Centos  5.5. which has OpenSSH_4.3p2.  I guess this  
 means I
 am back to using rssh or scponlyc.  So far I have not been able to get
 either of these to work properly with chroot.

 Any suggestions ?




I haven't been using scponly for a long time.
There are instructions on the scponly wiki on how to get the chroot  
working.
They should work.
(Basically, they involve setting-up a complete chroot-environment  
with /dev etc.)

I suggest you consult their sourceforge resources for specific  
question or problems with the setup.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] My new server

2011-03-26 Thread Rainer Duffner 

Am 26.03.2011 um 13:39 schrieb Timothy Murphy:


 Also there is no CD drive.
 But there are extensive instructions (on a CD!)
 about how to instal RHEL-5.5.




Best to use cobbler for that anyway.



 One last thing - there is only one ethernet socket.
 This surprised me a little,
 as I can't see how it can be used as a server,
 without adding a second ethernet input?




Use VLAN-trunks.




Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] My new server

2011-03-26 Thread Rainer Duffner 

Am 26.03.2011 um 20:55 schrieb John R Pierce:

 On 03/26/11 12:51 PM, Rainer Duffner wrote:
 Use VLAN-trunks.

 someone using a $350 micro server as his ADSL gateway is highly  
 unlikely
 to have layer 2 managed switches capable of handling VLANs.



E.g. the HP Procurve 1800-8G is quite cheap.
I think I paid 200 USD for it.

It's no longer sold, but you can pick it up at ebay.
Fanless.

I took a look at the NL36 server the OP mentioned - and it actually  
does look quite decent.
Maybe not for number-crunching.
But for low-end stuff, it looks OK.
You might even be able to run e.g. Zimbra on it (with RAM maxed out).

Of course, regular backups are highly recommended - but given that,  
and the 3year on-site warranty also available,
it looks to be a good for home-use.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Corporate support for CentOS

2011-03-26 Thread Rainer Duffner 

Am 26.03.2011 um 22:16 schrieb Gary Scarborough:

 There have been a number of recent conversations on the developer  
 list and this list about CentOS.  My initial thought was why not  
 have CentOS and SL merge.  Since they have different goals I can  
 understand the reason not to.  So my next question is, has no  
 corporate entity offered to sponsor full time people to work on  
 CentOS?  It seems like a lot of companies use CentOS for various  
 things.  I can't believe no one is willing to help speed development  
 by paying for people to build full time.  Has this subject come up  
 before?


Every couple of months.

People who have enough money to make significant contributions to this  
goal usually hire a couple of competent admins and do it in-house.

For the rest, there is RHEL - or OEL.

Do you think one can undercut RHAT or ORCL?




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6

2011-02-27 Thread Rainer Duffner 

Am 28.02.2011 um 04:15 schrieb Ray Van Dolson:

 On Sun, Feb 27, 2011 at 07:13:32PM -0800, JD wrote:
 Any word on approximate release date of Centos 6?

 Cheers,

 JD

 Seriously?  Seriously?!


It's like Sesame Street, you know...

There's a new audience coming every week ;-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6

2011-02-27 Thread Rainer Duffner 

 OK, as a measuring yardstick: approximately how many
 months after RHEL5's release date was Centos 5 released?
 That might give people an approximate idea.



It's difficult to make predictions, especially about the future.
While extrapolating from past data is legitimate, it does not apply to  
this case, unfortunately.



 The rest completely violated the netiquet of posting to this list. No
 one needs the replies of anally retentive people;
 and that's my $.02's worth of violating the netiquet rules.


Netiquette also requires to check the archives first.
Google exists, too.

Just because the big G didn't spit out a date when you hit the 'I'm  
feeling lucky button doesn't mean that it's a good idea to bring up  
that subject



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IP6 Anyone?

2011-02-26 Thread Rainer Duffner 

Am 26.02.2011 um 21:24 schrieb John R Pierce:

 On 02/26/11 12:12 PM, Always Learning wrote:
 Because : is sometimes used in an address to indicate the start of a
 port number, examplehttp://www.anyonejunk.com:1234, the IP6 address  
 can
 be enclosed within [ ] with the port number remaining outside the  
 square
 brackets.

 Thats, MUST be enclosed within []...   without those [ ], how would  
 you
 resolve

 http://21DA:00D3::00FF:FE28:8080

 is that...
 http://[21DA:00D3::::00FF:FE28:8080]
 or
 http://[21DA:00D3:::::00FF:FE28]:8080

 ?  Both of those are valid IPv6 addresses

 if anything, I'd put the blame on this squarely on the committee that
 decided to use : as the IPv6 seperator when it was already in wide use
 as the URL port separator.




With IPV6, you don't need to run it on a different port.
Just bind it to a different IP in the same prefix ;-)
So, that port-8080 stuff will be gone pretty soon.
In a year or two.
Cough-cough.



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Any update on 5.6 / 6?

2011-02-16 Thread Rainer Duffner 

Am 16.02.2011 um 22:29 schrieb Larry Vaden:



 Even further, the resistance to properly funding this project is  
 truly amazing.


Well, with money come a lot of strings attached.

Most likely, one would either have to incorporate a business or found  
some not-for-profit entity if large amounts of money flowed in.

So, I think it's a bit naive to believe that more money would make the  
project better or make releases appear faster on the mirrors.

Hopefully, the people actually involved in the release-effort don't  
get too distracted by this noise.




Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Best way to set up for PHP websites

2010-12-18 Thread Rainer Duffner 

Am 18.12.2010 um 02:12 schrieb Ruslan Sivak:

 Is there a how-to somewhere on getting php running with nginx?  I  
 would love to get that working.



You need to compile php with fpm support.
Then, in nginx, you basically say:


 server {
 listen *:80;
 server_name www.domain.com;

 location / {
 root   /home/domain/FTPROOT/htdocs;
 index index.php index.htm index.html;

 # if file exists return it right away
 if (-f $request_filename) {
 break;
 }

 if ($request_uri ~ '^/(typo3(/|conf|temp)| 
fileadmin|uploads|t3lib|clear.gif|index.php|favicon.ico)') {
 break;
 }
 # otherwise rewrite it;
 if (!-e $request_filename) {
  rewrite ^(.+)$ /index.php last;
 #rewrite .* /index.php last;
 break;
 }

 }

 # if the request starts with our frontcontroller, pass it  
on to fastcgi
 location ~ \.php$ {
 fastcgi_pass unix:/var/run/php-fpm-domain.sock;
 fastcgi_index index.php;
 fastcgi_param SCRIPT_FILENAME /htdocs 
$fastcgi_script_name;
 fastcgi_param PATH_INFO $fastcgi_script_name;
 include /usr/local/etc/nginx/fastcgi_params;
 fastcgi_param DOCUMENT_ROOT /htdocs/ ;
 }
 }


The php-fpm mailinglist is a good start for question regarding this  
topic.
I don't know about memcache, but it's surely a good idea.

With varnish, you have to be very careful because it doesn't cache  
sites with cookies.
Different drupal-modules and extensions will create their own cookies  
and so almost nothing will cache.


Probably, the people at
http://groups.drupal.org/nginx

know more about this than me anyway.


Rainer




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Best way to set up for PHP websites

2010-12-17 Thread Rainer Duffner 

Am 18.12.2010 um 01:09 schrieb Ruslan Sivak:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 I am looking to set up a CentOS server for hosting a high traffic PHP
 site (specifically Drupal 6).




AFAIK, the optimal solution is to run the latest php5.3-series as php- 
fpm with NGINX.
It offers the best performance for the dynamic part.

If you got it working, research about using varnish http cache in  
front of Drupal.

High-traffic sites with Drupal require significant effort and a deep  
understanding of the inner workings of Drupal and the modules and  
extensions you use.


And unless there's repository out there that has all this for CentOS,  
it may not be the right platform.



Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

  1   2   3   4   >