Re: [CentOS] How will fragmentation help Red Hat
+1 I now have only two servers left on CentOS - both on 7, as 8 and 9 and the whole stream thing just never passed my confidence tests. All my new machines since stream was enabled have been on Ubuntu LTS. It has been a learning curve, a little more work to deal with certain updates and the 5 years vs 10 years of CentOS is going to be more work still - however they at least provide an OS upgrade path that seems to work just fine, although apps and config changes are required as versions update. Will keep watching, but having worked in large corporate environments with IBM as a major IT partner, there is no way I'm holding my breath for any meaningful change. My thanks to the wonderful team that made CentOS what it was (up to version 7), and I understand their reasons to embrace the change - just not something I'm prepared to live with. Shalom Rob On 25/07/23 01:02, jefflp...@twc.com wrote: Somehow the text of my message got deleted: I'm still using CentOS 7 because both security and stability are important to me. While CentOS Stream may, or may not, have comparable security, it is severely lacking in stability. IMHO both CentOS 8 and CentOS 9 are gigantic piles of garbage. When the time comes that CentOS 7 no longer meets my needs, I'll be switching to some other distro, most likely Debian. JP -From: jefflp...@twc.com To: "CentOS mailing list" Cc: Sent: Sunday July 23 2023 6:29:52PM Subject: Re: [CentOS] How will fragmentation help Red Hat -From: "Steven Rosenberg" To: "CentOS mailing list" Cc: Sent: Sunday July 23 2023 5:13:08PM Subject: Re: [CentOS] How will fragmentation help Red Hat On Thu, Jul 13, 2023 at 4:21 AM Josh Boyer wrote: ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos /> ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [SOLVED] Kernel updates do not boot - always boots oldest kernel
Thanks all for your comments and suggestions. The main fix for the topic fault was fixing a soft link to /boot/efi/EFI/centos/grubenv - this is the one location used by UEFI It turns out that the update process for this file, when a new kernel is installed, uses /boot/grub2/grubenv. In my case a /boot/grub2/grubenv.rpmnew updated soft link was pointing to the correct file in /boot/efi/EFI/centos/, the original(?) grubenv in /boot/grub2/ was being updated correctly, just that UEFI booting doesn't use any files in this location. Fixed the soft link and it now gets updated correctly. Thus I can use GRUB_DEFAULT=saved However my booting problems were a little more obscure. The grub.cfg file menuentry stanza for each kernel was correct. The set root='mduuid/' points to the /boot UUID where the vmlinuz files live. Also the linuxefi /vmlinuz-3.10.0-1180 . has both '/boot' and '/' UUIDs included. In my case, due to a manual migration from BIOS boot (MBR partition) to UEFI boot (GPT partition) on the server, plus a manual disc upgrade from a pair of RAID1 500GB HDD (MBR partitioned) to a pair of RAID1 3.4TB SSD (GPT partitioned), everything appeared to be working, BUT I left the old HDDs plugged in. The old HDD only had the 36.2 kernel installed. All the updated kernels were correctly installed onto the new SSD. HOWEVER, due to the migration process I employed the UUID for the partitions were the same. Thus UEFI boot, prior to OS load by loading vmlinuz only knows about the visible UUID on the partition tables - MDRAID hasn't loaded yet. Thus in my case the hardware had four storage devices (2x RAID1) all with the same UUID for /boot [ blkid is your friend ]. Unfortunately I didn't realize this, and thus the UEFI simply looked at the first drive with that UUID - one of the original HDD and the not SSDs which were being updated correctly. Removed the old drives and presto, UEFI now sees the new /boot and loads the later kernels. Not sure if this will help anyone else, had to track this one down by fully walking through the step by step UEFI boot process and understanding how grub2 updates are applied. Once again, thanks for those that made suggestions, most of which I have used and pursued until I understood each step. Shalom Rob On 15/03/23 20:32, Gianluca Cecchi wrote: I have only changed GRUB_DEFAULT from "saved" to "0" I have also run /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg I may be wrong here but IIRC, using grub2-mkconfig as described in the Grub docs didn't work for me when I tried to use it years ago. I think you have to find out what is done when installing kernels and try to find out where it goes wrong in your case. When you look at 'rpm -q --scripts kernel' you can see that new kernels are registered with the script '/usr/sbin/new-kernel-pkg'. I suggest to analyze what it does exactly. I think it calls 'grubby' to do further work... Regards, Simon If not already done, you can also go through the official documentation page for working with Grub 2 on RH EL 7 and the different commands it is reporting, both for bios and UEFU based systems.: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-working_with_the_grub_2_boot_loader Eventually trying and managing before with some commands on another UEFI based system/vm that is more practical to use for you, as the target one is a remote system, as you wrote HIH, Gianluca ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kernel updates do not boot - always boots oldest kernel
Here is the contents of the entire cat /etc/default.grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=0 GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto rd.md.uuid=066ffecb:69137a0b:4e579b4f:dfbf1696 rd.md.uuid=bd87f682:e6df10e2:d2a6e247:834133f7 rhgb quiet" GRUB_DISABLE_RECOVERY="true" I have only changed GRUB_DEFAULT from "saved" to "0" I have also run /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg and seen the grub.cfg and grubenv updated in /boot/efi/EFI/centos At this point I think I have grub doing its stuff in the correct folder / destination used by UEFI for booting. When I look at grub.cfg there is some stuff I cannot understand there are five menuentry in this file, like: menuentry 'CentOS Linux (3.10.0-1160.88.1.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.81.1.el7.x86_64-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3' { load_video set gfxpayload=keep insmod gzio insmod part_gpt insmod part_gpt insmod diskfilter insmod mdraid1x insmod xfs set root='mduuid/bd87f682e6df10e2d2a6e247834133f7' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='mduuid/bd87f682e6df10e2d2a6e247834133f7' f12be7f3-a6c6-4b90-8c51-286c32d11d12 else search --no-floppy --fs-uuid --set=root f12be7f3-a6c6-4b90-8c51-286c32d11d12 fi linuxefi /vmlinuz-3.10.0-1160.88.1.el7.x86_64 root=UUID=7276336b-d2f2-4b94-b491-ad8c5662acb3 ro crashkernel=auto rd.md.uuid=066ffecb:69137a0b:4e579b4f:dfbf1696 rd.md.uuid=bd87f682:e6df10e2:d2a6e247:834133f7 rhgb quiet LANG=en_US.UTF-8 initrdefi /initramfs-3.10.0-1160.88.1.el7.x86_64.img } the above is the latest kernel - doesn't boot as the console tells me it cannot load the vmlinuz file the kernel that boots looks like: menuentry 'CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.36.2.el7.x86_64-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3' { load_video set gfxpayload=keep insmod gzio insmod part_gpt insmod part_gpt insmod diskfilter insmod mdraid1x insmod xfs set root='mduuid/bd87f682e6df10e2d2a6e247834133f7' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='mduuid/bd87f682e6df10e2d2a6e247834133f7' f12be7f3-a6c6-4b90-8c51-286c32d11d12 else search --no-floppy --fs-uuid --set=root f12be7f3-a6c6-4b90-8c51-286c32d11d12 fi linuxefi /vmlinuz-3.10.0-1160.36.2.el7.x86_64 root=UUID=7276336b-d2f2-4b94-b491-ad8c5662acb3 ro crashkernel=auto rd.md.uuid=066ffecb:69137a0b:4e579b4f:dfbf1696 rd.md.uuid=bd87f682:e6df10e2:d2a6e247:834133f7 rhgb quiet initrdefi /initramfs-3.10.0-1160.36.2.el7.x86_64.img } I see that the first line names the kernel in brackets (correctly) but the $menuentry_id_option '.' doesn't make sense to me. For the kernel that boots (3.10.0-1160.36.2) the entry is 'gnulinux-3.10.0-1160.36.2.el7.x86_64-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3' For kernels that don't boot, e.g (3.10.0-1160.88.1) we see 'gnulinux-3.10.0-1160.81.1.el7.x86_64-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3' and this entry just seems wrong firstly the kernel version doesn't match - it has been set to ... 81.1 ... rather than 88.1 secondly the last part of the line is the same for every menuentry, namely -advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3 where does this come from? what is this part for? doing? Thanks Rob On 15/03/23 05:05, Leon Fauster via CentOS wrote: Am 14.03.23 um 12:30 schrieb Rob Kampen: OK, found out the problem as to why it doesn't boot any kernel except 36.2 the system reports that it cannot find vmlinuz-3.10.0-1160.88.1.el7.x86_64 or any one of the others, except for vmlinuz-3.10.0-1160.36.2.el7.x86_64 hence a manual selection from the grub menu when in front of the machine will only load the 36.2 kernel I found that under /boot/grub2 there were two .rpmnew files that mucked up the symbolic link to the grubenv file - so fixed that and did a reinstall of the latest kernel. Now all the grub and efi files appear to update correctly - progress. Now just need to work out why the efi boot process can see the old (original) kernel (36.2) but none of the later ones. Any ideas of where to look for this? seems a much more fundamental problem related to kernel install and efi booting Whats the _complete_ output of cat /etc/default/grub ? -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___
Re: [CentOS] Kernel updates do not boot - always boots oldest kernel
OK, found out the problem as to why it doesn't boot any kernel except 36.2 the system reports that it cannot find vmlinuz-3.10.0-1160.88.1.el7.x86_64 or any one of the others, except for vmlinuz-3.10.0-1160.36.2.el7.x86_64 hence a manual selection from the grub menu when in front of the machine will only load the 36.2 kernel I found that under /boot/grub2 there were two .rpmnew files that mucked up the symbolic link to the grubenv file - so fixed that and did a reinstall of the latest kernel. Now all the grub and efi files appear to update correctly - progress. Now just need to work out why the efi boot process can see the old (original) kernel (36.2) but none of the later ones. Any ideas of where to look for this? seems a much more fundamental problem related to kernel install and efi booting Thanks Rob On 14/03/23 22:41, Petko Alov wrote: Change it to GRUB_DEFAULT=0 (I encountered the same issue week ago with a workstation booted for three month with an older kernel because of https://bugzilla.redhat.com/show_bug.cgi?id=2143438 , and solved it this way) Regards, Petko On 3/14/23 10:51, Rob Kampen wrote: Can I edit /etc/default/grub and change GRUB_DEFAULT=saved to something else? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Kernel updates do not boot - always boots oldest kernel
This issue has been around for some months, but other things keep crowding out a fix. uname give me 3.10.0-1160.36.2.el7.x86_64 #1 SMP Wed Jul 21 11:57:15 UTC 2021 yet I have 3.10.0-1160.76.1.el7.x86_64 3.10.0-1160.81.1.el7.x86_64 3.10.0-1160.83.1.el7.x86_64 3.10.0-1160.88.1.el7.x86_64 loaded. The system uses UEFI to boot. sudo ls -l /sys/firmware/efi gives: total 0 -r--r--r--. 1 root root 4096 Feb 19 16:47 config_table drwxr-xr-x. 2 root root 0 Feb 19 16:47 efivars -r--r--r--. 1 root root 4096 Mar 14 17:57 fw_platform_size -r--r--r--. 1 root root 4096 Feb 19 16:47 fw_vendor drwxr-xr-x. 2 root root 0 Mar 14 17:57 mok-variables -r--r--r--. 1 root root 4096 Feb 19 16:47 runtime drwxr-xr-x. 9 root root 0 Feb 19 16:47 runtime-map -r. 1 root root 4096 Feb 19 16:47 systab drwxr-xr-x. 65 root root 0 Mar 14 17:57 vars and sudo efibootmgr gives: BootCurrent: 000F BootOrder: 000F,000D,000B,000E,0008,,0002,0003,0004,0005,0006,0007 Boot* CD/DVD Rom Boot0002* PXE Network Boot0003 Enter Setup Boot0004 Boot Devices Boot0005 Boot Manager Boot0006 Setup Boot0007 Diagnostics Boot0008* Embedded Hypervisor Boot000B* CentOS Linux Boot000D* CentOS-AltDrv Boot000E* Hard Disk 3 Boot000F* CentOS-MainDrv This is a remote server, thus I need a sure fire fix. My previous attempts have either had no impact - the old kernel boots or machine hangs and I need to do a trip to the site. Now this issue could be a residual from my initial setup when I installed 2 by 3.x TB SSD and needed to manually change from bios/grub2 boot to UEFI. I have already spent 10's of hours on this system, just want to have it run the latest kernels - for obvious reasons. Some other items: sudo grep "^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2 gives: CentOS Linux (3.10.0-1160.88.1.el7.x86_64) 7 (Core) CentOS Linux (3.10.0-1160.83.1.el7.x86_64) 7 (Core) CentOS Linux (3.10.0-1160.81.1.el7.x86_64) 7 (Core) CentOS Linux (3.10.0-1160.76.1.el7.x86_64) 7 (Core) CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core) CentOS Linux (0-rescue-a39773847cf34651bc34d0566f53) 7 (Core) indicating that .88.1 should boot. sudo grub2-editenv list gives: saved_entry=CentOS Linux (3.10.0-1160.88.1.el7.x86_64) 7 (Core) also as expected. /etc/default/grub exists and contains GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto rd.md.uuid=066ffecb:69137a0b:4e579b4f:dfbf1696 rd.md.uuid=bd87f682:e6df10e2:d2a6e247:834133f7 rhgb quiet" GRUB_DISABLE_RECOVERY="true" the /boot/grub2/grubenv contains # GRUB Environment Block saved_entry=CentOS Linux (3.10.0-1160.88.1.el7.x86_64) 7 (Core) ### All these point to the correct version of the kernel but always boots the old .36.2 version. Just realized these files only relate to BIOS boot, and my system is UEFI boot. Now documentation seems to get scarce. seems like the boot files are now residing in /boot/efi/EFI/centos AND /boot/efi2/EFI/centos although looking at timestamps the latter directory is not being updated. /boot/efi/EFI/centos contains total 7028 -rwx--. 1 root root 134 Aug 1 2020 BOOT.CSV -rwx--. 1 root root 134 Aug 1 2020 BOOTX64.CSV drwx--. 2 root root 4096 Dec 23 22:01 fonts -rwx--. 1 root root 8589 Mar 14 17:51 grub.cfg -rwx--. 1 root root 1024 Aug 26 2021 grubenv -rwx--. 1 root root 1125704 Dec 17 06:13 grubx64.efi -rwx--. 1 root root 1154640 Aug 1 2020 mmx64.efi -rwx--. 1 root root 1154640 Aug 1 2020 MokManager.efi -rwx--. 1 root root 1243864 Aug 1 2020 shim.efi -rwx--. 1 root root 1237824 Aug 1 2020 shimx64-centos.efi -rwx--. 1 root root 1243864 Aug 1 2020 shimx64.efi and we see that the grub.cfg is being updated. However, here the grubenv file contains # GRUB Environment Block saved_entry=CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core)
Re: [CentOS] Postfix and virtual mail boxes.[SOLVED - kinda]
On 11/10/21 12:53 am, Peter wrote: On 10/10/21 11:28 pm, Rob Kampen wrote: smtp inet n - n - - smtpd -o smtpd_recipient_restrictions= -o content_filter=spamassassin I assume based on what you've said before that this is after you added the workaround you mentioned, but the logs below are without the smtpd_recipient_restrictions= part here? Correct, once I added the -o smtpd_recipient_restrictions= the alias substitutions worked and the log becomes much longer as all the various processes complete and add their trace to the maillog. Cannot see how this log listing can possibly help as it contains only three lines Nonetheless I do appreciate seeing them, no offense but you can never tell if someone's interpretations of the logs are accurate and so it's best just to see the logs themselves. Here is the log of the incorrectly rejected email coming into the new MX - very short as it immediately rejects the alias recipient address - which my other two MX do not do. Right. This led me to the conclusion that the alias substitution is not taking place on my new MX whereas it does on my two working MX - hence my addition to the smtp processing line at the top of the master.cf file. I wouldn't jump to that conclusion just yet, though. That said, based on your config and logs I think I may have been wrong in my previous guess and it may very well be related to your policyd-spf. More on that in a bit. Can you provide the output of the following commands (but substitute the actual recipient domain and address for the munged versions you supplied here): postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf postmap -q r...@example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf postmap -q r...@example.com mysql:/etc/postfix/mysql-virtual_email2email.cf postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf postmap -q r...@example.com mysql:/etc/postfix/mysql-virtual_mailboxes.cf The results of the above should give a much better picture of what's going on. OK - just to let you know the munge I used. example.com is an alias domain for example.org which is the actual domain with Maildir space on the server. rob@ is alias for rkampen@ thus the only real address is rkam...@example.org now the results [root@mx rkampen]# postmap -q example.org mysql:/etc/postfix/mysql-virtual_alias_domains.cf [root@mx rkampen]# postmap -q example.org mysql:/etc/postfix/mysql-virtual_domains.cf example.org [root@mx rkampen]# postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf example.com [root@mx rkampen]# postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf [root@mx rkampen]# postmap -q r...@example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf [root@mx rkampen]# postmap -q r...@example.org mysql:/etc/postfix/mysql-virtual_forwardings.cf rkam...@example.org [root@mx rkampen]# postmap -q @example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf @example.org [root@mx rkampen]# postmap -q r...@example.com mysql:/etc/postfix/mysql-virtual_email2email.cf [root@mx rkampen]# postmap -q r...@example.org mysql:/etc/postfix/mysql-virtual_email2email.cf [root@mx rkampen]# postmap -q rkam...@example.org mysql:/etc/postfix/mysql-virtual_email2email.cf rkam...@example.org [root@mx rkampen]# postmap -q rkam...@example.com mysql:/etc/postfix/mysql-virtual_email2email.cf [root@mx rkampen]# postmap -q rkam...@example.com mysql:/etc/postfix/mysql-virtual_mailboxes.cf [root@mx rkampen]# postmap -q rkam...@example.org mysql:/etc/postfix/mysql-virtual_mailboxes.cf example.org/rkampen/ As all but mysql-virtual_alias_domains.cf are copies from the other MX, I think these are fine. Also as email presented via port 587 via an authenticated STARTTLS session actually work fine, I have no reason to suspect any issues in this area. To check if it's the policyd that's causing the problem can you modify the smtpd_recipient_restrictions line in main.cf and remove just the "check_policy_service inet:localhost:12350," part? So that it reads something like: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policyd-spf Then check to see if it works after that (and provide logs again so I can check things over). Note this also means reverting your workaround in master.cf for this test. Well that may have done it! Now I get a correctly sent email with the alias substitutions done. Funny how that line seems to cause no error on my two original MX - looks like I better check them out a little more too. Here is the munged log (same munging as above) Oct 11 13:53:09 mx postfix/smtpd[10711]: connect from mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030] Oct 11 13:53:10 mx policyd-spf[10723]: ERROR: Unknown name "TestOnly" in file "/etc/python-pol
Re: [CentOS] Postfix and virtual mail boxes.[SOLVED - kinda]
On 9/10/21 9:55 pm, Peter wrote: On 9/10/21 12:26 pm, Rob Kampen wrote: So, after many dozens of hours and sending test emails I have found a solution (work around) that appears to work okay. It is now different to the original two MX servers I cloned from, in that the maillog shows a different cycle of processing, and it now fails a truly unknown mailbox much later in the process - thus higher workload on my MX. But the key thing is that it does now do the virtual_alias checks on incoming emails on port 25 before rejecting. if your MX is not rejecting messages to invalid recipients right away but instead bounces the messages later on you become a backscatter source (See https://www.backscatterer.org/?target=bounces). Understood. On the two existing MX the recipient checks happen up front AFTER alias substitutions and hence no reject of valid email addresses. I have been unable to achieve this behaviour with the new MX your server needs a properly configured list of valid recipients so it knows right away what recipients to accept and which ones to reject. Agrred, and it has - in mysql tables. No idea why this third MX is behaving differently. It has a dual stack IP, so I disabled IPv6 access and tried again, but that certainly wasn't the cause of the difference in processing. If you can provide the output of the following two commands it would be very helpful in troubleshooting your problem: postconf -nf alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 dovecot_destination_recipient_limit = 1 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man message_size_limit = 3072 milter_default_action = accept mydestination = localhost localhost.localdomain myhostname = mx.example.com mynetworks = 127.0.0.0/8, [::1]/128, 192.168.128.0/24, [global:ip:6::]/64 newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = inet:localhost:8891 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_milters = inet:localhost:8891 smtpd_recipient_restrictions = check_policy_service inet:localhost:12350, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policyd-spf smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/letsencrypt/live/example.com/chain.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem smtpd_tls_dh1024_param_file = /etc/postfix/dhparam.pem smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_security_level = may smtpd_use_tls = yes tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 tls_preempt_cipherlist = no unknown_local_recipient_reject_code = 550 virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_gid_maps = static:12 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_transport = dovecot virtual_uid_maps = static:89 postconf -Mf smtp inet n - n - - smtpd -o smtpd_recipient_restrictions= -o content_filter=spamassassin submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_recipient_restrictions=permit_sasl_authenticated,re
Re: [CentOS] Postfix and virtual mail boxes.[SOLVED - kinda]
On 7/10/21 6:18 pm, Rob Kampen wrote: Hi, not sure this is the best place to go for my problem, but hoping someone can point me to the correct or better place. I have two currently working CentOS 7 based email servers that host a number of virtual domains and users and delivers mail just fine - for correctly addressed vmail inboxes AND for alias addressed emails and domains. These all use postfix, dovecot, amavisd, clamAV, spamassassin, mysql (mariadb) and roundcubemail I use port 25 for the world email delivery - no auth needed as only accepts hosted virtual domain addressed email. and port 587 for user client MUA to send mail - smtp with STARTTLS auth needed port 993 for MUA IMAP access to account mail boxes A couple of weeks ago I rolled up a new minimal virtual server (also CentOS 7) and basically copied the same setup as the other two and have now spent far too long trying to get it going. My initial problem was that I set up mydestination to include $mydomain - this has the consequence of seeing any mail@$mydomain as local email and trying to deliver to the local machine rather than the vmail inboxes. So after setting up a new domain just for the MX we moved on. All three installations use mysql (mariadb) as the data store for domains, alias domains, user vmail accounts, and forwardings (virtual alias mapping) The mysql bits work just fine as I can send mail from an MUA client and they deliver correctly via an authenticated session on port 587 - i.e to any world email address AND to local vmail boxes, including those addressed via an alias and/or alias domain. What fails to work on the new installation, but works fine on my two legacy servers, is mail addressed via an alias. Specifically an alias domain. Even adding the complete alias email address to the forwardings table doesn't work. e.g. let's say we have an email domain '@example.com' and an alias domain '@example.org'. Needed so I can migrate my clients from one server to the other in a staged manner. Thus the new server is set up to operate as the MX for @example.org and @example.com but needs to alias redirect the incoming emails being sent to f...@example.org and deliver them to the vmail location for f...@example.com (i.e. we have no vmail locations for @example.org only for @example.com So if I send a test email via my MUA (using port 587 and hence authenticated) it does the alias lookups and translations needed and correctly delivers the mail. However if I send an email to f...@example.org from say a gmail account, it arrives at my new server and promptly gets bounced with a 550 5.7.1 error - no such email address. After doing diff on the main.cf and master.cf from all three servers the only differences are the myhostname, mynetworks (new one is dual stack IP4/IPv6 and thus includes [::1]/128), smtpd_tls certificate names, and the virtual_uid_maps - all expected and accounted for. master.cf are identical Many dozens of google searches and reading far too many pages, has left me with no idea why my new server doesn't accept alias directed emails via port 25. All the documentation indicates that alias lookups and translations are performed by postfix - all the time. receive_override_options is not set. So, after many dozens of hours and sending test emails I have found a solution (work around) that appears to work okay. It is now different to the original two MX servers I cloned from, in that the maillog shows a different cycle of processing, and it now fails a truly unknown mailbox much later in the process - thus higher workload on my MX. But the key thing is that it does now do the virtual_alias checks on incoming emails on port 25 before rejecting. No idea why this third MX is behaving differently. It has a dual stack IP, so I disabled IPv6 access and tried again, but that certainly wasn't the cause of the difference in processing. It should be noted that the two initial MX machines have an extra line in the maillog that is the second logged step in the process, and goes something like: Oct 8 19:00:58 mx policyd-spf[16055]: prepend Received-SPF: None (mailfrom) identity=mailfrom; client-ip=209.85.210.180; helo=mail-pf1-f180.google.com; envelope-from=r...@example.com; receiver= After that processing steps are identical. My work around makes the steps a little more different. So the work around is changing master.cf From # == # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # == smtp inet n - n - - smtpd -o content_filter=spamassassin TO # == # service type private unpriv chroot wakeup maxproc command + args
[CentOS] Postfix and virtual mail boxes.
Hi, not sure this is the best place to go for my problem, but hoping someone can point me to the correct or better place. I have two currently working CentOS 7 based email servers that host a number of virtual domains and users and delivers mail just fine - for correctly addressed vmail inboxes AND for alias addressed emails and domains. These all use postfix, dovecot, amavisd, clamAV, spamassassin, mysql (mariadb) and roundcubemail I use port 25 for the world email delivery - no auth needed as only accepts hosted virtual domain addressed email. and port 587 for user client MUA to send mail - smtp with STARTTLS auth needed port 993 for MUA IMAP access to account mail boxes A couple of weeks ago I rolled up a new minimal virtual server (also CentOS 7) and basically copied the same setup as the other two and have now spent far too long trying to get it going. My initial problem was that I set up mydestination to include $mydomain - this has the consequence of seeing any mail@$mydomain as local email and trying to deliver to the local machine rather than the vmail inboxes. So after setting up a new domain just for the MX we moved on. All three installations use mysql (mariadb) as the data store for domains, alias domains, user vmail accounts, and forwardings (virtual alias mapping) The mysql bits work just fine as I can send mail from an MUA client and they deliver correctly via an authenticated session on port 587 - i.e to any world email address AND to local vmail boxes, including those addressed via an alias and/or alias domain. What fails to work on the new installation, but works fine on my two legacy servers, is mail addressed via an alias. Specifically an alias domain. Even adding the complete alias email address to the forwardings table doesn't work. e.g. let's say we have an email domain '@example.com' and an alias domain '@example.org'. Needed so I can migrate my clients from one server to the other in a staged manner. Thus the new server is set up to operate as the MX for @example.org and @example.com but needs to alias redirect the incoming emails being sent to f...@example.org and deliver them to the vmail location for f...@example.com (i.e. we have no vmail locations for @example.org only for @example.com So if I send a test email via my MUA (using port 587 and hence authenticated) it does the alias lookups and translations needed and correctly delivers the mail. However if I send an email to f...@example.org from say a gmail account, it arrives at my new server and promptly gets bounced with a 550 5.7.1 error - no such email address. After doing diff on the main.cf and master.cf from all three servers the only differences are the myhostname, mynetworks (new one is dual stack IP4/IPv6 and thus includes [::1]/128), smtpd_tls certificate names, and the virtual_uid_maps - all expected and accounted for. master.cf are identical Many dozens of google searches and reading far too many pages, has left me with no idea why my new server doesn't accept alias directed emails via port 25. All the documentation indicates that alias lookups and translations are performed by postfix - all the time. receive_override_options is not set. Any suggestions of things to check or test would be welcome. TIA Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading (?) from legacy boot to UEFI [SOLVED]
On 29/08/21 1:03 am, Jonathan Billings wrote: On Aug 28, 2021, at 05:58, Rob Kampen wrote: Yeah, it is astounding to me that RH does not define their implementation of the grub2 grub.cfg file with particular focus on the things that are different between legacy boot and UEFI. Also what (if any) differences there may be in the initramfs and vmlinuz files between the two boot options. then we have the various .efi files with little or no documentation. So we are left with anaconda I don’t think migrating from a legacy bootloader to UEFI (on the same hardware) is a common enough process to document. I do notice you have a kernel listed with a .efi extension, and I’ve never seen that before. Typically on a UEFI C7 system, all the kernels and initrds are in /boot. Only the EFI executables and supplementary grub files are in the /boot/efi volume (normally /boot/efi/EFI/CentOS). I don’t know where you got that kernel efi file. — Jonathan Billings Thanks all, for your comments. Jonathan, you are correct about the kernel placement and extension - I placed it there early in the process based upon someone's recipe - it didn't work but I hadn't got around to cleaning it up. I have now got it working! I was close with all the bits I had done, but the final piece is that I hand edited the grub.cfg in the ESP in my case /boot/efi/EFI/centos/ and /boot/efi2/EFI/centos/ and changed the linux16 to linuxefi and the initrd16 to initrdefi. Then I used the server's UEFI boot manager app (part of this machine's setup arsenal) to manually add a UEFI boot on a specific drive with arguments pointing at shimx64.efi Then a reboot and some online grub edits of the linuxefi line and CTRL-X and it finally booted up in UEFI mode. At this point /sys/firmware/efi exists and efibootmgr -v finally gave some appropriate output Then I was able to login, run grub2-mkcfg and get a proper grub.cfg file, and finally use efibootmgr to create the desired default boot and backup boot entries in the UEFI. ALL DONE. Lost some more hair and some sleep, but also much more knowledgeable and comfortable with UEFI. Possibly not a common scenario, but it feels good having finally beaten it into submission. Shalom ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading (?) from legacy boot to UEFI
On 28/08/21 8:24 pm, Simon Matter wrote: On 27/08/21 10:51 pm, Rob Kampen wrote: Unfortunately the server is remote and the CentOS7 USB device I left plugged into the machine refuses to boot from UEFI mode. Thus a rescue mode boot has not been possible. So i made a trip and replaced the USB stick with another one - CentOS7 I am unsure what file I need to point the UEFI bios disk manager setup at, I have tried shim.efi and shimx84-centos.efi The message I get is that linux16 and initrd16 cannot find their files. The change to linuxefi and initrdefi also fail but the system reboot happens before I can see what flashes on screen. Is a USB based UEFI booted rescue mode the only way I can fix this? So I then rebooted - selected UEFI native boot and got into rescue mode - only problem is that the rescue system did not find a Linux system. Really weird as each of the four drives effectively have a complete centos7 system. No idea why it didn't start md raid and find the 6 raid1 volumes. About to give this a miss and just live with legacy boot - this UEFI thing is just far too complicated. Looking on line at all the various blogs and questions it seems I am not alone in finding it far too complicated. Don't worry, you're not alone. IMHO UEFI and GRUB2 and the whole Linux startup procedure can be a real problem to handle and I guess most people just give up earlier or later and simply use the installer to do the job. Yeah, it is astounding to me that RH does not define their implementation of the grub2 grub.cfg file with particular focus on the things that are different between legacy boot and UEFI. Also what (if any) differences there may be in the initramfs and vmlinuz files between the two boot options. then we have the various .efi files with little or no documentation. So we are left with anaconda Makes my situation really tough ... too small for the learning curve of automated OS installation and management systems but I have a week or so of configuration and testing invested that I will need to redo, if I do a re-install just to get the boot system shifted from BIOS/legacy to UEFI. As to the RH decision to default to a legacy boot / MBR oriented install based upon size of disk ... words fail me. At least I have learnt that one needs to do research into MB firmware w.r.t BIOS/UEFI as part of procurement. Never been a thing I cared about previously, but now another area which can bite you in the butt. Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrading (?) from legacy boot to UEFI
On 27/08/21 10:51 pm, Rob Kampen wrote: Unfortunately the server is remote and the CentOS7 USB device I left plugged into the machine refuses to boot from UEFI mode. Thus a rescue mode boot has not been possible. So i made a trip and replaced the USB stick with another one - CentOS7 I am unsure what file I need to point the UEFI bios disk manager setup at, I have tried shim.efi and shimx84-centos.efi The message I get is that linux16 and initrd16 cannot find their files. The change to linuxefi and initrdefi also fail but the system reboot happens before I can see what flashes on screen. Is a USB based UEFI booted rescue mode the only way I can fix this? So I then rebooted - selected UEFI native boot and got into rescue mode - only problem is that the rescue system did not find a Linux system. Really weird as each of the four drives effectively have a complete centos7 system. No idea why it didn't start md raid and find the 6 raid1 volumes. About to give this a miss and just live with legacy boot - this UEFI thing is just far too complicated. Looking on line at all the various blogs and questions it seems I am not alone in finding it far too complicated. I run a Ubuntu workstation that is UEFI based and their grub.cfg is so much simpler than the centos one. TIA for your pointers / suggestions. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Upgrading (?) from legacy boot to UEFI
After three days of effort I have failed to find a way of shifting a server from legacy boot to UEFI boot. I have made my way through the 400+ pages of RH installation manual for EL7, plus their similarly large system administrators manual. Dozens of pages searched via google and yet none of the layouts for the /boot and /boot/efi have worked in my case. System is a Lenovo 3650 M5 with UEFI bios. Due to RH / CentOS design my initial install onto the two 600GB HDD partitioned these using MBR and legacy boot. I have just obtained two SAS SSD drives of 3.8TB and thus MBR is no longer an option. I have successfully migrated all the system and data from the HDD to the SSD, complete with GPT and RAID1 and all works as expected - except the HDD was still needed to boot the system. That's when the fun / agony started. Each system reboot is almost five minutes just to get to the for system setup option. Thus testing is a very slow process. I am now at the point where I have a "bios boot" partition (1024K type ef02) as the first partition on each GPT partitioned SSD and have grub2-install onto the drives the bios boot junk needed for legacy boot. Thus I can at least legacy boot from one of the SSD and all comes up as expected. (no idea yet why it only works from one of the SSD and not the other). Unfortunately the server is remote and the CentOS7 USB device I left plugged into the machine refuses to boot from UEFI mode. Thus a rescue mode boot has not been possible. I have two 300MB partitions, one on each SSD suitably formatted (type ef00 and vfat) and set up with the files as follows: -rwx--. 1 root root 134 Aug 1 2020 BOOT.CSV -rwx--. 1 root root 134 Aug 1 2020 BOOTX64.CSV drwx--. 2 root root 4096 Aug 27 16:22 fonts -rwx--. 1 root root 6597 Aug 27 21:33 grub.cfg -rwx--. 1 root root 1024 Aug 26 23:22 grubenv -rwx--. 1 root root 1122120 Mar 17 07:24 grubx64.efi -rwx--. 1 root root 19378672 Aug 26 20:29 initramfs-3.10.0-1160.36.2.el7.x86_64.img -rwx--. 1 root root 1154640 Aug 1 2020 mmx64.efi -rwx--. 1 root root 1154640 Aug 1 2020 MokManager.efi -rwx--. 1 root root 1243864 Aug 1 2020 shim.efi -rwx--. 1 root root 1237824 Aug 1 2020 shimx64-centos.efi -rwx--. 1 root root 1243864 Aug 1 2020 shimx64.efi -rwx--. 1 root root 6777448 Aug 26 20:27 vmlinuz-3.10.0-1160.36.2.el7.x86_64.efi unfortunately grub2-mkconfig sets up the grub.cfg as for legacy boot because the /sys/firmware/efi does not exist, thanks to running from a legacy boot. I tried a few manual edits to the grub.cfg to deal with linux16 -> linuxefi and initrd16 -> initrdefi but to little avail. Can someone point me to what needs to happen for UEFI boot to work successfully. I am unsure what file I need to point the UEFI bios disk manager setup at, I have tried shim.efi and shimx84-centos.efi The message I get is that linux16 and initrd16 cannot find their files. The change to linuxefi and initrdefi also fail but the system reboot happens before I can see what flashes on screen. Is a USB based UEFI booted rescue mode the only way I can fix this? TIA for your pointers / suggestions. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cloning bridged VMs : VirtualBox vs. KVM
On 25/03/21 5:51 am, Nicolas Kovacs wrote: Hi, (tl;dr : how can I clone a KVM-based bridged virtual machine and force a duplicate MAC address ?) Up until recently I've been using VirtualBox on my workstation to test various local setups. Usually I would setup a basic CentOS installation, and whenever I wanted to fiddle around, I would just clone that system and play around with it. So whenever I shot myself in the foot on that VM, I would simply erase it and start over again with a new clone. Think of it as a disposable VM. All my VMs under VirtualBox used bridged mode, so they were in the same network. And in my local proxy server, I have Dnsmasq that assigns static IP addresses and meaningful hostnames to these VMs. Here's what the corresponding lines in dnsmasq.conf look like: dhcp-host=08:00:27:00:00:01,suse-lp151,192.168.2.10 dhcp-host=08:00:27:00:00:02,suse-lp152,192.168.2.11 dhcp-host=08:00:27:00:00:03,ce7-server,192.168.2.12 dhcp-host=08:00:27:00:00:04,ce8-server,192.168.2.13 dhcp-host=08:00:27:00:00:05,ol7-server,192.168.2.14 dhcp-host=08:00:27:00:00:06,ol8-server,192.168.2.15 dhcp-host=08:00:27:00:00:07,rh7-server,192.168.2.16 dhcp-host=08:00:27:00:00:08,rh8-server,192.168.2.17 this appears to have 8 different mac addresses and then assigned 8 individual IP addresses - that would appear desireable and correct. Why do you want the same mac? what are you trying to achieve? Feel like I'm missing something Over the last two weeks, I decided to migrate from VirtualBox to KVM even for local configurations and virtualized desktop configurations. So far, everything works nice... except one problem I can't seem to solve (yet). I'm using KVM in bridged mode, over a br0 bridge on my workstation. Like with VirtualBox, all my KVM virtual machines are part of my local 192.168.2.0/24 network. Unfortunately there is no way to simply make a perfect clone of a virtual machine using virt-manager. It insists on assigning my cloned VM a different MAC address. And whenever I want to manually create a NIC with the same MAC address as the original, Virtual Machine Manager tells me I can't do that. Same player shoot again. Now I know that is normally a good thing. You don't want MAC address conflicts in your network. But here's the thing: I don't intend to fire up both copies at once. As with VirtualBox, I only intend to use one VM at a time, for testing purposes. Now how can I "explain" this to Virtual Machine Manager without having to jump through burning loops ? Cheers, Niki ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba config question
On 16/03/21 4:24 pm, Robert G. (Doc) Savage via CentOS wrote: After setting up /etc/samba/smb.conf and running "testparm" in CentOS 7.9.2011, I have noticed that the list of parameters echoed back for the [global] section do not match those in the smb.conf file. Is this normal? [global] in /etc/samba/smb.conf: unix charset = UTF-8 dos charset = CP932 vfs objs = acl_xattr map acl inherit = yes store dos attributes = yes printing = cups printcap = cups load printers = yes # Network related options workgroup = WORKGROUP server string = Samba Server Version %v netbios name = SERVER01 interfaces = lo eth0 192.168.1.0/24 hosts allow = 127. 192.168.1. # Logging options log file = /var/log/samba/log.%m max log size = 50 # Standalone Server Options security = user passdb backend = tdbsam map to guest = Bad User # Name Resolution wins support = yes dns proxy = yes # Printing options load printers = yes cups options = raw # Filesystem options map archive = no map hidden = no map read only = no map system = no store dos attributes = yes When I subsequently run "testparm", I get a shorter and in some cases different list: [global] in "testparm" output: dos charset = CP932 interfaces = lo eth0 192.168.1.0/24 log file = /var/log/samba/log.%m map to guest = Bad User max log size = 50 printcap name = cups security = USER server string = Samba Server Version %v wins support = Yes idmap config * : backend = tdb cups options = raw hosts allow = 127. 192.168.1 map acl inherit = Yes map archive = No vfs objects = acl_xattr Is this normal behavior for Samba? I am particularly concerned about workgroup = WORKGROUP missing in the "testparm" output. Is it that testparm just outputs the non default values? V/R --Doc Savage Fairview Heights, IL ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks
On 16/03/21 9:25 am, Lamar Owen wrote: On 3/15/21 8:51 AM, Stephen John Smoogen wrote: Exactly that. Upstream Fedora and RHEL went to require dual density around Fedora 18, RHEL-7 because the amount of data was too much. Well, what's odd is that the actual upstream RHEL 7.9 DVD WILL fit on a single-layer DVD. Just burned one. I seem to recall that RHEL and CentOS bundle their products differently - hence RHEL has bits divided into other groups, whereas CentOS combines them ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Password manager for the command line ?
On 23/11/20 10:52 pm, Sebastien Féminier via CentOS wrote: Hi Niki , I use "pass" to manage my password , it's based on gnuPG , you can find more info on the web site => https://www.passwordstore.org/ . For sync you can use Git . Seb. +1 -works well and can be used via ssh link as well if set up properly. Le Mon, Nov 23, 2020 at 09:24:18AM +0100, Nicolas Kovacs a écrit : Hi, On my workstation and my laptop I'm using KeePassXC to store login credentials for my websites. The database is stored in my OwnCloud share, so it's synchronized between my two computers. Ideally I'd like to have something similar for my servers, but command-line driven. I know these tools exist but I haven't tested them yet. What I have in mind is a command-line password manager that stores the database in an encrypted database - like KeePassXC - and then I could eventually store this file in a private Gitlab repo to centralize it and access it from all my servers. Can you recommend any particular command line password manager ? Any recommendations / caveats for this kind of setup ? Cheers from the locked down South of France, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 Mob. : 06 51 80 12 12 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mail server troubles
On 9/10/20 11:08 am, Stephen John Smoogen wrote: On Thu, 8 Oct 2020 at 17:50, Nicolas Kovacs wrote: Hi, This is probably a bit OT, but here goes. I've been running our local school's mail server since 2013, with mail addresses for school staff and some teachers. The server is running CentOS 7 with Postfix and Dovecot, and it's a nice no-bullshit configuration with SPF, DKIM and DMARC. The school sends quite a lot of email out to parents, and sometimes, mail gets rejected: --8< : host smtp-in.orange.fr[193.252.22.65] said: 550 5.2.0 Mail rejete. Mail rejected. ofr_506 [506] (in reply to end of DATA command) : host smtp-in.orange.fr[193.252.22.65] said: 550 5.2.0 Mail rejete. Mail rejected. ofr_506 [506] (in reply to end of DATA command) --8< This happens randomly with the usual suspects among crappy mail providers like Orange, Hotmail/Live, Yahoo and the rest. So wanadoo and orange seem to send a ofr_506 because the scanned mail was found to be SPAM. This is independent of DKIM, SPF, DMARC but from them scanning the email in the DATA and saying nope. Usually that is because too many people complained about a set of email and the weight of email with that content is getting blocked. I don't know if the school moving to another provider will fix that as this isn't because of the IP it was sent from (they block before the DATA is sent in that case). [My guess is that someone wants to move to something else and is using this as the Casus Belli to do so. ] I don't really have a suggestion or solution to either problem.. If this reject is due to their spam filtering process, it is actually the email author's problem - how they make up their sentences, key words etc. and thus the problem will travel with them, to whatever email provider they choose. Suggest they get educated in how to write an appropriate email that doesn't raise alarms, or they could use mailchimp (e.g. only) for their large group emails. Just a final thought - are the email address headers containing multiple email addresses? this too can trigger blocking by some providers. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HP vs. Brother Printers: Use with Centos/Fedora
On 28/06/20 9:44 am, Frank Cox wrote: On Sat, 27 Jun 2020 17:33:39 -0400 Jay Hart wrote: If you had to rate which printer brand works better with Linux (Fedora and Centos), what would it be? Any Brother printer that I've ever had the misfortune to have to deal with either didn't work at all or if could be made to work, it didn't work for long. If it's a Brother, run away as fast as you can. They're the cheapest crappiest thing you can possibly imagine. My wife makes quilts and says the same thing about Brother sewing machines. Cannot comment on sewing machines, however I always head to brother for laser printers. I don't do inkjet ever, as the cost per page doesn't fit my use case and dried out ink cartridges drive me nuts. Great thing about brother is they really support linux! yes you do need to visit their web site but they offer drivers and they seem to provide access to all the printer's features. Only gotcha I've had is trying to use alternative toner cartridges - that really didn't go well at all, got brother product and it was good as new - go figure. HTH ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [SOLVED] fail2ban firewalld problems with current CentOS 7
On 17/04/20 10:55 pm, Leon Fauster via CentOS wrote: Am 17.04.20 um 02:59 schrieb Rob Kampen: On 13/04/20 1:30 pm, Orion Poplawski wrote: On 4/9/20 6:31 AM, Andreas Haumer wrote: ... I'm neither a fail2ban nor a SELinux expert, but it seems the standard fail2ban SELinux policy as provided by CentOS 7 is not sufficient anymore and the recent updates did not correctly update the required SELinux policies. I could report this as bug, but where does such a bugreport belong to in the first place? - andreas See https://bugzilla.redhat.com/show_bug.cgi?id=1777562 We're a bit stalled at the moment I'm afradi Finally had some time to look into this. Happy to say fail2ban now appears to be working. 1. I found that reading the CentOS web site about SElinux was helpful and this led me to issue the following: semanage permissive -a fail2ban_t this places just fail2ban requests (got the context from the scontext part of the SElinux error message) into permissive mode rather than the entire OS. 2. Then a look into the SElinux troubleshooter gave me the errors that were occurring and following the suggested instructions I created a my-f2bfsshd.pp & my-f2bfsshd.te 3. restarted fail2ban via systemctl restart fail2ban.service 4. monitored via fail2ban-client status and now get Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 109 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 3 |- Total banned: 6 `- Banned IP list: 27.78.14.83 116.105.216.179 139.99.71.227 5. set fail2ban back into enforcing with semanage permissive -d fail2ban_t All solved for me. I have now done this on a second machine and it too seems to be functioning again. Great that there is a solution. I am just curious; how does your my-f2bfsshd.te looks like? module my-f2bfsshd 1.0; require { type proc_net_t; type sysctl_net_t; type sysfs_t; type fail2ban_t; class dir search; class file { getattr open read }; } #= fail2ban_t == allow fail2ban_t proc_net_t:file read; allow fail2ban_t sysctl_net_t:dir search; allow fail2ban_t sysctl_net_t:file { getattr open read }; allow fail2ban_t sysfs_t:file { getattr open read }; -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [SOLVED] fail2ban firewalld problems with current CentOS 7
On 13/04/20 1:30 pm, Orion Poplawski wrote: On 4/9/20 6:31 AM, Andreas Haumer wrote: ... I'm neither a fail2ban nor a SELinux expert, but it seems the standard fail2ban SELinux policy as provided by CentOS 7 is not sufficient anymore and the recent updates did not correctly update the required SELinux policies. I could report this as bug, but where does such a bugreport belong to in the first place? - andreas See https://bugzilla.redhat.com/show_bug.cgi?id=1777562 We're a bit stalled at the moment I'm afradi Finally had some time to look into this. Happy to say fail2ban now appears to be working. 1. I found that reading the CentOS web site about SElinux was helpful and this led me to issue the following: semanage permissive -a fail2ban_t this places just fail2ban requests (got the context from the scontext part of the SElinux error message) into permissive mode rather than the entire OS. 2. Then a look into the SElinux troubleshooter gave me the errors that were occurring and following the suggested instructions I created a my-f2bfsshd.pp & my-f2bfsshd.te 3. restarted fail2ban via systemctl restart fail2ban.service 4. monitored via fail2ban-client status and now get Status for the jail: sshd |- Filter | |- Currently failed: 0 | |- Total failed: 109 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 3 |- Total banned: 6 `- Banned IP list: 27.78.14.83 116.105.216.179 139.99.71.227 5. set fail2ban back into enforcing with semanage permissive -d fail2ban_t All solved for me. I have now done this on a second machine and it too seems to be functioning again. HTH Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Zoom?
On 10/04/20 8:08 am, MAILIST wrote: I'm on Ubuntu and, no, it doesn't work. I installed it the standard way on Zorin 15 (based on Ubuntu 18), and it worked well. Todd Merriman ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Just went to zoom this morning for my CentOS7 laptop, downloaded their rpm and did a localinstall and all worked just fine. https://support.zoom.us/hc/en-us/articles/204206269-Installing-Zoom-on-Linux HTH ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fail2ban firewalld problems with current CentOS 7
On 9/04/20 7:48 pm, Andreas Haumer wrote: Hi! I have a server running CentOS 7.7 (1908) with all current patches installed. I think this server should be a quite standard installation with no specialities On this server I have fail2ban with an apache and openvpn configuration. I'm using firewalld to manage the firewall rules. Fail2an is configured to use firewalld: The firewalld errors start exactly after the updates were installed. Does anyone else see similar problems since the last updates? I googled and found some older postings, but nothing matching the problems I see exactly. I have other CentOS 7 servers with fail2ban and firewalld which should be updated soon, but before I do this I first want to solve this issue. Any idea? I too had fail2ban fail after an otherwise successful yum update. Mine occurred in Feb when my versions of firewalld etc were updated to the versions you show. Thus far I have not had the opportunity to sort the problem. Lockdown has been quite busy so far, hopefully some slower times coming next week. Thanks! - andreas ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Keyboard backlight fails with recent kernels
I do not use my laptop often, normally my better half has possession and use of it. It is a late 2011 ASUS ROG G73S which performs very well. The keyboard backlight was an issue initially under CentOS6, but the kind folks at elrepo found the missing bits in a more recent kernel and created a package to add them to the older CentOS6 kernel. An upgrade to CentOS7 went without a hitch and the keyboard lighting has worked fine. Recently I sat infront of the machine and couldn't see the keys - no backlight. A number of reboots later I have found that the latest kernel that I have on the machine, that works okay is 3.10.0-862.14.4.el7.x86_64 3.10.0-957.21.2.el7 and 3.10.0-957.27.2.el7 both fail to load/activate the driver for the keyboard. Would someone with the requisite knowledge please advise what I need to do. Is this a case for using the CentOSplus kernel or do I need to find and load a driver or two? or do I need to request the elrepo folk to make a suitable package. Thanks Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mate on Centos 7
On 19/07/19 11:06 PM, James Pearson wrote: isdtor wrote: Can I really be the only user of Mate on Centos 7?? No, definitely not. I use MATE on C7, because Gnome is, how do I say this politely..., um, horrible. Not a KDE fan either. Gnome-2.x wasn't broken, didn't need to be thrown away and replaced by something completely different. Not broken, but full of bugs that will never get fixed. I keep seeing posts about alternative desktops - great, just another of the things that make linux the OS of choice - you have choice; even about which desktop management system you wish to use. I have not tried mate for a number of years, it was quite simple and basic to use, but also lacked some of the polish we see in the market place, I have tried KDE and usually just use gnome, at whatever iteration RH and CentOS put out. KDE out of the box a year or so ago caused me some major grief to do with files and indexes and loosing disk space, so I walked away. Gnome has not been kind to developers like myself, and those trying to do real work with their work-stations - things that once were easy have become more difficult, however I have found solutions to most of the problems the later releases have introduced. Why bring this up? Well I guess I agree with some of the sentiment expressed often by a regular group of list contributors, but I also find it going stale. Change in the IT world is a constant. Not all of it is progress, in the sense of getting closer to a particular goal. However, it must be recognised that there are many, many different goals out there, and many of those will not be convergent, thus some gain, others loose. So at the end of the day, we make our choice, and live with the consequences. I am looking forward to spinning up CentOS 8 in the next month or two and seeing what that works like for my particular mix of tasks. It seems RH has chosen to support gnome desktop, thus for better or worse, that's where I'll go too. CentOS has far too many other benefits for me to go elsewhere. HUGE thanks to all the CentOS team and those that offer their experience to help and assist others - it makes my computing world function more or less reliably and deterministically, and all under my ability to observe and use. Thanks for reading, please forgive my slightly off topic rant. Rob I did a while back rebuild the EPEL rpms for 1.20. There are spec files I could make available but I can't find the build environemnt setup now. It involves mock, a custom local repo to receive the fresh builds as you don't want to pull in the rpms from EPEL, and a build script that defines the order, among other things. If I have time next week I can try and locate everything. If Mate won't be (or may not be?) supported by EPEL, has anyone looked at similar alternatives? I came across 'Cinnamon' (which is available from EPEL) - does anyone have experience of Cinnamon (good/bad/otherwise) ? Thanks James Pearson ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Server fails to boot
On 14/07/19 10:15 AM, Gordon Messmer wrote: On 7/8/19 4:28 AM, Rob Kampen wrote: Warning: /dev/disk/by-id/md-uuid-::: does not exist https://bugzilla.redhat.com/show_bug.cgi?id=1451660 It sounds like your kernels aren't assembling the RAID device on boot, which *might* be related to the above bug if one of the devices is broken. It's hard to tell from your description. You mentioned that the rescue kernel boots, but I wonder if the array is degraded at that point. I agree, it sounds like the initramfs kernel is not assembling the raid1 devices (/,/boot,swap) or certainly not setting the links /dev/md/root /dev/md/boot and /dev/md/swap which then cause dracut to fail. I have no idea why the rescue kernel boots just fine, although it does not establish the above links either, rather it sets up the links /dev/md/:{boot,root,swap} pointing to the assembled /dev/md125 etc. My particular problem is: how do I get it to boot the later kernels? What should be my repair process? I have tried a boot with the rhgb and quiet removed and got no additional information. BTW once booted cat /proc/mdstat gives: Personalities : [raid1] md57 : active raid1 sdb7[1] sda7[0] 554533696 blocks super 1.2 [2/2] [UU] md99 : active raid1 sdd[1] sdc[0] 976631360 blocks super 1.2 [2/2] [UU] md121 : active raid1 sdb2[1] sda2[0] 153500992 blocks [2/2] [UU] md120 : active raid1 sda3[0] sdb3[1] 263907712 blocks [2/2] [UU] md125 : active raid1 sde1[0] sdf1[1] 478813184 blocks super 1.2 [2/2] [UU] bitmap: 3/4 pages [12KB], 65536KB chunk md126 : active raid1 sde2[0] sdf2[1] 1046528 blocks super 1.2 [2/2] [UU] bitmap: 0/1 pages [0KB], 65536KB chunk md127 : active (auto-read-only) raid1 sde3[0] sdf3[1] 8382464 blocks super 1.2 [2/2] [UU] unused devices: no degraded raid devices . Otherwise, you might remove "rhgb" and "quiet" from the kernel boot parameters and see if there's any useful information printed to the console while booting a recent kernel. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Server fails to boot
First some history. This is an Intel MB and processor some 6 years old, initially running CentOS 6. It has 4 x 1TB sata drives set up in two mdraid 1 mirrors. It has performed really well in a rural setting with frequent power cuts which the UPS has dealt with and auto shuts down the server after a few minutes and then auto restarts when power is restored. The clients needed a Windoze server for a proprietary accounting package they use, thus I have recently installed two SSD drives (500GB each) also in a raid 1 mirror and installed CentOS 7 as the host and also VirtualBox running Windoze 10. The hard drives continue to hold their data files. This appeared to work just fine until a few days ago. After a power cut the server would not reboot. It takes a while to get in front of the machine, add a monitor, keyboard and mouse only to find: Warning: /dev/disk/by-id/md-uuid-::: does not exist repeated three times - one for each of the /, /boot, and swap raid member sets along with a Warning: /dev/disk/by-uuid/::: does not exist for the /dev/md125 which is the actual raid 1 / device. The system is in a root shell of some sort as it has not made the transition from initramfs to the mdraid root drive. there are some other lines of info and a txt file with hundreds of lines of boot info, ending with the above info (as I recall). I tried a reboot - same result, rebooted and tried an earlier kernel - same result, tried a reboot to the recovery kernel and all went well. System comes up, all raids sets are up and in sync - no errors. So, no apparent H/W issues, no mdraid issues apparently, but none of the regular kernels will now boot. a blkid shows all the expected mdraid devices with the uuids from the error message all in place as expected. I did a yum reinstall of the most recent kernel as I thought that may repair any /boot file system problems - particularly initramfs, but no difference, will not boot, same exact error messages. Thus I now have it running on the recovery kernel, with all the required server functions being performed, albeit on an out of date kernel. Google has one solved problem similar to mine but the solution was change the BIOS from AHCI to IDE - that does not seem correct as I have not changed BIOS, although I have not checked it at this time. Another solution talks about a race condition and the md raid not being ready when required during the boot process and thus to add delay in the kernel boot line in grub2. Although no one indicated this actually worked. Another proposed solution is to mount the failed devices from a recovery boot and rebuild initramfs. Before I do this I would like to ask those that know a little more about the boot process, what is going wrong? I can believe the most recent initramfs being a problem, but all three other kernels too?? Yet the recovery kernel works just fine. As the system is remote, I would like some understanding of what's up before I do any changes - if a reboot occurs and fails, it will mean another trip. Oh, one other thing, it seems the UPS is not working correctly, thus it may not have shut down cleanly. Working to replace batteries in the UPS. TIA for your insight. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] raid 5 install
On 29/06/19 2:46 AM, Blake Hudson wrote: Nikos Gatsis - Qbit wrote on 6/27/2019 8:36 AM: Hello list. The next days we are going to install Centos 7 on a new server, with 4*3Tb sata hdd as raid-5. We will use the graphical interface to install and set up raid. Do I have to consider anything before installation, because the disks are very large? Does the graphical use the parted to set/format the raid? Hi Nikos, I've read the other posts in this thread and wanted to provide my perspective. I've used Linux RAID at various times over the past 10-20 years with both desktop and server class hardware. I've also used hardware RAID controllers from 3ware, Adaptec, LSI, AMI, and others with IDE, SATA, SAS, and SCSI drives. The goal of RAID 1 and above is to increase availability. Unfortunately, I've never had Linux software RAID improve availability - it has only decreased availability for me. This has been due to a combination of hardware and software issues that are are generally handled well by HW RAID controllers, but are often handled poorly or unpredictably by desktop oriented hardware and Linux software. Sorry for your poor experience. I have used and achieved much improved availability by using Linux Software RAID - most often I use RAID 1 and had disks fail with no impact to the client other than slightly reduced response times (in fact they were totally unaware that a drive had failed, until I told them). Replaced the faulty drive (done by a local person who barely knew how to use a screw driver), resynchronized and all is well - zero data lost. It was a hot swap bay and thus the server did not even have to be powered down - zero customer noticed impact - 100% availability. Given that Linux software RAID does not achieve the goal of RAID (improved availability), my recommendation would be to avoid it. If you are looking for a backup mechanism, RAID is not it (use a backup program instead). If you do need high availability, my recommendation is to purchase an LSI based RAID controller. If you plan to use RAID 5, make sure the model you choose has a write cache (this could double the cost of the controller). Used IBM, HP, or Dell RAID controllers are available for a reasonable price or you can purchase a new one from Newegg or wherever. SAS RAID controllers will work with either SAS or SATA drives and you can purchase the appropriate breakout cables for connecting the controller to individual drives. Since you're planning on using 3TB+ drives that are likely 4k native sector, I'd recommend a newer model controller like the Dell PERC H730 (LSI MegaRAID SAS 9361-8i) for RAID5/6 or a PERC H330 (LSI MegaRAID SAS 9341-8i) for RAID 0/1/10. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Alternitives to Firefox...
On 27/06/19 7:58 AM, Robert Heller wrote: OK, I recently ugraded to the current ESR release of Firefox for CentOS 6. And I am having problems with the user interface (basically it has become hard [for me] to use). What alternitives are there? (Chrome and Chromium are not possible with CentOS, and Chrome and Chromium are actually worse). I have been using Vivaldi for about 6 months now on my C7 workstation, ever since FF dropped the ball on an update and lost all my saved passwords. I only have the browser store passwords for non-important sites, but there were dozens of them, and I DO NOT back them up onto the cloud to be accessible to the great un-washed. Vivaldi is not as media player friendly i.e. for video content, but to be fair I haven't spent much time trying to sort that out. I find it has some nice tools for my development work / testing, however also some bugs as on occasion it will not open a link when I double click it in say an email - Vivaldi is set as the default browser. A stop and start of the browser sorts that problem. I typically keep my browser open for weeks, or until this fault causes too much frustration. It remembers all my open tabs so the restart is fairly painless. HTH ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox esr repackage
On 11/05/19 2:05 AM, Simon Matter via CentOS wrote: Am 10.05.2019 um 11:12 schrieb Nux! : I maintain a desktop oriented repo for CentOS and last I checked a year or so ago, I got over 150k+ unique IPs with yum user agent downloading stuff from it. It's a bit anecdotal as perhaps not all are actual desktop users and some users were using multiple IPs (dhcp), but it shows there are quite a few users out there running CentOS for desktop purposes. There are desktop focused distros out there who do not even reach this kind of numbers. How many active users do you think Mageia or Linux Mint have? We are moving our workstations from OSX to EL8 right now. We think its time to couple our activities more tight to the new technologies that come with EL8 ... otherwise the user keeps brain-splitted :-) Don't get me wrong. At work we are running 99% of all desktop activity on RHEL/CentOS for much more than a decade. That's why I'm wondering why such a Firefox breakage has such a low priority for upstream. Our users are used to Firefox with several add-ons like uBlock and others. Suddenly having to run it without them is quite a mess and asks for an immediate fix. I have used CentOS 6 and 7 as workstation core along with EPEL, elrepo and nux ever since v6 was released. It has just got better and better. Then we have the likes of gnome and firefox, seeming to think of others rather than the hard core users that have consistently worked to streamline work flows in the real paying world. They are making huge changes, motivated by and in the process sacrificing work flow and efficiency as they pursue other goals. BTW, dropped firefox some months ago when one of the updates trashed my stored passwords - using vivaldi now, not quite as internet savy as ff or chrome when it comes to video playing but otherwise interesting and useful. just my 2p worth. That's what I'm wondering about. Regards, Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] PHP 7.x on CentOS 7 : which solution ?
On 15/03/19 8:51 PM, Nicolas Kovacs wrote: Hi, As you all know, CentOS 7 is shipping PHP 5.4, which is OK in some situations. Unfortunately, some applications like OwnCloud require a more recent version of PHP. Up until recently, I've been using PHP 5.6 packages from the Webtatic repository. Despite the bad press this third party repo seems to have, it has been working perfectly for me for a few years. Here's the PHP 5.6 packages I have on an OwnCloud server: $ rpm -qa | grep php php56w-devel-5.6.40-1.w7.x86_64 php56w-pdo-5.6.40-1.w7.x86_64 php56w-gd-5.6.40-1.w7.x86_64 php56w-mysql-5.6.40-1.w7.x86_64 php56w-process-5.6.40-1.w7.x86_64 php56w-pear-1.10.4-1.w7.noarch php56w-common-5.6.40-1.w7.x86_64 php56w-xml-5.6.40-1.w7.x86_64 php56w-pecl-redis-3.1.6-1.w7.x86_64 php56w-cli-5.6.40-1.w7.x86_64 php56w-mcrypt-5.6.40-1.w7.x86_64 php56w-mbstring-5.6.40-1.w7.x86_64 php56w-pecl-igbinary-2.0.5-1.w7.x86_64 php56w-pecl-apcu-4.0.11-2.w7.x86_64 php56w-intl-5.6.40-1.w7.x86_64 php56w-5.6.40-1.w7.x86_64 php56w-soap-5.6.40-1.w7.x86_64 Now I'll have to upgrade these to some version of PHP 7. So I googled "php 7 centos 7" and found quite a wealth of - sometimes contradictory - information. 1. The "recommended" way of doing things seems to be the Red Hat Software Collections. Correct me if I'm wrong. I wonder if this way of doing things will enable me to get all the PHP modules listed above. 2. The use of Webtatic seems to be frowned upon. I still have to figure out why, since this repository has always worked perfectly for me. 3. Then there's another repository managed by Remi Collet. Any thoughts on that? And then there's also the question : which version of PHP 7 should I choose ? On my servers, I'm mainly hosting WordPress, Dolibarr and OwnCloud. Any suggestions ? I'm no lamer for doing a bit of RTFM, so a pointer to documentation will do. The problem is not so much that there is no information on the subject. It's rather : there's too much. As we say in France : I'm confused about which saint to send my prayers to. :o) Hi Niki, I have been using the Remi Collet versions 7.0, 7.1 and 7.2 on a few servers that need later php versions. They seem to work as advertised, they have many supporting php libraries - not sure if they include all the ones you specify. Currently using their 7.2.15 with no issues on CentOS 7.6 with selinux enabled and enforcing. I use codeigniter v 3.1.10 and bonfire v 0.84 (my own updated version to use the latest codeigniter) plus a few other related systems: bootstrap 4.2.1, jquery 3.3.1 for my web development with this php version. php 7.3 is bleeding edge in my view - only released 12/2018 so I'll wait a bit before going there as production needs some stability. HTH Rob Cheers, Niki ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Question about updates
On 16/02/19 6:59 PM, Ralf Prengel wrote: Hallo, as a beginner using centos I‘ve a question about updates. What it the right repo for getting all security and other updates? http://mirror.eu.oneandone.net/linux/distributions/centos/7.6.1810/updates/ for example? If you have installed CentOS 7 it should have everything in place for regular updates. You simply need to invoke "sudo yum update" on a regular basis to ensure all the available updates are installed. Yum and rpm take care of sorting out where to check and apply updates from. HTH. Thanks Ralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /boot partition running out of space randomly. Please help!
On 13/02/19 2:05 PM, Sean Son wrote: Hello all First off, I am running Oracle Linux 7.6 on a Hyper-V 2016 VM for a customer. I know this is not an Oracle Linux mailling list, but because Oracle Linux and CentOS are so similar, to an extent, I figured why not ask on here because someone MIGHT know the answer.. Here is the issue. I have a 600MB /boot partition allocated on a UEFI system. The /boot/efi partition is on a separate EFI partition. Recently, I noticed that this system has been crashing every few minutes and when I checked the disk space, I noticed that the /boot partition has zero free space available. I removed all of the old kernels and left the running kernel in place, in hopes that will free up some space. It freed up about 50MB or so, but then the system would crash again. After I would reboot the VM to bring the system back up, I ran a df -h /boot, and the results were reporting ZERO disk space again for the /boot partition.. It makes absolutely no sense how a partition which is generally static UNLESS you move something into it, is running out of space after space has been manually freed up in the partition! What boggles me even more is that when I do an ls -lh /boot, the file systems do not add up to 600M (well 594M) at all. See below: df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 2.8G 0 2.8G 0% /dev tmpfs 2.8G 0 2.8G 0% /dev/shm tmpfs 2.8G 8.5M 2.8G 1% /run tmpfs 2.8G 0 2.8G 0% /sys/fs/cgroup /dev/mapper/VolGroup00-LogVolRoot 30G 19G 12G 63% / /dev/sda2 594M 594M 0 100% /boot /dev/sda1 238M 9.7M 229M 5% /boot/efi /dev/mapper/VolGroup00-LogVolHome 3.3G 415M 2.9G 13% /home tmpfs 565M 0 565M 0% /run/user/54321 tmpfs 565M 0 565M 0% /run/user/1000 ]$ ls -lh /boot total 92M -rw-r--r-- 1 root root 179K Dec 12 22:52 config-4.14.35-1844.0.7.el7uek.x86_64 drwx-- 3 root root 16K Dec 31 1969 efi drwx--. 2 root root 21 Feb 8 15:55 grub2 -rw---. 1 root root 54M Aug 28 12:31 initramfs-0-rescue-0287c4db206d4a9abe14f750b9091a01.img -rw--- 1 root root 22M Dec 21 17:24 initramfs-4.14.35-1844.0.7.el7uek.x86_64.img -rw-r--r-- 1 root root 329K Dec 12 22:52 symvers-4.14.35-1844.0.7.el7uek.x86_64.gz -rw-r--r-- 1 root root 3.6M Dec 12 22:52 System.map-4.14.35-1844.0.7.el7uek.x86_64 -rwxr-xr-x. 1 root root 6.1M Aug 28 12:31 vmlinuz-0-rescue-0287c4db206d4a9abe14f750b9091a01 -rwxr-xr-x 1 root root 7.2M Dec 12 22:52 vmlinuz-4.14.35-1844.0.7.el7uek.x86_64 I have no idea what is going on here and why the space keeps filling up and the VM crashing! ANY and all help will be greatly appreciated! Thanks! I am running the following kernel: 4.14.35-1844.0.7.el7uek.x86_64 My stab in the dark is that the system is trying to write a crash / rescue image and there is not enough space. du --max-depth 1 is useful too. Thanks! Sean S. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest kernel crashes X and gnome
On 9/02/19 5:57 PM, Rob Kampen wrote: Hi, Anyone else having problems with kernel 3.10.0-957.5.1.el7.x86_64? After my yum update today a reboot hung. A quick look at the Xorg.0.log shows two of my graphics cards appear to be working okay but the third one (I have two nvidia cards with a monitor each and then use the inbuilt intel one for the third monitor) gives: [ 14.246] (II) Loading sub module "fb" [ 14.246] (II) LoadModule: "fb" [ 14.247] (II) Loading /usr/lib64/xorg/modules/libfb.so [ 14.247] (II) Module fb: vendor="X.Org Foundation" [ 14.247] compiled for 1.20.1, module version = 1.0.0 [ 14.247] ABI class: X.Org ANSI C Emulation, version 0.4 [ 14.247] (II) UnloadModule: "vesa" [ 14.247] (II) Unloading vesa [ 14.247] (EE) modeset(G0): drmSetMaster failed: Invalid argument [ 14.247] (EE) Fatal server error: [ 14.247] (EE) AddScreen/ScreenInit failed for gpu driver 0 -1 [ 14.247] (EE) [ 14.247] (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. [ 14.247] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information. [ 14.247] (EE) [ 14.257] (EE) Server terminated with error (1). Closing log file. So a reboot to kernel 3.10.0-957.1.3.el7.x86_64 and all is well. First step was to change the EFI bios and disable the onboard video - once this was done I rebooted and the two nvidia cards (nouveau driver) came up just fine and I am writing this from the now working system. Problem is - I want to have my third monitor work as previously. What steps should I take to determine the problem. I checked RH reported faults for this kernel and someone had a xorg problem but in their case it was nouveau not booting - the suggested step of adding nouveau.modeset=0 to the boot was tried but as expected made no difference to my situation. It is my onboard intel that appears to have a driver that needs or received an invalid argument. Any help appreciated I note that the update also updated : Updated xorg-x11-drv-ati-18.0.1-1.el7.x86_64 @base Update 18.1.0-1.el7_6.x86_64 @updates Updated xorg-x11-server-Xorg-1.20.1-5.1.el7.x86_64 @updates Update 1.20.1-5.2.el7_6.x86_64 @updates Updated xorg-x11-server-common-1.20.1-5.1.el7.x86_64 @updates Update 1.20.1-5.2.el7_6.x86_64 @updates Before I start trying to solve this by myself, just wanted to see if anyone else has had issues. TIA Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Latest kernel crashes X and gnome
Hi, Anyone else having problems with kernel 3.10.0-957.5.1.el7.x86_64? After my yum update today a reboot hung. A quick look at the Xorg.0.log shows two of my graphics cards appear to be working okay but the third one (I have two nvidia cards with a monitor each and then use the inbuilt intel one for the third monitor) gives: [ 14.246] (II) Loading sub module "fb" [ 14.246] (II) LoadModule: "fb" [ 14.247] (II) Loading /usr/lib64/xorg/modules/libfb.so [ 14.247] (II) Module fb: vendor="X.Org Foundation" [ 14.247] compiled for 1.20.1, module version = 1.0.0 [ 14.247] ABI class: X.Org ANSI C Emulation, version 0.4 [ 14.247] (II) UnloadModule: "vesa" [ 14.247] (II) Unloading vesa [ 14.247] (EE) modeset(G0): drmSetMaster failed: Invalid argument [ 14.247] (EE) Fatal server error: [ 14.247] (EE) AddScreen/ScreenInit failed for gpu driver 0 -1 [ 14.247] (EE) [ 14.247] (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. [ 14.247] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information. [ 14.247] (EE) [ 14.257] (EE) Server terminated with error (1). Closing log file. So a reboot to kernel 3.10.0-957.1.3.el7.x86_64 and all is well. I note that the update also updated : Updated xorg-x11-drv-ati-18.0.1-1.el7.x86_64 @base Update 18.1.0-1.el7_6.x86_64 @updates Updated xorg-x11-server-Xorg-1.20.1-5.1.el7.x86_64 @updates Update 1.20.1-5.2.el7_6.x86_64 @updates Updated xorg-x11-server-common-1.20.1-5.1.el7.x86_64 @updates Update 1.20.1-5.2.el7_6.x86_64 @updates Before I start trying to solve this by myself, just wanted to see if anyone else has had issues. TIA Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] upgrading 7.5 ==> 7.6
On 21/12/18 5:21 PM, Fred Smith wrote: On Wed, Dec 19, 2018 at 01:50:06PM -0500, Fred Smith wrote: hI ALL! There have been a large enough number of people posting here about difficulties when upgrading from 7. to 7.6 that I'm being somewhat paranoid about it. I have several machines to upgrade, but so far the only one I've dared to work on (least critical if it goes bad) is my new-to-me-but-used laptop. First I did a 'dd' backup of the whole drive onto an external USB drive then did the upgrade. Since I use the Mate desktop, I enabled the epel testing repo (per postings on Mate troubles at the time of the upgrade). Result: Boots to GDM just fine, but Mate is a black screen. Switching to Gnome, works fine, but I can't stand Gnome. Not knowing what else to try I restored the dd backup. Later I inserted a spare HD and did a new install from the DVD media. This installed without issue, but now no desktop works. Switching to a console (CTRL-ALT-F2) I did a full "yum update", which installed quite a few packages, but upon reboot nothing had improved. So I added the epel repo (and testing) and installed Mate. Ditto, nothing had changed. This laptop is fairly old, and according to lshw, has a RV635/M86 [Mobility Radeon HD 3650]I] video chipset, in case it matters. CPU is identified as: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz Having previously installed 7.5 on it without trouble, on which Mate works just fine, I wonder what could have become so broken that neither an upgrade nor a fresh install works. I have, as I said, several other machines to upgrade, too, some of them have Nvidia grahics (esp. my main desktop box, which also uses Linux software RAID-1) and all run Mate. Then there is a netbook (low priority) a couple of VMs (in virtualbox) and at work several other VMS as well as bare-metal on a Lenovo deskside machine, and I'm afraid to do an update on all of them because I need them to be in usable condition. The Lenovo box in my office is somewhat urgent, as I am about to retire and turn it over to someone else who doesn't know much about Linux. I'd appreciate any advice I can get on how to get these systems upgraded without breaking them. thanks in advance for your help! Fred One more data point: After taking a dd backup of the HD in my Acer Aspire One netbook (screaming 1.6 GHz Atom, dual core!!), I did the 7.5 to 7.6 update and it went perfectly fine, although it had 800 packages to update, so it was kinda slow. Do any of you know if the various Nvidia issues, and problems upgrading software RAID1 systems have reached resolution? I haven't seen postings here regarding solutions for those problems, and knowing my luck, I would hit both of 'em on my personal desktop. Thanks in advance for any response! Fred I had major issues with two machines, both with nvidia cards. I found that the SL spin of CentOS 7 has fixes for the xorg problems. Akemi Yagi posted the solution which worked fine - it was just difficult to get the required files onto the broken device with no gui. The only issue I've seen reported that sounds similar or possibly related is: https://bugzilla.redhat.com/show_bug.cgi?id=1650634 Yes, seems this is the laptop issue, will prove tomorrow. There is a patch in that bug you might like to try. Not too keen on this, would need to find a detailed howto as I have not done any rebuilds for a number of years. I presume that RH will at some point release a fix for this? The submitter of RHBZ 1650634 is a developer of Scientific Linux. The xorg packages in SL 7.6 have been published with the referenced patch applied. If you so wish, you could install their packages. ftp://linux1.fnal.gov/linux/scientific/7.6/x86_64/updates/security/ Note the "sl7" tag instead of "el7". Akemi ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CR repo update disaster for my desktop.
Sent from BlueMail On 05 Dec 2018, 7:22 AM, at 7:22 AM, Phil Perry wrote: >On 04/12/2018 09:54, Rob Kampen wrote: >> >> So in an effort to narrow down the problem I also have an old Samsung > >> laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I >would >> try a more conservative upgrade approach. >> >> first updated to the CR kernel with yum upgrade kernel* >> >> then after successful reboot did an update to gdm* and gnome* >> >> another reboot and all is well >> >> then update of xorg* (only 20 files) >> >> Now it will not boot - keyboard is non responsive so cannot even do a > >> Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this > >> machine for now and back to my main desktop workstation. >> > >The only issue I've seen reported that sounds similar or possibly >related is: > >https://bugzilla.redhat.com/show_bug.cgi?id=1650634 > >There is a patch in that bug you might like to try. > >> No idea if this xorg problem relates to my original workstation - so >on >> that machine I did a downgrade of xorg* - seemed to complete ok, but >on >> reboot and login - still the same problem. >> >> As the only clue in the logs is the libc segfault I did a downgrade >of >> glibc - this too seemed to work but no change to the system - gnome >> crashes after 5 - 10 seconds. >> > >I'm guessing that probably hasn't helped matters > >> Wasted far too much time on this, no idea what to do now so I have >done >> a fresh 7.5 install and all works again - just need to install all >the >> additional stuff I use each day, but at least I have a desktop that >> functions. >> >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CR repo update disaster for my desktop.
On 5/12/18 7:21 AM, Phil Perry wrote: On 04/12/2018 09:54, Rob Kampen wrote: So in an effort to narrow down the problem I also have an old Samsung laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I would try a more conservative upgrade approach. first updated to the CR kernel with yum upgrade kernel* then after successful reboot did an update to gdm* and gnome* another reboot and all is well then update of xorg* (only 20 files) Now it will not boot - keyboard is non responsive so cannot even do a Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this machine for now and back to my main desktop workstation. The only issue I've seen reported that sounds similar or possibly related is: https://bugzilla.redhat.com/show_bug.cgi?id=1650634 Yes, seems this is the laptop issue, will prove tomorrow. There is a patch in that bug you might like to try. Not too keen on this, would need to find a detailed howto as I have not done any rebuilds for a number of years. I presume that RH will at some point release a fix for this? No idea if this xorg problem relates to my original workstation - so on that machine I did a downgrade of xorg* - seemed to complete ok, but on reboot and login - still the same problem. As the only clue in the logs is the libc segfault I did a downgrade of glibc - this too seemed to work but no change to the system - gnome crashes after 5 - 10 seconds. I'm guessing that probably hasn't helped matters Wasted far too much time on this, no idea what to do now so I have done a fresh 7.5 install and all works again - just need to install all the additional stuff I use each day, but at least I have a desktop that functions. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CR repo update disaster for my desktop.
On 5/12/18 5:30 AM, Jonathan Billings wrote: On Tue, Dec 04, 2018 at 10:54:58PM +1300, Rob Kampen wrote: So in an effort to narrow down the problem I also have an old Samsung laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I would try a more conservative upgrade approach. first updated to the CR kernel with yum upgrade kernel* then after successful reboot did an update to gdm* and gnome* another reboot and all is well then update of xorg* (only 20 files) Now it will not boot - keyboard is non responsive so cannot even do a Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this machine for now and back to my main desktop workstation. Where does it stop booting? Can you remove 'rhgb quiet' from the kernel command line and see how it is booting? Also, are you using UEFI boot or the old BIOS boot? on the laptop it seems I have the Red Hat Bugzilla – Bug 1650634 problem. It is bios boot. My workstation has UEFI boot, but it has now been clean installed with 7.5 and until there is a fix to the above bugzilla i'll hold off on doing much other than update the kernel. Thanks for response, i will use the removal of rhgb quiet. I will wait until 7.6 is officially released, watch the list for a week or two and then with much fear and trepidation give it a go. 7.6 has been released, so you should expect these packages to start arriving on all your CentOS 7 systems. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CR repo update disaster for my desktop.
On 5/12/18 4:17 AM, Simon Matter wrote: On 4/12/18 9:06 AM, Rob Kampen wrote: Sorry for top post, my android BlueMail will not let me insert at the bottom. I have found that tracker-extract seems to trigger a segfault. I note this is not updated in CR, but comes from base. Removal of tracker seems too harsh as it has dependant modules like brasero, evince, grilo, nautilus and totem. Maybe there is an obscure relationship in tracker that need attention. Stumpped. Sent from BlueMail On 03 Dec 2018, 11:28 PM, at 11:28 PM, Fabian Arrotin wrote: On 03/12/2018 11:14, John Hodrien wrote: On Mon, 3 Dec 2018, Simon Matter wrote: Le 03/12/2018 à 06:25, Rob Kampen a écrit : I enabled the CR repo and did the yum update. Some 800+ rpms were offered and all seemed to resolve depenancies OK, so yes it was started. The updates completed and all looked good, until the reboot. I got a similar disaster here. I guess the lesson to be learned is that CR is nice to have on servers, but don't use it on desktops. My question is what will change with the final release of 7.6? I thought the CR repo usually holds all updates with the exception of centos-release, or are there more updates to come? I had the impression that in the past, the final release brought only cosmetic changes with the centos-release being updated. I've seen zero problems on Desktops I've installed CR on. If CR has issues, as you say you'd expect 7.6 to have problems. If things are failing with CR updates, you really want to investigate what's going on. jh +1 as 7.6.1810 is exactly 7.5.1804+updates+CR so only missing packages are centos-release/anaconda and install tree/media .. So if there are issues with CR, using the list and bugs.centos.org would be good. BTW : the goal of CR is exactly to find those issues earlier and then write Release Notes with workarounds/warnings So in an effort to narrow down the problem I also have an old Samsung laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I would try a more conservative upgrade approach. first updated to the CR kernel with yum upgrade kernel* then after successful reboot did an update to gdm* and gnome* another reboot and all is well then update of xorg* (only 20 files) Now it will not boot - keyboard is non responsive so cannot even do a Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this machine for now and back to my main desktop workstation. No idea if this xorg problem relates to my original workstation - so on that machine I did a downgrade of xorg* - seemed to complete ok, but on reboot and login - still the same problem. As the only clue in the logs is the libc segfault I did a downgrade of glibc - this too seemed to work but no change to the system - gnome crashes after 5 - 10 seconds. Wasted far too much time on this, no idea what to do now so I have done a fresh 7.5 install and all works again - just need to install all the additional stuff I use each day, but at least I have a desktop that functions. I will wait until 7.6 is officially released, watch the list for a week or two and then with much fear and trepidation give it a go. As a long time user of CentOS (well over a decade - I started with 5.x workstations, then had a couple of 6.x, and used two 7.x machines, not counting my servers), I must observe that the core server stuff "just works" e.g. mail, mysql / mariadb, postfix, dovecot, apache, php. Even the migration to libreoffice was okay. The major version upgrades each gave an all over better desktop experience. What has also happened however is that some of the 7.x upgrades have been difficult to deal with - one of the recent firefox updates lost all my local password databases which I do not back up to the cloud for obvious reasons. Unable to resolve the instability after many hours of testing and trialing combinations, I have left firefox and moved to vivaldi - we'll see how that works. As upstream seems to include more bleeding edge versions of major desktop utilities such as firefox, stability has been compromised. Now with this latest CR update, I have no idea if it is gnome, gdm, xorg or some other component, but to have two quite differently configured machines both loose their desktops, I am unhappy. The use of roll back of over 800 files just didn't pass the transaction test thus that too was futile. I thought the approach I used with my laptop today was sufficiently cautious, yet it caught me and I am still trying to work out what to do next. As always, happy to entertain ideas and suggestions. My main workstation however is now safely working at a clean install of 7.5, thus cannot do further tests there, life must go on, four days of down time is far too much. Also let me give a heartfelt thanks to the hard working CentOS team, I see the more and more difficult task you need to navigate with each major update, you do an outstanding task, and I am most grateful! The big question rem
Re: [CentOS] CR repo update disaster for my desktop.
On 4/12/18 9:06 AM, Rob Kampen wrote: Sorry for top post, my android BlueMail will not let me insert at the bottom. I have found that tracker-extract seems to trigger a segfault. I note this is not updated in CR, but comes from base. Removal of tracker seems too harsh as it has dependant modules like brasero, evince, grilo, nautilus and totem. Maybe there is an obscure relationship in tracker that need attention. Stumpped. Sent from BlueMail On 03 Dec 2018, 11:28 PM, at 11:28 PM, Fabian Arrotin wrote: On 03/12/2018 11:14, John Hodrien wrote: On Mon, 3 Dec 2018, Simon Matter wrote: Le 03/12/2018 à 06:25, Rob Kampen a écrit : I enabled the CR repo and did the yum update. Some 800+ rpms were offered and all seemed to resolve depenancies OK, so yes it was started. The updates completed and all looked good, until the reboot. I got a similar disaster here. I guess the lesson to be learned is that CR is nice to have on servers, but don't use it on desktops. My question is what will change with the final release of 7.6? I thought the CR repo usually holds all updates with the exception of centos-release, or are there more updates to come? I had the impression that in the past, the final release brought only cosmetic changes with the centos-release being updated. I've seen zero problems on Desktops I've installed CR on. If CR has issues, as you say you'd expect 7.6 to have problems. If things are failing with CR updates, you really want to investigate what's going on. jh +1 as 7.6.1810 is exactly 7.5.1804+updates+CR so only missing packages are centos-release/anaconda and install tree/media .. So if there are issues with CR, using the list and bugs.centos.org would be good. BTW : the goal of CR is exactly to find those issues earlier and then write Release Notes with workarounds/warnings So in an effort to narrow down the problem I also have an old Samsung laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I would try a more conservative upgrade approach. first updated to the CR kernel with yum upgrade kernel* then after successful reboot did an update to gdm* and gnome* another reboot and all is well then update of xorg* (only 20 files) Now it will not boot - keyboard is non responsive so cannot even do a Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this machine for now and back to my main desktop workstation. No idea if this xorg problem relates to my original workstation - so on that machine I did a downgrade of xorg* - seemed to complete ok, but on reboot and login - still the same problem. As the only clue in the logs is the libc segfault I did a downgrade of glibc - this too seemed to work but no change to the system - gnome crashes after 5 - 10 seconds. Wasted far too much time on this, no idea what to do now so I have done a fresh 7.5 install and all works again - just need to install all the additional stuff I use each day, but at least I have a desktop that functions. I will wait until 7.6 is officially released, watch the list for a week or two and then with much fear and trepidation give it a go. As a long time user of CentOS (well over a decade - I started with 5.x workstations, then had a couple of 6.x, and used two 7.x machines, not counting my servers), I must observe that the core server stuff "just works" e.g. mail, mysql / mariadb, postfix, dovecot, apache, php. Even the migration to libreoffice was okay. The major version upgrades each gave an all over better desktop experience. What has also happened however is that some of the 7.x upgrades have been difficult to deal with - one of the recent firefox updates lost all my local password databases which I do not back up to the cloud for obvious reasons. Unable to resolve the instability after many hours of testing and trialing combinations, I have left firefox and moved to vivaldi - we'll see how that works. As upstream seems to include more bleeding edge versions of major desktop utilities such as firefox, stability has been compromised. Now with this latest CR update, I have no idea if it is gnome, gdm, xorg or some other component, but to have two quite differently configured machines both loose their desktops, I am unhappy. The use of roll back of over 800 files just didn't pass the transaction test thus that too was futile. I thought the approach I used with my laptop today was sufficiently cautious, yet it caught me and I am still trying to work out what to do next. As always, happy to entertain ideas and suggestions. My main workstation however is now safely working at a clean install of 7.5, thus cannot do further tests there, life must go on, four days of down time is far too much. Also let me give a heartfelt thanks to the hard working CentOS team, I see the more and more difficult task you need to navigate with each major update, you do an outstanding task, and I am most grateful! -- Fabi
Re: [CentOS] CR repo update disaster for my desktop.
On 03/12/18 23:47, Leon Fauster via CentOS wrote: Am 03.12.2018 um 11:14 schrieb John Hodrien : On Mon, 3 Dec 2018, Simon Matter wrote: Le 03/12/2018 à 06:25, Rob Kampen a écrit : I enabled the CR repo and did the yum update. Some 800+ rpms were offered and all seemed to resolve depenancies OK, so yes it was started. The updates completed and all looked good, until the reboot. I got a similar disaster here. I guess the lesson to be learned is that CR is nice to have on servers, but don't use it on desktops. My question is what will change with the final release of 7.6? I thought the CR repo usually holds all updates with the exception of centos-release, or are there more updates to come? I had the impression that in the past, the final release brought only cosmetic changes with the centos-release being updated. I've seen zero problems on Desktops I've installed CR on. If CR has issues, as you say you'd expect 7.6 to have problems. If things are failing with CR updates, you really want to investigate what's going on. The mentioned problem could be related to the nvidia packages ... such cases (transition to 7.6) were discussed on ELrepo's list. That is why I removed kmod-nvidia and am now running on nouveau - still have the problem. http://lists.elrepo.org/pipermail/elrepo/ -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CR repo update disaster for my desktop.
Sorry for top post, my android BlueMail will not let me insert at the bottom. I have found that tracker-extract seems to trigger a segfault. I note this is not updated in CR, but comes from base. Removal of tracker seems too harsh as it has dependant modules like brasero, evince, grilo, nautilus and totem. Maybe there is an obscure relationship in tracker that need attention. Stumpped. Sent from BlueMail On 03 Dec 2018, 11:28 PM, at 11:28 PM, Fabian Arrotin wrote: >On 03/12/2018 11:14, John Hodrien wrote: >> On Mon, 3 Dec 2018, Simon Matter wrote: >> >>>> Le 03/12/2018 à 06:25, Rob Kampen a écrit : >>>>> I enabled the CR repo and did the yum update. Some 800+ rpms were >>>>> offered and all seemed to resolve depenancies OK, so yes it was >>>>> started. The updates completed and all looked good, until the >reboot. >>>> >>>> I got a similar disaster here. I guess the lesson to be learned is >that >>>> CR is nice to have on servers, but don't use it on desktops. >>> >>> My question is what will change with the final release of 7.6? I >thought >>> the CR repo usually holds all updates with the exception of >>> centos-release, or are there more updates to come? I had the >impression >>> that in the past, the final release brought only cosmetic changes >with >>> the >>> centos-release being updated. >> >> I've seen zero problems on Desktops I've installed CR on. >> >> If CR has issues, as you say you'd expect 7.6 to have problems. If >> things are >> failing with CR updates, you really want to investigate what's going >on. >> >> jh > >+1 as 7.6.1810 is exactly 7.5.1804+updates+CR so only missing packages >are centos-release/anaconda and install tree/media .. > >So if there are issues with CR, using the list and bugs.centos.org >would >be good. >BTW : the goal of CR is exactly to find those issues earlier and then >write Release Notes with workarounds/warnings > >-- >Fabian Arrotin >The CentOS Project | https://www.centos.org >gpg key: 56BEC54E | twitter: @arrfab > > > > > >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CR repo update disaster for my desktop.
I have a centos 7.5 desktop workstation with dual nvidia graphic cards running three monitors. I use the i915 motherboard graphics adapter for the third monitor with bumblebee to work the magic to enable the three contiguous work spaces. I use the kmod nvidia drivers for the two graphics cards. This has worked without a hitch for 5 months until this weekend. I enabled the CR repo and did the yum update. Some 800+ rpms were offered and all seemed to resolve depenancies OK, so yes it was started. The updates completed and all looked good, until the reboot. Initially the new kernel would boot just fine but the gdm/gnome desktop hung. No login offered. Reboot and select previous kernel, great, offered login, but the desktop barely settles before gnome crashes, and gdm restarts and I get to login afresh. Eventually I have, removed bumblebee, disabled the on board graphics adapter, reinstalled gnome multiple times, removed nvidia drivers, blown away my .gnome and related folders, tried as a new user, (no customizations of the desktop) all to no avail. Current situation is under my user account cannot get stable desktop for more than 10 seconds before it sends segfault error 4 in libc-2.17.so What do I do now? Seems that these big updates need to be applied in sub batches with reboots in between so that one can back out. Any ideas appreciated. Rob Sent from BlueMail ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IBM buying RedHat
On 30/10/18 20:06, Eddie G. O'Connor Jr. wrote: On 10/30/18 2:46 AM, Simon Matter wrote: On 10/29/18 1:55 AM, Simon Matter wrote: To me it seems like, if they are smart, they will try to push IBM POWER and RedHat Linux together to establish real competition in the hardware market again (and of course don't forget to keep Fedora/CentOS alive)! Er, RHEL has been running on Power for a very long time. The fastest supercomputer in the world is Power9 + RHEL. What I meant is that POWER could become a competitor for Intel/AMD based servers. We're now running AMD EPYC servers with 64Cores/128Threads and we didn't find any POWER system which could compete in this area. Also, looking at TOP500 list there are not so many POWER systems anymore. IBM could change this now. Regards, Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Yeah.I guess that's one way to look at it. My biggest worry? Is I've placed so much time and effort "getting to know" Fedora and its intricacies, idiosyncrasies, its ins and outs...dealt with ridicule on this very same list when I first started, have "cut my teeth" on learning VERY hard lessons about certain syntax in the Terminal and what NOT to type...only to have that all "taken" away from me at the whim of IBM. It just seems unfair. I'm hoping like H3LL that the developers @ Fedora are seriously thinking about forking "Just In Case"!? I mean they could still use the .RPM extensions, and possibly even still pull their code from RHEL, but at least they would be autonomous and wouldn't have to rely on IBM's good will in order to keep on churning out whatto me...is the best Linux distro on the planet! As I write thisI'm eyeballing the spare ThinkPad T-410 that I've neglected since I have Fedora running on a Dell XPS, and I'm thinking its time to get "back to my roots" and to find a distro I can put on that device and run without concernI've heard some decent things about this "Pop-OS" which comes with System76's hardware. Maybe I'll give that a spin..then like I had said before...there's always Debian plain vanilla...with maybe MATE or Cinnamon?.or else its going to have to be where I buckle down and finally learn all there is to know about LFS and Arch Linux and then move on to one of those...(God!.at 47!?its like how can I POSSIBLY start over again!?...) and THIS is the kind of turmoil that ensues when a corporation buys a fully functioning open course company! wow, I am just 62 and looking forward to the next round of CentOS - version 8 coming up? - must be due soon Love learning new stuff, it never gets old (pun intended). sorry for the noise, but couldn't resist, must be the age EGO II ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Frefox update from firefox-60.2.0-1.el7.centos.x86_64 to 60.2.1-1.el7.centos.x86_64 lost master password
On 13/10/18 02:24, Phelps, Matthew wrote: On Wed, Oct 3, 2018 at 5:34 AM Rob Kampen wrote: Hi list, Did an update to firefox last night and rebooted over night. Today I find firefox started without asking for master password - funny me thinks. Try to log in to a web service I use and find that my password does not appear. Check preferences and find that no master password is set and the password list / table is empty. As I do not trust my passwords to the cloud I do not save these to my firefox profile . so back to manual entry for all my sites wow going to be a slow month as I reset scores of passwords. Any one else have this problem and any clues as to what causes this? I am concerned if this should happen again, as I have saved passwords for many scores of web services. TIA Rob We've run into this. Is it fixed in the latest firefox, 60.2.2-1? If not, it is not clear to me how to use the export NSS_DEFAULT_DB_TYPE="sql" put this in .bash_profile and reboot - then check from a shell that export shows the declaration. I think this locks firefox into the old key3.db mode of operation. I didn't have an old file to restore, thus lost all my logins and also my noscript history - what a huge PITA! Have just done the yum update for the latest firefox and now I see a key4.db. Needed to start the new firefox and exit before it showed. HOWEVER when I logged out and back in without the export command it all went pear shaped again. So reinstated the export NSS again, now I needed to reestablish the master password file, it seems to make a new key3.db file and doesn't touch the key4.db file that was originally created after the firefox update. BUT THEN when I exit a second time it deletes the key3.db and I'm back to ZERO. This is so stuffed up! Seems every second time I exit Firefox it kills the key3.db and all my stuff is gone. Some seriously brain dead designers in the firefox / mozilla stable at this time. Seems that one cannot afford to exit firefox and keep the master password file/database. After so many years of using it, I cannot live without a reliable password and master password database - firefox clearly doesn't have this capability any longer. Moving to try Vivaldi method mentioned. Do we restore the old key3.db file, have the user set that variable, then start the new firefox? With that create a key4.db file and use it from then on? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Frefox update from firefox-60.2.0-1.el7.centos.x86_64 to 60.2.1-1.el7.centos.x86_64 lost master password
On 05/10/18 01:27, Tony Molloy wrote: On Thu, 2018-10-04 at 21:27 +1300, Rob Kampen wrote: On 04/10/18 05:45, Akemi Yagi wrote: On Wed, Oct 3, 2018 at 9:19 AM Stephen John Smoogen wrote: It would seem that the problem is with upstream-upstream's (aka Firefox) cleaning up of items that are not supposed to be there after Firefox 58 https://bugzilla.mozilla.org/show_bug.cgi?id=1475775 It looks like it is deleting files it thinks should have been converted to a newer more secure version.. but don't seem to be for some reason. I am not sure if those files will just removed again every time you restore them. That link added to the related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1633932 Yes, that seems to describe what I am experiencing. As I usually keep FF open for days at a time, it has taken a while to show up. Will now try the $ export NSS_DEFAULT_DB_TYPE="sql" Akemi Hi Akemi, That sorted the problem for me, thanks. Now to start re-entering all my previously stored passwords. Lucky I have a list of sites if not the usernames/passwords ;-( Regards Tony works for me too - will just need to make sure this goes somewhere safe to ensure survival after a reboot. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Frefox update from firefox-60.2.0-1.el7.centos.x86_64 to 60.2.1-1.el7.centos.x86_64 lost master password
On 04/10/18 05:45, Akemi Yagi wrote: On Wed, Oct 3, 2018 at 9:19 AM Stephen John Smoogen wrote: It would seem that the problem is with upstream-upstream's (aka Firefox) cleaning up of items that are not supposed to be there after Firefox 58 https://bugzilla.mozilla.org/show_bug.cgi?id=1475775 It looks like it is deleting files it thinks should have been converted to a newer more secure version.. but don't seem to be for some reason. I am not sure if those files will just removed again every time you restore them. That link added to the related RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1633932 Yes, that seems to describe what I am experiencing. As I usually keep FF open for days at a time, it has taken a while to show up. Will now try the $ export NSS_DEFAULT_DB_TYPE="sql" Akemi ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Frefox update from firefox-60.2.0-1.el7.centos.x86_64 to 60.2.1-1.el7.centos.x86_64 lost master password
Hi list, Did an update to firefox last night and rebooted over night. Today I find firefox started without asking for master password - funny me thinks. Try to log in to a web service I use and find that my password does not appear. Check preferences and find that no master password is set and the password list / table is empty. As I do not trust my passwords to the cloud I do not save these to my firefox profile . so back to manual entry for all my sites wow going to be a slow month as I reset scores of passwords. Any one else have this problem and any clues as to what causes this? I am concerned if this should happen again, as I have saved passwords for many scores of web services. TIA Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Firefox Issue
On 17/09/18 21:54, Chris Olson via CentOS wrote: We have several small networks, some of which have only four systems that are usually a mix of Windows 7 and CentOS 6 and CentOS 7 machines. All of these systems are Internet connected and updated regularly when yum finds packages available. Information about one of the CentOS 6 machines is included below. This system experienced a Firefox issue. [user@computer]$ uname -a Linux computer 2.6.32-754.3.5.el6.x86_64 #1 SMP Tue Aug 14 20:46:41 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux [user@computer]$ Several weeks ago, one of the Firefox updates did something unusual. It changed the browser-stored home page to https://www.centos.org/ from the original home page file:///usr/share/doc/HTML/index.html. This original home page had been in place since 2014, and had survived all Firefox updates for a little over four years. Last week, someone left one browser running and the system went into power save mode. To wake the system up we used the standard method of a quick push of the power button on the front of the Dell tower system. Although the system seemed to be running, the monitor and mouse never came to life. We also could not ssh into the system from any other computer on the network. We decided to use a steady push on the power button to shut the system down. After powering up again, the system seemed to run normally, but the browser home page was back to file:///usr/share/doc/HTML/index.html. Has anyone else experienced such an issue with Firefox recently? I note each time there is a firefox yum update that the next time I start firefox from closed, that it brings up a tab with the centos homepage and another tab has my start page. The page on display (active tab) is the centos one next start is back to normal. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] using Skype on C-7
On 25/05/18 16:26, Gregory P. Ennis wrote: Hi I've whined about this before, but now I feel the overwhelming urge to whine some more. Forgiveness begged... :) I've spent some very frustrating times trying to get a microphone to work when doing skype calls. According to the various sound tools available on Centos all the various mics I have (built into webcam, analog headset, USB headset)produce sound just fine. but when using skype there are too many different knobs one can turn to actually make it work. There's PulseAudio, Alsamixer, and for me, since I use the Mate desktop, the Mate Volume Control, which can also be accessed by a right-click on the speaker icon in the top panel. then in skype I get a list of 5 (FIVE!) different audio input devices. I just spent a frustrating time trying to join in a daily scrum at my office (I'm out of the office today) wherein I could not get outgoing audio to work. afterwards I tried more things and managed to get ONE of the 3 to work, the one built into the webcam. to do that I had to make the following settings: choose Input tab in the Mate Volume Control, then move the volume slider most of the way over to the right. In Alsa Mixer, set front mic to 70 and front mic boost to 100. In Pavucontrol, enable webcam audio input, and crank it way up. in Skype, choose "default device", as distinct from "Default Device", or the other three choices. There's gotta be a better way, I'm open to suggestions from anyone else who has figured out how to configure the system to work with Skype, without having to configure FOUR different applications before it will work. thanks (a lot!) in advance! - I am afraid I do not have an answer. I looked at your post with the hope you would get a lot of responses. I finally gave up trying to get Skype to work with Cemtos 7 and put together a dual boot system with a microsoft os too. Skype works fine on the microsoft os, but I never could get it to work on centos 7. Greg I have two laptops with C7 and skype - both pick up the laptop microphone just fine. On one of the laptops, the inbuilt mic is too noisy as it picks up the fans - it is a high powered i7 chip and fast graphic card thus lots of heat. So on that one I simply plug in an analog mic into the mic jack and that too just works (tm), Sorry to hear your particular setup is problematic - five mics does seem a lot, I guess no one has that many options. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 + KDE : Dolphin weirdness
On 24/05/18 07:50, Nicolas Kovacs wrote: Hi, I'm running CentOS 7 + KDE on my workstation. Since the latest big batch of updates, Dolphin behaves a bit weirdly. When I download a .zip archive and then right click and "Extract here", the extracted files don't show. I have to hit F5 to refresh the current directory view and display the new files. Cheers, Niki I have noticed that for a while - pre the last major update; the directory file list does not update with changes unless I do an F5 update - Nautilus does not have this problem. I suspect there is a notification somewhere in the OS that is not being picked up by Dolphin - amazing how annoying this is, yet it wasn't that many years ago when this was normal behavior. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacement for Pdftk under CentOS 7 ?
On 09/05/18 22:22, Nicolas Kovacs wrote: Hi, Two weeks ago I migrated all our local school's servers and clients from Slackware 14.1 to CentOS 7. Everything went perfectly, and now I'm busy sanding down some edges. The previous installation sported pdftk and a frontend (can't remember the name) which allowed some basic operations on PDF files such as splitting and concatenation. The school's staff used this application all the time. Unfortunately it's not available under CentOS 7. Can you suggest any replacement for this application? On a side note, it should be something with a point-and-click GUI. Cheers, Niki I use it under CentOS 7 it comes from nux_dextop who i use for multi-media rpms. HTH ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] memory cgroup max_usage_in_bytes question
On 05/04/18 01:56, Stijn De Weirdt wrote: hi all, can someone help explaining what we are seeing? it makes no sense to us. this is a host running centos 7.4 with 3.10.0-693.17.1 kernel, and it has 192GB of ram [] free -b totalusedfree shared buff/cache available Mem:201402642432 14413479936 7564277760048586752 111346384896 185689632768 Swap: 2147483238431961088 21442871296 [] cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes 273102151680 how can the max be so much higher than total, and this is not even memsw? Binary K,M,G are 1024 multiples not 1000 so total seems a little low. either we're very tired and are overlooking something obvious, or there's something new to be learned ;) many thanks, stijn ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Low random entropy
On 29/05/17 15:46, Robert Moskowitz wrote: On 05/28/2017 06:57 PM, Rob Kampen wrote: On 28/05/17 23:56, Leon Fauster wrote: Am 28.05.2017 um 12:16 schrieb Robert Moskowitz <r...@htt-consult.com>: On 05/28/2017 04:24 AM, Tony Mountifield wrote: In article <792718e8-f403-1dea-367d-977b157af...@htt-consult.com>, Robert Moskowitz <r...@htt-consult.com> wrote: On 05/26/2017 08:35 PM, Leon Fauster wrote: drops back to 30! for a few minutes. Sigh. http://issihosts.com/haveged/ EPEL: yum install haveged WOW!!! installed, enabled, and started. Entropy jumped from ~130 bits to ~2000 bits thanks Note to anyone running a web server, or creating certs. You need entropy. Without it your keys are weak and attackable. Probably even known already. Interesting. I just did a quick check of the various servers I support, and have noticed that all the CentOS 5 and 6 systems report entropy in the low hundreds of bits, but all the CentOS 4 systems and the one old FC3 system all report over 3000 bits. Since they were all pretty much stock installs, what difference between the versions might explain what I observed? This is partly why so many certs found in the U of Mich study are weak and factorable. So many systems have inadequate entropy for the generation of key pairs to use in TLS certs. Worst are certs created in firstboot process where at times there is no entropy, but the firstboot still creates its certs. /var/lib/random-seed and $HOME/.rnd are approaches to mitigate this scenario. -- LF so there are mitigations - the question really is: why hasn't redhat made these mitigations the default for their enterprise products - maybe other influences we are unaware of - seems like a huge big hole. With the advent of SSL/TLS being mandated by google et al, every device needs access to entropy. The challenge is this is so system dependent. Some are just fine with stock install. Others need rng-tools. Still others need haveged. If Redhat were to do anything, it would be to stop making the default cert during firstboot. Rather spin off a one-time process that would wait until there was enough entropy and then create the default cert. Thing is I can come up with situations were that can go wrong. There are a lot of best practices with certificates and crypto that are not apparent to most admins. I know some things for the crypto work I do (I am the author of the HIP protocol in the IETF). There is just not one size fits all here, and people need to collect clues along with random entropy OK that makes sense, I've been admin on linux servers for about 18 years, understand the basics, use certificates for web and email servers. This thread has exposed an area that I'm peripherally aware of - the need to generate with sufficient entropy the cipher that goes across the internet in order to avoid an observer being able to reverse engineer the keys used. I still fail to see why every server and workstation is not set up to do this at some minimum level - i guess linux out of the box does this, the issue is that the minimum from just the basic kernel on most hardware is too little with today's ability to crack ciphers.. Is there some practical guideline out there that puts this in terms that don't require a PhD in mathematics to understand and implement. For instance I have setup and run mail servers for nearly two decades, only in the last 10+ years with certificates and mandated SSL/TLS - yet the issue of low random entropy is relevant here but until this thread I hadn't taken steps to resolve. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Low random entropy
On 28/05/17 23:56, Leon Fauster wrote: Am 28.05.2017 um 12:16 schrieb Robert Moskowitz: On 05/28/2017 04:24 AM, Tony Mountifield wrote: In article <792718e8-f403-1dea-367d-977b157af...@htt-consult.com>, Robert Moskowitz wrote: On 05/26/2017 08:35 PM, Leon Fauster wrote: drops back to 30! for a few minutes. Sigh. http://issihosts.com/haveged/ EPEL: yum install haveged WOW!!! installed, enabled, and started. Entropy jumped from ~130 bits to ~2000 bits thanks Note to anyone running a web server, or creating certs. You need entropy. Without it your keys are weak and attackable. Probably even known already. Interesting. I just did a quick check of the various servers I support, and have noticed that all the CentOS 5 and 6 systems report entropy in the low hundreds of bits, but all the CentOS 4 systems and the one old FC3 system all report over 3000 bits. Since they were all pretty much stock installs, what difference between the versions might explain what I observed? This is partly why so many certs found in the U of Mich study are weak and factorable. So many systems have inadequate entropy for the generation of key pairs to use in TLS certs. Worst are certs created in firstboot process where at times there is no entropy, but the firstboot still creates its certs. /var/lib/random-seed and $HOME/.rnd are approaches to mitigate this scenario. -- LF so there are mitigations - the question really is: why hasn't redhat made these mitigations the default for their enterprise products - maybe other influences we are unaware of - seems like a huge big hole. With the advent of SSL/TLS being mandated by google et al, every device needs access to entropy. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Google-chrome-stable
Over the last week or so I have noticed that chrome fails to load pages - in fact even the setup pages do not load. Blow away the ~/.config/google-chrome/ files and restart Seems to work for a little while - then stops again - no other pages load. I have done the cleanup of the .config/google-chrome directory and then with the fresh session tried both with my google account and without any account - same result. I have just done an update in the hope it may fix things so now running Version 58.0.3029.110 (64-bit) What is going on? Firefox is working just fine. [rkampen@robsc7 google-chrome]$ rpm -qa |grep google google-chrome-stable-58.0.3029.110-1.x86_64 google-crosextra-caladea-fonts-1.002-0.4.20130214.el7.noarch google-crosextra-carlito-fonts-1.103-0.2.20130920.el7.noarch Any suggestions appreciated. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] get pdftk into (or from) a repo
On 14/05/17 06:38, ken wrote: On 05/12/2017 03:39 AM, Philippe BOURDEU d'AGUERRE wrote: Le 12/05/2017 à 02:46, ken a écrit : It's worth mentioning that this is a really nice utility for manipulating PDFs, taking them apart, rearranging them, putting pages together, and a whole lot more. I've used it hundreds of times. Probably anyone who has to work with PDFs would have need of it. In Centos 7, poppler-utils RPM has pdfdetach and pdfunite utilities which allow to manipulate pages in a pdf. That's great to know. Linux should have multiple ways to do one and the same thing. In a free world we shouldn't be dependent on just one solution. Indeed, pdfedit is another app for manipulating PDFs. Having skimmed through the docs on these and others mentioned in this thread, none of them can, in addition, rotate selected pages (i.e., turn them by 90, 180, or 270 degrees), plus select pages by the keywords "odd" and "even". The GIMP can be used to rotate PDFs, but it's a PITA to do it there and it can't natively select and then so manipulate multiple PDF pages programmatically. Rather than my repeated replying to this thread, docs on pdftk can be found at https://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/. I have used pdftk for years and it met most of my needs - however when I moved to CentOS 7 as my work station it was not available. Looking at their web site they only mention CentOS 5 & 6 thus indicating that their support for linux has stalled or been removed and no development is happening. This has been the case for at least two years. Hence I have moved to the other tools that have been mentioned previously in this thread. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 26/04/17 17:29, Robert Moskowitz wrote: On 04/26/2017 04:22 AM, Gordon Messmer wrote: On 04/25/2017 03:25 PM, Robert Moskowitz wrote: This made the same content as before that caused problems: I still don't understand, exactly. Are you seeing *new* problems after installing a policy? What are the problems? # The file '/var/lib/mysql/mysql.sock' is mislabeled on your system. # Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock # This avc can be allowed using the boolean 'daemons_enable_cluster_mode' allow dovecot_t mysqld_t:unix_stream_socket connectto; What do these 3 comments mean? I'm not sure about the first two. The context you see is the same I see on the one system where I run mysqld. Running restorecon doesn't change that context. As for the latter, it sounds like you should be able to remove your custom policy and "setsebool -P daemons_enable_cluster_mode 1" to allow dovecot to connect to mysql. did not work. it was set off, so I turned it on and tried it out. Got the same errors: Apr 26 01:25:45 z9m9z dovecot: dict: Error: mysql(/var/lib/mysql/mysql.sock): Connect failed to database (postfix): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry Apr 26 01:25:45 z9m9z dovecot: dict: Error: dict sql lookup failed: Not connected to database how have you specified your mysql server host? as localhost, 127.0.0.1 or as the hosts IP address? In my experience it needs to be localhost or 127.0.0.1 and these are also defined in /etc/hosts hth You would think that the mysql people would have a boolean to allow specific apps to access the socket. And document it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Preferred mail client
On 29/01/17 18:02, Gordon Messmer wrote: On 01/28/2017 04:03 PM, TE Dukes wrote: What is the preferred remote mail client for 7.3? I'm a fan of SOGo. never heard of it - looks interesting BUT the production versions are only available with a support contract the begins at $US 750 / annum - how dangerous is the nightly build? - I normally wouldn't dream of using a nightly build, but neither can I afford the support fee for the 20 or so clients (all not for profit charities) that I provide email services to. https://sogo.nu/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 install on one RAID 1 [not-so-SOLVED]
On 26/01/17 05:46, Tony Mountifield wrote: In article <1485342377.3072.6.ca...@biggs.org.uk>, Pete Biggswrote: On Tue, 2017-01-24 at 17:14 -0500, m.r...@5-cent.us wrote: So, it installed happily. Then wouldn't boot. No problem, I'll bring it up with pxe, then chroot and grub2-install. Um, nope. I edited the device map from hd0 and hd1 being the RAID to /dev/sda and /dev/sdb, then ran grup2-install. It now tells me can't identify the filesystem on hd0, and can't perform a safety check, and gives up. What am I missing? Google is not giving me any answers Surely, if you are using software RAID, then you should configure that RAID in anaconda, that will then cope with setting up the partitions to allow booting. Basically it needs a small non-RAID partition to hold /boot on the boot disk. Remember that the boot sequence is generally: BIOS reads MBR and executes it; MBR code reads kernel from /boot and executes it (yes, it's more complicated than that). If the MBR code doesn't know how to read a RAID partition, then it's going to fail, that's why you have a small non-RAID partition to hold /boot. Hardware RAID is different because it interfaces at the BIOS level so the MBR code doesn't need to know how to specifically read it. If you are using RAID 1 kernel mirroring, you can do that with /boot too, and Grub finds the kernel just fine. I've done it many times: 1. Primary partition 1 type FD, size 200M. /dev/sda1 and /dev/sdb1. I think it wiser to have /boot at 1Gb nowadays. 2. Create /dev/md0 as RAID 1 from /dev/sda1 and /dev/sdb1. 3. Assign /dev/md0 to /boot, ext3 format (presumably ext4 would work too?) 4. Make sure to setup both drives separately in grub. Typically I then go on to have /dev/sda2+/dev/sdb2 => /dev/md1 => swap, and /dev/sda3+/dev/sdb3 => /dev/md2 => / Cheers Tony ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 dhcpd failure to allow a 2nd network over same interal nic
On 16/01/17 21:54, John R Pierce wrote: On 1/16/2017 12:44 AM, Rob Kampen wrote: Here's an idea - untested. set up a network on the single nic - say 192.168.55.xx/24 set up the dhcp to offer leases from a subset of this network - say 192.168.55.128/28 set up fixed leases based upon mac address from the remainder of the network - i.e. outside the subset above - e.g. 192.168.55.1/28 then route / firewall as required - i.e. trusted known mac address hence IP address allowed vs unknown guest given an IP address we can block or otherwise handle. As indicated, this is not tested but if memory serves, dhcpd will allow this kind of allocation. the untrusted wireless users will be able to access other LAN machines without going through the firewall. surely that depends upon the subnet they operate on (i.e the subnet mask in old vernacular) - the two I show above are mutually exclusive but can both talk to the server. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 dhcpd failure to allow a 2nd network over same interal nic
On 16/01/17 17:12, James A. Peltier wrote: VLANs are your friend, otherwise DHCPD is not going to understand how to properly answer your request for different networks on the same interface. - On 14 Jan, 2017, at 11:59, Gregory P. Ennis po...@pomec.net wrote: | Everyone, | | I am trying to set up a second internal network (192.168.0.0/24) and | have not been able to get dhcp to start when I have the following in my | dhcpd.conf file : | | subnet 192.168.0.0 netmask 255.255.255.0 { |range 192.168.0.110 192.168.0.130; |option subnet-mask 255.255.255.0; |option broadcast-address 192.168.0.255; |option routers 192.168.0.1; |option domain-name-servers 192.168.0.1; | } | | When i remove the above from dhcpd.conf dhcpd works perfectly | | I have my internal nic card set with two ip addresses one of which is | 192.168.0.1. the other address is my standard internal network address. | | I have also set up the domain server to allow access from | 192.168.0.0/24, and the firewall allows internal access to the same | subnet. | | The error that I get is the following : | | Job for dhcpd.service failed because the control process exited with error code. | See "systemctl status dhcpd.service" and "journalctl -xe" for details. | | When I evaluate journalctl -xe the following is obtained : | | dhcpd[18763]: Internet Systems Consortium DHCP Server 4.2.5 | dhcpd[18763]: Copyright 2004-2013 Internet Systems Consortium. | dhcpd[18763]: All rights reserved. | dhcpd[18763]: For info, please visit https://www.isc.org/software/dhcp/ | dhcpd[18763]: Not searching LDAP since ldap-server, ldap-port and | ldap-base-dn were not specified in the config file | dhcpd[18763]: Internet Systems Consortium DHCP Server 4.2.5 | dhcpd[18763]: Copyright 2004-2013 Internet Systems Consortium. | dhcpd[18763]: All rights reserved. | dhcpd[18763]: For info, please visit https://www.isc.org/software/dhcp/ | dhcpd[18763]: Wrote 0 deleted host decls to leases file. | dhcpd[18763]: Wrote 0 new dynamic host decls to leases file. | dhcpd[18763]: Wrote 2 leases to leases file. | dhcpd[18763]: Interface enp0s29u1u2 matches multiple shared networks | dhcpd[18763]: | dhcpd[18763]: This version of ISC DHCP is based on the release available | dhcpd[18763]: on ftp.isc.org. Features have been added and other | changes | dhcpd[18763]: have been made to the base software release in order to | make | dhcpd[18763]: it work better with this distribution. | dhcpd[18763]: | dhcpd[18763]: Please report for this software via the CentOS Bugs | Database: | dhcpd[18763]: http://bugs.centos.org/ | dhcpd.service: main process exited, code=exited, status=1/FAILURE | dhcpd[18763]: | systemd[1]: Failed to start DHCPv4 Server Daemon. | | When I review the information about dhcpd it appears that it can manage | the ip addresses for two networks on different nic cards, but is there a | problem in having it manage two networks on the same nic card? | | Does anyone have any ideas? Would sure appreciate your help. | | Greg Ennis | | | | -- | Greg Ennis | PoMec Corporation | www.PoMec.Net | | | ___ | CentOS mailing list | CentOS@centos.org | https://lists.centos.org/mailman/listinfo/centos Here's an idea - untested. set up a network on the single nic - say 192.168.55.xx/24 set up the dhcp to offer leases from a subset of this network - say 192.168.55.128/28 set up fixed leases based upon mac address from the remainder of the network - i.e. outside the subset above - e.g. 192.168.55.1/28 then route / firewall as required - i.e. trusted known mac address hence IP address allowed vs unknown guest given an IP address we can block or otherwise handle. As indicated, this is not tested but if memory serves, dhcpd will allow this kind of allocation. HTH Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 7.3: Gnome workspaces mirrored
On 04/01/17 22:09, Gerhard Schneider wrote: An user is using 2 displays and configured Gnome to "Static Workspaces only on primary display on" using gnome-tweak-tool Till 7.2 it was working as expected. After upgrading to 7.3 the content on the primary screen gets mirrored to all workspaces. When switching to "Static Workspaces only on primary display off" everything is working as expected on 7.3, too. Any ideas? I had not noticed as I do not often use multiple work spaces but do always have four spaces set up. I too had this "static workspaces only on primary display" setting "on" - and thus each of the four workspaces showed exactly the same open windows - not at all what previously occurred. Setting this to "off" give the other three workspaces just the default desktop - on both monitors - however it is still different than before (7,2, 7.1) as now the open windows contents of both monitors is only on the one desktop and the other three have both screens default blank desktop - previously the second monitor contents was visible on all four desktops. No idea what is meant to be correct - I can live with this, but these illogical changes that keep happening with gnome are difficult to understand - the new gnome developers obviously think and work VERY differently to me. Thank you in advance! Gerhard Schneider ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Adobereader on Centos7 crashes
On 01/01/17 04:35, johan.vermeul...@telenet.be wrote: Hello All, I can't get Adobe Reader to run stable on Centos7, when trying to edit settings or trying to print, it crashes. The issue is people need to digitally sign pdf forms. When I open these forms with anything else then Adobereader, I get EM To view the full contents of this document, you need a later version of the PDF viewer. You can upgrade to the latest version of Adobe Reader from www.adobe.com/products/acrobat/readstep2.html I spent a lot of time trying to solve this with other pdf viewers, including google-chrome and Foxit, and trickery with ps2pdf and Pdfedit. Nothing works. I installed Adobereader following this: https://www.if-not-true-then-false.com/2010/install-adobe-acrobat-pdf-reader-on-fedora-centos-red-hat-rhel/ So I tried installing this on an up-to-date CentOS 7.3 system and it fails to find Error: Package: AdobeReader_enu-9.5.5-1.i486 (/AdbeRdr9.5.5-1_i486linux_enu) Requires: libpangox-1.0.so.0 which a yum whatprovides */libpangox-1.0.so.0 shows as: pangox-compat-0.0.2-2.el7.x86_64 : Compatibility library for pangox Repo: epel Matched from: Filename: /usr/lib64/libpangox-1.0.so.0 and even after an install of this package still fails - thus I suspect it relates to not finding the 32 bit version as the epel version installs this in /usr/lib64 What did you do to overcome this dependency? The signing of these forms is vital to my organization, so any help would be appreciated. Greetings, J. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kmod-nvidia problems
On 11/12/16 09:28, Akemi Yagi wrote: On Sat, Dec 10, 2016 at 12:21 PM, Rob Kampen <rkam...@kampensonline.com> wrote: Hi List, I use the kmod-nvidia package on my CentOS workstations. Always this has "just worked". Doing a yum update this morning I now get this: 09:15:28 : ERROR: Package: kmod-nvidia-367.57-2.el7.elrepo.x86_64 (elrepo) Requires: kernel(drm_atomic_helper_plane_reset) = 0xabd4c98d Installed: kernel-3.10.0-327.28.2.el7.x86_64 (@updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Anyone else get this? any pointers? TIA Rob Later versions of kmod-nvidia are for EL7.3 (not backward compatible). You need to update your CentOS system using the CR repo. Or wait until the full release of CentOS 7.3.1611 (next week?). Ahhh - no problems, I'll await 7.3 and exclude kmod-nvidia for now. Thanks Akemi ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] kmod-nvidia problems
Hi List, I use the kmod-nvidia package on my CentOS workstations. Always this has "just worked". Doing a yum update this morning I now get this: 09:15:28 : ERROR: Package: kmod-nvidia-367.57-2.el7.elrepo.x86_64 (elrepo) Requires: kernel(drm_atomic_helper_plane_reset) = 0xabd4c98d Installed: kernel-3.10.0-327.28.2.el7.x86_64 (@updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Installed: kernel-3.10.0-327.28.3.el7.x86_64 (@updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Installed: kernel-3.10.0-327.36.1.el7.x86_64 (@updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Installed: kernel-3.10.0-327.36.2.el7.x86_64 (@updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Installed: kernel-3.10.0-327.36.3.el7.x86_64 (@updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-3.10.0-327.el7.x86_64 (base) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-3.10.0-327.3.1.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-3.10.0-327.4.4.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-3.10.0-327.4.5.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-3.10.0-327.10.1.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-3.10.0-327.13.1.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-3.10.0-327.18.2.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-3.10.0-327.22.2.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb23805db Available: kernel-debug-3.10.0-327.el7.x86_64 (base) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.3.1.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.4.4.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.4.5.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.10.1.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.13.1.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.18.2.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.22.2.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.28.2.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.28.3.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.36.1.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.36.2.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Available: kernel-debug-3.10.0-327.36.3.el7.x86_64 (updates) kernel(drm_atomic_helper_plane_reset) = 0xb92b713d Anyone else get this? any pointers? TIA Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Off-Topic: Travel Router and Firewall
On 27/11/16 01:26, Bob Marcan wrote: On Wed, 23 Nov 2016 21:18:34 +0100 Hwrote: https://routerboard.com/products I'm using this one: https://routerboard.com/RB941-2nD I use kit from this company at every opportunity. Great value, powerful capabilities, you can use their web ui but they also have a very comprehensive command line interface. Sometimes it takes a bit of trial and error to get the correct combo of commands to do what is needed - there are lots of recipes on their various wikis and support web sites. BR, Bob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Skype for Centos Desktop
On 18/11/16 10:06, Alice Wonder wrote: On 11/17/2016 12:46 PM, Rodrigo Pichiñual Norin wrote: Hi all. I search info in the web about how to install skype on centos 6.5, but just exists info about skype with architecture to 32 bit. someone can me explicain, how to install skype for 64 bit architecture , it's possible? thank It's possible, at least it use to be possible I did it before but I no longer do it and haven't since I updated to CentOS 7. You may have to install some 32-bit libraries for compatibility, I do not remember. 32-bit libraries will install on 64-bit CentOS. there is a 586 version available from nux-dextop for CentOS7 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] clamd@amavisd fails under systemd - FIXED
On 12/11/16 16:46, Gordon Messmer wrote: On 11/11/2016 02:39 AM, Rob Kampen wrote: When I invoke from the CLI - there is a -nofork=yes as a part of the invocation. When systemd tries to do the invocation via the ExecStart line - the original clamd@.service file had this --nofork=yes also, the problem was that this just caused an abend of the start up with the message: Not on my system, it doesn't: $ grep Exec /usr/lib/systemd/system/clamd@.service ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf --foreground=yes $ rpm -qf /usr/lib/systemd/system/clamd@.service clamav-server-systemd-0.99.2-1.el7.noarch > /usr/sbin/clamd: unrecognized option `--nofork=yes' > ERROR: Unknown option passed > ERROR: Can't parse command line options and a look at the clamd man shows no such parameter - thus I removed it. I wonder if this is the issue? Not sure what I can or how I can test. Yeah, it might be worth removing the package and reinstalling it. You shouldn't need to modify the provided systemd service file. this looks like the issue. doing the rpm -qf /usr/lib/systemd/system/clamd@.service gave no owner?? So I tried a reinstall and it informed me the package clamav-server-systemd-0.99.2-1.el7.noarch was not installed - no idea where the systemd service file came from. So I installed it and it now appears to run. thanks so much for your assistance - progress finally being made! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] clamd@amavisd fails under systemd
On 11/11/16 13:36, Gordon Messmer wrote: On 11/09/2016 02:07 AM, Rob Kampen wrote: so I have /etc/tmpfiles.d/clamd.amavisd.conf with content d /var/run/clamd.amavisd 0755 amavis amavis - the process owner name and group name are amavis this is not quite what you specified - which should it be? If "User" is set to amavis in the clamd configuration, that looks fine. My real head scratch problem is that running clamd from a cli works perfectly. Trying to get systemd (via systemctl start clamd@amavisd.service) brings it up but after 1 second removes the pid file and shuts down. set up clamd via the service file to use --debug and get nothing helpful Trying to debug this systemd stuff seems impossible systemd starts processes in the correct SELinux context, while running it from the shell does not. So my first guess would be that it's an SELinux issue. Use "setenforce" to put the system in permissive mode to see if that's the case. If so, "grep AVC /var/log/audit/audit.log" for more info. Another random thought When I invoke from the CLI - there is a -nofork=yes as a part of the invocation. When systemd tries to do the invocation via the ExecStart line - the original clamd@.service file had this --nofork=yes also, the problem was that this just caused an abend of the start up with the message: > /usr/sbin/clamd: unrecognized option `--nofork=yes' > ERROR: Unknown option passed > ERROR: Can't parse command line options and a look at the clamd man shows no such parameter - thus I removed it. I wonder if this is the issue? Not sure what I can or how I can test. Will keep playing ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] clamd@amavisd fails under systemd
On 11/11/16 13:36, Gordon Messmer wrote: On 11/09/2016 02:07 AM, Rob Kampen wrote: so I have /etc/tmpfiles.d/clamd.amavisd.conf with content d /var/run/clamd.amavisd 0755 amavis amavis - the process owner name and group name are amavis this is not quite what you specified - which should it be? If "User" is set to amavis in the clamd configuration, that looks fine. My real head scratch problem is that running clamd from a cli works perfectly. Trying to get systemd (via systemctl start clamd@amavisd.service) brings it up but after 1 second removes the pid file and shuts down. set up clamd via the service file to use --debug and get nothing helpful Trying to debug this systemd stuff seems impossible systemd starts processes in the correct SELinux context, while running it from the shell does not. So my first guess would be that it's an SELinux issue. Use "setenforce" to put the system in permissive mode to see if that's the case. If so, "grep AVC /var/log/audit/audit.log" for more info. Tried this - set it to permissive and tried the systemctl start clamd@amavisd.service and got exactly the same result - tried a number of times - no messages in the logs to indicate a problem - just after the final start up message of :- >Self checking every 600 seconds. after one second we get >Pid file removed. >Stopped at Fri Nov 11 04:35:49 2016 >Socket file removed. So not selinux. Thanks for the idea - I was unaware that systemd is selinux aware and friendly. I'll keep looking . ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] clamd@amavisd fails under systemd
On 09/11/16 11:48, Gordon Messmer wrote: On 11/08/2016 03:24 AM, Rob Kampen wrote: If there is anyone that has this combo of services working under CentOS7 and can shed any insight on why I cannot get this service to actually run, it would be very much appreciated. When setting up a clamd service, you should need to enable the service, create the configuration file, and typically set up /etc/tmpfiles.d/clamd-.conf. That file should have one line: d /run/clamd. 0700 daemon daemon - ...or whatever user you use for clamd. If you don't have the proper tmpfiles setup, the run directory won't exist or won't have the correct owner, and either standard permissions or SELinux may deny the process access to the run directory. so I have /etc/tmpfiles.d/clamd.amavisd.conf with content d /var/run/clamd.amavisd 0755 amavis amavis - the process owner name and group name are amavis this is not quite what you specified - which should it be? My real head scratch problem is that running clamd from a cli works perfectly. Trying to get systemd (via systemctl start clamd@amavisd.service) brings it up but after 1 second removes the pid file and shuts down. set up clamd via the service file to use --debug and get nothing helpful Trying to debug this systemd stuff seems impossible Thanks Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] clamd@amavisd fails under systemd
Trying to set up a mail server under CentOS7 - having done this with CentOS5 and CentOS6 over the last decade with no issues and reliable service, it was time to upgrade (?) to CentOS7. Shouldn't be a problem, right? Getting to grips with systemd has been challenging - to say the least. So a brief overview of what I am trying to set up: postfix / amavisd-new / spamassassin / clamav so we can receive mail and deal with the major rubbish that gets thrown at any open port 25 smtp service. no problems installing each of the above and their configuration files. Just as an aside, there are many recipes for this combo of packages - none of which work as advertised. There was a time when one could safely follow a how-to guide and have things working - I have regularly used the CentOS wiki guides - however they have become stale and what worked fine for 5 & 6 DO NOT WORK for CentOS7 - mainly due to systemd and firewalld So we have: systemctl status postfix.service ● postfix.service - Postfix Mail Transport Agent Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2016-10-26 18:13:25 EDT; 1 weeks 5 days ago Main PID: 2762 (master) CGroup: /system.slice/postfix.service ├─ 2762 /usr/libexec/postfix/master -w ├─ 2782 qmgr -l -t unix -u └─25274 pickup -l -t unix -u systemctl status spamassassin.service ● spamassassin.service - Spamassassin daemon Loaded: loaded (/usr/lib/systemd/system/spamassassin.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2016-11-08 05:18:04 EST; 50min ago Process: 27412 ExecStart=/usr/bin/spamd --pidfile /var/run/spamd.pid $SPAMDOPTIONS (code=exited, status=0/SUCCESS) Process: 27410 ExecStartPre=/sbin/portrelease spamd (code=exited, status=0/SUCCESS) Main PID: 27417 (/usr/bin/spamd ) CGroup: /system.slice/spamassassin.service ├─27417 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H ├─27418 spamd child └─27419 spamd child systemctl status amavisd.service ● amavisd.service - Amavisd-new is an interface between MTA and content checkers. Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2016-11-08 05:18:05 EST; 50min ago Docs: http://www.ijs.si/software/amavisd/#doc Process: 27426 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS) Main PID: 27427 (/usr/sbin/amavi) CGroup: /system.slice/amavisd.service ├─27427 /usr/sbin/amavisd (master) ├─27479 /usr/sbin/amavisd (ch1-avail) └─27480 /usr/sbin/amavisd (ch1-avail) but for the life of me, I cannot get clamd@amavisd to stay up. It always comes up and then dies after about 1 second : systemctl status clamd@amavisd.service ● clamd@amavisd.service - clamd scanner (amavisd) daemon Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor preset: disabled) Active: inactive (dead) since Tue 2016-11-08 05:18:13 EST; 34min ago Process: 27421 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exited, status=0/SUCCESS) Main PID: 27421 (code=exited, status=0/SUCCESS) Nov 08 05:18:11 media..xxx clamd[27481]: OLE2 support enabled. Nov 08 05:18:11 media..xxx clamd[27481]: PDF support enabled. Nov 08 05:18:11 media..xxx clamd[27481]: SWF support enabled. Nov 08 05:18:11 media..xxx clamd[27481]: HTML support enabled. Nov 08 05:18:11 media..xxx clamd[27481]: XMLDOCS support enabled. Nov 08 05:18:11 media..xxx clamd[27481]: HWP3 support enabled. Nov 08 05:18:11 media..xxx clamd[27481]: Self checking every 600 seconds. Nov 08 05:18:13 media..xxx clamd[27481]: Pid file removed. Nov 08 05:18:13 media..xxx clamd[27481]: --- Stopped at Tue Nov 8 05:18:13 2016 Nov 08 05:18:13 media..xxx clamd[27481]: Socket file removed. I can run the clamd service manually just fine and everything works - i.e. /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf –nofork=yes returns a functioning service - thus my config files must be okay but try it with systemd and you hit a brick wall - nothing in any logs to give me a clue why it comes up and then closes down After many days of google chasing, I have found a number of folk hitting the same issue, yet none of these have posted anything resembling a solution, most have had other issues that were in error. If there is anyone that has this combo of services working under CentOS7 and can shed any insight on why I cannot get this service to actually run, it would be very much appreciated. TIA Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] fprintd needed?
On 04/11/16 09:31, Jon LaBadie wrote: On Thu, Nov 03, 2016 at 01:58:39PM -0600, Frank Cox wrote: On Thu, 03 Nov 2016 15:36:00 -0400 Jon LaBadie wrote: Without a fingerprint device, is this software needed. I have removed it on all of my systems and never noticed any issues. Thank you, that is what I suspected. jl I tried stopping it via systemctl and found I could no longer log in to the system desktop (gnome3) - YMMV ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS on new Dell
On 14/10/16 14:03, Michael B Allen wrote: On Thu, Sep 29, 2016 at 9:18 PM, John R Piercewrote: On 9/29/2016 5:55 PM, Michael B Allen wrote: It seems optical drives are gone. Do I boot the iso from USB or what's the procedure now? yup, put iso on USB, go to town. Mmn, that didn't work. I dd'd the latest Fedora Live iso onto a USB drive, put it into a brand spanking new Dell Latitude E7470, hit F12 at Dell logo and got "Selected boot device failed". Do I need to make it bootable using fdisk or some such? Not that I recall - a simple dd of the iso onto a usb stick just works see https://wiki.centos.org/HowTos/InstallFromUSBkey Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS on new Thinkpads
On 01/10/16 05:02, Michael B Allen wrote: Ok, I see a lot of nice answers here so I would like to try to refine this a little. After some research I was going to skip Lenovo. People are clearly having problems running Linux on Lenovos. I spoke with one person that had a really hard time with their X250. However, I think a lot of problems are caused by bleeding edge hardware. My feeling is it takes at least 1 year before the kernels have the necessary updates. Also, searching the Internet forums for problems is dubious because people who don't have problems don't say so on forums. But asking "is model XYZ known to work" is a good test as evidenced by these great responses. So I will ask again with some more specific details. The key features for me are: * 1080 display or 900 would be acceptable but definitely not 768 (this rules out Toshiba) * Good keyboard with mouse buttons (Lenovo has always had superior keyboards and fortunately that have recently resurrected mouse buttons, yeah!) * RJ-45 (this rules out a LOT of laptops including Dell) * Intel graphics / hardware The Lenovo T series meets these requirements. My only concern would be issues mentioned on this list and bleeding-edge issues. I know people have had a lot of problems with the trackpad, screen flickering and other things. But I think most of this can be blamed on bleeding-edge hardware compatibility. For example, I think the synaptics driver is almost always broken in the latest models (move the mouse and it deletes everything you've typed!) but if you uninstall it and use libinput it can work. So my thought is instead of getting the latest which would be T460, I could get the previous model which would be the T450. These are sold out on lenovo.com but they can still be had elsewhere (not sure about warranty which is hugely important though). So does anyone have any specific knowledge of the T450, T450s, T450p? I really appreciate all the answers. Hopefully this helps other folks too. I have been using the high end ASUS laptops - i.e. Republic of Gamers machines since 2012 with CentOS6 and more recently with CentOS7. They were a challenge with 6.x in that I needed some elrepo drivers to get the keyboard backlight working but 7.x just works. These machines are almost server spec i7 with 16GB RAM, dual disk drives (one SSD, one rotating media) and separate nVidia graphics cards. YMMV but I'd buy another one any time. Mike ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HP CP2025
On 27/09/16 10:45, Kay Schenk wrote: On 09/25/2016 06:09 PM, Mark LaPierre wrote: [mlapier@peach ~]$ rpm -qa | grep hplip hplip-common-3.14.6-3.el6.x86_64 hplip-libs-3.14.6-3.el6.x86_64 [mlapier@peach ~]$ rpm -qa | grep cups cups-1.4.2-74.el6.x86_64 cups-pk-helper-0.0.4-13.el6.x86_64 gutenprint-cups-5.2.5-2.el6.x86_64 cups-libs-1.4.2-74.el6.x86_64 cups-libs-1.4.2-74.el6.i686 [mlapier@peach ~]$ CentOS release 6.8 (Final) I've been able to print to this printer with no issues, until this evening. When I tried to send a print job the job just sat in the print queue. I killed the job and deleted the printer, then re-installed the printer using the Printer configuration tool found under System/Administration/Printing. "until this evening"...so that's interesting. I'm also on CentOS 6.8 but 32-bit using the same hplip version. Normally I do printer setup with hp-setup, then use the web interface to cups to add it in to that environment. Also, add hp-systray to your startup apps if you haven't already. I've tried all manner of settings, both on the Libre Office document and in the Printer configuration tool. Now I can print to the printer but I cannot get the printer to print in Landscape orientation. Only portrait orientation comes out no matter what settings I choose. Does portrait work with ANY other type of document -- pdf, for example? I have a brother printer and from libre office it ONLY prints protrait, no matter what I have tried. To get any landscape output I have to create a pdf of the document and then print that. No idea what the issue is, my suspicion is libre office has a glitch. I've done a bit of Google work but I find nothing that appears applicable to my specific issue of not getting landscape prints no matter what setting I choose. The HPLIP web site says the latest version of hplip for my machine, RHEL 6 because they apparently have not heard of CentOS, is hplip-3.16.9_rhel-6.0.x86_64. CentOS does not have this version available in the repo. What's a guy to do? Windows should be this hard to work with, but not Linux. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Software RAID and GRUB on CentOS 7
On 12/08/16 01:20, William A. Mahaffey III wrote: On 08/11/16 02:33, Nicolas Kovacs wrote: Hi, When I perform a software RAID 1 or RAID 5 installation on a LAN server with several hard disks, I wonder if GRUB already gets installed on each individual MBR, or if I have to do that manually. On CentOS 5.x and 6.x, this had to be done like this: # grub grub> device (hd0) /dev/sda grub> device (hd1) /dev/sdb grub> root (hd0,0) grub> setup (hd0) grub> root (hd1,0) grub> setup (hd1) grub> quit I'd like my server to be able to boot a degraded software RAID after an eventual hard disk failure. Any suggestions? Niki Kovacs I have an aging FC14 () system, w/ mdadm RAID partitions. I have /boot setup as mdadm RAID1's, 2 drives (actually partitions). Machine boots AOK, & I believe it does (& maintains) that setup automatically. I got that recommendation from a mailing list ages ago, can't remember where, sorry. $0.02, no more, no less [root@Q6600:/etc, Thu Aug 11, 08:25 AM] 1018 # df -h FilesystemTypeSize Used Avail Use% Mounted on /dev/md1 ext4917G 8.0G 863G 1% / tmpfstmpfs4.0G 0 4.0G 0% /dev/shm /dev/md0 ext4186M 60M 117M 34% /boot /dev/md3 ext41.8T 1.4T 333G 81% /home [root@Q6600:/etc, Thu Aug 11, 08:26 AM] 1019 # uname -a Linux Q6600 2.6.35.14-106.fc14.x86_64 #1 SMP Wed Nov 23 13:07:52 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux [root@Q6600:/etc, Thu Aug 11, 08:26 AM] 1020 # I too use this kind of set up. however I do not believe that anything on the MBR is updated automatically by any yum/rpm updates. Thus in this kind of a setup, one needs to take manual steps. HTH Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] VLC and playing .mkv files with opus audio
Hi list, I use VLC from nux-dextop as my default player. Recently began using youtube-dl and it grabs the video and audio just fine and produces .mkv files. I can play the resulting file just fine with Enqueue in SMPlayer, GXine, SMPlayer and Videos - VLC unfortunately says 'VLC could not decode the format "Opus"' Yet my google search indicates this issue was solved many releases ago - 2.0.4 and CentOS 7 is at version 2.2.2-4.el7 Anyone else have this problem and/or ideas on how to get it going? TIA Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Systemd and VirtualBox
On 28/05/16 14:31, Anthony K wrote: On 28/05/16 12:12, Rob Kampen wrote: which of the 9 answers did you use - there are four with [0] points. I did see this some time ago and got a variant working under CentOS 6. I was hoping to use the new-fangled systemd, partly as a learning exercise, but also to avoid having bespoke config files and methods of starting daemons proliferating which the methods described on askubuntu.com seem to be. rob Apologies - I should have stated that in my initial response. It's the answer that starts of with - "You can use the VirtualBox Auto-start service." - it has an up-vote score of 20 (as of now). That article cites the following link *[0]* as the original source: *[0]* http://lifeofageekadmin.com/how-to-set-your-virtualbox-vm-to-automatically-startup/ thanks, the other link helped but there are still errors in all the various instructions one error not noted was the /etc/defaults/virtualbox file it - cannot have spaces! it should be # virtualbox defaults file VBOXAUTOSTART_DB=/etc/vbox VBOXAUTOSTART_CONFIG=/etc/vbox/autostart.cfg My server has a very well exercised reboot as I have finally got it done Thanks for all the pointers, finally have something that seems to be reliable. ak. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Systemd and VirtualBox
On 28/05/16 12:43, Anthony K wrote: On 17/05/16 17:55, Rob Kampen wrote: No idea where to from here, so if there is anyone that has a working systemd autostart VirtualBox setup on a headless CentOS 7 server - please advise what you have done to get it working. I'm running CentOS7 as my host and when I was using Virtualbox, I had my VM's autostarting for a while. I simply followed this answer [0] on "askubuntu.com" and it worked flawlessly. However, I've since migrated all my VM's to KVM once performance on KVM surpassed that of Virtualbox (most of my VM's are Linux servers). thanks for the pointer which of the 9 answers did you use - there are four with [0] points. I did see this some time ago and got a variant working under CentOS 6. I was hoping to use the new-fangled systemd, partly as a learning exercise, but also to avoid having bespoke config files and methods of starting daemons proliferating which the methods described on askubuntu.com seem to be. rob My $0.02, ak. [0] https://askubuntu.com/questions/404665/how-to-start-virtual-box-machines-automatically-when-booting/548134 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/sysconfig/iptables syntax
On 23/05/16 14:55, Mike wrote: The last two router/firewall servers I had used Slackware and Gentoo. I'm used to writing complete and explicit iptables rules; however, when I set up /etc/sysconfig/iptables in CentOS 7 my usual syntax is unusable. For example, I'm used to stating postrouting masquerade as: /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE But when I use the rule above, iptables.service fails upon start and exits. Through a series of trial and error, I found a correct masquerade statement: *nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE COMMIT This looks similar to output from iptables-save. Another example: /usr/sbin/iptables -t filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP [DOES NOT WORK] *filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP COMMIT [DOES WORK] After using iptables for a long time, I can't figure out where this syntax comes from. Can anyone point me in the right direction to understand the proper syntax necessary in /etc/sysconfig/iptables? By default CentOS 7 uses firewalld and not iptables - check what is enabled and running with >systemctl status firewalld.service or if you want to see all that is running on your server/PC >systemctl HTH Thanks for your help. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Systemd and VirtualBox
On 17/05/16 22:38, James Hogarth wrote: On 17 May 2016 at 09:11, Rob Kampen <rkam...@kampensonline.com> wrote: On 17/05/16 19:58, John Hodrien wrote: On Tue, 17 May 2016, Rob Kampen wrote: No idea where to from here, so if there is anyone that has a working systemd autostart VirtualBox setup on a headless CentOS 7 server - please advise what you have done to get it working. I deliberately bailed on VirtualBox when we moved to C7, as KVM offered everything I needed with less hassle. I take it you've considered switching? Considered, very briefly. I have had great success and stability with running VirtualBox on both CentOS 5 & 6 for the few Windoze apps that my clients need to run and have up on a server 24x7. The set ups I am using have been running reliably for over 8 years and remote manged with zero issues - HUGE thanks to the CentOS team for an awesome OS system delivery Thus, I have simply installed the latest VirtualBox on CentOS 7 and gone from there. I was aware that systemd existed and deliberately waited until this year to upgrade the hardware and OS, thinking issues like this should have been sorted by now. Are there any good tutorial / howtos for KVM? Although at this point I am back on another continent and reluctant to shift to KVM when over 20 hours fly time away from the server. Why would that be an issue? It's not Xen where you have to boot into a special kernel ... it's just the ordinary kernel. In fact I'd be surprised if you had to reboot at all, you should just have to install the virtualization group (along with virt-tools and virt-manager to make your life easier, dont' forget to install fonts if using virt-manager over X forward and wanting to avoid little boxes instead of characters) and be up and running. thanks James. I have started working through the document you indicated and will see how it goes. It may take a few days to sort out enough time. BTW, will I be able to use the Windows10 image file that VirtualBox uses? Is there a tool that changes the format of the vm image if its different? Or am I faced with a new Windoze install and installing the Windoze Apps all over again? That may be an issue as the Windoze application is quite complex and the last two times I have installed it, I had to use the app provider's help line to solve Windoze 10 issues as the default install has some things that need changing in order for their app to work. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Systemd and VirtualBox
On 17/05/16 19:58, John Hodrien wrote: On Tue, 17 May 2016, Rob Kampen wrote: No idea where to from here, so if there is anyone that has a working systemd autostart VirtualBox setup on a headless CentOS 7 server - please advise what you have done to get it working. I deliberately bailed on VirtualBox when we moved to C7, as KVM offered everything I needed with less hassle. I take it you've considered switching? Considered, very briefly. I have had great success and stability with running VirtualBox on both CentOS 5 & 6 for the few Windoze apps that my clients need to run and have up on a server 24x7. The set ups I am using have been running reliably for over 8 years and remote manged with zero issues - HUGE thanks to the CentOS team for an awesome OS system delivery Thus, I have simply installed the latest VirtualBox on CentOS 7 and gone from there. I was aware that systemd existed and deliberately waited until this year to upgrade the hardware and OS, thinking issues like this should have been sorted by now. Are there any good tutorial / howtos for KVM? Although at this point I am back on another continent and reluctant to shift to KVM when over 20 hours fly time away from the server. jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Systemd and VirtualBox
The continuing challenges of getting a workable server continue. The latest spins of VirtualBox seem to have solved the issues of DKMS auto compiles of the driver being aborted. The yum updates work as expected, provided one stops the running vms manually first. However, trying to get systemd to start the vms is proving to be a PITA. I have extensively googled and found that there are no specific instructions for Fedora/Redhat/CentOS and VirtualBox setups for systemd. After many trials and errors I have this systemd service file: filename - /etc/systemd/system/vboxstarter@.service [Unit] Description=VBox Virtual Machine %i Service Requires=systemd-modules-load.service vboxballoonctrl-service.service After=systemd-modules-load.service vboxballoonctrl-service.service Conflicts=shutdown.target [Service] User= Group=vboxusers Restart=on-failure TimeoutSec=5min Environment="VBOX_USER_HOME=/home/rkampen/VirtualBox VMs/%i" ExecStart=/usr/bin/VBoxHeadless -s %i ExecStop=/usr/bin/VBoxManage controlvm %i savestate [Install] WantedBy=multi-user.target and on occasions the invocation systemctl start vboxvmstarter@Windoze10_2.service will work, although recently it is failing always with >$ systemctl status vboxvmstarter@Windoze10_2.service ● vboxvmstarter@Windoze10_2.service - VBox Virtual Machine Windoze10_2 Service Loaded: loaded (/etc/systemd/system/vboxvmstarter@.service; enabled; vendor preset: disabled) Active: deactivating (stop-sigterm) (Result: exit-code) since Tue 2016-05-17 03:25:02 EDT; 4s ago Process: 1987 ExecStop=/usr/bin/VBoxManage controlvm %i savestate (code=exited, status=1/FAILURE) Process: 1906 ExecStart=/usr/bin/VBoxHeadless -s %i (code=exited, status=1/FAILURE) Main PID: 1906 (code=exited, status=1/FAILURE) CGroup: /system.slice/system-vboxvmstarter.slice/vboxvmstarter@Windoze10_2.service └─1940 /usr/lib/virtualbox/VBoxSVC --auto-shutdown May 17 03:25:02 media.pcol.org systemd[1]: Started VBox Virtual Machine Windoze10_2 Service. May 17 03:25:02 media.pcol.org systemd[1]: Starting VBox Virtual Machine Windoze10_2 Service... May 17 03:25:02 media.pcol.org systemd[1]: vboxvmstarter@Windoze10_2.service: main process exited, code=exited, status=1/FAILURE May 17 03:25:02 media.pcol.org VBoxManage[1987]: VBoxManage: error: Could not find a registered machine named 'Windoze10_2' May 17 03:25:02 media.pcol.org VBoxManage[1987]: VBoxManage: error: Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), com...pports May 17 03:25:02 media.pcol.org VBoxManage[1987]: VBoxManage: error: Context: "FindMachine(Bstr(a->argv[0]).raw(), machine.a...VM.cpp May 17 03:25:02 media.pcol.org systemd[1]: vboxvmstarter@Windoze10_2.service: control process exited, code=exited status=1 Hint: Some lines were ellipsized, use -l to show in full. as a vboxmanage list vms "Windoze10_2" {51c8f956-9aba-4d2a-942c-8f46889d5bc0} shows the required vm. as root or using sudo it returns nothing. thus my only conclusion is that systemd actually runs this as root and ignores the User= line of the [Service] stanza. No idea where to from here, so if there is anyone that has a working systemd autostart VirtualBox setup on a headless CentOS 7 server - please advise what you have done to get it working. Or any systemd gurus that can point me at the specific foo required to beat this deamon into submission. TIA Rob P.S. I deliberately set up the VirtualBox vms under a non privileged user account. I have tried setting up a symbolic link from /root to the ~/username/VirtualBox\ VMs folder and made root a member of the virtualboxusers group - no difference, as expected, but getting desperate. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7 Desktop background - SOLVED
On 17/05/16 09:38, Frank Cox wrote: On Tue, 17 May 2016 09:29:52 +1200 Rob Kampen wrote: Tried that - it appears to run, i.e. prompt returns. No change. Logged out and back in - no change, still gray. It has reset the background that comes up when I move the cursor to the top left and see all the open windows. It's a bit late to tell you this, but the configuration is stored in a file ~/.config/dconf/user so if you back that up before playing with it, you can return to your former configuration by restoring that file. Have you backed up your home directory lately? Do you have an "old" copy of that file that you can restore? removing the ~/.config/dconf/user folder worked - it resets everything to clean install state, so one does have to set up everything once more. I played around again and find that the tweak tool tab Appearance > > Theme GTK+ ==> the select box is where things go pear shaped. If I pick the Oxygen-gtk as the theme for my GTK windows that this makes the desktop background disappear and go gray - busted in my situation. Just another example of this product (Gnome3 on CentOS7) not really ready for production use. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7 Desktop background
On 16/05/16 22:09, Liam O'Toole wrote: On 2016-05-15, Rob Kampen <rkam...@kampensonline.com> wrote: Hi Just stumbled into a problem with my recent new build C7 work station. Fully updated, gnome desktop, all was working well until I had a play with Tweak Tool, I wanted to try some other themes for window layouts as the default seems to not show check boxes correctly in all situations. I haven't yet determined what is causing this but suspected another theme may work better, as not being able to see the correct status of a check box is somewhat frustrating. So I made and tried numerous changes with this Tweak Tool, but only used the items that were installed as default installed select options, no special import of any other themes or extensions. At one point I lost the Desktop background - cannot recall which change triggered this, however as I have tried all the other options on just about every tab, I still have a gray desktop. If I move the cursor to the top left corner and it shows all the open windows, the desktop wallpaper / background shows just fine, but when I select any window/app, my desktop reverts to gray. I have tried resetting the desktop background but it does not remove this aberration. Any gnome gurus out there that can point me to the gnome foo required to get my desktop looking 21st century and not like my old monochrome Windows386 circa late 1980's. Thanks Rob Try this: dconf reset /org/gnome/desktop/background/picture-uri Type 'dconf help' for more information. Tried that - it appears to run, i.e. prompt returns. No change. Logged out and back in - no change, still gray. It has reset the background that comes up when I move the cursor to the top left and see all the open windows. Gnome is SO counter-intuitive, not sure what the developers are smoking. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] C7 Desktop background
Hi Just stumbled into a problem with my recent new build C7 work station. Fully updated, gnome desktop, all was working well until I had a play with Tweak Tool, I wanted to try some other themes for window layouts as the default seems to not show check boxes correctly in all situations. I haven't yet determined what is causing this but suspected another theme may work better, as not being able to see the correct status of a check box is somewhat frustrating. So I made and tried numerous changes with this Tweak Tool, but only used the items that were installed as default installed select options, no special import of any other themes or extensions. At one point I lost the Desktop background - cannot recall which change triggered this, however as I have tried all the other options on just about every tab, I still have a gray desktop. If I move the cursor to the top left corner and it shows all the open windows, the desktop wallpaper / background shows just fine, but when I select any window/app, my desktop reverts to gray. I have tried resetting the desktop background but it does not remove this aberration. Any gnome gurus out there that can point me to the gnome foo required to get my desktop looking 21st century and not like my old monochrome Windows386 circa late 1980's. Thanks Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Regarding upgrade from CentOS .5.5 to CentOS 7
On 05/05/16 17:13, Venkateswara Rao Dokku wrote: Hi, I wanted to upgrade from centOS 5.5 to CentOS 7 without losing the data. Is there any upgrade path available? or what is the proper way to do it without affecting the existing config? Thnaks for the help Install another hard drive or SSD, partition it / install CentOS 7, telling Anaconda to leave your existing drive alone. Once done, and rebooted, you can mount the old drive and copy what you need over using cp or rsync. Enjoy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C5: The Firefox ESR 45.1.0 Nighmare - bunny trail
On 04/29/2016 10:21 PM, James Hogarth wrote: On 29 April 2016 at 09:55, isdtorwrote: Always Learning writes: However the time-wasting problem remains, so too do the down-loaded extensions in /tmp, example tmp-xxx.xpi The reason behind this is the missing patch referenced by Johnny's posting that you referenced in a follow-up. What I would really like to see, talking about SIGs and such, is an rpm for palemoon, but I fear it can't be done on C5. Even C6 only would help, although I'm hesitating to move my main desktop off 5; the C6 desktop simply doesn't have the same stability and performance, and having to log off/log on just because PA behaves irratically is really annoying. Given: RHEL5 goes end of life on 2017-03-31, which is 47 weeks, 6 days, 13 hours, 40 minutes, and 50 seconds from now and that even now the updates are limited to critical (ie remote code execution) pretty much might I suggest now is a good time to be thinking about that future of that system and if not move to C7 at least move to C6? I can't even imagine the pain of using C5 as a desktop in today's world ... Having used C5 desktops until 4 years ago, then C6 until last week and now using C7, some observations. Getting H/w stuff to work has got MUCH easier. Mostly "it just works". With the EPEL and ELrepo most everything one needs to perform normal office desktop functions is just a yum command away. I have tried to remain on the same hardware, but the recent move to C7 makes my 8 year old PC with 8GB of RAM just unacceptable. This machine was a top of the line gaming machine for my son when we built it, now it stalls as it pages stuff to swap - my work load is the same, just seems the new C7 needs more horse-power to function. Now about the desktop, and the tools that come with the system. Gnome 3, Gnome classic, and KDE - historically I just used the Gnome desktop, Nautilus and found managing my remote servers and the web apps I design and administer just worked fine. Transfer of files to and from the remote servers was a simple drag and drop. The system remembered my SSH key passphrase with no special action, now it doesn't, I need to be entering it continually. I think there is a new app to take care of this but haven't yet found the time to research and set it up. Nautilus is now next to useless for my kind of work flow. Darn, they call this progress? Trying to put apps onto the Gnome Desktop - too difficult, I'm sure its possible but once again, far to obscure - they really want me to change my work flow and habits I guess. So I dust off KDE, been a few years since I played with this, but some brief research to find a working file manager show dolphin gets top marks. Used it under Gnome initially, but some stuff just doesn't show on my screen properly. At least I can actually do my job with Dolphin, but it has some quirks, some quite irksome quirks, but at least I am somewhat productive after a week of trying to get used to all the changes. With all the things I do not like about Windoze and Micro$oft, at least their file manager still works intuitively from WindozeXP, Windoze7 and Windoze10 - the only versions I have chosen to use over the last 15 years. So what's gone wrong with the Linux Desktop developers? Hardware upgrade to my son's three year old gaming machine next week, hopefully that will alleviate some of the frustrations of this migration to the latest CentOS 7 workstation. Enough of a rant. Sorry for the hi-jack, I did amend the subject. P.S. I am using C7 for my new servers and that seems to be okay, bit of a learning curve for systemd and systemctl commands, also for firewalld vs iptables - yes I know I can use the old system, but I try to use the systems as much as possible as they come, as I figure that is where things are heading, so learn, use and embrace. e.g. NetworkManager was introduced in C6 - barely workable for a desktop, just a PITA for a server. But with C7 it mostly works as expected, with little need to lock things down. Works great on the desktop. Have a great weekend. Shalom ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Apache/PHP Installation - opinions
On 04/27/2016 07:50 PM, Alice Wonder wrote: On 04/27/2016 12:41 AM, Alice Wonder wrote: On 04/27/2016 12:30 AM, James Hogarth wrote: *snip* Unless you have a very specific requirement for a very bleeding edge feature it's fundamentally a terrible idea to move away from the distribution packages in something as exposed as a webserver ... I use to believe that. However I no longer. First of all, advancements in TLS happen too quickly. The RHEL philosophy of keeping API stability for as long as the release is supported means you end up running old protocols and old cipher suites and don't have the new protocols and cipher suites available. That's a problem. With respect to Apache and PHP - There is a lot of benefit to HTTP/2 but you can't get that with the stock Apache in RHEL / CentOS 7. You just can't. The PHP in stock RHEL / CentOS is so old that web application developers largely are not even using it anymore, resulting in some web applications that just simply don't work unless you update the PHP to something more modern. It's a nice idealistic philosophy to want to keep the same versions and backport security fixes and keep everything API compatible but in real world practice, it makes your server stale. Another example outside of LAMP Postfix - The postfix that ships with CentOS 7 does not have the ability to enforce DANE. If you are not sure what that is - On mt DNS server, I can (and do) post a fingerprint of the TLS keys used by my smtp server. When other mail servers want to send an e-mail to my server, they can do a DNS query and if I have a DANE record, then they can require that that the TLS connection they make to my SMTP server uses a certificate with a fingerprint that matches. That is the only reliable way to avoid MITM with SMTP. It's easy to set up in postfix - smtp_dns_support_level = dnssec smtp_host_lookup = dns Sounds good, but how many domain MX servers have set up these fingerprint keys - 1%, maybe 2%, so how do you code for that? I guess I'm thinking it uses it if available. So even if you do post it on your DNS, how many clients out there are using DANE on their set up? By the time it becomes more than a tiny % and generally useful, it will be in CentOS 8. It also requires certificates to be implemented more ubiquitously than at present - although we do now have affordable solutions, so this one may resolve more quickly. But with the postfix that comes with CentOS 7 - it is too old for that, so Postfix with CentOS 7 will never even try to verify the TLS certificate of the servers it connects to. It's a stale version of postfix and people running postfix on CentOS 7 should use a newer version. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Suddenly increased my hard disk
On 04/22/2016 03:34 PM, Valeri Galtsev wrote: On Thu, April 21, 2016 10:23 pm, John R Pierce wrote: On 4/21/2016 7:49 PM, Chandran Manikandan wrote: Finally fixed my issue. As you told i have unmount the external hard disk then i checked the /bkhdd/backup folder. I saw that 190GB backup tar.gz file then i deleted and again remount it. Thanks a lot for your kind supporting to me to fix this issue. Why it's happened like this environment and how to avoid it. don't write to mount points when they aren't mounted, the files get written to the file system. and don't create any directories in the mount point... like, if you were mounting /dev/sdb1 as /bkhdd then on the root file ssytem (without that mount) there should never have been any /bkhdd/backup directory. in fact /bkhdd should not be writable by your user processes. John, thanks for reminding this to all of us, I for one keep forgetting about it (at least if I'm not dealing with it myself which usually acts as a federal offense on me ;-) I know one Linux admin who removes write bit from mount points. I usually put a file with a name like "mount point for /dev/mdxyz" into that mount point folder just in case I fail to mount it. Then when you do a ls or ll it shows me I have a problem. Valeri I remember older Unix systems would refuse to mount a file system to a non-empty directory, for exactly this reason, it hides stuff thats already there. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] EPEL - Clamav update?
EPEL maintainers? I note messages in the log about updated version 0.99.1 of CLAMAV being available since Mar 5th. for CentOS 6 no update is available yet. I used to use rpmforge for this package but that languished for months before updates became available and eventually stopped altogether. Is there something I can do to assist in getting this package updated? I have no idea if this is a difficult package to compile with lots of dependancies or some otherwise complexities. In this era of constant SPAM and so many virus / trojan attempts to do harm to others, it is vital that we run this package to protect our users. Please let me know if / how I can assist. Kind regards Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Strange behaviour of iptables in centos 7
On 03/08/2016 08:35 PM, anax wrote: Hi strange behaviour of iptables on a centos 7.0 machine: The following rule is in the iptables of said machine: [root@myserver ~]# iptables -L -v -n --line-numbers |grep 175\. 99 456 DROP all -- * * 175.44.0.0/16 0.0.0.0/0 [root@myserver ~]# The corresponding enty in /etc/sysconfig/iptables looks like: [root@myserver ~]# grep 175 /etc/sysconfig/iptables -A INPUT -s 175.44.0.0/16 -j DROP [root@myserver ~]# The rule must be there since ages, because it has number 9 out of 76 similar rules. Today, on the same machine (I rechecked it to make sure not to confound machines), I see the following extract of the ftplog: 175.44.4.1272915 175.44.26.1282021 175.44.26.1381322 175.44.6.1861290 175.44.24.881219 175.44.4.1991212 saying that from this IP addresse there have been this many connections to the ftp server on that machine during the last two days, which means that the iptables haven't dropped the connection to the machine. As far as I know, the ftp server is behind the iptables. I also checked to see in man iptables, wheather the IP address is represented correctly. What im I missing? You mention iptables - but no mention of firewalld - they both use the same kernel mechanism, but it is important that both CANNOT be active! If you configure and use firewalld you can query ># iptables -L and see what is installed, however I have no idea if this exposes the entire set of firewall statements - others that better understand this space, feel free to weigh in. CentOS 7 has firewalld enabled by default, thus the choice to use iptables directly means that firewalld must be disabled. HTH thanks in advance suomi ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Run Now no longer works in Messages Filters of Thunderbird 38.6
On 03/08/2016 02:35 AM, Roger Wells wrote: On 03/06/2016 07:51 PM, Rob Kampen wrote: On 03/07/2016 08:52 AM, Bernard Lheureux wrote: Hi all, Since the last update of Thunderbird to 38.6, the button 'Run Now' of the 'Mail Filters' option is no longer effective and appears always grayed in my CentOS 7... Anybody has the same behavior ? running on CentOS 6 - I have T/B 38.6 also and under the menu item Message Filters > have three options - Message Filters - Run Filters on Folder - Run Filter on Message none are greyed out and they appear to function as advertised. Pick "Message Filters" from the above choices. Its the "Run Now" button that is newly grayed out. I see that, as soon as I select a mailbox folder from the select box to the left of the Run Now button it changes and I can run the filter. IIUC ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Run Now no longer works in Messages Filters of Thunderbird 38.6
On 03/07/2016 08:52 AM, Bernard Lheureux wrote: Hi all, Since the last update of Thunderbird to 38.6, the button 'Run Now' of the 'Mail Filters' option is no longer effective and appears always grayed in my CentOS 7... Anybody has the same behavior ? running on CentOS 6 - I have T/B 38.6 also and under the menu item Message Filters > have three options - Message Filters - Run Filters on Folder - Run Filter on Message none are greyed out and they appear to function as advertised. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dhcpd frequent renewals
On 18/02/16 13:41, david wrote: Rob DNS service for my clients is provided by my gateway server, the same machine as the DHCPD server. I think that's what the "option domain-name-servers" line does. This allows me to provide 192.168 addresses to them when they try to access anything inside the house with a name. If it's not a locally defined name, BIND forwards the request to the internet. I'm not sure I understand about dhcpd log and dns log. I scan /var/log/messages, using the service name as the key. Looking at 'named' entries, all I see are messages of the form "clients-per-query increased to XX". I have had entries like: - dhcpd Begin Unknown Entries: Abandoning IP address 192.168.229.104: pinged before offer: 1 Time(s) As I am not normally anywhere near this server, it is one I remote manage, I have not followed up, I am now implementing a new network for them and hoping all this hassle will be a thing of the past. Sorry I have no other insight. I'm still mystified by the fact that only the i-devices (iphone, ipad) exhibit this behavior of rapid dhcpd renewals. Mac's and PC's don't. David At 06:48 AM 2/17/2016, you wrote: On 16/02/16 16:59, david wrote: Folks This might be the wrong place to ask, but I don't know where to turn. My internal home network, including wireless, is controlled by a Centos6 server, which provides dhcpd services, along with NAT. I have DHCPD configured with the addresses 192.168.155.200 through 192.168.155.254 as the range for dynamic allocations. The default-lease time is 1800 seconds, the maximum is 3600 seconds. My windows clients, and even an ipad-mini behave nicely, asking for DHCP renewals once ever five minutes, or at about 80% of the default lease time, a behavior I can understand. However, several of my guests, with their own iPads, I-watches, iPhones, connect to my network (via a wireless access point which does not do routing functions) and they're renewing once every 20-30 seconds. In addition, these devices also loose connectivity for brief intervals, which seems to be roughly synchronized with dhcp renewal. This last fact I deduce by doing "tail -f /etc/log/messages" and hearing them say "lost connection" at just about the same moment the DHCPREQUEST and DHCPACK statements show up. It's difficult to believe that Apple IOS devices (all of which are running apple's latest) have a dhcp client problem not shared by windows or even linux hosts. Does anyone have any clues? does your dhcpd update the dns? name resolution for devices seems to be required for some applications and thus the dns needs to know about the leases. Have you checked your dhcpd log entries and your dns log entries? I have had situations where the dhcpd lease is dropped due to not being able to complete dns update of the info - thus the client retries again and again - they do get onto the internet but the connection drops and a new lease is requested, HTH David Kurn San Francisco DHCPD.CONF file is excerpted below: ddns-update-stylenone; subnet 192.168.155.0 netmask 255.255.255.0 { authoritative; option routers 192.168.155.2; option subnet-mask255.255.255.0; option broadcast-address192.168.155.255; option domain-name"daku.org"; option domain-name-servers192.168.155.2; option netbios-name-servers192.168.155.2; option time-offset-28800;# Pacific standard time range dynamic-bootp192.168.155.200 192.168.155.254; default-lease-time1800; max-lease-time3600; } ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dhcpd frequent renewals
On 16/02/16 16:59, david wrote: Folks This might be the wrong place to ask, but I don't know where to turn. My internal home network, including wireless, is controlled by a Centos6 server, which provides dhcpd services, along with NAT. I have DHCPD configured with the addresses 192.168.155.200 through 192.168.155.254 as the range for dynamic allocations. The default-lease time is 1800 seconds, the maximum is 3600 seconds. My windows clients, and even an ipad-mini behave nicely, asking for DHCP renewals once ever five minutes, or at about 80% of the default lease time, a behavior I can understand. However, several of my guests, with their own iPads, I-watches, iPhones, connect to my network (via a wireless access point which does not do routing functions) and they're renewing once every 20-30 seconds. In addition, these devices also loose connectivity for brief intervals, which seems to be roughly synchronized with dhcp renewal. This last fact I deduce by doing "tail -f /etc/log/messages" and hearing them say "lost connection" at just about the same moment the DHCPREQUEST and DHCPACK statements show up. It's difficult to believe that Apple IOS devices (all of which are running apple's latest) have a dhcp client problem not shared by windows or even linux hosts. Does anyone have any clues? does your dhcpd update the dns? name resolution for devices seems to be required for some applications and thus the dns needs to know about the leases. Have you checked your dhcpd log entries and your dns log entries? I have had situations where the dhcpd lease is dropped due to not being able to complete dns update of the info - thus the client retries again and again - they do get onto the internet but the connection drops and a new lease is requested, HTH David Kurn San Francisco DHCPD.CONF file is excerpted below: ddns-update-stylenone; subnet 192.168.155.0 netmask 255.255.255.0 { authoritative; option routers 192.168.155.2; option subnet-mask255.255.255.0; option broadcast-address192.168.155.255; option domain-name"daku.org"; option domain-name-servers192.168.155.2; option netbios-name-servers192.168.155.2; option time-offset-28800;# Pacific standard time range dynamic-bootp192.168.155.200 192.168.155.254; default-lease-time1800; max-lease-time3600; } ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS7 changes strike again.
Still in the process of migrating from an old CentOS5 server to a brand new CentOS7. After finally getting Virtualbox-5.0 installed and a new Wondoze10 Pro installed it became time to shift the data from the old server to the new. The old server is headless and I installed the old WindozeXP into the Virtualbox4.x via the command line. To do some of the admin I needed to attach to the windoze via a gui and used rdesktop via an ssh tunnel of port 3389. This "just worked" with my old CentOS6 laptop and workstations. So now I try to connect to the old server via my laptop also running a recent CentOS7 install using rdesktop - no joy. the ssh command is >ssh servername -L 3389:127.0.0.1:3389 and then also from my laptop rdesktop -a 16 -N 127.0.0.1:3389 -u rkampen -p- only to get ERROR: Failed to open display: various google searches offer suggestions prepending DISPLAY=:0.0 gives Xlib: connection to ":0.0" refused by server Xlib: No protocol specified ERROR: Failed to open display: :0.0 tried setting selinux to permissive mode - still no joy. All this just worked with my old CentOS6 laptop and work station, however I no longer have access to that. I guess there have been some "improvements" with the advent of gnome3 that now prevent this from working, however my knowledge of how this rdesktop interacts with the local display manager are sketchy at best. Any suggestions from those of you that understand this stuff way better than I do? TIA Rob ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos