Re: [CentOS] How will fragmentation help Red Hat

[Rob Kampen]

+1

I now have only two servers left on CentOS - both on 7, as 8 and 9 and 
the whole stream thing just never passed my confidence tests. All my new 
machines since stream was enabled have been on Ubuntu LTS. It has been a 
learning curve, a little more work to deal with certain updates and the 
5 years vs 10 years of CentOS is going to be more work still - however 
they at least provide an OS upgrade path that seems to work just fine, 
although apps and config changes are required as versions update.


Will keep watching, but having worked in large corporate environments 
with IBM as a major IT partner, there is no way I'm holding my breath 
for any meaningful change.


My thanks to the wonderful team that made CentOS what it was (up to 
version 7), and I understand their reasons to embrace the change - just 
not something I'm prepared to live with.


Shalom
Rob

On 25/07/23 01:02, jefflp...@twc.com wrote:

Somehow the text of my message got deleted:

I'm still using CentOS 7 because both security and stability are
important to me. While CentOS Stream may, or may not, have comparable
security, it is severely lacking in stability. IMHO both CentOS 8 and
CentOS 9 are gigantic piles of garbage.

  When the time comes that CentOS 7 no longer meets my needs, I'll be
switching to some other distro, most likely Debian.

  JP

-From: jefflp...@twc.com
To: "CentOS mailing list"
Cc:
Sent: Sunday July 23 2023 6:29:52PM
Subject: Re: [CentOS] How will fragmentation help Red Hat

  -From: "Steven Rosenberg"

  To: "CentOS mailing list"
  Cc:
  Sent: Sunday July 23 2023 5:13:08PM
  Subject: Re: [CentOS] How will fragmentation help Red Hat

  On Thu, Jul 13, 2023 at 4:21 AM Josh Boyer wrote:

  ___
  CentOS mailing list
  CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
  />
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [SOLVED] Kernel updates do not boot - always boots oldest kernel

[Rob Kampen]

Thanks all for your comments and suggestions.

The main fix for the topic fault was fixing a soft link to 
/boot/efi/EFI/centos/grubenv - this is the one location used by UEFI


It turns out that the update process for this file, when a new kernel is 
installed, uses /boot/grub2/grubenv.


In my case a /boot/grub2/grubenv.rpmnew updated soft link was pointing 
to the correct file in /boot/efi/EFI/centos/, the original(?) grubenv in 
/boot/grub2/ was being updated correctly, just that UEFI booting doesn't 
use any files in this location. Fixed the soft link and it now gets 
updated correctly. Thus I can use


GRUB_DEFAULT=saved

However my booting problems were a little more obscure.

The grub.cfg file menuentry stanza for each kernel was correct. The set 
root='mduuid/' points to the /boot UUID where the vmlinuz files live.


Also the linuxefi /vmlinuz-3.10.0-1180 . has both '/boot' and '/' 
UUIDs included.


In my case, due to a manual migration from BIOS boot (MBR partition) to 
UEFI boot (GPT partition) on the server, plus a manual disc upgrade from 
a pair of RAID1 500GB HDD (MBR partitioned) to a pair of RAID1 3.4TB SSD 
(GPT partitioned), everything appeared to be working, BUT I left the old 
HDDs plugged in.


The old HDD only had the 36.2 kernel installed. All the updated kernels 
were correctly installed onto the new SSD. HOWEVER, due to the migration 
process I employed the UUID for the partitions were the same. Thus UEFI 
boot, prior to OS load by loading vmlinuz only knows about the visible 
UUID on the partition tables  - MDRAID hasn't loaded yet. Thus in my 
case the hardware had four storage devices (2x RAID1) all with the same 
UUID for /boot [ blkid is your friend ]. Unfortunately I didn't realize 
this, and thus the UEFI simply looked at the first drive with that UUID 
- one of the original HDD and the not SSDs which were being updated 
correctly.


Removed the old drives and presto, UEFI now sees the new /boot and loads 
the later kernels.


Not sure if this will help anyone else, had to track this one down by 
fully walking through the step by step UEFI boot process and 
understanding how grub2 updates are applied.


Once again, thanks for those that made suggestions, most of which I have 
used and pursued until I understood each step.


Shalom
Rob


On 15/03/23 20:32, Gianluca Cecchi wrote:



I have only changed GRUB_DEFAULT from "saved" to "0"

I have also run

/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

I may be wrong here but IIRC, using grub2-mkconfig as described in the
Grub docs didn't work for me when I tried to use it years ago.

I think you have to find out what is done when installing kernels and try
to find out where it goes wrong in your case. When you look at 'rpm -q
--scripts kernel' you can see that new kernels are registered with the
script '/usr/sbin/new-kernel-pkg'. I suggest to analyze what it does
exactly. I think it calls 'grubby' to do further work...

Regards,
Simon



If not already done, you can also go through the official documentation
page for working with Grub 2 on RH EL 7 and the different commands it is
reporting, both for bios and UEFU based systems.:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-working_with_the_grub_2_boot_loader

Eventually trying and managing before with some commands on another UEFI
based system/vm that is more practical to use for you, as the target one is
a remote system, as you wrote
HIH,
Gianluca
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Kernel updates do not boot - always boots oldest kernel

[Rob Kampen]

Here is the contents of the entire

cat /etc/default.grub

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=0
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto 
rd.md.uuid=066ffecb:69137a0b:4e579b4f:dfbf1696 
rd.md.uuid=bd87f682:e6df10e2:d2a6e247:834133f7 rhgb quiet"

GRUB_DISABLE_RECOVERY="true"

I have only changed GRUB_DEFAULT from "saved" to "0"

I have also run

/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

and seen the grub.cfg and grubenv updated in /boot/efi/EFI/centos

At this point I think I have grub doing its stuff in the correct folder 
/ destination used by UEFI for booting.


When I look at grub.cfg there is some stuff I cannot understand

there are five menuentry in this file, like:

menuentry 'CentOS Linux (3.10.0-1160.88.1.el7.x86_64) 7 (Core)' --class 
centos --class gnu-linux --class gnu --class os --unrestricted 
$menuentry_id_option 
'gnulinux-3.10.0-1160.81.1.el7.x86_64-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3' 
{

    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_gpt
    insmod part_gpt
    insmod diskfilter
    insmod mdraid1x
    insmod xfs
    set root='mduuid/bd87f682e6df10e2d2a6e247834133f7'
    if [ x$feature_platform_search_hint = xy ]; then
      search --no-floppy --fs-uuid --set=root 
--hint='mduuid/bd87f682e6df10e2d2a6e247834133f7' 
f12be7f3-a6c6-4b90-8c51-286c32d11d12

    else
      search --no-floppy --fs-uuid --set=root 
f12be7f3-a6c6-4b90-8c51-286c32d11d12

    fi
    linuxefi /vmlinuz-3.10.0-1160.88.1.el7.x86_64 
root=UUID=7276336b-d2f2-4b94-b491-ad8c5662acb3 ro crashkernel=auto 
rd.md.uuid=066ffecb:69137a0b:4e579b4f:dfbf1696 
rd.md.uuid=bd87f682:e6df10e2:d2a6e247:834133f7 rhgb quiet LANG=en_US.UTF-8

    initrdefi /initramfs-3.10.0-1160.88.1.el7.x86_64.img
}

the above is the latest kernel - doesn't boot as the console tells me it 
cannot load the vmlinuz file


the kernel that boots looks like:

menuentry 'CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core)' --class 
centos --class gnu-linux --class gnu --class os --unrestricted 
$menuentry_id_option 
'gnulinux-3.10.0-1160.36.2.el7.x86_64-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3' 
{

    load_video
    set gfxpayload=keep
    insmod gzio
    insmod part_gpt
    insmod part_gpt
    insmod diskfilter
    insmod mdraid1x
    insmod xfs
    set root='mduuid/bd87f682e6df10e2d2a6e247834133f7'
    if [ x$feature_platform_search_hint = xy ]; then
      search --no-floppy --fs-uuid --set=root 
--hint='mduuid/bd87f682e6df10e2d2a6e247834133f7' 
f12be7f3-a6c6-4b90-8c51-286c32d11d12

    else
      search --no-floppy --fs-uuid --set=root 
f12be7f3-a6c6-4b90-8c51-286c32d11d12

    fi
    linuxefi /vmlinuz-3.10.0-1160.36.2.el7.x86_64 
root=UUID=7276336b-d2f2-4b94-b491-ad8c5662acb3 ro crashkernel=auto 
rd.md.uuid=066ffecb:69137a0b:4e579b4f:dfbf1696 
rd.md.uuid=bd87f682:e6df10e2:d2a6e247:834133f7 rhgb quiet

    initrdefi /initramfs-3.10.0-1160.36.2.el7.x86_64.img
}

I see that the first line names the kernel in brackets (correctly) but 
the $menuentry_id_option '.' doesn't make sense to me.


For the kernel that boots (3.10.0-1160.36.2) the entry is 
'gnulinux-3.10.0-1160.36.2.el7.x86_64-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3'


For kernels that don't boot, e.g (3.10.0-1160.88.1) we see

'gnulinux-3.10.0-1160.81.1.el7.x86_64-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3'

and this entry just seems wrong

firstly the kernel version doesn't match - it has been set to ... 81.1 
... rather than 88.1


secondly the last part of the line is the same for every menuentry, namely

-advanced-7276336b-d2f2-4b94-b491-ad8c5662acb3

where does this come from? what is this part for? doing?

Thanks
Rob


On 15/03/23 05:05, Leon Fauster via CentOS wrote:

Am 14.03.23 um 12:30 schrieb Rob Kampen:

OK,

found out the problem as to why it doesn't boot any kernel except 36.2

the system reports that it cannot find

vmlinuz-3.10.0-1160.88.1.el7.x86_64

or any one of the others, except for vmlinuz-3.10.0-1160.36.2.el7.x86_64

hence a manual selection from the grub menu when in front of the 
machine will only load the 36.2 kernel


I found that under /boot/grub2 there were two .rpmnew files that 
mucked up the symbolic link to the grubenv file - so fixed that and 
did a reinstall of the latest kernel.


Now all the grub and efi files appear to update correctly - progress.

Now just need to work out why the efi boot process can see the old 
(original) kernel (36.2) but none of the later ones.


Any ideas of where to look for this? seems a much more fundamental 
problem related to kernel install and efi booting



Whats the _complete_ output of cat /etc/default/grub  ?

--
Leon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___

Re: [CentOS] Kernel updates do not boot - always boots oldest kernel

[Rob Kampen]

OK,

found out the problem as to why it doesn't boot any kernel except 36.2

the system reports that it cannot find

vmlinuz-3.10.0-1160.88.1.el7.x86_64

or any one of the others, except for vmlinuz-3.10.0-1160.36.2.el7.x86_64

hence a manual selection from the grub menu when in front of the machine 
will only load the 36.2 kernel


I found that under /boot/grub2 there were two .rpmnew files that mucked 
up the symbolic link to the grubenv file - so fixed that and did a 
reinstall of the latest kernel.


Now all the grub and efi files appear to update correctly - progress.

Now just need to work out why the efi boot process can see the old 
(original) kernel (36.2) but none of the later ones.


Any ideas of where to look for this? seems a much more fundamental 
problem related to kernel install and efi booting


Thanks
Rob

On 14/03/23 22:41, Petko Alov wrote:

Change it to

GRUB_DEFAULT=0

(I encountered the same issue week ago with a workstation booted for 
three month with an older kernel because of 
https://bugzilla.redhat.com/show_bug.cgi?id=2143438 , and solved it 
this way)


Regards,

Petko



On 3/14/23 10:51, Rob Kampen wrote:

Can I edit /etc/default/grub and change

GRUB_DEFAULT=saved

to something else?



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Kernel updates do not boot - always boots oldest kernel

[Rob Kampen]

This issue has been around for some months, but other things keep 
crowding out a fix.


uname give me

3.10.0-1160.36.2.el7.x86_64 #1 SMP Wed Jul 21 11:57:15 UTC 2021

yet I have

3.10.0-1160.76.1.el7.x86_64
3.10.0-1160.81.1.el7.x86_64
3.10.0-1160.83.1.el7.x86_64
3.10.0-1160.88.1.el7.x86_64

loaded.

The system uses UEFI to boot.

sudo ls -l /sys/firmware/efi
gives:


total 0
-r--r--r--.  1 root root 4096 Feb 19 16:47 config_table
drwxr-xr-x.  2 root root    0 Feb 19 16:47 efivars
-r--r--r--.  1 root root 4096 Mar 14 17:57 fw_platform_size
-r--r--r--.  1 root root 4096 Feb 19 16:47 fw_vendor
drwxr-xr-x.  2 root root    0 Mar 14 17:57 mok-variables
-r--r--r--.  1 root root 4096 Feb 19 16:47 runtime
drwxr-xr-x.  9 root root    0 Feb 19 16:47 runtime-map
-r.  1 root root 4096 Feb 19 16:47 systab
drwxr-xr-x. 65 root root    0 Mar 14 17:57 vars

and

sudo efibootmgr

gives:

BootCurrent: 000F
BootOrder: 000F,000D,000B,000E,0008,,0002,0003,0004,0005,0006,0007
Boot* CD/DVD Rom
Boot0002* PXE Network
Boot0003  Enter Setup
Boot0004  Boot Devices
Boot0005  Boot Manager
Boot0006  Setup
Boot0007  Diagnostics
Boot0008* Embedded Hypervisor
Boot000B* CentOS Linux
Boot000D* CentOS-AltDrv
Boot000E* Hard Disk 3
Boot000F* CentOS-MainDrv

This is a remote server, thus I need a sure fire fix. My previous 
attempts have either had no impact - the old kernel boots


or

machine hangs and I need to do a trip to the site.

Now this issue could be a residual from my initial setup when I 
installed 2 by 3.x TB SSD and needed to manually change from bios/grub2 
boot to UEFI.


I have already spent 10's of hours on this system, just want to have it 
run the latest kernels - for obvious reasons.


Some other items:

sudo grep "^menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2

gives:

CentOS Linux (3.10.0-1160.88.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.83.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.81.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.76.1.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-a39773847cf34651bc34d0566f53) 7 (Core)

indicating that .88.1 should boot.

sudo grub2-editenv list

gives:

saved_entry=CentOS Linux (3.10.0-1160.88.1.el7.x86_64) 7 (Core)

also as expected.

/etc/default/grub exists and contains

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto 
rd.md.uuid=066ffecb:69137a0b:4e579b4f:dfbf1696 
rd.md.uuid=bd87f682:e6df10e2:d2a6e247:834133f7 rhgb quiet"

GRUB_DISABLE_RECOVERY="true"

the /boot/grub2/grubenv contains

# GRUB Environment Block
saved_entry=CentOS Linux (3.10.0-1160.88.1.el7.x86_64) 7 (Core)
###

All these point to the correct version of the kernel but always boots 
the old .36.2 version.


Just realized these files only relate to BIOS boot, and my system is 
UEFI boot.


Now documentation seems to get scarce.

seems like the boot files are now residing in

/boot/efi/EFI/centos

AND

/boot/efi2/EFI/centos

although looking at timestamps the latter directory is not being updated.

/boot/efi/EFI/centos contains

total 7028
-rwx--. 1 root root 134 Aug  1  2020 BOOT.CSV
-rwx--. 1 root root 134 Aug  1  2020 BOOTX64.CSV
drwx--. 2 root root    4096 Dec 23 22:01 fonts
-rwx--. 1 root root    8589 Mar 14 17:51 grub.cfg
-rwx--. 1 root root    1024 Aug 26  2021 grubenv
-rwx--. 1 root root 1125704 Dec 17 06:13 grubx64.efi
-rwx--. 1 root root 1154640 Aug  1  2020 mmx64.efi
-rwx--. 1 root root 1154640 Aug  1  2020 MokManager.efi
-rwx--. 1 root root 1243864 Aug  1  2020 shim.efi
-rwx--. 1 root root 1237824 Aug  1  2020 shimx64-centos.efi
-rwx--. 1 root root 1243864 Aug  1  2020 shimx64.efi

and we see that the grub.cfg is being updated.

However, here the grubenv file contains

# GRUB Environment Block
saved_entry=CentOS Linux (3.10.0-1160.36.2.el7.x86_64) 7 (Core)

Re: [CentOS] Postfix and virtual mail boxes.[SOLVED - kinda]

[Rob Kampen]

On 11/10/21 12:53 am, Peter wrote:

On 10/10/21 11:28 pm, Rob Kampen wrote:

smtp   inet  n   -   n -   -   smtpd
 -o smtpd_recipient_restrictions= -o content_filter=spamassassin


I assume based on what you've said before that this is after you added 
the workaround you mentioned, but the logs below are without the 
smtpd_recipient_restrictions= part here?


Correct, once I added the

  -o smtpd_recipient_restrictions=

the alias substitutions worked and the log becomes much longer as all 
the various processes complete and add their trace to the maillog.




Cannot see how this log listing can possibly help as it contains only 
three lines


Nonetheless I do appreciate seeing them, no offense but you can never 
tell if someone's interpretations of the logs are accurate and so it's 
best just to see the logs themselves.


Here is the log of the incorrectly rejected email coming into the new 
MX - very short as it immediately rejects the alias recipient address 
- which my other two MX do not do.


Right.

This led me to the conclusion that the alias substitution is not 
taking place on my new MX whereas it does on my two working MX - 
hence my addition to the smtp processing line at the top of the 
master.cf file.


I wouldn't jump to that conclusion just yet, though.

That said, based on your config and logs I think I may have been wrong 
in my previous guess and it may very well be related to your 
policyd-spf.  More on that in a bit.


Can you provide the output of the following commands (but substitute 
the actual recipient domain and address for the munged versions you 
supplied here):


postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf

postmap -q r...@example.com 
mysql:/etc/postfix/mysql-virtual_forwardings.cf


postmap -q r...@example.com 
mysql:/etc/postfix/mysql-virtual_email2email.cf


postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf

postmap -q r...@example.com mysql:/etc/postfix/mysql-virtual_mailboxes.cf

The results of the above should give a much better picture of what's 
going on.

OK - just to let you know the munge I used.

example.com is an alias domain for example.org which is the actual 
domain with Maildir space on the server.


rob@ is alias for rkampen@ thus the only real address is rkam...@example.org

now the results

[root@mx rkampen]# postmap -q example.org 
mysql:/etc/postfix/mysql-virtual_alias_domains.cf
[root@mx rkampen]# postmap -q example.org 
mysql:/etc/postfix/mysql-virtual_domains.cf

example.org
[root@mx rkampen]# postmap -q example.com 
mysql:/etc/postfix/mysql-virtual_alias_domains.cf

example.com
[root@mx rkampen]# postmap -q example.com 
mysql:/etc/postfix/mysql-virtual_domains.cf
[root@mx rkampen]# postmap -q r...@example.com 
mysql:/etc/postfix/mysql-virtual_forwardings.cf
[root@mx rkampen]# postmap -q r...@example.org 
mysql:/etc/postfix/mysql-virtual_forwardings.cf

rkam...@example.org
[root@mx rkampen]# postmap -q @example.com 
mysql:/etc/postfix/mysql-virtual_forwardings.cf

@example.org
[root@mx rkampen]# postmap -q r...@example.com 
mysql:/etc/postfix/mysql-virtual_email2email.cf
[root@mx rkampen]# postmap -q r...@example.org 
mysql:/etc/postfix/mysql-virtual_email2email.cf
[root@mx rkampen]# postmap -q rkam...@example.org 
mysql:/etc/postfix/mysql-virtual_email2email.cf

rkam...@example.org
[root@mx rkampen]# postmap -q rkam...@example.com 
mysql:/etc/postfix/mysql-virtual_email2email.cf
[root@mx rkampen]# postmap -q rkam...@example.com 
mysql:/etc/postfix/mysql-virtual_mailboxes.cf
[root@mx rkampen]# postmap -q rkam...@example.org 
mysql:/etc/postfix/mysql-virtual_mailboxes.cf

example.org/rkampen/

As all but mysql-virtual_alias_domains.cf are copies from the other MX, 
I think these are fine. Also as email presented via port 587 via an 
authenticated STARTTLS session actually work fine, I have no reason to 
suspect any issues in this area.




To check if it's the policyd that's causing the problem can you modify 
the smtpd_recipient_restrictions line in main.cf and remove just the 
"check_policy_service inet:localhost:12350," part?  So that it reads 
something like:


smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated, reject_unauth_destination,

    check_policy_service unix:private/policyd-spf

Then check to see if it works after that (and provide logs again so I 
can check things over).  Note this also means reverting your 
workaround in master.cf for this test.


Well that may have done it!

Now I get a correctly sent email with the alias substitutions done. 
Funny how that line seems to cause no error on my two original MX - 
looks like I better check them out a little more too.


Here is the munged log (same munging as above)

Oct 11 13:53:09 mx postfix/smtpd[10711]: connect from 
mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030]
Oct 11 13:53:10 mx policyd-spf[10723]: ERROR: Unknown name "TestOnly" in 
file "/etc/python-pol

Re: [CentOS] Postfix and virtual mail boxes.[SOLVED - kinda]

[Rob Kampen]

On 9/10/21 9:55 pm, Peter wrote:

On 9/10/21 12:26 pm, Rob Kampen wrote:
So, after many dozens of hours and sending test emails I have found a 
solution (work around) that appears to work okay. It is now different 
to the original two MX servers I cloned from, in that the maillog 
shows a different cycle of processing, and it now fails a truly 
unknown mailbox much later in the process - thus higher workload on 
my MX. But the key thing is that it does now do the virtual_alias 
checks on incoming emails on port 25 before rejecting.


if your MX is not rejecting messages to invalid recipients right away 
but instead bounces the messages later on you become a backscatter 
source (See https://www.backscatterer.org/?target=bounces).


Understood. On the two existing MX the recipient checks happen up front 
AFTER alias substitutions and hence no reject of valid email addresses. 
I have been unable to achieve this behaviour with the new MX
your server needs a properly configured list of valid recipients so it 
knows right away what recipients to accept and which ones to reject.

Agrred, and it has - in mysql tables.


No idea why this third MX is behaving differently. It has a dual 
stack IP, so I disabled IPv6 access and tried again, but that 
certainly wasn't the cause of the difference in processing.


If you can provide the output of the following two commands it would 
be very helpful in troubleshooting your problem:


postconf -nf

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
    $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 3072
milter_default_action = accept
mydestination = localhost localhost.localdomain
myhostname = mx.example.com
mynetworks = 127.0.0.0/8, [::1]/128, 192.168.128.0/24,
    [global:ip:6::]/64
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
    $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
    $relay_recipient_maps $relay_domains $canonical_maps 
$sender_canonical_maps

    $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_policy_service inet:localhost:12350,
    permit_mynetworks, permit_sasl_authenticated, 
reject_unauth_destination,

    check_policy_service unix:private/policyd-spf
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/letsencrypt/live/example.com/chain.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_dh1024_param_file = /etc/postfix/dhparam.pem
smtpd_tls_key_file = /etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_use_tls = yes
tls_medium_cipherlist =
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no
unknown_local_recipient_reject_code = 550
virtual_alias_domains = 
proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf

virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
    proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:12
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:89

postconf -Mf

smtp   inet  n   -   n   -   -   smtpd
    -o smtpd_recipient_restrictions= -o content_filter=spamassassin
submission inet  n   -   n   -   -   smtpd
    -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes -o smtpd_reject_unlisted_recipient=no
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,re

Re: [CentOS] Postfix and virtual mail boxes.[SOLVED - kinda]

[Rob Kampen]

On 7/10/21 6:18 pm, Rob Kampen wrote:
Hi, not sure this is the best place to go for my problem, but hoping 
someone can point me to the correct or better place.


I have two currently working CentOS 7 based email servers that host a 
number of virtual domains and users and delivers mail just fine - for 
correctly addressed vmail inboxes AND for alias addressed emails and 
domains.


These all use postfix, dovecot, amavisd, clamAV, spamassassin, mysql 
(mariadb) and roundcubemail


I use port 25 for the world email delivery - no auth needed as only 
accepts hosted virtual domain addressed email.


and

port 587 for user client MUA to send mail - smtp with STARTTLS auth 
needed


port 993 for MUA IMAP access to account mail boxes

A couple of weeks ago I rolled up a new minimal virtual server (also 
CentOS 7) and basically copied the same setup as the other two and 
have now spent far too long trying to get it going.


My initial problem was that I  set up mydestination to include 
$mydomain - this has the consequence of seeing any mail@$mydomain as 
local email and trying to deliver to the local machine rather than the 
vmail inboxes.


So after setting up a new domain just for the MX we moved on.

All three installations use mysql (mariadb) as the data store for 
domains, alias domains, user vmail accounts, and forwardings (virtual 
alias mapping)


The mysql bits work just fine as I can send mail from an MUA client 
and they deliver correctly via an authenticated session on port 587 - 
i.e to any world email address AND to local vmail boxes, including 
those addressed via an alias and/or alias domain.


What fails to work on the new installation, but works fine on my two 
legacy servers, is mail addressed via an alias. Specifically an alias 
domain. Even adding the complete alias email address to the 
forwardings table doesn't work.


e.g. let's say we have an email domain '@example.com' and an alias 
domain '@example.org'.
Needed so I can migrate my clients from one server to the other in a 
staged manner.


Thus the new server is set up to operate as the MX for @example.org 
and @example.com but needs to alias redirect the incoming emails being 
sent to f...@example.org and deliver them to the vmail location for 
f...@example.com (i.e. we have no vmail locations for @example.org 
only for @example.com


So if I send a test email via my MUA (using port 587 and hence 
authenticated) it does the alias lookups and translations needed and 
correctly delivers the mail.


However if I send an email to f...@example.org from say a gmail 
account, it arrives at my new server and promptly gets bounced with a 
550 5.7.1 error - no such email address.


After doing diff on the main.cf and master.cf from all three servers 
the only differences are the myhostname, mynetworks (new one is dual 
stack IP4/IPv6 and thus includes [::1]/128), smtpd_tls certificate 
names, and the virtual_uid_maps - all expected and accounted for.


master.cf are identical

Many dozens of google searches and reading far too many pages, has 
left me with no idea why my new server doesn't accept alias directed 
emails via port 25.


All the documentation indicates that alias lookups and translations 
are performed by postfix - all the time.


receive_override_options is not set.

So, after many dozens of hours and sending test emails I have found a 
solution (work around) that appears to work okay. It is now different to 
the original two MX servers I cloned from, in that the maillog shows a 
different cycle of processing, and it now fails a truly unknown mailbox 
much later in the process - thus higher workload on my MX. But the key 
thing is that it does now do the virtual_alias checks on incoming emails 
on port 25 before rejecting.


No idea why this third MX is behaving differently. It has a dual stack 
IP, so I disabled IPv6 access and tried again, but that certainly wasn't 
the cause of the difference in processing.


It should be noted that the two initial MX machines have an extra line 
in the maillog that is the second logged step in the process, and goes 
something like:


Oct  8 19:00:58 mx policyd-spf[16055]: prepend Received-SPF: None 
(mailfrom) identity=mailfrom; client-ip=209.85.210.180; 
helo=mail-pf1-f180.google.com; envelope-from=r...@example.com; 
receiver=


After that processing steps are identical.

My work around makes the steps a little more different.

So the work around is changing master.cf

From

# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args
#   (yes)   (yes)   (yes)   (never) (100)
# ==
smtp  inet  n   -   n   -   -   smtpd
 -o content_filter=spamassassin

TO

# ==
# service type  private unpriv  chroot  wakeup  maxproc command + args

[CentOS] Postfix and virtual mail boxes.

[Rob Kampen]

Hi, not sure this is the best place to go for my problem, but hoping 
someone can point me to the correct or better place.


I have two currently working CentOS 7 based email servers that host a 
number of virtual domains and users and delivers mail just fine - for 
correctly addressed vmail inboxes AND for alias addressed emails and 
domains.


These all use postfix, dovecot, amavisd, clamAV, spamassassin, mysql 
(mariadb) and roundcubemail


I use port 25 for the world email delivery - no auth needed as only 
accepts hosted virtual domain addressed email.


and

port 587 for user client MUA to send mail - smtp with STARTTLS auth needed

port 993 for MUA IMAP access to account mail boxes

A couple of weeks ago I rolled up a new minimal virtual server (also 
CentOS 7) and basically copied the same setup as the other two and have 
now spent far too long trying to get it going.


My initial problem was that I  set up mydestination to include $mydomain 
- this has the consequence of seeing any mail@$mydomain as local email 
and trying to deliver to the local machine rather than the vmail inboxes.


So after setting up a new domain just for the MX we moved on.

All three installations use mysql (mariadb) as the data store for 
domains, alias domains, user vmail accounts, and forwardings (virtual 
alias mapping)


The mysql bits work just fine as I can send mail from an MUA client and 
they deliver correctly via an authenticated session on port 587 - i.e to 
any world email address AND to local vmail boxes, including those 
addressed via an alias and/or alias domain.


What fails to work on the new installation, but works fine on my two 
legacy servers, is mail addressed via an alias. Specifically an alias 
domain. Even adding the complete alias email address to the forwardings 
table doesn't work.


e.g. let's say we have an email domain '@example.com' and an alias 
domain '@example.org'.
Needed so I can migrate my clients from one server to the other in a 
staged manner.


Thus the new server is set up to operate as the MX for @example.org and 
@example.com but needs to alias redirect the incoming emails being sent 
to f...@example.org and deliver them to the vmail location for 
f...@example.com (i.e. we have no vmail locations for @example.org only 
for @example.com


So if I send a test email via my MUA (using port 587 and hence 
authenticated) it does the alias lookups and translations needed and 
correctly delivers the mail.


However if I send an email to f...@example.org from say a gmail account, 
it arrives at my new server and promptly gets bounced with a 550 5.7.1 
error - no such email address.


After doing diff on the main.cf and master.cf from all three servers the 
only differences are the myhostname, mynetworks (new one is dual stack 
IP4/IPv6 and thus includes [::1]/128), smtpd_tls certificate names, and 
the virtual_uid_maps - all expected and accounted for.


master.cf are identical

Many dozens of google searches and reading far too many pages, has left 
me with no idea why my new server doesn't accept alias directed emails 
via port 25.


All the documentation indicates that alias lookups and translations are 
performed by postfix - all the time.


receive_override_options is not set.

Any suggestions of things to check or test would be welcome.

TIA
Rob


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading (?) from legacy boot to UEFI [SOLVED]

[Rob Kampen]

On 29/08/21 1:03 am, Jonathan Billings wrote:

On Aug 28, 2021, at 05:58, Rob Kampen  wrote:

Yeah, it is astounding to me that RH does not define their implementation of 
the grub2 grub.cfg file with particular focus on the things that are different 
between legacy boot and UEFI. Also what (if any) differences there may be in 
the initramfs and vmlinuz files between the two boot options. then we have the 
various .efi files with little or no documentation. So we are left with 
anaconda 

I don’t think migrating from a legacy bootloader to UEFI (on the same hardware) 
is a common enough process to document.

I do notice you have a kernel listed with a .efi extension, and I’ve never seen 
that before.

Typically on a UEFI C7 system, all the kernels and initrds are in /boot.  Only 
the EFI executables and supplementary grub files are in the /boot/efi volume 
(normally /boot/efi/EFI/CentOS). I don’t know where you got that kernel efi 
file.

—
Jonathan Billings


Thanks all, for your comments.

Jonathan, you are correct about the kernel placement and extension - I 
placed it there early in the process based upon someone's recipe - it 
didn't work but I hadn't got around to cleaning it up.


I have now got it working!

I was close with all the bits I had done, but the final piece is that I 
hand edited the grub.cfg in the ESP in my case /boot/efi/EFI/centos/ and 
/boot/efi2/EFI/centos/ and changed the linux16 to linuxefi and the 
initrd16 to initrdefi.


Then I used the server's UEFI boot manager app (part of this machine's 
setup arsenal) to manually add a UEFI boot on a specific drive with 
arguments pointing at shimx64.efi


Then a reboot and some online grub edits of the linuxefi line and CTRL-X 
and it finally booted up in UEFI mode.


At this point /sys/firmware/efi exists and efibootmgr -v finally gave 
some appropriate output


Then I was able to login, run grub2-mkcfg and get a proper grub.cfg 
file, and finally use efibootmgr  to create the desired default boot and 
backup boot entries in the UEFI.


ALL DONE. Lost some more hair and some sleep, but also much more 
knowledgeable and comfortable with UEFI.


Possibly not a common scenario, but it feels good having finally beaten 
it into submission.


Shalom


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading (?) from legacy boot to UEFI

[Rob Kampen]

On 28/08/21 8:24 pm, Simon Matter wrote:

On 27/08/21 10:51 pm, Rob Kampen wrote:

Unfortunately the server is remote and the CentOS7 USB device I left
plugged into the machine refuses to boot from UEFI mode. Thus a rescue
mode boot has not been possible.


So i made a trip and replaced the USB stick with another one - CentOS7

I am unsure what file I need to point the UEFI bios disk manager setup
at, I have tried shim.efi and shimx84-centos.efi

The message I get is that linux16 and initrd16 cannot find their
files. The change to linuxefi and initrdefi also fail but the system
reboot happens before I can see what flashes on screen.

Is a USB based UEFI booted rescue mode the only way I can fix this?

So I then rebooted - selected UEFI native boot and got into rescue mode
- only problem is that the rescue system did not find a Linux system.
Really weird as each of the four drives effectively have a complete
centos7 system. No idea why it didn't start md raid and find the 6 raid1
volumes.

About to give this a miss and just live with legacy boot - this UEFI
thing is just far too complicated. Looking on line at all the various
blogs and questions it seems I am not alone in finding it far too
complicated.

Don't worry, you're not alone. IMHO UEFI and GRUB2 and the whole Linux
startup procedure can be a real problem to handle and I guess most people
just give up earlier or later and simply use the installer to do the job.


Yeah, it is astounding to me that RH does not define their 
implementation of the grub2 grub.cfg file with particular focus on the 
things that are different between legacy boot and UEFI. Also what (if 
any) differences there may be in the initramfs and vmlinuz files between 
the two boot options. then we have the various .efi files with little or 
no documentation. So we are left with anaconda 


Makes my situation really tough ... too small for the learning curve of 
automated OS installation and management systems but I have a week or so 
of configuration and testing invested that I will need to redo, if I do 
a re-install just to get the boot system shifted from BIOS/legacy to UEFI.


As to the RH decision to default to a legacy boot / MBR oriented install 
based upon size of disk ... words fail me.


At least I have learnt that one needs to do research into MB firmware 
w.r.t BIOS/UEFI as part of procurement. Never been a thing I cared about 
previously, but now another area which can bite you in the butt.




Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading (?) from legacy boot to UEFI

[Rob Kampen]

On 27/08/21 10:51 pm, Rob Kampen wrote:
Unfortunately the server is remote and the CentOS7 USB device I left 
plugged into the machine refuses to boot from UEFI mode. Thus a rescue 
mode boot has not been possible.



So i made a trip and replaced the USB stick with another one - CentOS7


I am unsure what file I need to point the UEFI bios disk manager setup 
at, I have tried shim.efi and shimx84-centos.efi


The message I get is that linux16 and initrd16 cannot find their 
files. The change to linuxefi and initrdefi also fail but the system 
reboot happens before I can see what flashes on screen.


Is a USB based UEFI booted rescue mode the only way I can fix this?


So I then rebooted - selected UEFI native boot and got into rescue mode 
- only problem is that the rescue system did not find a Linux system. 
Really weird as each of the four drives effectively have a complete 
centos7 system. No idea why it didn't start md raid and find the 6 raid1 
volumes.


About to give this a miss and just live with legacy boot - this UEFI 
thing is just far too complicated. Looking on line at all the various 
blogs and questions it seems I am not alone in finding it far too 
complicated.


I run a Ubuntu workstation that is UEFI based and their grub.cfg is so 
much simpler than the centos one.




TIA for your pointers / suggestions.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Upgrading (?) from legacy boot to UEFI

[Rob Kampen]

After three days of effort I have failed to find a way of shifting a 
server from legacy boot to UEFI boot.


I have made my way through the 400+ pages of RH installation manual for 
EL7, plus their similarly large system administrators manual. Dozens of 
pages searched via google and yet none of the layouts for the /boot and 
/boot/efi have worked in my case.


System is a Lenovo 3650 M5 with UEFI bios.

Due to RH / CentOS design my initial install onto the two 600GB HDD 
partitioned these using MBR and legacy boot.


I have just obtained two SAS SSD drives of 3.8TB and thus MBR is no 
longer an option.


I have successfully migrated all the system and data from the HDD to the 
SSD, complete with GPT and RAID1 and all works as expected - except the 
HDD was still needed to boot the system.


That's when the fun / agony started. Each system reboot is almost five 
minutes just to get to the  for system setup option. Thus testing is 
a very slow process.


I am now at the point where I have a "bios boot" partition (1024K type 
ef02) as the first partition on each GPT partitioned SSD and have 
grub2-install onto the drives the bios boot junk needed for legacy boot.


Thus I can at least legacy boot from one of the SSD and all comes up as 
expected. (no idea yet why it only works from one of the SSD and not the 
other).


Unfortunately the server is remote and the CentOS7 USB device I left 
plugged into the machine refuses to boot from UEFI mode. Thus a rescue 
mode boot has not been possible.


I have two 300MB partitions, one on each SSD suitably formatted (type 
ef00 and vfat) and set up with the files as follows:


-rwx--. 1 root root  134 Aug  1  2020 BOOT.CSV
-rwx--. 1 root root  134 Aug  1  2020 BOOTX64.CSV
drwx--. 2 root root 4096 Aug 27 16:22 fonts
-rwx--. 1 root root 6597 Aug 27 21:33 grub.cfg
-rwx--. 1 root root 1024 Aug 26 23:22 grubenv
-rwx--. 1 root root  1122120 Mar 17 07:24 grubx64.efi
-rwx--. 1 root root 19378672 Aug 26 20:29 
initramfs-3.10.0-1160.36.2.el7.x86_64.img
-rwx--. 1 root root  1154640 Aug  1  2020 mmx64.efi
-rwx--. 1 root root  1154640 Aug  1  2020 MokManager.efi
-rwx--. 1 root root  1243864 Aug  1  2020 shim.efi
-rwx--. 1 root root  1237824 Aug  1  2020 shimx64-centos.efi
-rwx--. 1 root root  1243864 Aug  1  2020 shimx64.efi
-rwx--. 1 root root  6777448 Aug 26 20:27 
vmlinuz-3.10.0-1160.36.2.el7.x86_64.efi

unfortunately grub2-mkconfig sets up the grub.cfg as for legacy boot 
because the /sys/firmware/efi does not exist, thanks to running from a 
legacy boot.


I tried a few manual edits to the grub.cfg to deal with linux16 -> 
linuxefi and initrd16 -> initrdefi but to little avail.


Can someone point me to what needs to happen for UEFI boot to work 
successfully.


I am unsure what file I need to point the UEFI bios disk manager setup 
at, I have tried shim.efi and shimx84-centos.efi


The message I get is that linux16 and initrd16 cannot find their files. 
The change to linuxefi and initrdefi also fail but the system reboot 
happens before I can see what flashes on screen.


Is a USB based UEFI booted rescue mode the only way I can fix this?

TIA for your pointers / suggestions.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cloning bridged VMs : VirtualBox vs. KVM

[Rob Kampen]

On 25/03/21 5:51 am, Nicolas Kovacs wrote:

Hi,

(tl;dr : how can I clone a KVM-based bridged virtual machine and force a
duplicate MAC address ?)

Up until recently I've been using VirtualBox on my workstation to test various
local setups. Usually I would setup a basic CentOS installation, and whenever I
wanted to fiddle around, I would just clone that system and play around with
it. So whenever I shot myself in the foot on that VM, I would simply erase it
and start over again with a new clone. Think of it as a disposable VM.

All my VMs under VirtualBox used bridged mode, so they were in the same
network. And in my local proxy server, I have Dnsmasq that assigns static IP
addresses and meaningful hostnames to these VMs. Here's what the corresponding
lines in dnsmasq.conf look like:

dhcp-host=08:00:27:00:00:01,suse-lp151,192.168.2.10
dhcp-host=08:00:27:00:00:02,suse-lp152,192.168.2.11
dhcp-host=08:00:27:00:00:03,ce7-server,192.168.2.12
dhcp-host=08:00:27:00:00:04,ce8-server,192.168.2.13
dhcp-host=08:00:27:00:00:05,ol7-server,192.168.2.14
dhcp-host=08:00:27:00:00:06,ol8-server,192.168.2.15
dhcp-host=08:00:27:00:00:07,rh7-server,192.168.2.16
dhcp-host=08:00:27:00:00:08,rh8-server,192.168.2.17


this appears to have 8 different mac addresses and then assigned 8 
individual IP addresses - that would appear desireable and correct.


Why do you want the same mac? what are you trying to achieve?

Feel like I'm missing something



Over the last two weeks, I decided to migrate from VirtualBox to KVM even for
local configurations and virtualized desktop configurations. So far, everything
works nice... except one problem I can't seem to solve (yet).

I'm using KVM in bridged mode, over a br0 bridge on my workstation. Like with
VirtualBox, all my KVM virtual machines are part of my local 192.168.2.0/24
network.

Unfortunately there is no way to simply make a perfect clone of a virtual
machine using virt-manager. It insists on assigning my cloned VM a different
MAC address. And whenever I want to manually create a NIC with the same MAC
address as the original, Virtual Machine Manager tells me I can't do that. Same
player shoot again.

Now I know that is normally a good thing. You don't want MAC address conflicts
in your network. But here's the thing: I don't intend to fire up both copies at
once. As with VirtualBox, I only intend to use one VM at a time, for testing
purposes. Now how can I "explain" this to Virtual Machine Manager without
having to jump through burning loops ?

Cheers,

Niki


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba config question

[Rob Kampen]

On 16/03/21 4:24 pm, Robert G. (Doc) Savage via CentOS wrote:

After setting up /etc/samba/smb.conf and running "testparm" in CentOS
7.9.2011, I have noticed that the list of parameters echoed back for
the [global] section do not match those in the smb.conf file. Is this
normal?

[global] in /etc/samba/smb.conf:
unix charset = UTF-8
dos charset = CP932
vfs objs = acl_xattr
map acl inherit = yes
store dos attributes = yes
printing = cups
printcap = cups
load printers = yes
# Network related options
workgroup = WORKGROUP
server string = Samba Server Version %v
netbios name = SERVER01
interfaces = lo eth0 192.168.1.0/24
hosts allow = 127. 192.168.1.
# Logging options
log file = /var/log/samba/log.%m
max log size = 50
# Standalone Server Options
security = user
passdb backend = tdbsam
map to guest = Bad User
# Name Resolution
wins support = yes
dns proxy = yes
# Printing options
load printers = yes
cups options = raw
# Filesystem options
map archive = no
map hidden = no
map read only = no
map system = no
store dos attributes = yes

When I subsequently run "testparm", I get a shorter and in some cases

different list:

[global] in "testparm" output:
dos charset = CP932
interfaces = lo eth0 192.168.1.0/24
log file = /var/log/samba/log.%m
map to guest = Bad User
max log size = 50
printcap name = cups
security = USER
server string = Samba Server Version %v
wins support = Yes
idmap config * : backend = tdb
cups options = raw
hosts allow = 127. 192.168.1
map acl inherit = Yes
map archive = No
vfs objects = acl_xattr

Is this normal behavior for Samba? I am particularly concerned about
workgroup = WORKGROUP missing in the "testparm" output.

Is it that testparm just outputs the non default values?

V/R

--Doc Savage
     Fairview Heights, IL

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-dvd-2009.iso is too big for DVD blanks

[Rob Kampen]

On 16/03/21 9:25 am, Lamar Owen wrote:

On 3/15/21 8:51 AM, Stephen John Smoogen wrote:
Exactly that. Upstream Fedora and RHEL went to require dual density 
around

Fedora 18, RHEL-7 because the amount of data was too much.
Well, what's odd is that the actual upstream RHEL 7.9 DVD WILL fit on 
a single-layer DVD.  Just burned one.
I seem to recall that RHEL and CentOS bundle their products differently 
- hence RHEL has bits divided into other groups, whereas CentOS combines 
them 


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Password manager for the command line ?

[Rob Kampen]

On 23/11/20 10:52 pm, Sebastien Féminier via CentOS wrote:

Hi Niki ,

I use "pass" to manage my password , it's based on gnuPG , you can find
more info on the web site  => https://www.passwordstore.org/ .
For sync you can use Git .

Seb.

+1 -works well and can be used via ssh link as well if set up properly.


Le Mon, Nov 23, 2020 at 09:24:18AM +0100, Nicolas Kovacs a écrit :

Hi,

On my workstation and my laptop I'm using KeePassXC to store login credentials
for my websites. The database is stored in my OwnCloud share, so it's
synchronized between my two computers.

Ideally I'd like to have something similar for my servers, but command-line
driven. I know these tools exist but I haven't tested them yet. What I have in
mind is a command-line password manager that stores the database in an
encrypted database - like KeePassXC - and then I could eventually store this
file in a private Gitlab repo to centralize it and access it from all my 
servers.

Can you recommend any particular command line password manager ?

Any recommendations / caveats for this kind of setup ?

Cheers from the locked down South of France,

Niki

--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mail server troubles

[Rob Kampen]

On 9/10/20 11:08 am, Stephen John Smoogen wrote:

On Thu, 8 Oct 2020 at 17:50, Nicolas Kovacs  wrote:


Hi,

This is probably a bit OT, but here goes.

I've been running our local school's mail server since 2013, with mail
addresses for school staff and some teachers. The server is running CentOS
7
with Postfix and Dovecot, and it's a nice no-bullshit configuration with
SPF,
DKIM and DMARC.

The school sends quite a lot of email out to parents, and sometimes, mail
gets
rejected:

--8<
: host smtp-in.orange.fr[193.252.22.65] said: 550
5.2.0
 Mail rejete. Mail rejected. ofr_506 [506] (in reply to end of DATA
command)

: host smtp-in.orange.fr[193.252.22.65] said: 550
5.2.0
 Mail rejete. Mail rejected. ofr_506 [506] (in reply to end of DATA
command)
--8<

This happens randomly with the usual suspects among crappy mail providers
like
Orange, Hotmail/Live, Yahoo and the rest.



So wanadoo and orange seem to send a ofr_506 because the scanned mail was
found to be SPAM. This is independent of DKIM, SPF, DMARC but from them
scanning the email in the DATA and saying nope. Usually that is because too
many people complained about a set of email and the weight of email with
that content is getting blocked. I don't know if the school moving to
another provider will fix that as this isn't because of the IP it was sent
from (they block before the DATA is sent in that case). [My guess is that
someone wants to move to something else and is using this as the Casus
Belli to do so. ]

I don't really have a suggestion or solution to either problem..

If this reject is due to their spam filtering process, it is actually 
the email author's problem - how they make up their sentences, key words 
etc. and thus the problem will travel with them, to whatever email 
provider they choose.


Suggest they get educated in how to write an appropriate email that 
doesn't raise alarms, or they could use mailchimp (e.g. only) for their 
large group emails.


Just a final thought - are the email address headers containing multiple 
email addresses? this too can trigger blocking by some providers.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP vs. Brother Printers: Use with Centos/Fedora

[Rob Kampen]

On 28/06/20 9:44 am, Frank Cox wrote:

On Sat, 27 Jun 2020 17:33:39 -0400
Jay Hart wrote:


If you had to rate which printer brand works better with Linux (Fedora and
Centos), what would it be?

Any Brother printer that I've ever had the misfortune to have to deal with 
either didn't work at all or if could be made to work, it didn't work for long.

If it's a Brother, run away as fast as you can.  They're the cheapest crappiest 
thing you can possibly imagine.

My wife makes quilts and says the same thing about Brother sewing machines.

Cannot comment on sewing machines, however I always head to brother for 
laser printers. I don't do inkjet ever, as the cost per page doesn't fit 
my use case and dried out ink cartridges drive me nuts.


Great thing about brother is they really support linux! yes you do need 
to visit their web site but they offer drivers and they seem to provide 
access to all the printer's features.


Only gotcha I've had is trying to use alternative toner cartridges - 
that really didn't go well at all, got brother product and it was good 
as new - go figure.


HTH

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [SOLVED] fail2ban firewalld problems with current CentOS 7

[Rob Kampen]

On 17/04/20 10:55 pm, Leon Fauster via CentOS wrote:

Am 17.04.20 um 02:59 schrieb Rob Kampen:

On 13/04/20 1:30 pm, Orion Poplawski wrote:

On 4/9/20 6:31 AM, Andreas Haumer wrote:
...

I'm neither a fail2ban nor a SELinux expert, but it seems the
standard fail2ban SELinux policy as provided by CentOS 7 is not
sufficient anymore and the recent updates did not correctly
update the required SELinux policies.

I could report this as bug, but where does such a bugreport belong to
in the first place?

- andreas




See https://bugzilla.redhat.com/show_bug.cgi?id=1777562
We're a bit stalled at the moment I'm afradi

Finally had some time to look into this. Happy to say fail2ban now 
appears to be working.


1. I found that reading the CentOS web site about SElinux was helpful 
and this led me to issue the following:


semanage permissive -a fail2ban_t

this places just fail2ban requests (got the context from the scontext 
part of the SElinux error message) into permissive mode rather than 
the entire OS.


2. Then a look into the SElinux troubleshooter gave me the errors 
that were occurring and following the suggested instructions I 
created a my-f2bfsshd.pp & my-f2bfsshd.te


3. restarted fail2ban via systemctl restart fail2ban.service

4. monitored via fail2ban-client status  and now get

Status for the jail: sshd
|- Filter
|  |- Currently failed:    0
|  |- Total failed:    109
|  `- Journal matches:    _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
    |- Currently banned:    3
    |- Total banned:    6
    `- Banned IP list:    27.78.14.83 116.105.216.179 139.99.71.227

5. set fail2ban back into enforcing with

semanage permissive -d fail2ban_t

All solved for me.

I have now done this on a second machine and it too seems to be 
functioning again.




Great that there is a solution.
I am just curious; how does your my-f2bfsshd.te looks like?

module my-f2bfsshd 1.0;

require {
    type proc_net_t;
    type sysctl_net_t;
    type sysfs_t;
    type fail2ban_t;
    class dir search;
    class file { getattr open read };
}

#= fail2ban_t ==
allow fail2ban_t proc_net_t:file read;
allow fail2ban_t sysctl_net_t:dir search;
allow fail2ban_t sysctl_net_t:file { getattr open read };
allow fail2ban_t sysfs_t:file { getattr open read };



--
Leon


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [SOLVED] fail2ban firewalld problems with current CentOS 7

[Rob Kampen]

On 13/04/20 1:30 pm, Orion Poplawski wrote:

On 4/9/20 6:31 AM, Andreas Haumer wrote:
...

I'm neither a fail2ban nor a SELinux expert, but it seems the
standard fail2ban SELinux policy as provided by CentOS 7 is not
sufficient anymore and the recent updates did not correctly
update the required SELinux policies.

I could report this as bug, but where does such a bugreport belong to
in the first place?

- andreas




See https://bugzilla.redhat.com/show_bug.cgi?id=1777562
We're a bit stalled at the moment I'm afradi

Finally had some time to look into this. Happy to say fail2ban now 
appears to be working.


1. I found that reading the CentOS web site about SElinux was helpful 
and this led me to issue the following:


semanage permissive -a fail2ban_t

this places just fail2ban requests (got the context from the scontext 
part of the SElinux error message) into permissive mode rather than the 
entire OS.


2. Then a look into the SElinux troubleshooter gave me the errors that 
were occurring and following the suggested instructions I created a 
my-f2bfsshd.pp & my-f2bfsshd.te


3. restarted fail2ban via systemctl restart fail2ban.service

4. monitored via fail2ban-client status  and now get

Status for the jail: sshd
|- Filter
|  |- Currently failed:    0
|  |- Total failed:    109
|  `- Journal matches:    _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned:    3
   |- Total banned:    6
   `- Banned IP list:    27.78.14.83 116.105.216.179 139.99.71.227

5. set fail2ban back into enforcing with

semanage permissive -d fail2ban_t

All solved for me.

I have now done this on a second machine and it too seems to be 
functioning again.


HTH

Rob


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Zoom?

[Rob Kampen]

On 10/04/20 8:08 am, MAILIST wrote:

I'm on Ubuntu and, no, it doesn't work.

I installed it the standard way on Zorin 15 (based on Ubuntu 18), and it
worked well.

Todd Merriman
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Just went to zoom this morning for my CentOS7 laptop, downloaded their 
rpm and did a localinstall and all worked just fine.


https://support.zoom.us/hc/en-us/articles/204206269-Installing-Zoom-on-Linux

HTH


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fail2ban firewalld problems with current CentOS 7

[Rob Kampen]

On 9/04/20 7:48 pm, Andreas Haumer wrote:

Hi!

I have a server running CentOS 7.7 (1908) with all current patches installed.
I think this server should be a quite standard installation with no specialities

On this server I have fail2ban with an apache and openvpn configuration.
I'm using firewalld to manage the firewall rules.

Fail2an is configured to use firewalld:



The firewalld errors start exactly after the updates were installed.
Does anyone else see similar problems since the last updates?

I googled and found some older postings, but nothing matching the
problems I see exactly.

I have other CentOS 7 servers with fail2ban and firewalld which
should be updated soon, but before I do this I first want to solve
this issue.

Any idea?
I too had fail2ban fail after an otherwise successful yum update. Mine 
occurred in Feb when my versions of firewalld etc were updated to the 
versions you show. Thus far I have not had the opportunity to sort the 
problem. Lockdown has been quite busy so far, hopefully some slower 
times coming next week.


Thanks!

- andreas


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Keyboard backlight fails with recent kernels

[Rob Kampen]

I do not use my laptop often, normally my better half has possession and 
use of it.


It is a late 2011 ASUS ROG G73S which performs very well.

The keyboard backlight was an issue initially under CentOS6, but the 
kind folks at elrepo found the missing bits in a more recent kernel and 
created a package to add them to the older CentOS6 kernel.


An upgrade to CentOS7 went without a hitch and the keyboard lighting has 
worked fine.


Recently I sat infront of the machine and couldn't see the keys - no 
backlight.


A number of reboots later I have found that the latest kernel that I 
have on the machine, that works okay is 3.10.0-862.14.4.el7.x86_64


3.10.0-957.21.2.el7 and 3.10.0-957.27.2.el7 both fail to load/activate 
the driver for the keyboard.


Would someone with the requisite knowledge please advise what I need to do.

Is this a case for using the CentOSplus kernel or do I need to find and 
load a driver or two? or do I need to request the elrepo folk to make a 
suitable package.


Thanks
Rob

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mate on Centos 7

[Rob Kampen]

On 19/07/19 11:06 PM, James Pearson wrote:

isdtor wrote:

Can I really be the only user of Mate on Centos 7??

No, definitely not. I use MATE on C7, because Gnome is, how do I
say this politely..., um, horrible. Not a KDE fan either.

Gnome-2.x wasn't broken, didn't need to be thrown away and replaced
by something completely different.

Not broken, but full of bugs that will never get fixed.


I keep seeing posts about alternative desktops - great, just another of 
the things that make linux the OS of choice - you have choice; even 
about which desktop management system you wish to use.


I have not tried mate for a number of years, it was quite simple and 
basic to use, but also lacked some of the polish we see in the market 
place, I have tried KDE and usually just use gnome, at whatever 
iteration RH and CentOS put out. KDE out of the box a year or so ago 
caused me some major grief to do with files and indexes and loosing disk 
space, so I walked away. Gnome has not been kind to developers like 
myself, and those trying to do real work with their work-stations - 
things that once were easy have become more difficult, however I have 
found solutions to most of the problems the later releases have introduced.


Why bring this up? Well I guess I agree with some of the sentiment 
expressed often by a regular group of list contributors, but I also find 
it going stale.


Change in the IT world is a constant. Not all of it is progress, in the 
sense of getting closer to a particular goal. However, it must be 
recognised that there are many, many different goals out there, and many 
of those will not be convergent, thus some gain, others loose.


So at the end of the day, we make our choice, and live with the 
consequences. I am looking forward to spinning up CentOS 8 in the next 
month or two and seeing what that works like for my particular mix of 
tasks. It seems RH has chosen to support gnome desktop, thus for better 
or worse, that's where I'll go too. CentOS has far too many other 
benefits for me to go elsewhere.


HUGE thanks to all the CentOS team and those that offer their experience 
to help and assist others - it makes my computing world function more or 
less reliably and deterministically, and all under my ability to observe 
and use.


Thanks for reading, please forgive my slightly off topic rant.

Rob


I did a while back rebuild the EPEL rpms for 1.20. There are spec
files I could make available but I can't find the build environemnt
setup now. It involves mock, a custom local repo to receive the fresh
builds as you don't want to pull in the rpms from EPEL, and a build
script that defines the order, among other things. If I have time
next week I can try and locate everything.

If Mate won't be (or may not be?) supported by EPEL, has anyone looked
at similar alternatives?

I came across 'Cinnamon' (which is available from EPEL) - does anyone
have experience of Cinnamon (good/bad/otherwise) ?

Thanks

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Server fails to boot

[Rob Kampen]

On 14/07/19 10:15 AM, Gordon Messmer wrote:

On 7/8/19 4:28 AM, Rob Kampen wrote:
Warning: /dev/disk/by-id/md-uuid-::: 
does not exist 



https://bugzilla.redhat.com/show_bug.cgi?id=1451660

It sounds like your kernels aren't assembling the RAID device on boot, 
which *might* be related to the above bug if one of the devices is 
broken.  It's hard to tell from your description.  You mentioned that 
the rescue kernel boots, but I wonder if the array is degraded at that 
point.


I agree, it sounds like the initramfs kernel is not assembling the raid1 
devices (/,/boot,swap) or certainly not setting the links /dev/md/root 
/dev/md/boot and /dev/md/swap which then cause dracut to fail.


I have no idea why the rescue kernel boots just fine, although it does 
not establish the above links either, rather it sets up the links 
/dev/md/:{boot,root,swap} pointing to the assembled /dev/md125 
etc.


My particular problem is: how do I get it to boot the later kernels? 
What should be my repair process?


I have tried a boot with the rhgb and quiet removed and got no 
additional information.


BTW once booted cat /proc/mdstat gives:

Personalities : [raid1]
md57 : active raid1 sdb7[1] sda7[0]
  554533696 blocks super 1.2 [2/2] [UU]

md99 : active raid1 sdd[1] sdc[0]
  976631360 blocks super 1.2 [2/2] [UU]

md121 : active raid1 sdb2[1] sda2[0]
  153500992 blocks [2/2] [UU]

md120 : active raid1 sda3[0] sdb3[1]
  263907712 blocks [2/2] [UU]

md125 : active raid1 sde1[0] sdf1[1]
  478813184 blocks super 1.2 [2/2] [UU]
  bitmap: 3/4 pages [12KB], 65536KB chunk

md126 : active raid1 sde2[0] sdf2[1]
  1046528 blocks super 1.2 [2/2] [UU]
  bitmap: 0/1 pages [0KB], 65536KB chunk

md127 : active (auto-read-only) raid1 sde3[0] sdf3[1]
  8382464 blocks super 1.2 [2/2] [UU]

unused devices: 

no degraded raid devices .


Otherwise, you might remove "rhgb" and "quiet" from the kernel boot 
parameters and see if there's any useful information printed to the 
console while booting a recent kernel.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Server fails to boot

[Rob Kampen]

First some history. This is an Intel MB and processor some 6 years old, 
initially running CentOS 6. It has 4 x 1TB sata drives set up in two 
mdraid 1 mirrors. It has performed really well in a rural setting with 
frequent power cuts which the UPS has dealt with and auto shuts down the 
server after a few minutes and then auto restarts when power is restored.


The clients needed a Windoze server for a proprietary accounting package 
they use, thus I have recently installed two SSD drives (500GB each) 
also in a raid 1 mirror and installed CentOS 7 as the host and also 
VirtualBox running Windoze 10. The hard drives continue to hold their 
data files.


This appeared to work just fine until a few days ago. After a power cut 
the server would not reboot.


It takes a while to get in front of the machine, add a monitor, keyboard 
and mouse only to find:


Warning: /dev/disk/by-id/md-uuid-::: 
does not exist


repeated three times - one for each of the /, /boot, and swap raid 
member sets along with a


Warning: /dev/disk/by-uuid/::: does not 
exist


for the /dev/md125 which is the actual raid 1 / device.

The system is in a root shell of some sort as it has not made the 
transition from initramfs to the mdraid root drive.


there are some other lines of info and a txt file with hundreds of lines 
of boot info, ending with the above info (as I recall).


I tried a reboot - same result, rebooted and tried an earlier kernel - 
same result, tried a reboot to the recovery kernel and all went well. 
System comes up, all raids sets are up and in sync - no errors.


So, no apparent H/W issues, no mdraid issues apparently, but none of the 
regular kernels will now boot.


a blkid shows all the expected mdraid devices with the uuids from the 
error message all in place as expected.


I did a yum reinstall of the most recent kernel as I thought that may 
repair any /boot file system problems - particularly initramfs, but no 
difference, will not boot, same exact error messages.


Thus I now have it running on the recovery kernel, with all the required 
server functions being performed, albeit on an out of date kernel.


Google has one solved problem similar to mine but the solution was 
change the BIOS from AHCI to IDE - that does not seem correct as I have 
not changed BIOS, although I have not checked it at this time.


Another solution talks about a race condition and the md raid not being 
ready when required during the boot process and thus to add delay in the 
kernel boot line in grub2. Although no one indicated this actually worked.


Another proposed solution is to mount the failed devices from a recovery 
boot and rebuild initramfs. Before I do this I would like to ask those 
that know a little more about the boot process, what is going wrong? I 
can believe the most recent initramfs being a problem, but all three 
other kernels too?? Yet the recovery kernel works just fine.


As the system is remote, I would like some understanding of what's up 
before I do any changes - if a reboot occurs and fails, it will mean 
another trip.


Oh, one other thing, it seems the UPS is not working correctly, thus it 
may not have shut down cleanly. Working to replace batteries in the UPS.


TIA for your insight.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] raid 5 install

[Rob Kampen]

On 29/06/19 2:46 AM, Blake Hudson wrote:


Nikos Gatsis - Qbit wrote on 6/27/2019 8:36 AM:

Hello list.

The next days we are going to install Centos 7 on a new server, with 
4*3Tb sata hdd as raid-5. We will use the graphical interface to 
install and set up raid.


Do I have to consider anything before installation, because the disks 
are very large?


Does the graphical use the parted to set/format the raid?



Hi Nikos, I've read the other posts in this thread and wanted to 
provide my perspective. I've used Linux RAID at various times over the 
past 10-20 years with both desktop and server class hardware. I've 
also used hardware RAID controllers from 3ware, Adaptec, LSI, AMI, and 
others with IDE, SATA, SAS, and SCSI drives. The goal of RAID 1 and 
above is to increase availability. Unfortunately, I've never had Linux 
software RAID improve availability - it has only decreased 
availability for me. This has been due to a combination of hardware 
and software issues that are are generally handled well by HW RAID 
controllers, but are often handled poorly or unpredictably by desktop 
oriented hardware and Linux software.


Sorry for your poor experience. I have used and achieved much improved 
availability by using Linux Software RAID - most often I use RAID 1 and 
had disks fail with no impact to the client other than slightly reduced 
response times (in fact they were totally unaware that a drive had 
failed, until I told them). Replaced the faulty drive (done by a local 
person who barely knew how to use a screw driver), resynchronized and 
all is well - zero data lost. It was a hot swap bay and thus the server 
did not even have to be powered down - zero customer noticed impact - 
100% availability.


Given that Linux software RAID does not achieve the goal of RAID 
(improved availability), my recommendation would be to avoid it. If 
you are looking for a backup mechanism, RAID is not it (use a backup 
program instead). If you do need high availability, my recommendation 
is to purchase an LSI based RAID controller. If you plan to use RAID 
5, make sure the model you choose has a write cache (this could double 
the cost of the controller). Used IBM, HP, or Dell RAID controllers 
are available for a reasonable price or you can purchase a new one 
from Newegg or wherever. SAS RAID controllers will work with either 
SAS or SATA drives and you can purchase the appropriate breakout 
cables for connecting the controller to individual drives. Since 
you're planning on using 3TB+ drives that are likely 4k native sector, 
I'd recommend a newer model controller like the Dell PERC H730 (LSI 
MegaRAID SAS 9361-8i) for RAID5/6 or a PERC H330 (LSI MegaRAID SAS 
9341-8i) for RAID 0/1/10.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Alternitives to Firefox...

[Rob Kampen]

On 27/06/19 7:58 AM, Robert Heller wrote:

OK, I recently ugraded to the current ESR release of Firefox for CentOS 6.
And I am having problems with the user interface (basically it has become hard
[for me] to use).

What alternitives are there?  (Chrome and Chromium are not possible with
CentOS, and Chrome and Chromium are actually worse).

I have been using Vivaldi for about 6 months now on my C7 workstation, 
ever since FF dropped the ball on an update and lost all my saved 
passwords. I only have the browser store passwords for non-important 
sites, but there were dozens of them, and I DO NOT back them up onto the 
cloud to be accessible to the great un-washed.


Vivaldi is not as media player friendly i.e. for video content, but to 
be fair I haven't spent much time trying to sort that out.


I find it has some nice tools for my development work / testing, however 
also some bugs as on occasion it will not open a link when I double 
click it in say an email - Vivaldi is set as the default browser. A stop 
and start of the browser sorts that problem. I typically keep my browser 
open for weeks, or until this fault causes too much frustration. It 
remembers all my open tabs so the restart is fairly painless.


HTH

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox esr repackage

[Rob Kampen]

On 11/05/19 2:05 AM, Simon Matter via CentOS wrote:

Am 10.05.2019 um 11:12 schrieb Nux! :

I maintain a desktop oriented repo for CentOS and last I checked a year
or so ago, I got over 150k+ unique IPs with yum user agent downloading
stuff from it.

It's a bit anecdotal as perhaps not all are actual desktop users and
some users were using multiple IPs (dhcp), but it shows there are quite
a few users out there running CentOS for desktop purposes.

There are desktop focused distros out there who do not even reach this
kind of numbers. How many active users do you think Mageia or Linux Mint
have?


We are moving our workstations from OSX to EL8 right now. We think its
time to
couple our activities more tight to the new technologies that come with
EL8 ...
otherwise the user keeps brain-splitted :-)

Don't get me wrong. At work we are running 99% of all desktop activity on
RHEL/CentOS for much more than a decade.

That's why I'm wondering why such a Firefox breakage has such a low
priority for upstream. Our users are used to Firefox with several add-ons
like uBlock and others. Suddenly having to run it without them is quite a
mess and asks for an immediate fix.


I have used CentOS 6 and 7 as workstation core along with EPEL, elrepo 
and nux ever since v6 was released. It has just got better and better. 
Then we have the likes of gnome and firefox, seeming to think of others 
rather than the hard core users that have consistently worked to 
streamline work flows in the real paying world. They are making huge 
changes, motivated by  and in the process sacrificing work flow and 
efficiency as they pursue other goals.


BTW, dropped firefox some months ago when one of the updates trashed my 
stored passwords - using vivaldi now, not quite as internet savy as ff 
or chrome when it comes to video playing but otherwise interesting and 
useful.


just my 2p worth.


That's what I'm wondering about.

Regards,
Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] PHP 7.x on CentOS 7 : which solution ?

[Rob Kampen]

On 15/03/19 8:51 PM, Nicolas Kovacs wrote:

Hi,

As you all know, CentOS 7 is shipping PHP 5.4, which is OK in some
situations. Unfortunately, some applications like OwnCloud require a
more recent version of PHP.

Up until recently, I've been using PHP 5.6 packages from the Webtatic
repository. Despite the bad press this third party repo seems to have,
it has been working perfectly for me for a few years. Here's the PHP 5.6
packages I have on an OwnCloud server:

$ rpm -qa | grep php
php56w-devel-5.6.40-1.w7.x86_64
php56w-pdo-5.6.40-1.w7.x86_64
php56w-gd-5.6.40-1.w7.x86_64
php56w-mysql-5.6.40-1.w7.x86_64
php56w-process-5.6.40-1.w7.x86_64
php56w-pear-1.10.4-1.w7.noarch
php56w-common-5.6.40-1.w7.x86_64
php56w-xml-5.6.40-1.w7.x86_64
php56w-pecl-redis-3.1.6-1.w7.x86_64
php56w-cli-5.6.40-1.w7.x86_64
php56w-mcrypt-5.6.40-1.w7.x86_64
php56w-mbstring-5.6.40-1.w7.x86_64
php56w-pecl-igbinary-2.0.5-1.w7.x86_64
php56w-pecl-apcu-4.0.11-2.w7.x86_64
php56w-intl-5.6.40-1.w7.x86_64
php56w-5.6.40-1.w7.x86_64
php56w-soap-5.6.40-1.w7.x86_64

Now I'll have to upgrade these to some version of PHP 7. So I googled
"php 7 centos 7" and found quite a wealth of - sometimes contradictory -
information.

1. The "recommended" way of doing things seems to be the Red Hat
Software Collections. Correct me if I'm wrong. I wonder if this way of
doing things will enable me to get all the PHP modules listed above.

2. The use of Webtatic seems to be frowned upon. I still have to figure
out why, since this repository has always worked perfectly for me.

3. Then there's another repository managed by Remi Collet. Any thoughts
on that?

And then there's also the question : which version of PHP 7 should I
choose ? On my servers, I'm mainly hosting WordPress, Dolibarr and
OwnCloud.

Any suggestions ? I'm no lamer for doing a bit of RTFM, so a pointer to
documentation will do. The problem is not so much that there is no
information on the subject. It's rather : there's too much. As we say in
France : I'm confused about which saint to send my prayers to. :o)


Hi Niki,

I have been using the Remi Collet versions 7.0, 7.1 and 7.2 on a few 
servers that need later php versions. They seem to work as advertised, 
they have many supporting php libraries - not sure if they include all 
the ones you specify.


Currently using their 7.2.15 with no issues on CentOS 7.6 with selinux 
enabled and enforcing.


I use codeigniter v 3.1.10 and bonfire v 0.84 (my own updated version to 
use the latest codeigniter) plus a few other related systems: bootstrap 
4.2.1, jquery 3.3.1 for my web development with this php version.


php 7.3 is bleeding edge in my view - only released 12/2018 so I'll wait 
a bit before going there as production needs some stability.


HTH
Rob


Cheers,

Niki

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question about updates

[Rob Kampen]

On 16/02/19 6:59 PM, Ralf Prengel wrote:

Hallo,
as a beginner using centos I‘ve a question about updates.
What it the right repo for getting all security and other updates?
http://mirror.eu.oneandone.net/linux/distributions/centos/7.6.1810/updates/
for example?


If you have installed CentOS 7 it should have everything in place for 
regular updates.


You simply need to invoke "sudo yum update" on a regular basis to ensure 
all the available updates are installed. Yum and rpm take care of 
sorting out where to check and apply updates from.


HTH.



Thanks
Ralf


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /boot partition running out of space randomly. Please help!

[Rob Kampen]

On 13/02/19 2:05 PM, Sean Son wrote:

Hello all

First off, I am running Oracle Linux 7.6 on a Hyper-V 2016 VM for a
customer. I know this is not an Oracle Linux mailling list, but because
Oracle Linux and CentOS are so similar, to an extent, I figured why not ask
on here because someone MIGHT know the answer.. Here is the issue.  I have
a 600MB /boot partition allocated on a UEFI system. The /boot/efi partition
is on a separate EFI partition.  Recently, I noticed that this system has
been crashing every few minutes and when I checked the disk space, I
noticed that the /boot partition has zero free space available.  I removed
all of the old kernels and left the running kernel in place, in hopes that
will free up some space. It freed up about 50MB or so, but  then the system
would crash again. After I would reboot the VM to bring the system back up,
I ran a df -h /boot, and the results were reporting ZERO disk space again
for the /boot partition.. It makes absolutely no sense how a partition
which is generally static UNLESS you move something into it, is running out
of space after space has been manually freed up in the partition! What
boggles me even more is that when I do an ls -lh /boot, the file systems do
not add up to 600M (well 594M) at all.  See below:

df -h
Filesystem Size  Used Avail Use% Mounted on
devtmpfs   2.8G 0  2.8G   0% /dev
tmpfs  2.8G 0  2.8G   0% /dev/shm
tmpfs  2.8G  8.5M  2.8G   1% /run
tmpfs  2.8G 0  2.8G   0% /sys/fs/cgroup
/dev/mapper/VolGroup00-LogVolRoot   30G   19G   12G  63% /
/dev/sda2  594M  594M 0 100% /boot
/dev/sda1  238M  9.7M  229M   5% /boot/efi
/dev/mapper/VolGroup00-LogVolHome  3.3G  415M  2.9G  13% /home
tmpfs  565M 0  565M   0% /run/user/54321
tmpfs  565M 0  565M   0% /run/user/1000

]$ ls -lh /boot
total 92M
-rw-r--r--  1 root root 179K Dec 12 22:52
config-4.14.35-1844.0.7.el7uek.x86_64
drwx--  3 root root  16K Dec 31  1969 efi
drwx--. 2 root root   21 Feb  8 15:55 grub2
-rw---. 1 root root  54M Aug 28 12:31
initramfs-0-rescue-0287c4db206d4a9abe14f750b9091a01.img
-rw---  1 root root  22M Dec 21 17:24
initramfs-4.14.35-1844.0.7.el7uek.x86_64.img
-rw-r--r--  1 root root 329K Dec 12 22:52
symvers-4.14.35-1844.0.7.el7uek.x86_64.gz
-rw-r--r--  1 root root 3.6M Dec 12 22:52
System.map-4.14.35-1844.0.7.el7uek.x86_64
-rwxr-xr-x. 1 root root 6.1M Aug 28 12:31
vmlinuz-0-rescue-0287c4db206d4a9abe14f750b9091a01
-rwxr-xr-x  1 root root 7.2M Dec 12 22:52
vmlinuz-4.14.35-1844.0.7.el7uek.x86_64

I have no idea what is going on here and why the space keeps filling up and
the VM crashing!  ANY and all help will be greatly appreciated! Thanks!

I am running the following kernel:
4.14.35-1844.0.7.el7uek.x86_64
My stab in the dark is that the system is trying to write a crash / 
rescue image and there is not enough space. du --max-depth 1 is useful too.


Thanks!

Sean S.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Latest kernel crashes X and gnome

[Rob Kampen]

On 9/02/19 5:57 PM, Rob Kampen wrote:

Hi,

Anyone else having problems with kernel 3.10.0-957.5.1.el7.x86_64?

After my yum update today a reboot hung. A quick look at the 
Xorg.0.log shows two of my graphics cards appear to be working okay 
but the third one (I have two nvidia cards with a monitor each and 
then use the inbuilt intel one for the third monitor) gives:




[    14.246] (II) Loading sub module "fb"
[    14.246] (II) LoadModule: "fb"
[    14.247] (II) Loading /usr/lib64/xorg/modules/libfb.so
[    14.247] (II) Module fb: vendor="X.Org Foundation"
[    14.247]     compiled for 1.20.1, module version = 1.0.0
[    14.247]     ABI class: X.Org ANSI C Emulation, version 0.4
[    14.247] (II) UnloadModule: "vesa"
[    14.247] (II) Unloading vesa
[    14.247] (EE) modeset(G0): drmSetMaster failed: Invalid argument
[    14.247] (EE)
Fatal server error:
[    14.247] (EE) AddScreen/ScreenInit failed for gpu driver 0 -1
[    14.247] (EE)
[    14.247] (EE)
Please consult the The X.Org Foundation support
     at http://wiki.x.org
 for help.
[    14.247] (EE) Please also check the log file at 
"/var/log/Xorg.0.log" for additional information.

[    14.247] (EE)
[    14.257] (EE) Server terminated with error (1). Closing log file.


So a reboot to kernel 3.10.0-957.1.3.el7.x86_64 and all is well.

First step was to change the EFI bios and disable the onboard video - 
once this was done I rebooted and the two nvidia cards (nouveau driver) 
came up just fine and I am writing this from the now working system.


Problem is - I want to have my third monitor work as previously. What 
steps should I take to determine the problem. I checked RH reported 
faults for this kernel and someone had a xorg problem but in their case 
it was nouveau not booting - the suggested step of adding 
nouveau.modeset=0 to the boot was tried but as expected made no 
difference to my situation. It is my onboard intel that appears to have 
a driver that needs or received an invalid argument.


Any help appreciated


I note that the update also updated :

    Updated xorg-x11-drv-ati-18.0.1-1.el7.x86_64 @base
    Update 18.1.0-1.el7_6.x86_64    @updates
    Updated xorg-x11-server-Xorg-1.20.1-5.1.el7.x86_64 @updates
    Update 1.20.1-5.2.el7_6.x86_64  @updates
    Updated xorg-x11-server-common-1.20.1-5.1.el7.x86_64 @updates
    Update 1.20.1-5.2.el7_6.x86_64    @updates

Before I start trying to solve this by myself, just wanted to see if 
anyone else has had issues.


TIA

Rob


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Latest kernel crashes X and gnome

[Rob Kampen]

Hi,

Anyone else having problems with kernel 3.10.0-957.5.1.el7.x86_64?

After my yum update today a reboot hung. A quick look at the Xorg.0.log 
shows two of my graphics cards appear to be working okay but the third 
one (I have two nvidia cards with a monitor each and then use the 
inbuilt intel one for the third monitor) gives:




[    14.246] (II) Loading sub module "fb"
[    14.246] (II) LoadModule: "fb"
[    14.247] (II) Loading /usr/lib64/xorg/modules/libfb.so
[    14.247] (II) Module fb: vendor="X.Org Foundation"
[    14.247]     compiled for 1.20.1, module version = 1.0.0
[    14.247]     ABI class: X.Org ANSI C Emulation, version 0.4
[    14.247] (II) UnloadModule: "vesa"
[    14.247] (II) Unloading vesa
[    14.247] (EE) modeset(G0): drmSetMaster failed: Invalid argument
[    14.247] (EE)
Fatal server error:
[    14.247] (EE) AddScreen/ScreenInit failed for gpu driver 0 -1
[    14.247] (EE)
[    14.247] (EE)
Please consult the The X.Org Foundation support
     at http://wiki.x.org
 for help.
[    14.247] (EE) Please also check the log file at 
"/var/log/Xorg.0.log" for additional information.

[    14.247] (EE)
[    14.257] (EE) Server terminated with error (1). Closing log file.


So a reboot to kernel 3.10.0-957.1.3.el7.x86_64 and all is well.

I note that the update also updated :

    Updated xorg-x11-drv-ati-18.0.1-1.el7.x86_64 @base
    Update 18.1.0-1.el7_6.x86_64    @updates
    Updated xorg-x11-server-Xorg-1.20.1-5.1.el7.x86_64 @updates
    Update 1.20.1-5.2.el7_6.x86_64  @updates
    Updated xorg-x11-server-common-1.20.1-5.1.el7.x86_64 @updates
    Update 1.20.1-5.2.el7_6.x86_64    @updates

Before I start trying to solve this by myself, just wanted to see if 
anyone else has had issues.


TIA

Rob


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] upgrading 7.5 ==> 7.6

[Rob Kampen]

On 21/12/18 5:21 PM, Fred Smith wrote:

On Wed, Dec 19, 2018 at 01:50:06PM -0500, Fred Smith wrote:

hI ALL!

There have been a large enough number of people posting here about difficulties 
when upgrading from 7. to 7.6 that I'm being somewhat paranoid about it.

I have several machines to upgrade, but so far the only one I've dared
to work on (least critical if it goes bad) is my new-to-me-but-used
laptop.

First I did a 'dd' backup of the whole drive onto an external USB drive
then did the upgrade. Since I use the Mate desktop, I enabled the
epel testing repo (per postings on Mate troubles at the time of the
upgrade).

Result: Boots to GDM just fine, but Mate is a black screen. Switching
to Gnome, works fine, but I can't stand Gnome.  Not knowing what else
to try I restored the dd backup.

Later I inserted a spare HD and did a new install from the DVD
media. This installed without issue, but now no desktop works.
Switching to a console (CTRL-ALT-F2) I did a full "yum update",
which installed quite a few packages, but upon reboot nothing had
improved. So I added the epel repo (and testing) and installed Mate.
Ditto, nothing had changed.

This laptop is fairly old, and according to lshw, has a RV635/M86
[Mobility Radeon HD 3650]I] video chipset, in case it matters.
CPU is identified as: Intel(R) Core(TM)2 Duo CPU T9400  @ 2.53GHz

Having previously installed 7.5 on it without trouble, on which Mate
works just fine, I wonder what could have become so broken that neither
an upgrade nor a fresh install works.

I have, as I said, several other machines to  upgrade, too, some of them
have Nvidia grahics (esp. my main desktop box, which also uses Linux
software RAID-1) and all run Mate. Then there is a netbook (low priority)
a couple of VMs (in virtualbox) and at work several other VMS as well as
bare-metal on a Lenovo deskside machine, and I'm afraid to do an update
on all of them because I need them to be in usable condition. The Lenovo
box in my office is somewhat urgent, as I am about to retire and turn
it over to someone else who doesn't know much about Linux.

I'd appreciate any advice I can get on how to get these systems upgraded
without breaking them.

thanks in advance for your help!

Fred

One more data point: After taking a dd backup of the HD in my Acer
Aspire One netbook (screaming 1.6 GHz Atom, dual core!!), I did the
7.5 to 7.6 update and it went perfectly fine, although it had 800
packages to update, so it was kinda slow.

Do any of you know if the various Nvidia issues, and problems upgrading
software RAID1 systems have reached resolution? I haven't seen postings
here regarding solutions for those problems, and knowing my luck, I would
hit both of 'em on my personal desktop.

Thanks in advance for any response!

Fred


I had major issues with two machines, both with nvidia cards. I found 
that the SL spin of CentOS 7 has fixes for the xorg problems. Akemi Yagi 
posted the solution which worked fine - it was just difficult to get the 
required files onto the broken device with no gui.





The only issue I've seen reported that sounds similar or possibly
related is:

https://bugzilla.redhat.com/show_bug.cgi?id=1650634

Yes, seems this is the laptop issue, will prove tomorrow.

There is a patch in that bug you might like to try.

Not too keen on this, would need to find a detailed howto as I have not
done any rebuilds for a number of years. I presume that RH will at some
point release a fix for this?


The submitter of RHBZ 1650634 is a developer of Scientific Linux. The
xorg packages in SL 7.6 have been published with the referenced patch
applied. If you so wish, you could install their packages.

ftp://linux1.fnal.gov/linux/scientific/7.6/x86_64/updates/security/

Note the "sl7" tag instead of "el7".

Akemi



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CR repo update disaster for my desktop.

[Rob Kampen]

⁣Sent from BlueMail ​

On 05 Dec 2018, 7:22 AM, at 7:22 AM, Phil Perry  wrote:
>On 04/12/2018 09:54, Rob Kampen wrote:
>> 
>> So in an effort to narrow down the problem I also have an old Samsung
>
>> laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I
>would 
>> try a more conservative upgrade approach.
>> 
>> first updated to the CR kernel with yum upgrade kernel*
>> 
>> then after successful reboot did an update to gdm* and gnome*
>> 
>> another reboot and all is well
>> 
>> then update of xorg* (only 20 files)
>> 
>> Now it will not boot - keyboard is non responsive so cannot even do a
>
>> Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this
>
>> machine for now and back to my main desktop workstation.
>> 
>
>The only issue I've seen reported that sounds similar or possibly 
>related is:
>
>https://bugzilla.redhat.com/show_bug.cgi?id=1650634
>
>There is a patch in that bug you might like to try.
>
>> No idea if this xorg problem relates to my original workstation - so
>on 
>> that machine I did a downgrade of xorg* - seemed to complete ok, but
>on 
>> reboot and login - still the same problem.
>> 
>> As the only clue in the logs is the libc segfault I did a downgrade
>of 
>> glibc - this too seemed to work but no change to the system - gnome 
>> crashes after 5 - 10 seconds.
>> 
>
>I'm guessing that probably hasn't helped matters
>
>> Wasted far too much time on this, no idea what to do now so I have
>done 
>> a fresh 7.5 install and all works again - just need to install all
>the 
>> additional stuff I use each day, but at least I have a desktop that 
>> functions.
>> 
>___
>CentOS mailing list
>CentOS@centos.org
>https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CR repo update disaster for my desktop.

[Rob Kampen]

On 5/12/18 7:21 AM, Phil Perry wrote:

On 04/12/2018 09:54, Rob Kampen wrote:


So in an effort to narrow down the problem I also have an old Samsung 
laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I 
would try a more conservative upgrade approach.


first updated to the CR kernel with yum upgrade kernel*

then after successful reboot did an update to gdm* and gnome*

another reboot and all is well

then update of xorg* (only 20 files)

Now it will not boot - keyboard is non responsive so cannot even do a 
Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this 
machine for now and back to my main desktop workstation.




The only issue I've seen reported that sounds similar or possibly 
related is:


https://bugzilla.redhat.com/show_bug.cgi?id=1650634

Yes, seems this is the laptop issue, will prove tomorrow.


There is a patch in that bug you might like to try.
Not too keen on this, would need to find a detailed howto as I have not 
done any rebuilds for a number of years. I presume that RH will at some 
point release a fix for this?


No idea if this xorg problem relates to my original workstation - so 
on that machine I did a downgrade of xorg* - seemed to complete ok, 
but on reboot and login - still the same problem.


As the only clue in the logs is the libc segfault I did a downgrade 
of glibc - this too seemed to work but no change to the system - 
gnome crashes after 5 - 10 seconds.




I'm guessing that probably hasn't helped matters

Wasted far too much time on this, no idea what to do now so I have 
done a fresh 7.5 install and all works again - just need to install 
all the additional stuff I use each day, but at least I have a 
desktop that functions.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CR repo update disaster for my desktop.

[Rob Kampen]

On 5/12/18 5:30 AM, Jonathan Billings wrote:

On Tue, Dec 04, 2018 at 10:54:58PM +1300, Rob Kampen wrote:

So in an effort to narrow down the problem I also have an old Samsung laptop
- i5 with an nvidia card - all up-to-date 7.5 - I thought I would try a more
conservative upgrade approach.

first updated to the CR kernel with yum upgrade kernel*

then after successful reboot did an update to gdm* and gnome*

another reboot and all is well

then update of xorg* (only 20 files)

Now it will not boot - keyboard is non responsive so cannot even do a Ctrl
Alt F2 to access a shell. Old kernel is also non boot. Left this machine for
now and back to my main desktop workstation.

Where does it stop booting?  Can you remove 'rhgb quiet' from the
kernel command line and see how it is booting?  Also, are you using
UEFI boot or the old BIOS boot?


on the laptop it seems I have the Red Hat Bugzilla – Bug 1650634 
problem. It is bios boot.


My workstation has UEFI boot, but it has now been clean installed with 
7.5 and until there is a fix to the above bugzilla i'll hold off on 
doing much other than update the kernel.


Thanks for response, i will use the removal of rhgb quiet.






I will wait until 7.6 is officially released, watch the list for a week or
two and then with much fear and trepidation give it a go. 

7.6 has been released, so you should expect these packages to start
arriving on all your CentOS 7 systems.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CR repo update disaster for my desktop.

[Rob Kampen]

On 5/12/18 4:17 AM, Simon Matter wrote:

On 4/12/18 9:06 AM, Rob Kampen wrote:

Sorry for top post, my android BlueMail will not let me insert at the
bottom.

I have found that tracker-extract seems to trigger a segfault. I note
this is not updated in CR, but comes from base. Removal of tracker seems
too harsh as it has dependant modules like brasero, evince, grilo,
nautilus and totem.
Maybe there is an obscure relationship in tracker that need attention.
Stumpped.

⁣Sent from BlueMail ​

On 03 Dec 2018, 11:28 PM, at 11:28 PM, Fabian Arrotin
 wrote:

On 03/12/2018 11:14, John Hodrien wrote:

On Mon, 3 Dec 2018, Simon Matter wrote:


Le 03/12/2018 à 06:25, Rob Kampen a écrit :

I enabled the CR repo and did the yum update. Some 800+ rpms were
offered and all seemed to resolve depenancies OK, so yes it was
started. The updates completed and all looked good, until the

reboot.

I got a similar disaster here. I guess the lesson to be learned is

that

CR is nice to have on servers, but don't use it on desktops.

My question is what will change with the final release of 7.6? I

thought

the CR repo usually holds all updates with the exception of
centos-release, or are there more updates to come? I had the

impression

that in the past, the final release brought only cosmetic changes

with

the
centos-release being updated.

I've seen zero problems on Desktops I've installed CR on.

If CR has issues, as you say you'd expect 7.6 to have problems.  If
things are
failing with CR updates, you really want to investigate what's going

on.

jh

+1 as 7.6.1810 is exactly 7.5.1804+updates+CR so only missing packages
are centos-release/anaconda and install tree/media ..

So if there are issues with CR, using the list and bugs.centos.org
would
be good.
BTW : the goal of CR is exactly to find those issues earlier and then
write Release Notes with workarounds/warnings

So in an effort to narrow down the problem I also have an old Samsung
laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I would
try a more conservative upgrade approach.

first updated to the CR kernel with yum upgrade kernel*

then after successful reboot did an update to gdm* and gnome*

another reboot and all is well

then update of xorg* (only 20 files)

Now it will not boot - keyboard is non responsive so cannot even do a
Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this
machine for now and back to my main desktop workstation.

No idea if this xorg problem relates to my original workstation - so on
that machine I did a downgrade of xorg* - seemed to complete ok, but on
reboot and login - still the same problem.

As the only clue in the logs is the libc segfault I did a downgrade of
glibc - this too seemed to work but no change to the system - gnome
crashes after 5 - 10 seconds.

Wasted far too much time on this, no idea what to do now so I have done
a fresh 7.5 install and all works again - just need to install all the
additional stuff I use each day, but at least I have a desktop that
functions.

I will wait until 7.6 is officially released, watch the list for a week
or two and then with much fear and trepidation give it a go. 

As a long time user of CentOS (well over a decade - I started with 5.x
workstations, then had a couple of 6.x, and used two 7.x machines, not
counting my servers), I must observe that the core server stuff "just
works" e.g. mail, mysql / mariadb, postfix, dovecot, apache, php. Even
the migration to libreoffice was okay.

The major version upgrades each gave an all over better desktop
experience. What has also happened however is that some of the 7.x
upgrades have been difficult to deal with - one of the recent firefox
updates lost all my local password databases which I do not back up to
the cloud for obvious reasons. Unable to resolve the instability after
many hours of testing and trialing combinations, I have left firefox and
moved to vivaldi - we'll see how that works. As upstream seems to
include more bleeding edge versions of major desktop utilities such as
firefox, stability has been compromised.

Now with this latest CR update, I have no idea if it is gnome, gdm, xorg
or some other component, but to have two quite differently configured
machines both loose their desktops, I am unhappy. The use of roll back
of over 800 files just didn't pass the transaction test thus that too
was futile.

I thought the approach I used with my laptop today was sufficiently
cautious, yet it caught me and I am still trying to work out what to do
next.

As always, happy to entertain ideas and suggestions. My main workstation
however is now safely working at a clean install of 7.5, thus cannot do
further tests there, life must go on, four days of down time is far too
much.

Also let me give a heartfelt thanks to the hard working CentOS team, I
see the more and more difficult task you need to navigate with each
major update, you do an outstanding task, and I am most grateful!

The big question rem

Re: [CentOS] CR repo update disaster for my desktop.

[Rob Kampen]

On 4/12/18 9:06 AM, Rob Kampen wrote:

Sorry for top post, my android BlueMail will not let me insert at the bottom.

I have found that tracker-extract seems to trigger a segfault. I note this is 
not updated in CR, but comes from base. Removal of tracker seems too harsh as 
it has dependant modules like brasero, evince, grilo, nautilus and totem.
Maybe there is an obscure relationship in tracker that need attention.
Stumpped.

⁣Sent from BlueMail ​

On 03 Dec 2018, 11:28 PM, at 11:28 PM, Fabian Arrotin  wrote:

On 03/12/2018 11:14, John Hodrien wrote:

On Mon, 3 Dec 2018, Simon Matter wrote:


Le 03/12/2018 à 06:25, Rob Kampen a écrit :

I enabled the CR repo and did the yum update. Some 800+ rpms were
offered and all seemed to resolve depenancies OK, so yes it was
started. The updates completed and all looked good, until the

reboot.

I got a similar disaster here. I guess the lesson to be learned is

that

CR is nice to have on servers, but don't use it on desktops.

My question is what will change with the final release of 7.6? I

thought

the CR repo usually holds all updates with the exception of
centos-release, or are there more updates to come? I had the

impression

that in the past, the final release brought only cosmetic changes

with

the
centos-release being updated.

I've seen zero problems on Desktops I've installed CR on.

If CR has issues, as you say you'd expect 7.6 to have problems.  If
things are
failing with CR updates, you really want to investigate what's going

on.

jh

+1 as 7.6.1810 is exactly 7.5.1804+updates+CR so only missing packages
are centos-release/anaconda and install tree/media ..

So if there are issues with CR, using the list and bugs.centos.org
would
be good.
BTW : the goal of CR is exactly to find those issues earlier and then
write Release Notes with workarounds/warnings


So in an effort to narrow down the problem I also have an old Samsung 
laptop - i5 with an nvidia card - all up-to-date 7.5 - I thought I would 
try a more conservative upgrade approach.


first updated to the CR kernel with yum upgrade kernel*

then after successful reboot did an update to gdm* and gnome*

another reboot and all is well

then update of xorg* (only 20 files)

Now it will not boot - keyboard is non responsive so cannot even do a 
Ctrl Alt F2 to access a shell. Old kernel is also non boot. Left this 
machine for now and back to my main desktop workstation.


No idea if this xorg problem relates to my original workstation - so on 
that machine I did a downgrade of xorg* - seemed to complete ok, but on 
reboot and login - still the same problem.


As the only clue in the logs is the libc segfault I did a downgrade of 
glibc - this too seemed to work but no change to the system - gnome 
crashes after 5 - 10 seconds.


Wasted far too much time on this, no idea what to do now so I have done 
a fresh 7.5 install and all works again - just need to install all the 
additional stuff I use each day, but at least I have a desktop that 
functions.


I will wait until 7.6 is officially released, watch the list for a week 
or two and then with much fear and trepidation give it a go. 


As a long time user of CentOS (well over a decade - I started with 5.x 
workstations, then had a couple of 6.x, and used two 7.x machines, not 
counting my servers), I must observe that the core server stuff "just 
works" e.g. mail, mysql / mariadb, postfix, dovecot, apache, php. Even 
the migration to libreoffice was okay.


The major version upgrades each gave an all over better desktop 
experience. What has also happened however is that some of the 7.x 
upgrades have been difficult to deal with - one of the recent firefox 
updates lost all my local password databases which I do not back up to 
the cloud for obvious reasons. Unable to resolve the instability after 
many hours of testing and trialing combinations, I have left firefox and 
moved to vivaldi - we'll see how that works. As upstream seems to 
include more bleeding edge versions of major desktop utilities such as 
firefox, stability has been compromised.


Now with this latest CR update, I have no idea if it is gnome, gdm, xorg 
or some other component, but to have two quite differently configured 
machines both loose their desktops, I am unhappy. The use of roll back 
of over 800 files just didn't pass the transaction test thus that too 
was futile.


I thought the approach I used with my laptop today was sufficiently 
cautious, yet it caught me and I am still trying to work out what to do 
next.


As always, happy to entertain ideas and suggestions. My main workstation 
however is now safely working at a clean install of 7.5, thus cannot do 
further tests there, life must go on, four days of down time is far too 
much.


Also let me give a heartfelt thanks to the hard working CentOS team, I 
see the more and more difficult task you need to navigate with each 
major update, you do an outstanding task, and I am most grateful!




--
Fabi

Re: [CentOS] CR repo update disaster for my desktop.

[Rob Kampen]

On 03/12/18 23:47, Leon Fauster via CentOS wrote:

Am 03.12.2018 um 11:14 schrieb John Hodrien :

On Mon, 3 Dec 2018, Simon Matter wrote:


Le 03/12/2018 à 06:25, Rob Kampen a écrit :

I enabled the CR repo and did the yum update. Some 800+ rpms were
offered and all seemed to resolve depenancies OK, so yes it was
started. The updates completed and all looked good, until the reboot.

I got a similar disaster here. I guess the lesson to be learned is that
CR is nice to have on servers, but don't use it on desktops.

My question is what will change with the final release of 7.6? I thought
the CR repo usually holds all updates with the exception of
centos-release, or are there more updates to come? I had the impression
that in the past, the final release brought only cosmetic changes with the
centos-release being updated.

I've seen zero problems on Desktops I've installed CR on.

If CR has issues, as you say you'd expect 7.6 to have problems.  If things are
failing with CR updates, you really want to investigate what's going on.


The mentioned problem could be related to the nvidia packages ...
such cases (transition to 7.6) were discussed on ELrepo's list.
That is why I removed kmod-nvidia and am now running on nouveau - still 
have the problem.

http://lists.elrepo.org/pipermail/elrepo/

--
LF



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CR repo update disaster for my desktop.

[Rob Kampen]

Sorry for top post, my android BlueMail will not let me insert at the bottom. 

I have found that tracker-extract seems to trigger a segfault. I note this is 
not updated in CR, but comes from base. Removal of tracker seems too harsh as 
it has dependant modules like brasero, evince, grilo, nautilus and totem. 
Maybe there is an obscure relationship in tracker that need attention. 
Stumpped. 

⁣Sent from BlueMail ​

On 03 Dec 2018, 11:28 PM, at 11:28 PM, Fabian Arrotin  wrote:
>On 03/12/2018 11:14, John Hodrien wrote:
>> On Mon, 3 Dec 2018, Simon Matter wrote:
>> 
>>>> Le 03/12/2018 à 06:25, Rob Kampen a écrit :
>>>>> I enabled the CR repo and did the yum update. Some 800+ rpms were
>>>>> offered and all seemed to resolve depenancies OK, so yes it was
>>>>> started. The updates completed and all looked good, until the
>reboot.
>>>>
>>>> I got a similar disaster here. I guess the lesson to be learned is
>that
>>>> CR is nice to have on servers, but don't use it on desktops.
>>>
>>> My question is what will change with the final release of 7.6? I
>thought
>>> the CR repo usually holds all updates with the exception of
>>> centos-release, or are there more updates to come? I had the
>impression
>>> that in the past, the final release brought only cosmetic changes
>with
>>> the
>>> centos-release being updated.
>> 
>> I've seen zero problems on Desktops I've installed CR on.
>> 
>> If CR has issues, as you say you'd expect 7.6 to have problems.  If
>> things are
>> failing with CR updates, you really want to investigate what's going
>on.
>> 
>> jh
>
>+1 as 7.6.1810 is exactly 7.5.1804+updates+CR so only missing packages
>are centos-release/anaconda and install tree/media ..
>
>So if there are issues with CR, using the list and bugs.centos.org
>would
>be good.
>BTW : the goal of CR is exactly to find those issues earlier and then
>write Release Notes with workarounds/warnings
>
>-- 
>Fabian Arrotin
>The CentOS Project | https://www.centos.org
>gpg key: 56BEC54E | twitter: @arrfab
>
>
>
>
>
>___
>CentOS mailing list
>CentOS@centos.org
>https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CR repo update disaster for my desktop.

[Rob Kampen]

I have a centos 7.5 desktop workstation with dual nvidia graphic cards running 
three monitors. I use the i915 motherboard graphics adapter for the third 
monitor with bumblebee to work the magic to enable the three contiguous work 
spaces.
I use the kmod nvidia drivers for the two graphics cards. This has worked 
without a hitch for 5 months until this weekend. 
I enabled the CR repo and did the yum update. Some 800+ rpms were offered and 
all seemed to resolve depenancies OK, so yes it was started. The updates 
completed and all looked good, until the reboot. 
Initially the new kernel would boot just fine but the gdm/gnome desktop hung. 
No login offered. 
Reboot and select previous kernel, great, offered login, but the desktop barely 
settles before gnome crashes, and gdm restarts and I get to login afresh. 
Eventually I have, removed bumblebee, disabled the on board graphics adapter, 
reinstalled gnome multiple times, removed nvidia drivers, blown away my .gnome 
and related folders, tried as a new user, (no customizations of the desktop) 
all to no avail. 
Current situation is under my user account cannot get stable desktop for more 
than 10 seconds before it sends segfault error 4 in libc-2.17.so
What do I do now? 
Seems that these big updates need to be applied in sub batches with reboots in 
between so that one can back out. 
Any ideas appreciated. 
Rob

⁣Sent from BlueMail ​
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IBM buying RedHat

[Rob Kampen]

On 30/10/18 20:06, Eddie G. O'Connor Jr. wrote:


On 10/30/18 2:46 AM, Simon Matter wrote:

On 10/29/18 1:55 AM, Simon Matter wrote:
To me it seems like, if they are smart, they will try to push IBM 
POWER
and RedHat Linux together to establish real competition in the 
hardware

market again (and of course don't forget to keep Fedora/CentOS alive)!

Er, RHEL has been running on Power for a very long time.  The fastest
supercomputer in the world is Power9 + RHEL.

What I meant is that POWER could become a competitor for Intel/AMD based
servers. We're now running AMD EPYC servers with 64Cores/128Threads 
and we

didn't find any POWER system which could compete in this area.

Also, looking at TOP500 list there are not so many POWER systems 
anymore.

IBM could change this now.

Regards,
Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



Yeah.I guess that's one way to look at it.

My biggest worry? Is I've placed so much time and effort "getting to 
know" Fedora and its intricacies, idiosyncrasies, its ins and 
outs...dealt with ridicule on this very same list when I first 
started, have "cut my teeth" on learning VERY hard lessons about 
certain syntax in the Terminal and what NOT to type...only to have 
that all "taken" away from me at the whim of IBM. It just seems 
unfair. I'm hoping like H3LL that the developers @ Fedora are 
seriously thinking about forking "Just In Case"!? I mean they could 
still use the .RPM extensions, and possibly even still pull their code 
from RHEL, but at least they would be autonomous and wouldn't have to 
rely on IBM's good will in order to keep on churning out whatto 
me...is the best Linux distro on the planet! As I write thisI'm 
eyeballing the spare ThinkPad T-410 that I've neglected since I have 
Fedora running on a Dell XPS, and I'm thinking its time to get "back 
to my roots" and to find a distro I can put on that device and run 
without concernI've heard some decent things about this "Pop-OS" 
which comes with System76's hardware. Maybe I'll give that a 
spin..then like I had said before...there's always Debian plain 
vanilla...with maybe MATE or Cinnamon?.or else its going to have 
to be where I buckle down and finally learn all there is to know about 
LFS and Arch Linux and then move on to one of those...(God!.at 
47!?its like how can I POSSIBLY start over again!?...) and THIS is 
the kind of turmoil that ensues when a corporation buys a fully 
functioning open course company!


wow, I am just 62 and looking forward to the next round of CentOS  - 
version 8 coming up? - must be due soon 

Love learning new stuff, it never gets old (pun intended).
sorry for the noise, but couldn't resist, must be the age 



EGO II

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Frefox update from firefox-60.2.0-1.el7.centos.x86_64 to 60.2.1-1.el7.centos.x86_64 lost master password

[Rob Kampen]

On 13/10/18 02:24, Phelps, Matthew wrote:

On Wed, Oct 3, 2018 at 5:34 AM Rob Kampen  wrote:


Hi list,

Did an update to firefox last night and rebooted over night.

Today I find firefox started without asking for master password - funny
me thinks.

Try to log in to a web service I use and find that my password does not
appear.

Check preferences and find that no master password is set and the
password list / table is empty.

As I do not trust my passwords to the cloud I do not save these to my
firefox profile . so back to manual entry for all my sites wow
going to be a slow month as I reset scores of passwords.

Any one else have this problem and any clues as to what causes this? I
am concerned if this should happen again, as I have saved passwords for
many scores of web services.

TIA
Rob


We've run into this.

Is it fixed in the latest firefox, 60.2.2-1?

If not, it is not clear to me how to use the

export NSS_DEFAULT_DB_TYPE="sql"
 put this in .bash_profile and reboot - then check from a shell that 
export shows the declaration.

I think this locks firefox into the old key3.db mode of operation.
I didn't have an old file to restore, thus lost all my logins and also 
my noscript history - what a huge PITA!


Have just done the yum update for the latest firefox and now I see a 
key4.db. Needed to start the new firefox and exit before it showed.
HOWEVER when I logged out and back in without the export command it all 
went pear shaped again.
So reinstated the export NSS again, now I needed to reestablish the 
master password file, it seems to make a new key3.db file and doesn't 
touch the key4.db file that was originally created after the firefox 
update. BUT THEN when I exit a second time it deletes the key3.db and 
I'm back to ZERO.


This is so stuffed up!

Seems every second time I exit Firefox it kills the key3.db and all my 
stuff is gone.


Some seriously brain dead designers in the firefox / mozilla stable at 
this time.
Seems that one cannot afford to exit firefox and keep the master 
password file/database.
After so many years of using it, I cannot live without a reliable 
password and master password database - firefox clearly doesn't have 
this capability any longer.


Moving to try Vivaldi


method mentioned. Do we restore the old key3.db file, have the user set
that variable, then start the new firefox? With that create a key4.db file
and use it from then on?




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Frefox update from firefox-60.2.0-1.el7.centos.x86_64 to 60.2.1-1.el7.centos.x86_64 lost master password

[Rob Kampen]

On 05/10/18 01:27, Tony Molloy wrote:

On Thu, 2018-10-04 at 21:27 +1300, Rob Kampen wrote:

On 04/10/18 05:45, Akemi Yagi wrote:

On Wed, Oct 3, 2018 at 9:19 AM Stephen John Smoogen  wrote:


It would seem that the problem is with upstream-upstream's (aka
Firefox) cleaning up of items that are not supposed to be there
after
Firefox 58

https://bugzilla.mozilla.org/show_bug.cgi?id=1475775

It looks like it is deleting files it thinks should have been
converted to a newer more secure version.. but don't seem to be
for
some reason. I am not sure if those files will just removed again
every time you restore them.

That link added to the related RHBZ:

https://bugzilla.redhat.com/show_bug.cgi?id=1633932

Yes, that seems to describe what I am experiencing. As I usually keep
FF
open for days at a time, it has taken a while to show up. Will now
try the

$ export NSS_DEFAULT_DB_TYPE="sql"


Akemi



Hi Akemi,

That sorted the problem for me, thanks.
Now to start re-entering all my previously stored passwords. Lucky I
have a list of sites if not the usernames/passwords ;-(

Regards Tony
works for me too - will just need to make sure this goes somewhere safe 
to ensure survival after a reboot.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Frefox update from firefox-60.2.0-1.el7.centos.x86_64 to 60.2.1-1.el7.centos.x86_64 lost master password

[Rob Kampen]

On 04/10/18 05:45, Akemi Yagi wrote:

On Wed, Oct 3, 2018 at 9:19 AM Stephen John Smoogen  wrote:


It would seem that the problem is with upstream-upstream's (aka
Firefox) cleaning up of items that are not supposed to be there after
Firefox 58

https://bugzilla.mozilla.org/show_bug.cgi?id=1475775

It looks like it is deleting files it thinks should have been
converted to a newer more secure version.. but don't seem to be for
some reason. I am not sure if those files will just removed again
every time you restore them.

That link added to the related RHBZ:

https://bugzilla.redhat.com/show_bug.cgi?id=1633932
Yes, that seems to describe what I am experiencing. As I usually keep FF 
open for days at a time, it has taken a while to show up. Will now try the


$ export NSS_DEFAULT_DB_TYPE="sql"



Akemi
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Frefox update from firefox-60.2.0-1.el7.centos.x86_64 to 60.2.1-1.el7.centos.x86_64 lost master password

[Rob Kampen]

Hi list,

Did an update to firefox last night and rebooted over night.

Today I find firefox started without asking for master password - funny 
me thinks.


Try to log in to a web service I use and find that my password does not 
appear.


Check preferences and find that no master password is set and the 
password list / table is empty.


As I do not trust my passwords to the cloud I do not save these to my 
firefox profile . so back to manual entry for all my sites wow 
going to be a slow month as I reset scores of passwords.


Any one else have this problem and any clues as to what causes this? I 
am concerned if this should happen again, as I have saved passwords for 
many scores of web services.


TIA
Rob

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Firefox Issue

[Rob Kampen]

On 17/09/18 21:54, Chris Olson via CentOS wrote:

We have several small networks, some of which have only four systems
that are usually a mix of Windows 7 and CentOS 6 and CentOS 7 machines.
All of these systems are Internet connected and updated regularly when
yum finds packages available.  Information about one of the CentOS 6
machines is included below.  This system experienced a Firefox issue.

[user@computer]$ uname -a
Linux computer 2.6.32-754.3.5.el6.x86_64 #1 SMP Tue Aug 14 20:46:41 UTC
2018 x86_64 x86_64 x86_64 GNU/Linux
[user@computer]$

Several weeks ago, one of the Firefox updates did something unusual.
It changed the browser-stored home page to https://www.centos.org/ from
the original home page file:///usr/share/doc/HTML/index.html.  This
original home page had been in place since 2014, and had survived all
Firefox updates for a little over four years.

Last week, someone left one browser running and the system went into
power save mode.  To wake the system up we used the standard method of
a quick push of the power button on the front of the Dell tower system.
Although the system seemed to be running, the monitor and mouse never
came to life.  We also could not ssh into the system from any other
computer on the network.

We decided to use a steady push on the power button to shut the system
down.  After powering up again, the system seemed to run normally, but
the browser home page was back to file:///usr/share/doc/HTML/index.html.

Has anyone else experienced such an issue with Firefox recently?
I note each time there is a firefox yum update that the next time I 
start firefox from closed, that it brings up a tab with the centos 
homepage and another tab has my start page. The page on display (active 
tab) is the centos one  next start is back to normal.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] using Skype on C-7

[Rob Kampen]

On 25/05/18 16:26, Gregory P. Ennis wrote:

Hi

I've whined about this before, but now I feel the overwhelming urge
to whine some more. Forgiveness begged... :)

I've spent some very frustrating times trying to get a microphone
to work when doing skype calls.

According to the various sound tools available on Centos all the
various
mics I have (built into webcam, analog headset, USB headset)produce
sound just fine.

but when using skype there are too many different knobs one can turn
to actually make it work. There's PulseAudio, Alsamixer, and for me,
since I use the Mate desktop, the Mate Volume Control, which can also
be accessed by a right-click on the speaker icon in the top panel.

then in skype I get a list of 5 (FIVE!) different audio input devices.

I just spent a frustrating time trying to join in a daily scrum at
my office (I'm out of the office today) wherein I could not get
outgoing
audio to work.

afterwards I tried more things and managed to get ONE of the 3 to work,
the one built into the webcam. to do that I had to make the following
settings:

choose Input tab in the Mate Volume Control, then move the volume
slider most of the way over to the right.

In Alsa Mixer, set front mic to 70 and front mic boost to 100.

In Pavucontrol, enable webcam audio input, and crank it way up.

in Skype, choose "default device", as distinct from "Default Device",
or the other three choices.

There's gotta be a better way, I'm open to suggestions from anyone else
who has figured out how to configure the system to work with Skype,
without
having to configure FOUR different applications before it will work.

thanks (a lot!) in advance!

-

I am afraid I do not have an answer.  I looked at your post with the
hope you would get a lot of responses.

I finally gave up trying to get Skype to work with Cemtos 7 and put
together a dual boot system with a microsoft os too.

Skype works fine on the microsoft os, but I never could get it to work
on centos 7.

Greg
I have two laptops with C7 and skype - both pick up the laptop 
microphone just fine. On one of the laptops, the inbuilt mic is too 
noisy as it picks up the fans - it is a high powered i7 chip and fast 
graphic card thus lots of heat. So on that one I simply plug in an 
analog mic into the mic jack and that too just works (tm), Sorry to hear 
your particular setup is problematic - five mics does seem a lot, I 
guess no one has that many options.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 + KDE : Dolphin weirdness

[Rob Kampen]

On 24/05/18 07:50, Nicolas Kovacs wrote:

Hi,

I'm running CentOS 7 + KDE on my workstation. Since the latest big batch
of updates, Dolphin behaves a bit weirdly. When I download a .zip
archive and then right click and "Extract here", the extracted files
don't show. I have to hit F5 to refresh the current directory view and
display the new files.

Cheers,

Niki

I have noticed that for a while - pre the last major update;
the directory file list does not update with changes unless I do an F5 
update - Nautilus does not have this problem. I suspect there is a 
notification somewhere in the OS that is not being picked up by Dolphin 
- amazing how annoying this is, yet it wasn't that many years ago when 
this was normal behavior.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Replacement for Pdftk under CentOS 7 ?

[Rob Kampen]

On 09/05/18 22:22, Nicolas Kovacs wrote:

Hi,

Two weeks ago I migrated all our local school's servers and clients from
Slackware 14.1 to CentOS 7. Everything went perfectly, and now I'm busy
sanding down some edges.

The previous installation sported pdftk and a frontend (can't remember
the name) which allowed some basic operations on PDF files such as
splitting and concatenation. The school's staff used this application
all the time. Unfortunately it's not available under CentOS 7.

Can you suggest any replacement for this application? On a side note, it
should be something with a point-and-click GUI.

Cheers,

Niki

I use it under CentOS 7
it comes from nux_dextop who i use for multi-media rpms.
HTH
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] memory cgroup max_usage_in_bytes question

[Rob Kampen]

On 05/04/18 01:56, Stijn De Weirdt wrote:

hi all,

can someone help explaining what we are seeing? it makes no sense to us.
this is a host running centos 7.4 with 3.10.0-693.17.1 kernel, and it
has 192GB of ram


[] free -b
   totalusedfree  shared  buff/cache   available
Mem:201402642432 14413479936 7564277760048586752 111346384896 
185689632768
Swap:   2147483238431961088 21442871296
[] cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes
273102151680

how can the max be so much higher than total, and this is not even memsw?

Binary K,M,G are 1024 multiples not 1000 so total seems a little low.

either we're very tired and are overlooking something obvious, or
there's something new to be learned ;)

many thanks,

stijn
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Low random entropy

[Rob Kampen]

On 29/05/17 15:46, Robert Moskowitz wrote:



On 05/28/2017 06:57 PM, Rob Kampen wrote:

On 28/05/17 23:56, Leon Fauster wrote:

Am 28.05.2017 um 12:16 schrieb Robert Moskowitz <r...@htt-consult.com>:



On 05/28/2017 04:24 AM, Tony Mountifield wrote:

In article <792718e8-f403-1dea-367d-977b157af...@htt-consult.com>,
Robert Moskowitz <r...@htt-consult.com> wrote:

On 05/26/2017 08:35 PM, Leon Fauster wrote:
drops back to 30! for a few minutes.  Sigh.

http://issihosts.com/haveged/

EPEL: yum install haveged

WOW!!!

installed, enabled, and started.

Entropy jumped from ~130 bits to ~2000 bits

thanks

Note to anyone running a web server, or creating certs. You need
entropy.  Without it your keys are weak and attackable. Probably 
even

known already.
Interesting. I just did a quick check of the various servers I 
support,
and have noticed that all the CentOS 5 and 6 systems report 
entropy in
the low hundreds of bits, but all the CentOS 4 systems and the one 
old

FC3 system all report over 3000 bits.

Since they were all pretty much stock installs, what difference 
between

the versions might explain what I observed?
This is partly why so many certs found in the U of Mich study are 
weak and factorable.  So many systems have inadequate entropy for 
the generation of key pairs to use in TLS certs. Worst are certs 
created in firstboot process where at times there is no entropy, 
but the firstboot still creates its certs.


/var/lib/random-seed and $HOME/.rnd are approaches to mitigate this 
scenario.


--
LF
so there are mitigations - the question really is: why hasn't redhat 
made these mitigations the default for their enterprise products - 
maybe other influences we are unaware of - seems like a huge big 
hole. With the advent of SSL/TLS being mandated by google et al, 
every device needs access to entropy.


The challenge is this is so system dependent.  Some are just fine with 
stock install.  Others need rng-tools.  Still others need haveged.  If 
Redhat were to do anything, it would be to stop making the default 
cert during firstboot.  Rather spin off a one-time process that would 
wait until there was enough entropy and then create the default cert.  
Thing is I can come up with situations were that can go wrong.


There are a lot of best practices with certificates and crypto that 
are not apparent to most admins.  I know some things for the crypto 
work I do (I am the author of the HIP protocol in the IETF).  There is 
just not one size fits all here, and people need to collect clues 
along with random entropy


OK that makes sense, I've been admin on linux servers for about 18 
years, understand the basics, use certificates for web and email 
servers. This thread has exposed an area that I'm peripherally aware of 
- the need to generate with sufficient entropy the cipher that goes 
across the internet in order to avoid an observer being able to reverse 
engineer the keys used.
I still fail to see why every server and workstation is not set up to do 
this at some minimum level - i guess linux out of the box does this, the 
issue is that the minimum from just the basic kernel on most hardware is 
too little with today's ability to crack ciphers..


Is there some practical guideline out there that puts this in terms that 
don't require a PhD in mathematics to understand and implement.


For instance I have setup and run mail servers for nearly two decades, 
only in the last 10+ years with certificates and mandated SSL/TLS - yet 
the issue of low random entropy is relevant here but until this thread I 
hadn't taken steps to resolve.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Low random entropy

[Rob Kampen]

On 28/05/17 23:56, Leon Fauster wrote:

Am 28.05.2017 um 12:16 schrieb Robert Moskowitz :



On 05/28/2017 04:24 AM, Tony Mountifield wrote:

In article <792718e8-f403-1dea-367d-977b157af...@htt-consult.com>,
Robert Moskowitz  wrote:

On 05/26/2017 08:35 PM, Leon Fauster wrote:
drops back to 30! for a few minutes.  Sigh.

http://issihosts.com/haveged/

EPEL: yum install haveged

WOW!!!

installed, enabled, and started.

Entropy jumped from ~130 bits to ~2000 bits

thanks

Note to anyone running a web server, or creating certs.  You need
entropy.  Without it your keys are weak and attackable.  Probably even
known already.

Interesting. I just did a quick check of the various servers I support,
and have noticed that all the CentOS 5 and 6 systems report entropy in
the low hundreds of bits, but all the CentOS 4 systems and the one old
FC3 system all report over 3000 bits.

Since they were all pretty much stock installs, what difference between
the versions might explain what I observed?

This is partly why so many certs found in the U of Mich study are weak and 
factorable.  So many systems have inadequate entropy for the generation of key 
pairs to use in TLS certs.  Worst are certs created in firstboot process where 
at times there is no entropy, but the firstboot still creates its certs.


/var/lib/random-seed and $HOME/.rnd are approaches to mitigate this scenario.

--
LF
so there are mitigations - the question really is: why hasn't redhat 
made these mitigations the default for their enterprise products - maybe 
other influences we are unaware of - seems like a huge big hole. With 
the advent of SSL/TLS being mandated by google et al, every device needs 
access to entropy.






___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Google-chrome-stable

[Rob Kampen]

Over the last week or so I have noticed that chrome fails to load pages 
- in fact even the setup pages do not load.


Blow away the ~/.config/google-chrome/ files and restart

Seems to work for a little while - then stops again - no other pages load.

I have done the cleanup of the .config/google-chrome directory and then 
with the fresh session tried both with my google account and without any 
account - same result.


I have just done an update in the hope it may fix things so now running 
Version 58.0.3029.110 (64-bit)


What is going on? Firefox is working just fine.

[rkampen@robsc7 google-chrome]$ rpm -qa |grep google
google-chrome-stable-58.0.3029.110-1.x86_64
google-crosextra-caladea-fonts-1.002-0.4.20130214.el7.noarch
google-crosextra-carlito-fonts-1.103-0.2.20130920.el7.noarch

Any suggestions appreciated.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] get pdftk into (or from) a repo

[Rob Kampen]

On 14/05/17 06:38, ken wrote:

On 05/12/2017 03:39 AM, Philippe BOURDEU d'AGUERRE wrote:

Le 12/05/2017 à 02:46, ken a écrit :
It's worth mentioning that this is a really nice utility for 
manipulating PDFs, taking them apart, rearranging them, putting 
pages together, and a whole lot more.  I've used it hundreds of 
times. Probably anyone who has to work with PDFs would have need of it.


In Centos 7, poppler-utils RPM has pdfdetach and pdfunite utilities 
which allow to manipulate pages in a pdf. 


That's great to know.  Linux should have multiple ways to do one and 
the same thing.  In a free world we shouldn't be dependent on just one 
solution.  Indeed, pdfedit is another app for manipulating PDFs.  
Having skimmed through the docs on these and others mentioned in this 
thread, none of them can, in addition, rotate selected pages (i.e., 
turn them by 90, 180, or 270 degrees), plus select pages by the 
keywords "odd" and "even".  The GIMP can be used to rotate PDFs, but 
it's a PITA to do it there and it can't natively select and then so 
manipulate multiple PDF pages programmatically.


Rather than my repeated replying to this thread, docs on pdftk can be 
found at https://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/.



I have used pdftk for years and it met most of my needs - however when I 
moved to CentOS 7 as my work station it was not available. Looking at 
their web site they only mention CentOS 5 & 6 thus indicating that their 
support for linux has stalled or been removed and no development is 
happening. This has been the case for at least two years. Hence I have 
moved to the other tools that have been mentioned previously in this 
thread.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql

[Rob Kampen]

On 26/04/17 17:29, Robert Moskowitz wrote:



On 04/26/2017 04:22 AM, Gordon Messmer wrote:

On 04/25/2017 03:25 PM, Robert Moskowitz wrote:

This made the same content as before that caused problems:


I still don't understand, exactly.  Are you seeing *new* problems 
after installing a policy?  What are the problems?


# The file '/var/lib/mysql/mysql.sock' is mislabeled on your 
system.

# Fix with $ restorecon -R -v /var/lib/mysql/mysql.sock
# This avc can be allowed using the boolean 
'daemons_enable_cluster_mode'

allow dovecot_t mysqld_t:unix_stream_socket connectto;

What do these 3 comments mean?


I'm not sure about the first two.  The context you see is the same I 
see on the one system where I run mysqld.  Running restorecon doesn't 
change that context.


As for the latter, it sounds like you should be able to remove your 
custom policy and "setsebool -P daemons_enable_cluster_mode 1" to 
allow dovecot to connect to mysql.


did not work.  it was set off, so I turned it on and tried it out. Got 
the same errors:


Apr 26 01:25:45 z9m9z dovecot: dict: Error: 
mysql(/var/lib/mysql/mysql.sock): Connect failed to database 
(postfix): Can't connect to local MySQL server through socket 
'/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
Apr 26 01:25:45 z9m9z dovecot: dict: Error: dict sql lookup failed: 
Not connected to database


how have you specified your mysql server host? as localhost, 127.0.0.1 
or as the hosts IP address? In my experience it needs to be localhost or 
127.0.0.1 and these are also defined in /etc/hosts

hth
You would think that the mysql people would have a boolean to allow 
specific apps to access the socket.


And document it.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Preferred mail client

[Rob Kampen]

On 29/01/17 18:02, Gordon Messmer wrote:

On 01/28/2017 04:03 PM, TE Dukes wrote:

What is the preferred remote mail client for 7.3?



I'm a fan of SOGo.

never heard of it - looks interesting BUT the production versions are 
only available with a support contract the begins at $US 750 / annum - 
how dangerous is the nightly build?
- I normally wouldn't dream of using a nightly build, but neither can I 
afford the support fee for the 20 or so clients (all not for profit 
charities) that I provide email services to.


https://sogo.nu/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 install on one RAID 1 [not-so-SOLVED]

[Rob Kampen]

On 26/01/17 05:46, Tony Mountifield wrote:

In article <1485342377.3072.6.ca...@biggs.org.uk>,
Pete Biggs  wrote:

On Tue, 2017-01-24 at 17:14 -0500, m.r...@5-cent.us wrote:

So, it installed happily.

Then wouldn't boot. No problem, I'll bring it up with pxe, then chroot and
grub2-install.

Um, nope. I edited the device map from hd0 and hd1 being the RAID to
/dev/sda and /dev/sdb, then ran grup2-install. It now tells me can't
identify the filesystem on hd0, and can't perform a safety check, and
gives up.

What am I missing? Google is not giving me any answers


Surely, if you are using software RAID, then you should configure that
RAID in anaconda, that will then cope with setting up the partitions to
allow booting.  Basically it needs a small non-RAID partition to hold
/boot on the boot disk.

Remember that the boot sequence is generally: BIOS reads MBR and
executes it; MBR code reads kernel from /boot and executes it (yes,
it's more complicated than that). If the MBR code doesn't know how to
read a RAID partition, then it's going to fail, that's why you have a
small non-RAID partition to hold /boot.

Hardware RAID is different because it interfaces at the BIOS level so
the MBR code doesn't need to know how to specifically read it.

If you are using RAID 1 kernel mirroring, you can do that with /boot too,
and Grub finds the kernel just fine. I've done it many times:

1. Primary partition 1 type FD, size 200M. /dev/sda1 and /dev/sdb1.

I think it wiser to have /boot at 1Gb nowadays.

2. Create /dev/md0 as RAID 1 from /dev/sda1 and /dev/sdb1.
3. Assign /dev/md0 to /boot, ext3 format (presumably ext4 would work too?)
4. Make sure to setup both drives separately in grub.

Typically I then go on to have /dev/sda2+/dev/sdb2 => /dev/md1 => swap,
and /dev/sda3+/dev/sdb3 => /dev/md2 => /

Cheers
Tony


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 dhcpd failure to allow a 2nd network over same interal nic

[Rob Kampen]

On 16/01/17 21:54, John R Pierce wrote:

On 1/16/2017 12:44 AM, Rob Kampen wrote:



Here's an idea - untested.
set up a network on the single nic - say 192.168.55.xx/24
set up the dhcp to offer leases from a subset of this network - say 
192.168.55.128/28
set up fixed leases based upon mac address from the remainder of the 
network - i.e. outside the subset above - e.g. 192.168.55.1/28
then route / firewall as required - i.e. trusted known mac address 
hence IP address allowed vs unknown guest given an IP address we can 
block or otherwise handle.
As indicated, this is not tested but if memory serves, dhcpd will 
allow this kind of allocation. 


the untrusted wireless users will be able to access other LAN machines 
without going through the firewall.


surely that depends upon the subnet they operate on (i.e the subnet mask 
in old vernacular) - the two I show above are mutually exclusive but can 
both talk to the server.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 dhcpd failure to allow a 2nd network over same interal nic

[Rob Kampen]

On 16/01/17 17:12, James A. Peltier wrote:

VLANs are your friend, otherwise DHCPD is not going to understand how to 
properly answer your request for different networks on the same interface.

- On 14 Jan, 2017, at 11:59, Gregory P. Ennis po...@pomec.net wrote:

| Everyone,
|
| I am trying to set up a second internal network  (192.168.0.0/24) and
| have not been able to get dhcp to start when I have the following in my
| dhcpd.conf file :
|
| subnet 192.168.0.0 netmask 255.255.255.0 {
|range 192.168.0.110 192.168.0.130;
|option subnet-mask 255.255.255.0;
|option broadcast-address 192.168.0.255;
|option routers 192.168.0.1;
|option domain-name-servers 192.168.0.1;
| }
|
| When i remove the above from dhcpd.conf dhcpd works perfectly
|
| I have my internal nic card set with two ip addresses one of which is
| 192.168.0.1. the other address is my standard internal network address.
|
| I have also set up the domain server to allow access from
| 192.168.0.0/24, and the firewall allows internal access to the same
| subnet.
|
| The error that I get is the following :
|
| Job for dhcpd.service failed because the control process exited with error 
code.
| See "systemctl status dhcpd.service" and "journalctl -xe" for details.
|
| When I evaluate journalctl -xe the following is obtained :
|
| dhcpd[18763]: Internet Systems Consortium DHCP Server 4.2.5
| dhcpd[18763]: Copyright 2004-2013 Internet Systems Consortium.
| dhcpd[18763]: All rights reserved.
| dhcpd[18763]: For info, please visit https://www.isc.org/software/dhcp/
| dhcpd[18763]: Not searching LDAP since ldap-server, ldap-port and
| ldap-base-dn were not specified in the config file
| dhcpd[18763]: Internet Systems Consortium DHCP Server 4.2.5
| dhcpd[18763]: Copyright 2004-2013 Internet Systems Consortium.
| dhcpd[18763]: All rights reserved.
| dhcpd[18763]: For info, please visit https://www.isc.org/software/dhcp/
| dhcpd[18763]: Wrote 0 deleted host decls to leases file.
| dhcpd[18763]: Wrote 0 new dynamic host decls to leases file.
| dhcpd[18763]: Wrote 2 leases to leases file.
| dhcpd[18763]: Interface enp0s29u1u2 matches multiple shared networks
| dhcpd[18763]:
| dhcpd[18763]: This version of ISC DHCP is based on the release available
| dhcpd[18763]: on ftp.isc.org.  Features have been added and other
| changes
| dhcpd[18763]: have been made to the base software release in order to
| make
| dhcpd[18763]: it work better with this distribution.
| dhcpd[18763]:
| dhcpd[18763]: Please report for this software via the CentOS Bugs
| Database:
| dhcpd[18763]: http://bugs.centos.org/
| dhcpd.service: main process exited, code=exited, status=1/FAILURE
| dhcpd[18763]:
| systemd[1]: Failed to start DHCPv4 Server Daemon.
|
| When I review the information about dhcpd it appears that it can manage
| the ip addresses for two networks on different nic cards, but is there a
| problem in having it manage two networks on the same nic card?
|
| Does anyone have any ideas?  Would sure appreciate your help.
|
| Greg Ennis
|
|
|
| --
| Greg Ennis
| PoMec Corporation
| www.PoMec.Net
|
|
| ___
| CentOS mailing list
| CentOS@centos.org
| https://lists.centos.org/mailman/listinfo/centos


Here's an idea - untested.
set up a network on the single nic - say 192.168.55.xx/24
set up the dhcp to offer leases from a subset of this network - say 
192.168.55.128/28
set up fixed leases based upon mac address from the remainder of the 
network - i.e. outside the subset above - e.g. 192.168.55.1/28
then route / firewall as required - i.e. trusted known mac address hence 
IP address allowed vs unknown guest given an IP address we can block or 
otherwise handle.
As indicated, this is not tested but if memory serves, dhcpd will allow 
this kind of allocation.

HTH
Rob
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 7.3: Gnome workspaces mirrored

[Rob Kampen]

On 04/01/17 22:09, Gerhard Schneider wrote:

An user is using 2 displays and configured Gnome to "Static Workspaces
only on primary display on" using gnome-tweak-tool

Till 7.2 it was working as expected. After upgrading to 7.3 the content
on the primary screen gets mirrored to all workspaces.

When switching to "Static Workspaces only on primary display off"
everything is working as expected on 7.3, too.

Any ideas?
I had not noticed as I do not often use multiple work spaces but do 
always have four spaces set up.
I too had this "static workspaces only on primary display" setting "on" 
- and thus each of the four workspaces showed exactly the same open 
windows - not at all what previously occurred.


Setting this to "off" give the other three workspaces just the default 
desktop - on both monitors - however it is still different than before 
(7,2, 7.1) as now the open windows contents of both monitors is only on 
the one desktop and the other three have both screens default blank 
desktop - previously the second monitor contents was visible on all four 
desktops.
No idea what is meant to be correct - I can live with this, but these 
illogical changes that keep happening with gnome are difficult to 
understand - the new gnome developers obviously think and work VERY 
differently to me.


Thank you in advance!

Gerhard Schneider



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Adobereader on Centos7 crashes

[Rob Kampen]

On 01/01/17 04:35, johan.vermeul...@telenet.be wrote:

Hello All,

I can't get Adobe Reader to run stable on Centos7, when trying to edit settings 
or trying to print, it crashes.
The issue is people need to digitally sign pdf forms. When I open these forms 
with anything else then Adobereader, I get EM

To view the full contents of this document, you need a later version of the PDF 
viewer. You can upgrade
to the latest version of Adobe Reader from 
www.adobe.com/products/acrobat/readstep2.html

I spent a lot of time trying to solve this with other pdf viewers, including 
google-chrome and Foxit, and trickery with ps2pdf and Pdfedit. Nothing works.

I installed Adobereader following this:
https://www.if-not-true-then-false.com/2010/install-adobe-acrobat-pdf-reader-on-fedora-centos-red-hat-rhel/
So I tried installing this on an up-to-date CentOS 7.3 system and it 
fails to find

Error: Package: AdobeReader_enu-9.5.5-1.i486 (/AdbeRdr9.5.5-1_i486linux_enu)
   Requires: libpangox-1.0.so.0

which a yum whatprovides */libpangox-1.0.so.0 shows as:
pangox-compat-0.0.2-2.el7.x86_64 : Compatibility library for pangox
Repo: epel
Matched from:
Filename: /usr/lib64/libpangox-1.0.so.0

and even after an install of this package still fails - thus I suspect 
it relates to not finding the 32 bit version as the epel version 
installs this in /usr/lib64


What did you do to overcome this dependency?


The signing of these forms is vital to my organization, so any help would be 
appreciated.

Greetings, J.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] kmod-nvidia problems

[Rob Kampen]

On 11/12/16 09:28, Akemi Yagi wrote:

On Sat, Dec 10, 2016 at 12:21 PM, Rob Kampen <rkam...@kampensonline.com> wrote:

Hi List,

I use the kmod-nvidia package on my CentOS workstations.

Always this has "just worked".

Doing a yum update this morning I now get this:


09:15:28 : ERROR:   Package: kmod-nvidia-367.57-2.el7.elrepo.x86_64 (elrepo)
 Requires: kernel(drm_atomic_helper_plane_reset) = 0xabd4c98d
 Installed: kernel-3.10.0-327.28.2.el7.x86_64 (@updates)
 kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Anyone else get this? any pointers?
TIA
Rob

Later versions of kmod-nvidia are for EL7.3 (not backward compatible).
You need to update your CentOS system using the CR repo. Or wait until
the full release of CentOS 7.3.1611 (next week?).

Ahhh - no problems, I'll await 7.3 and exclude kmod-nvidia for now.
Thanks


Akemi
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] kmod-nvidia problems

[Rob Kampen]

Hi List,

I use the kmod-nvidia package on my CentOS workstations.

Always this has "just worked".

Doing a yum update this morning I now get this:


09:15:28 : ERROR:   Package: kmod-nvidia-367.57-2.el7.elrepo.x86_64 (elrepo)
Requires: kernel(drm_atomic_helper_plane_reset) = 0xabd4c98d
Installed: kernel-3.10.0-327.28.2.el7.x86_64 (@updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Installed: kernel-3.10.0-327.28.3.el7.x86_64 (@updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Installed: kernel-3.10.0-327.36.1.el7.x86_64 (@updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Installed: kernel-3.10.0-327.36.2.el7.x86_64 (@updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Installed: kernel-3.10.0-327.36.3.el7.x86_64 (@updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-3.10.0-327.el7.x86_64 (base)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-3.10.0-327.3.1.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-3.10.0-327.4.4.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-3.10.0-327.4.5.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-3.10.0-327.10.1.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-3.10.0-327.13.1.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-3.10.0-327.18.2.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-3.10.0-327.22.2.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb23805db
Available: kernel-debug-3.10.0-327.el7.x86_64 (base)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.3.1.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.4.4.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.4.5.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.10.1.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.13.1.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.18.2.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.22.2.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.28.2.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.28.3.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.36.1.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.36.2.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d
Available: kernel-debug-3.10.0-327.36.3.el7.x86_64 (updates)
kernel(drm_atomic_helper_plane_reset) = 0xb92b713d

Anyone else get this? any pointers?
TIA
Rob
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Off-Topic: Travel Router and Firewall

[Rob Kampen]

On 27/11/16 01:26, Bob Marcan wrote:

On Wed, 23 Nov 2016 21:18:34 +0100
H  wrote:

https://routerboard.com/products

I'm using this one:
https://routerboard.com/RB941-2nD
I use kit from this company at every opportunity. Great value, powerful 
capabilities, you can use their web ui but they also have a very 
comprehensive command line interface. Sometimes it takes a bit of trial 
and error to get the correct combo of commands to do what is needed - 
there are lots of recipes on their various wikis and support web sites.


BR, Bob
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Skype for Centos Desktop

[Rob Kampen]

On 18/11/16 10:06, Alice Wonder wrote:

On 11/17/2016 12:46 PM, Rodrigo Pichiñual Norin wrote:

Hi all.

I search info in the web about how to install skype on centos 6.5, 
but just

exists info about skype with architecture to 32 bit.

someone can me explicain, how to install skype for 64 bit architecture ,
it's possible?

thank



It's possible, at least it use to be possible I did it before but I no 
longer do it and haven't since I updated to CentOS 7.


You may have to install some 32-bit libraries for compatibility, I do 
not remember.


32-bit libraries will install on 64-bit CentOS.

there is a 586 version available from nux-dextop for CentOS7

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] clamd@amavisd fails under systemd - FIXED

[Rob Kampen]

On 12/11/16 16:46, Gordon Messmer wrote:

On 11/11/2016 02:39 AM, Rob Kampen wrote:
When I invoke from the CLI  - there is a -nofork=yes as a part of the 
invocation.
When systemd tries to do the invocation via the ExecStart line - the 
original clamd@.service file had this --nofork=yes also, the problem 
was that this just caused an abend of the start up with the message:


Not on my system, it doesn't:

$ grep Exec /usr/lib/systemd/system/clamd@.service
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf --foreground=yes
$ rpm -qf /usr/lib/systemd/system/clamd@.service
clamav-server-systemd-0.99.2-1.el7.noarch



> /usr/sbin/clamd: unrecognized option `--nofork=yes'
> ERROR: Unknown option passed
> ERROR: Can't parse command line options
and a look at the clamd man shows no such parameter - thus I removed it.
I wonder if this is the issue? Not sure what I can or how I can test. 


Yeah, it might be worth removing the package and reinstalling it. You 
shouldn't need to modify the provided systemd service file.

this looks like the issue.
doing the rpm -qf /usr/lib/systemd/system/clamd@.service
gave no owner??
So I tried a reinstall and it informed me the package 
clamav-server-systemd-0.99.2-1.el7.noarch was not installed - no idea 
where the systemd service file came from.

So I installed it and it now appears to run.

thanks so much for your assistance - progress finally being made!

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] clamd@amavisd fails under systemd

[Rob Kampen]

On 11/11/16 13:36, Gordon Messmer wrote:

On 11/09/2016 02:07 AM, Rob Kampen wrote:

so I have /etc/tmpfiles.d/clamd.amavisd.conf with content
d /var/run/clamd.amavisd 0755 amavis amavis -

the process owner name and group name are amavis
this is not quite what you specified - which should it be?


If "User" is set to amavis in the clamd configuration, that looks fine.

My real head scratch problem is that running clamd from a cli works 
perfectly.
Trying to get systemd (via systemctl start clamd@amavisd.service) 
brings it up but after 1 second removes the pid file and shuts down. 
set up clamd via the service file to use --debug and get nothing helpful
Trying to debug this systemd stuff seems impossible 


systemd starts processes in the correct SELinux context, while running 
it from the shell does not.  So my first guess would be that it's an 
SELinux issue.  Use "setenforce" to put the system in permissive mode 
to see if that's the case.  If so, "grep AVC /var/log/audit/audit.log" 
for more info.

Another random thought
When I invoke from the CLI  - there is a -nofork=yes as a part of the 
invocation.
When systemd tries to do the invocation via the ExecStart line - the 
original clamd@.service file had this --nofork=yes also, the problem was 
that this just caused an abend of the start up with the message:

> /usr/sbin/clamd: unrecognized option `--nofork=yes'
> ERROR: Unknown option passed
> ERROR: Can't parse command line options
and a look at the clamd man shows no such parameter - thus I removed it.
I wonder if this is the issue? Not sure what I can or how I can test.
Will keep playing



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] clamd@amavisd fails under systemd

[Rob Kampen]

On 11/11/16 13:36, Gordon Messmer wrote:

On 11/09/2016 02:07 AM, Rob Kampen wrote:

so I have /etc/tmpfiles.d/clamd.amavisd.conf with content
d /var/run/clamd.amavisd 0755 amavis amavis -

the process owner name and group name are amavis
this is not quite what you specified - which should it be?


If "User" is set to amavis in the clamd configuration, that looks fine.

My real head scratch problem is that running clamd from a cli works 
perfectly.
Trying to get systemd (via systemctl start clamd@amavisd.service) 
brings it up but after 1 second removes the pid file and shuts down. 
set up clamd via the service file to use --debug and get nothing helpful
Trying to debug this systemd stuff seems impossible 


systemd starts processes in the correct SELinux context, while running 
it from the shell does not.  So my first guess would be that it's an 
SELinux issue.  Use "setenforce" to put the system in permissive mode 
to see if that's the case.  If so, "grep AVC /var/log/audit/audit.log" 
for more info.
Tried this - set it to permissive and tried the systemctl start 
clamd@amavisd.service and got exactly the same result - tried a number 
of times - no messages in the logs to indicate a problem - just after 
the final start up message of :-

>Self checking every 600 seconds.
after one second we get
>Pid file removed.
>Stopped at Fri Nov 11 04:35:49 2016
>Socket file removed.

So not selinux.
Thanks for the idea - I was unaware that systemd is selinux aware and 
friendly.

I'll keep looking .


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] clamd@amavisd fails under systemd

[Rob Kampen]

On 09/11/16 11:48, Gordon Messmer wrote:

On 11/08/2016 03:24 AM, Rob Kampen wrote:
If there is anyone that has this combo of services working under 
CentOS7 and can shed any insight on why I cannot get this service to 
actually run, it would be very much appreciated. 



When setting up a clamd service, you should need to enable the 
service, create the configuration file, and typically set up 
/etc/tmpfiles.d/clamd-.conf.  That file should have one line:


d /run/clamd. 0700 daemon daemon -

...or whatever user you use for clamd.  If you don't have the proper 
tmpfiles setup, the run directory won't exist or won't have the 
correct owner, and either standard permissions or SELinux may deny the 
process access to the run directory.



so I have /etc/tmpfiles.d/clamd.amavisd.conf with content
d /var/run/clamd.amavisd 0755 amavis amavis -

the process owner name and group name are amavis
this is not quite what you specified - which should it be?

My real head scratch problem is that running clamd from a cli works 
perfectly.
Trying to get systemd (via systemctl start clamd@amavisd.service) brings 
it up but after 1 second removes the pid file and shuts down. set up 
clamd via the service file to use --debug and get nothing helpful

Trying to debug this systemd stuff seems impossible

Thanks
Rob

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] clamd@amavisd fails under systemd

[Rob Kampen]

Trying to set up a mail server under CentOS7 - having done this with 
CentOS5 and CentOS6 over the last decade with no issues and reliable 
service, it was time to upgrade (?) to CentOS7. Shouldn't be a problem, 
right?


Getting to grips with systemd has been challenging - to say the least.

So a brief overview of what I am trying to set up:

postfix / amavisd-new / spamassassin / clamav so we can receive mail and 
deal with the major rubbish that gets thrown at any open port 25 smtp 
service.


no problems installing each of the above and their configuration files. 
Just as an aside, there are many recipes for this combo of packages - 
none of which work as advertised. There was a time when one could safely 
follow a how-to guide and have things working - I have regularly used 
the CentOS wiki guides - however they have become stale and what worked 
fine for 5 & 6 DO NOT WORK for CentOS7 - mainly due to systemd and firewalld


So we have:

systemctl status postfix.service
● postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; 
vendor preset: disabled)
   Active: active (running) since Wed 2016-10-26 18:13:25 EDT; 1 weeks 
5 days ago

 Main PID: 2762 (master)
   CGroup: /system.slice/postfix.service
   ├─ 2762 /usr/libexec/postfix/master -w
   ├─ 2782 qmgr -l -t unix -u
   └─25274 pickup -l -t unix -u

systemctl status spamassassin.service
● spamassassin.service - Spamassassin daemon
   Loaded: loaded (/usr/lib/systemd/system/spamassassin.service; 
enabled; vendor preset: disabled)

   Active: active (running) since Tue 2016-11-08 05:18:04 EST; 50min ago
  Process: 27412 ExecStart=/usr/bin/spamd --pidfile /var/run/spamd.pid 
$SPAMDOPTIONS (code=exited, status=0/SUCCESS)
  Process: 27410 ExecStartPre=/sbin/portrelease spamd (code=exited, 
status=0/SUCCESS)

 Main PID: 27417 (/usr/bin/spamd )
   CGroup: /system.slice/spamassassin.service
   ├─27417 /usr/bin/spamd --pidfile /var/run/spamd.pid -d -c -m5 -H
   ├─27418 spamd child
   └─27419 spamd child

systemctl status amavisd.service
● amavisd.service - Amavisd-new is an interface between MTA and content 
checkers.
   Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled; 
vendor preset: disabled)

   Active: active (running) since Tue 2016-11-08 05:18:05 EST; 50min ago
 Docs: http://www.ijs.si/software/amavisd/#doc
  Process: 27426 ExecStart=/usr/sbin/amavisd -c 
/etc/amavisd/amavisd.conf (code=exited, status=0/SUCCESS)

 Main PID: 27427 (/usr/sbin/amavi)
   CGroup: /system.slice/amavisd.service
   ├─27427 /usr/sbin/amavisd (master)
   ├─27479 /usr/sbin/amavisd (ch1-avail)
   └─27480 /usr/sbin/amavisd (ch1-avail)

but for the life of me, I cannot get clamd@amavisd to stay up.

It always comes up and then dies after about 1 second :

systemctl status clamd@amavisd.service
● clamd@amavisd.service - clamd scanner (amavisd) daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; 
vendor preset: disabled)

   Active: inactive (dead) since Tue 2016-11-08 05:18:13 EST; 34min ago
  Process: 27421 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf 
(code=exited, status=0/SUCCESS)

 Main PID: 27421 (code=exited, status=0/SUCCESS)

Nov 08 05:18:11 media..xxx clamd[27481]: OLE2 support enabled.
Nov 08 05:18:11 media..xxx clamd[27481]: PDF support enabled.
Nov 08 05:18:11 media..xxx clamd[27481]: SWF support enabled.
Nov 08 05:18:11 media..xxx clamd[27481]: HTML support enabled.
Nov 08 05:18:11 media..xxx clamd[27481]: XMLDOCS support enabled.
Nov 08 05:18:11 media..xxx clamd[27481]: HWP3 support enabled.
Nov 08 05:18:11 media..xxx clamd[27481]: Self checking every 600 
seconds.

Nov 08 05:18:13 media..xxx clamd[27481]: Pid file removed.
Nov 08 05:18:13 media..xxx clamd[27481]: --- Stopped at Tue Nov  8 
05:18:13 2016

Nov 08 05:18:13 media..xxx clamd[27481]: Socket file removed.

I can run the clamd service manually just fine and everything works - i.e.

/usr/sbin/clamd -c /etc/clamd.d/amavisd.conf –nofork=yes

returns a functioning service - thus my config files must be okay

but try it with systemd and you hit a brick wall - nothing in any logs 
to give me a clue why it comes up and then closes down


After many days of google chasing,
I have found a number of folk hitting the same issue, yet none of these 
have posted anything resembling a solution, most have had other issues 
that were in error.


If there is anyone that has this combo of services working under CentOS7 
and can shed any insight on why I cannot get this service to actually 
run, it would be very much appreciated.


TIA
Rob



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fprintd needed?

[Rob Kampen]

On 04/11/16 09:31, Jon LaBadie wrote:

On Thu, Nov 03, 2016 at 01:58:39PM -0600, Frank Cox wrote:

On Thu, 03 Nov 2016 15:36:00 -0400
Jon LaBadie wrote:


Without a fingerprint device, is this software needed.

I have removed it on all of my systems and never noticed any issues.


Thank you, that is what I suspected.

jl
I tried stopping it via systemctl and found I could no longer log in to 
the system desktop (gnome3) - YMMV

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS on new Dell

[Rob Kampen]

On 14/10/16 14:03, Michael B Allen wrote:

On Thu, Sep 29, 2016 at 9:18 PM, John R Pierce  wrote:

On 9/29/2016 5:55 PM, Michael B Allen wrote:

It seems optical drives are gone. Do I boot the iso from USB or what's
the procedure now?

yup, put iso on USB, go to town.

Mmn, that didn't work. I dd'd the latest Fedora Live iso onto a USB
drive, put it into a brand spanking new Dell Latitude E7470, hit F12
at Dell logo and got "Selected boot device failed". Do I need to make
it bootable using fdisk or some such?

Not that I recall - a simple dd of the iso onto a usb stick just works see
 https://wiki.centos.org/HowTos/InstallFromUSBkey

Mike
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS on new Thinkpads

[Rob Kampen]

On 01/10/16 05:02, Michael B Allen wrote:

Ok, I see a lot of nice answers here so I would like to try to refine
this a little.

After some research I was going to skip Lenovo. People are clearly
having problems running Linux on Lenovos. I spoke with one person that
had a really hard time with their X250. However, I think a lot of
problems are caused by bleeding edge hardware. My feeling is it takes
at least 1 year before the kernels have the necessary updates. Also,
searching the Internet forums for problems is dubious because people
who don't have problems don't say so on forums. But asking "is model
XYZ known to work" is a good test as evidenced by these great
responses. So I will ask again with some more specific details.

The key features for me are:

* 1080 display or 900 would be acceptable but definitely not 768 (this
rules out Toshiba)
* Good keyboard with mouse buttons (Lenovo has always had superior
keyboards and fortunately that have recently resurrected mouse
buttons, yeah!)
* RJ-45 (this rules out a LOT of laptops including Dell)
* Intel graphics / hardware

The Lenovo T series meets these requirements. My only concern would be
issues mentioned on this list and bleeding-edge issues. I know people
have had a lot of problems with the trackpad, screen flickering and
other things. But I think most of this can be blamed on bleeding-edge
hardware compatibility. For example, I think the synaptics driver is
almost always broken in the latest models (move the mouse and it
deletes everything you've typed!) but if you uninstall it and use
libinput it can work.

So my thought is instead of getting the latest which would be T460, I
could get the previous model which would be the T450. These are sold
out on lenovo.com but they can still be had elsewhere (not sure about
warranty which is hugely important though).

So does anyone have any specific knowledge of the T450, T450s, T450p?

I really appreciate all the answers. Hopefully this helps other folks too.
I have been using the high end ASUS laptops - i.e. Republic of Gamers 
machines since 2012 with CentOS6 and more recently with CentOS7. They 
were a challenge with 6.x in that I needed some elrepo drivers to get 
the keyboard backlight working but 7.x just works. These machines are 
almost server spec i7 with 16GB RAM, dual disk drives (one SSD, one 
rotating media) and separate nVidia graphics cards. YMMV but I'd buy 
another one any time.

Mike
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP CP2025

[Rob Kampen]

On 27/09/16 10:45, Kay Schenk wrote:



On 09/25/2016 06:09 PM, Mark LaPierre wrote:


[mlapier@peach ~]$ rpm -qa | grep hplip
hplip-common-3.14.6-3.el6.x86_64
hplip-libs-3.14.6-3.el6.x86_64
[mlapier@peach ~]$ rpm -qa | grep cups
cups-1.4.2-74.el6.x86_64
cups-pk-helper-0.0.4-13.el6.x86_64
gutenprint-cups-5.2.5-2.el6.x86_64
cups-libs-1.4.2-74.el6.x86_64
cups-libs-1.4.2-74.el6.i686
[mlapier@peach ~]$

CentOS release 6.8 (Final)

I've been able to print to this printer with no issues, until this
evening.  When I tried to send a print job the job just sat in the print
queue.  I killed the job and deleted the printer, then re-installed the
printer using the Printer configuration tool found under
System/Administration/Printing.


"until this evening"...so that's interesting.

I'm also on CentOS 6.8 but 32-bit using the same hplip version. 
Normally I do printer setup with hp-setup, then use the web interface 
to cups to add it in to that environment.


Also, add hp-systray to your startup apps if you haven't already.




I've tried all manner of settings, both on the Libre Office document and
in the Printer configuration tool.  Now I can print to the printer but I
cannot get the printer to print in Landscape orientation.  Only portrait
orientation comes out no matter what settings I choose.


Does portrait work with ANY other type of document -- pdf, for example?
I have a brother printer and from libre office it ONLY prints protrait, 
no matter what I have tried. To get any landscape output I have to 
create a pdf of the document and then print that.

No idea what the issue is, my suspicion is libre office has a glitch.




I've done a bit of Google work but I find nothing that appears
applicable to my specific issue of not getting landscape prints no
matter what setting I choose.




The HPLIP web site says the latest version of hplip for my machine, RHEL
6 because they apparently have not heard of CentOS, is
hplip-3.16.9_rhel-6.0.x86_64.  CentOS does not have this version
available in the repo.

What's a guy to do?  Windows should be this hard to work with, but not
Linux.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Software RAID and GRUB on CentOS 7

[Rob Kampen]

On 12/08/16 01:20, William A. Mahaffey III wrote:

On 08/11/16 02:33, Nicolas Kovacs wrote:

Hi,

When I perform a software RAID 1 or RAID 5 installation on a LAN server
with several hard disks, I wonder if GRUB already gets installed on each
individual MBR, or if I have to do that manually. On CentOS 5.x and 6.x,
this had to be done like this:

# grub
grub> device (hd0) /dev/sda
grub> device (hd1) /dev/sdb
grub> root (hd0,0)
grub> setup (hd0)
grub> root (hd1,0)
grub> setup (hd1)
grub> quit

I'd like my server to be able to boot a degraded software RAID after an
eventual hard disk failure.

Any suggestions?

Niki Kovacs


I have an aging FC14 () system, w/ mdadm RAID partitions. I have 
/boot setup as mdadm RAID1's, 2 drives (actually partitions). Machine 
boots AOK, & I believe it does (& maintains) that setup automatically. 
I got that recommendation from a mailing list ages ago, can't remember 
where, sorry. $0.02, no more, no less 



[root@Q6600:/etc, Thu Aug 11, 08:25 AM] 1018 # df -h
FilesystemTypeSize  Used Avail Use% Mounted on
/dev/md1  ext4917G  8.0G  863G   1% /
tmpfstmpfs4.0G 0  4.0G   0% /dev/shm
/dev/md0  ext4186M   60M  117M  34% /boot
/dev/md3  ext41.8T  1.4T  333G  81% /home
[root@Q6600:/etc, Thu Aug 11, 08:26 AM] 1019 # uname -a
Linux Q6600 2.6.35.14-106.fc14.x86_64 #1 SMP Wed Nov 23 13:07:52 UTC 
2011 x86_64 x86_64 x86_64 GNU/Linux

[root@Q6600:/etc, Thu Aug 11, 08:26 AM] 1020 #


I too use this kind of set up. however I do not believe that anything on 
the MBR is updated automatically by any yum/rpm updates. Thus in this 
kind of a setup, one needs to take manual steps.

HTH
Rob
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] VLC and playing .mkv files with opus audio

[Rob Kampen]

Hi list,
I use VLC from nux-dextop as my default player.
Recently began using youtube-dl and it grabs the video and audio just 
fine and produces  .mkv files.
I can play the resulting file just fine with Enqueue in SMPlayer, GXine, 
SMPlayer and Videos -

VLC unfortunately says 'VLC could not decode the format "Opus"'
Yet my google search indicates this issue was solved many releases ago - 
2.0.4 and CentOS 7 is at version 2.2.2-4.el7


Anyone else have this problem and/or ideas on how to get it going?
TIA
Rob
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd and VirtualBox

[Rob Kampen]

On 28/05/16 14:31, Anthony K wrote:

On 28/05/16 12:12, Rob Kampen wrote:


which of the 9 answers did you use - there are four with [0] points. 
I did see this some time ago and got a variant working under CentOS 
6. I was hoping to use the new-fangled systemd, partly as a learning 
exercise, but also to avoid having bespoke config files and methods 
of starting daemons proliferating which the methods described on 
askubuntu.com seem to be.

rob


Apologies - I should have stated that in my initial response.

It's the answer that starts of with - "You can use the VirtualBox 
Auto-start service." - it has an up-vote score of 20 (as of now).


That article cites the following link *[0]* as the original source:

*[0]* 
http://lifeofageekadmin.com/how-to-set-your-virtualbox-vm-to-automatically-startup/


thanks, the other link helped but there are still errors in all the 
various instructions
one error not noted was the /etc/defaults/virtualbox file it - cannot 
have spaces!

it should be

# virtualbox defaults file
VBOXAUTOSTART_DB=/etc/vbox
VBOXAUTOSTART_CONFIG=/etc/vbox/autostart.cfg

My server has a very well exercised reboot as I have finally got it done
Thanks for all the pointers, finally have something that seems to be 
reliable.


ak.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd and VirtualBox

[Rob Kampen]

On 28/05/16 12:43, Anthony K wrote:

On 17/05/16 17:55, Rob Kampen wrote:
No idea where to from here, so if there is anyone that has a working 
systemd autostart VirtualBox setup on a headless CentOS 7 server - 
please advise what you have done to get it working.
I'm running CentOS7 as my host and when I was using Virtualbox, I had 
my VM's autostarting for a while.  I simply followed this answer [0] 
on "askubuntu.com" and it worked flawlessly.  However, I've since 
migrated all my VM's to KVM once performance on KVM surpassed that of 
Virtualbox (most of my VM's are Linux servers).




thanks for the pointer
which of the 9 answers did you use - there are four with [0] points. I 
did see this some time ago and got a variant working under CentOS 6. I 
was hoping to use the new-fangled systemd, partly as a learning 
exercise, but also to avoid having bespoke config files and methods of 
starting daemons proliferating which the methods described on 
askubuntu.com seem to be.

rob

My $0.02,
ak.

[0] 
https://askubuntu.com/questions/404665/how-to-start-virtual-box-machines-automatically-when-booting/548134


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /etc/sysconfig/iptables syntax

[Rob Kampen]

On 23/05/16 14:55, Mike wrote:

The last two router/firewall servers I had used Slackware and Gentoo.
I'm used to writing complete and explicit iptables rules; however, when I
set up /etc/sysconfig/iptables in CentOS 7 my usual syntax is unusable.

For example, I'm used to stating postrouting masquerade as:

/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j
MASQUERADE

But when I use the rule above, iptables.service fails upon start and exits.

Through a series of trial and error, I found a correct masquerade statement:

*nat
-A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE
COMMIT

This looks similar to output from iptables-save.

Another example:

/usr/sbin/iptables -t filter -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
[DOES NOT WORK]

*filter
-A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
COMMIT
[DOES WORK]

After using iptables for a long time, I can't figure out where this syntax
comes from.
Can anyone point me in the right direction to understand the proper syntax
necessary in /etc/sysconfig/iptables?
By  default CentOS 7 uses firewalld and not iptables - check what is 
enabled and running with

>systemctl status firewalld.service
or if you want to see all that is running on your server/PC
>systemctl

HTH


Thanks for your help.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd and VirtualBox

[Rob Kampen]

On 17/05/16 22:38, James Hogarth wrote:

On 17 May 2016 at 09:11, Rob Kampen <rkam...@kampensonline.com> wrote:


On 17/05/16 19:58, John Hodrien wrote:


On Tue, 17 May 2016, Rob Kampen wrote:

No idea where to from here, so if there is anyone that has a working

systemd autostart VirtualBox setup on a headless CentOS 7 server - please
advise what you have done to get it working.


I deliberately bailed on VirtualBox when we moved to C7, as KVM offered
everything I needed with less hassle.

I take it you've considered switching?

Considered, very briefly. I have had great success and stability with

running VirtualBox on both CentOS 5 & 6 for the few Windoze apps that my
clients need to run and have up on a server 24x7. The set ups I am using
have been running reliably for over 8 years and remote manged with zero
issues - HUGE thanks to the CentOS team for an awesome OS system delivery
Thus, I have simply installed the latest VirtualBox on CentOS 7 and gone
from there. I was aware that systemd existed and deliberately waited until
this year to upgrade the hardware and OS, thinking issues like this should
have been sorted by now.
Are there any good tutorial / howtos for KVM? Although at this point I am
back on another continent and reluctant to shift to KVM when over 20 hours
fly time away from the server.



Why would that be an issue? It's not Xen where you have to boot into a
special kernel ... it's just the ordinary kernel. In fact I'd be surprised
if you had to reboot at all, you should just have to install the
virtualization group (along with virt-tools and virt-manager to make your
life easier, dont' forget to install fonts if using virt-manager over X
forward and wanting to avoid little boxes instead of characters) and be up
and running.
thanks James. I have started working through the document you indicated 
and will see how it goes. It may take a few days to sort out enough time.

BTW, will I be able to use the Windows10 image file that VirtualBox uses?
Is there a tool that changes the format of the vm image if its different?
Or am I faced with a new Windoze install and installing the Windoze Apps 
all over again?
That may be an issue as the Windoze application is quite complex and the 
last two times I have installed it, I had to use the app provider's help 
line to solve Windoze 10 issues as the default install has some things 
that need changing in order for their app to work.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd and VirtualBox

[Rob Kampen]

On 17/05/16 19:58, John Hodrien wrote:

On Tue, 17 May 2016, Rob Kampen wrote:

No idea where to from here, so if there is anyone that has a working 
systemd autostart VirtualBox setup on a headless CentOS 7 server - 
please advise what you have done to get it working.


I deliberately bailed on VirtualBox when we moved to C7, as KVM offered
everything I needed with less hassle.

I take it you've considered switching?

Considered, very briefly. I have had great success and stability with 
running VirtualBox on both CentOS 5 & 6 for the few Windoze apps that my 
clients need to run and have up on a server 24x7. The set ups I am using 
have been running reliably for over 8 years and remote manged with zero 
issues - HUGE thanks to the CentOS team for an awesome OS system delivery
Thus, I have simply installed the latest VirtualBox on CentOS 7 and gone 
from there. I was aware that systemd existed and deliberately waited 
until this year to upgrade the hardware and OS, thinking issues like 
this should have been sorted by now.
Are there any good tutorial / howtos for KVM? Although at this point I 
am back on another continent and reluctant to shift to KVM when over 20 
hours fly time away from the server.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Systemd and VirtualBox

[Rob Kampen]

The continuing challenges of getting a workable server continue.
The latest spins of VirtualBox seem to have solved the issues of DKMS 
auto compiles of the driver being aborted. The yum updates work as 
expected, provided one stops the running vms manually first.


However, trying to get systemd to start the vms is proving to be a PITA.
I have extensively googled and found that there are no specific 
instructions for Fedora/Redhat/CentOS and VirtualBox setups for systemd. 
After many trials and errors I have this systemd service file:


filename - /etc/systemd/system/vboxstarter@.service

[Unit]
Description=VBox Virtual Machine %i Service
Requires=systemd-modules-load.service vboxballoonctrl-service.service
After=systemd-modules-load.service vboxballoonctrl-service.service
Conflicts=shutdown.target

[Service]
User=
Group=vboxusers
Restart=on-failure
TimeoutSec=5min
Environment="VBOX_USER_HOME=/home/rkampen/VirtualBox VMs/%i"
ExecStart=/usr/bin/VBoxHeadless -s %i
ExecStop=/usr/bin/VBoxManage controlvm %i savestate

[Install]
WantedBy=multi-user.target

and on occasions the invocation
systemctl start vboxvmstarter@Windoze10_2.service
will work, although recently it is failing always with

>$ systemctl status vboxvmstarter@Windoze10_2.service
● vboxvmstarter@Windoze10_2.service - VBox Virtual Machine Windoze10_2 
Service
   Loaded: loaded (/etc/systemd/system/vboxvmstarter@.service; enabled; 
vendor preset: disabled)
   Active: deactivating (stop-sigterm) (Result: exit-code) since Tue 
2016-05-17 03:25:02 EDT; 4s ago
  Process: 1987 ExecStop=/usr/bin/VBoxManage controlvm %i savestate 
(code=exited, status=1/FAILURE)
  Process: 1906 ExecStart=/usr/bin/VBoxHeadless -s %i (code=exited, 
status=1/FAILURE)

 Main PID: 1906 (code=exited, status=1/FAILURE)
   CGroup: 
/system.slice/system-vboxvmstarter.slice/vboxvmstarter@Windoze10_2.service

   └─1940 /usr/lib/virtualbox/VBoxSVC --auto-shutdown

May 17 03:25:02 media.pcol.org systemd[1]: Started VBox Virtual Machine 
Windoze10_2 Service.
May 17 03:25:02 media.pcol.org systemd[1]: Starting VBox Virtual Machine 
Windoze10_2 Service...
May 17 03:25:02 media.pcol.org systemd[1]: 
vboxvmstarter@Windoze10_2.service: main process exited, code=exited, 
status=1/FAILURE
May 17 03:25:02 media.pcol.org VBoxManage[1987]: VBoxManage: error: 
Could not find a registered machine named 'Windoze10_2'
May 17 03:25:02 media.pcol.org VBoxManage[1987]: VBoxManage: error: 
Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), com...pports
May 17 03:25:02 media.pcol.org VBoxManage[1987]: VBoxManage: error: 
Context: "FindMachine(Bstr(a->argv[0]).raw(), machine.a...VM.cpp
May 17 03:25:02 media.pcol.org systemd[1]: 
vboxvmstarter@Windoze10_2.service: control process exited, code=exited 
status=1

Hint: Some lines were ellipsized, use -l to show in full.

as  a vboxmanage list vms
"Windoze10_2" {51c8f956-9aba-4d2a-942c-8f46889d5bc0}

shows the required vm.
as root or using sudo it returns nothing.
thus my only conclusion is that systemd actually runs this as root and 
ignores the User= line of the [Service] stanza.


No idea where to from here, so if there is anyone that has a working 
systemd autostart VirtualBox setup on a headless CentOS 7 server - 
please advise what you have done to get it working.
Or any systemd gurus that can point me at the specific foo required to 
beat this deamon into submission.

TIA
Rob
P.S. I deliberately set up the VirtualBox vms under a non privileged 
user account. I have tried setting up a symbolic link from /root to the 
~/username/VirtualBox\ VMs folder and made root a member of the 
virtualboxusers group - no difference, as expected, but getting desperate.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7 Desktop background - SOLVED

[Rob Kampen]

On 17/05/16 09:38, Frank Cox wrote:

On Tue, 17 May 2016 09:29:52 +1200
Rob Kampen wrote:


Tried that - it appears to run, i.e. prompt returns. No change. Logged
out and back in - no change, still gray. It has reset the background
that comes up when I move the cursor to the top left and see all the
open windows.

It's a bit late to tell you this, but the configuration is stored in a file 
~/.config/dconf/user so if you back that up before playing with it, you can 
return to your former configuration by restoring that file.

Have you backed up your home directory lately?  Do you have an "old" copy of 
that file that you can restore?

removing the ~/.config/dconf/user folder worked - it resets everything 
to clean install state, so one does have to set up everything once more.

I played around again and find that the tweak tool tab
Appearance >
> Theme GTK+ ==> the select box is where things go pear shaped. If I 
pick the Oxygen-gtk as the theme for my GTK windows that this makes the 
desktop background disappear and go gray - busted in my situation.
Just another example of this product (Gnome3 on CentOS7) not really 
ready for production use.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7 Desktop background

[Rob Kampen]

On 16/05/16 22:09, Liam O'Toole wrote:

On 2016-05-15, Rob Kampen
<rkam...@kampensonline.com> wrote:

Hi Just stumbled into a problem with my recent new build C7 work
station.  Fully updated, gnome desktop, all was working well until I
had a play with Tweak Tool, I wanted to try some other themes for
window layouts as the default seems to not show check boxes correctly
in all situations. I haven't yet determined what is causing this but
suspected another theme may work better, as not being able to see the
correct status of a check box is somewhat frustrating.  So I made and
tried numerous changes with this Tweak Tool, but only used the items
that were installed as default installed select options, no special
import of any other themes or extensions.  At one point I lost the
Desktop background - cannot recall which change triggered this,
however as I have tried all the other options on just about every tab,
I still have a gray desktop.  If I move the cursor to the top left
corner and it shows all the open windows, the desktop wallpaper /
background shows just fine, but when I select any window/app, my
desktop reverts to gray.  I have tried resetting the desktop
background but it does not remove this aberration.

Any gnome gurus out there that can point me to the gnome foo required
to get my desktop looking 21st century and not like my old monochrome
Windows386 circa late 1980's.

Thanks Rob

Try this:

dconf reset /org/gnome/desktop/background/picture-uri

Type 'dconf help' for more information.

Tried that - it appears to run, i.e. prompt returns. No change. Logged 
out and back in - no change, still gray. It has reset the background 
that comes up when I move the cursor to the top left and see all the 
open windows.

Gnome is SO counter-intuitive, not sure what the developers are smoking.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C7 Desktop background

[Rob Kampen]

Hi
Just stumbled into a problem with my recent new build C7 work station. 
Fully updated, gnome desktop, all was working well until I had a play 
with Tweak Tool, I wanted to try some other themes for window layouts as 
the default seems to not show check boxes correctly in all situations. I 
haven't yet determined what is causing this but suspected another theme 
may work better, as not being able to see the correct status of a check 
box is somewhat frustrating.
So I made and tried numerous changes with this Tweak Tool, but only used 
the items that were installed as default installed select options, no 
special import of any other themes or extensions.
At one point I lost the Desktop background - cannot recall which change 
triggered this, however as I have tried all the other options on just 
about every tab, I still have a gray desktop.
If I move the cursor to the top left corner and it shows all the open 
windows, the desktop wallpaper / background shows just fine, but when I 
select any window/app, my desktop reverts to gray.
I have tried resetting the desktop background but it does not remove 
this aberration.


Any gnome gurus out there that can point me to the gnome foo required to 
get my desktop looking 21st century and not like my old monochrome 
Windows386 circa late 1980's.


Thanks
Rob
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Regarding upgrade from CentOS .5.5 to CentOS 7

[Rob Kampen]

On 05/05/16 17:13, Venkateswara Rao Dokku wrote:

Hi,

I wanted to upgrade from centOS 5.5 to CentOS 7 without losing the data.

Is there any upgrade path available?

or what is the proper way to do it without affecting the existing config?

Thnaks for the help
Install another hard drive or SSD, partition it / install CentOS 7, 
telling Anaconda to leave your existing drive alone.
Once done, and rebooted, you can mount the old drive and copy what you 
need over using cp or rsync.

Enjoy

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C5: The Firefox ESR 45.1.0 Nighmare - bunny trail

[Rob Kampen]

On 04/29/2016 10:21 PM, James Hogarth wrote:

On 29 April 2016 at 09:55, isdtor  wrote:


Always Learning writes:

However the time-wasting problem remains, so too do the down-loaded
extensions in /tmp, example tmp-xxx.xpi

The reason behind this is the missing patch referenced by Johnny's posting
that you referenced in a follow-up.

What I would really like to see, talking about SIGs and such, is an rpm
for palemoon, but I fear it can't be done on C5. Even C6 only would help,
although I'm hesitating to move my main desktop off 5; the C6 desktop
simply doesn't have the same stability and performance, and having to log
off/log on just because PA behaves irratically is really annoying.



Given: RHEL5 goes end of life on 2017-03-31, which is 47 weeks, 6 days, 13
hours, 40 minutes, and 50 seconds from now

and that even now the updates are limited to critical (ie remote code
execution) pretty much might I suggest now is a good time to be thinking
about that future of that system and if not move to C7 at least move to C6?

I can't even imagine the pain of using C5 as a desktop in today's world ...
Having used C5 desktops until 4 years ago, then C6 until last week and 
now using C7, some observations.
Getting H/w stuff to work has got MUCH easier. Mostly "it just works". 
With the EPEL and ELrepo most everything one needs to perform normal 
office desktop functions is just a yum command away.
I have tried to remain on the same hardware, but the recent move to C7 
makes my 8 year old PC with 8GB of RAM just unacceptable. This machine 
was a top of the line gaming machine for my son when we built it, now it 
stalls as it pages stuff to swap - my work load is the same, just seems 
the new C7 needs more horse-power to function.

Now about the desktop, and the tools that come with the system.
Gnome 3, Gnome classic, and KDE - historically I just used the Gnome 
desktop, Nautilus and found managing my remote servers and the web apps 
I design and administer just worked fine. Transfer of files to and from 
the remote servers was a simple drag and drop. The system remembered my 
SSH key passphrase with no special action, now it doesn't, I need to be 
entering it continually. I think there is a new app to take care of this 
but haven't yet found the time to research and set it up.
Nautilus is now next to useless for my kind of work flow. Darn, they 
call this progress?
Trying to put apps onto the Gnome Desktop - too difficult, I'm sure its 
possible but once again, far to obscure - they really want me to change 
my work flow and habits I guess.
So I dust off KDE, been a few years since I played with this, but some 
brief research to find a working file manager show dolphin gets top 
marks. Used it under Gnome initially, but some stuff just doesn't show 
on my screen properly.
At least I can actually do my job with Dolphin, but it has some quirks, 
some quite irksome quirks, but at least I am somewhat productive after a 
week of trying to get used to all the changes.
With all the things I do not like about Windoze and Micro$oft, at least 
their file manager still works intuitively from WindozeXP, Windoze7 and 
Windoze10 - the only versions I have chosen to use over the last 15 years.

So what's gone wrong with the Linux Desktop developers?
Hardware upgrade to my son's three year old gaming machine next week, 
hopefully that will alleviate some of the frustrations of this migration 
to the latest CentOS 7 workstation.

Enough of a rant.
Sorry for the hi-jack, I did amend the subject.
P.S. I am using C7 for my new servers and that seems to be okay, bit of 
a learning curve for systemd and systemctl commands, also for firewalld 
vs iptables - yes I know I can use the old system, but I try to use the 
systems as much as possible as they come, as I figure that is where 
things are heading, so learn, use and embrace. e.g. NetworkManager was 
introduced in C6 - barely workable for a desktop, just a PITA for a 
server. But with C7 it mostly works as expected, with little need to 
lock things down. Works great on the desktop.

Have a great weekend.
Shalom

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache/PHP Installation - opinions

[Rob Kampen]

On 04/27/2016 07:50 PM, Alice Wonder wrote:

On 04/27/2016 12:41 AM, Alice Wonder wrote:

On 04/27/2016 12:30 AM, James Hogarth wrote:
*snip*


Unless you have a very specific requirement for a very bleeding edge
feature it's fundamentally a terrible idea to move away from the
distribution packages in something as exposed as a webserver ...


I use to believe that.

However I no longer.

First of all, advancements in TLS happen too quickly.

The RHEL philosophy of keeping API stability for as long as the release
is supported means you end up running old protocols and old cipher
suites and don't have the new protocols and cipher suites available.

That's a problem.

With respect to Apache and PHP -

There is a lot of benefit to HTTP/2 but you can't get that with the
stock Apache in RHEL / CentOS 7. You just can't.

The PHP in stock RHEL / CentOS is so old that web application developers
largely are not even using it anymore, resulting in some web
applications that just simply don't work unless you update the PHP to
something more modern.

It's a nice idealistic philosophy to want to keep the same versions and
backport security fixes and keep everything API compatible but in real
world practice, it makes your server stale.


Another example outside of LAMP

Postfix -

The postfix that ships with CentOS 7 does not have the ability to 
enforce DANE.


If you are not sure what that is -

On mt DNS server, I can (and do) post a fingerprint of the TLS keys 
used by my smtp server.


When other mail servers want to send an e-mail to my server, they can 
do a DNS query and if I have a DANE record, then they can require that 
that the TLS connection they make to my SMTP server uses a certificate 
with a fingerprint that matches.


That is the only reliable way to avoid MITM with SMTP.

It's easy to set up in postfix -

smtp_dns_support_level = dnssec
smtp_host_lookup = dns

Sounds good, but how many domain MX servers have set up these 
fingerprint keys - 1%, maybe 2%, so how do you code for that? I guess 
I'm thinking it uses it if available. So even if you do post it on your 
DNS, how many clients out there are using DANE on their set up? By the 
time it becomes more than a tiny % and generally useful, it will be in 
CentOS 8. It also requires certificates to be implemented more 
ubiquitously than at present - although we do now have affordable 
solutions, so this one may resolve more quickly.
But with the postfix that comes with CentOS 7 - it is too old for 
that, so Postfix with CentOS 7 will never even try to verify the TLS 
certificate of the servers it connects to.


It's a stale version of postfix and people running postfix on CentOS 7 
should use a newer version.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Suddenly increased my hard disk

[Rob Kampen]

On 04/22/2016 03:34 PM, Valeri Galtsev wrote:

On Thu, April 21, 2016 10:23 pm, John R Pierce wrote:

On 4/21/2016 7:49 PM, Chandran Manikandan wrote:

Finally fixed my issue.
As you told i have unmount the external hard disk then i checked the
/bkhdd/backup folder.
I saw that 190GB backup tar.gz file then i deleted and again remount it.

Thanks a lot for your kind supporting to me to fix this issue.

Why it's happened like this environment and how to avoid it.


don't write to mount points when they aren't mounted, the files get
written to the file system.  and don't create any directories in the
mount point...   like, if you were mounting /dev/sdb1 as /bkhdd then on
the root file ssytem (without that mount) there should never have been
any /bkhdd/backup directory.   in fact /bkhdd should not be writable by
your user processes.

John, thanks for reminding this to all of us, I for one keep forgetting
about it (at least if I'm not dealing with it myself which usually acts as
a federal offense on me ;-) I know one Linux admin who removes write bit
from mount points.
I usually put a file with a name like "mount point for /dev/mdxyz" into 
that mount point folder just in case I fail to mount it. Then when you 
do a ls or ll it shows me I have a problem.

Valeri


I remember older Unix systems would refuse to mount a file system to a
non-empty directory, for exactly this reason, it hides stuff thats
already there.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] EPEL - Clamav update?

[Rob Kampen]

EPEL maintainers?
I note messages in the log about updated version 0.99.1 of CLAMAV being 
available since Mar 5th.

for CentOS 6 no update is available yet.
I used to use rpmforge for this package but that languished for months 
before updates became available and eventually stopped altogether.

Is there something I can do to assist in getting this package updated?
I have no idea if this is a difficult package to compile with lots of 
dependancies or some otherwise complexities.
In this era of constant SPAM and so many virus / trojan attempts to do 
harm to others, it is vital that we run this package to protect our users.

Please let me know if / how I can assist.
Kind regards
Rob
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Strange behaviour of iptables in centos 7

[Rob Kampen]

On 03/08/2016 08:35 PM, anax wrote:

Hi
strange behaviour of iptables on a centos 7.0 machine:
The following rule is in the iptables of said machine:

[root@myserver ~]# iptables -L -v -n --line-numbers |grep 175\.
99   456 DROP   all  --  *  *   175.44.0.0/16 
 0.0.0.0/0

[root@myserver ~]#

The corresponding enty in /etc/sysconfig/iptables looks like:

[root@myserver ~]# grep 175 /etc/sysconfig/iptables
-A INPUT -s 175.44.0.0/16 -j DROP
[root@myserver ~]#

The rule must be there since ages, because it has number 9 out of 76 
similar rules.


Today, on the same machine (I rechecked it to make sure not to 
confound machines), I see the following extract of the ftplog:



175.44.4.1272915
175.44.26.1282021
175.44.26.1381322
175.44.6.1861290
175.44.24.881219
175.44.4.1991212


saying that from this IP addresse there have been this many 
connections to the ftp server on that machine during the last two 
days, which means that the iptables haven't dropped the connection to 
the machine. As far as I know, the ftp server is behind the iptables. 
I also checked to see in man iptables, wheather the IP address is 
represented correctly.


What im I missing?

You mention iptables - but no mention of firewalld - they both use the 
same kernel mechanism, but it is important that both CANNOT be active!
If you configure and use firewalld you can query ># iptables -L and see 
what is installed, however I have no idea if this exposes the entire set 
of firewall statements - others that better understand this space, feel 
free to weigh in.
CentOS 7 has firewalld enabled by default, thus the choice to use 
iptables directly means that firewalld must be disabled.

HTH

thanks in advance

suomi
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Run Now no longer works in Messages Filters of Thunderbird 38.6

[Rob Kampen]

On 03/08/2016 02:35 AM, Roger Wells wrote:

On 03/06/2016 07:51 PM, Rob Kampen wrote:

On 03/07/2016 08:52 AM, Bernard Lheureux wrote:

Hi all,


Since the last update of Thunderbird to 38.6, the button 'Run Now' of
the 'Mail Filters' option is no longer effective and appears always
grayed in my CentOS 7...
Anybody has the same behavior ?


running on CentOS 6 - I have T/B 38.6 also and under the menu item
Message Filters >
have three options
- Message Filters
- Run Filters on Folder
- Run Filter on Message
none are greyed out and they appear to function as advertised.

Pick "Message Filters" from the above choices.
Its the "Run Now" button that is newly grayed out.
I see that, as soon as I select a mailbox folder from the select box to 
the left of the Run Now button it changes and I can run the filter.

IIUC

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Run Now no longer works in Messages Filters of Thunderbird 38.6

[Rob Kampen]

On 03/07/2016 08:52 AM, Bernard Lheureux wrote:

Hi all,


Since the last update of Thunderbird to 38.6, the button 'Run Now' of 
the 'Mail Filters' option is no longer effective and appears always 
grayed in my CentOS 7...

Anybody has the same behavior ?

running on CentOS 6 - I have T/B 38.6 also and under the menu item 
Message Filters >

have three options
- Message Filters
- Run Filters on Folder
- Run Filter on Message
none are greyed out and they appear to function as advertised.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dhcpd frequent renewals

[Rob Kampen]

On 18/02/16 13:41, david wrote:

Rob
DNS service for my clients is provided by my gateway server, the same 
machine as the DHCPD server.  I think that's what the "option 
domain-name-servers" line does.  This allows me to provide 192.168 
addresses to them when they try to access anything inside the house 
with a name.  If it's not a locally defined name, BIND forwards the 
request to the internet.


I'm not sure I understand about dhcpd log and dns log.  I scan 
/var/log/messages, using the service name as the key.  Looking at 
'named' entries, all I see are messages of the form "clients-per-query 
increased to XX".

I have had entries like:
 - dhcpd Begin 

 Unknown Entries:
Abandoning IP address 192.168.229.104: pinged before offer: 1 Time(s)

As I am not normally anywhere near this server, it is one I remote 
manage, I have not followed up,
I am now implementing a new network for them and hoping all this hassle 
will be a thing of the past.

Sorry I have no other insight.

I'm still mystified by the fact that only the i-devices (iphone, ipad) 
exhibit this behavior of rapid dhcpd renewals.  Mac's and PC's don't.


David

At 06:48 AM 2/17/2016, you wrote:

On 16/02/16 16:59, david wrote:

Folks

This might be the wrong place to ask, but I don't know where to turn.
My internal home network, including wireless, is controlled by a 
Centos6 server, which provides dhcpd services, along with NAT.  I 
have DHCPD configured with the addresses 192.168.155.200 through 
192.168.155.254 as the range for dynamic allocations.  The 
default-lease time is 1800 seconds, the maximum is 3600 seconds.


My windows clients, and even an ipad-mini behave nicely, asking for 
DHCP renewals once ever five minutes, or at about 80% of the default 
lease time, a behavior I can understand. However, several of my 
guests, with their own iPads, I-watches, iPhones, connect to my 
network (via a wireless access point which does not do routing 
functions) and they're renewing once every 20-30 seconds.  In 
addition, these devices also loose connectivity for brief intervals, 
which seems to be roughly synchronized with dhcp renewal.  This last 
fact I deduce by doing "tail -f /etc/log/messages" and hearing them 
say "lost connection" at just about the same moment the DHCPREQUEST 
and DHCPACK statements show up.


It's difficult to believe that Apple IOS devices (all of which are 
running apple's latest) have a dhcp client problem not shared by 
windows or even linux hosts.


Does anyone have any clues?
does your dhcpd update the dns? name resolution for devices seems to 
be required for some applications and thus the dns needs to know 
about the leases. Have you checked your dhcpd log entries and your 
dns log entries? I have had situations where the dhcpd lease is 
dropped due to not being able to complete dns update of the info - 
thus the client retries again and again - they do get onto the 
internet but the connection drops and a new lease is requested,

HTH

David Kurn
San Francisco

DHCPD.CONF file is excerpted below:


ddns-update-stylenone;

subnet 192.168.155.0 netmask 255.255.255.0 {
authoritative;
option routers 192.168.155.2;
option subnet-mask255.255.255.0;
option broadcast-address192.168.155.255;
option domain-name"daku.org";
option domain-name-servers192.168.155.2;
option netbios-name-servers192.168.155.2;

option time-offset-28800;# Pacific standard time

range dynamic-bootp192.168.155.200 192.168.155.254;
default-lease-time1800;
max-lease-time3600;
}




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] dhcpd frequent renewals

[Rob Kampen]

On 16/02/16 16:59, david wrote:

Folks

This might be the wrong place to ask, but I don't know where to turn.
My internal home network, including wireless, is controlled by a 
Centos6 server, which provides dhcpd services, along with NAT.  I have 
DHCPD configured with the addresses 192.168.155.200 through 
192.168.155.254 as the range for dynamic allocations.  The 
default-lease time is 1800 seconds, the maximum is 3600 seconds.


My windows clients, and even an ipad-mini behave nicely, asking for 
DHCP renewals once ever five minutes, or at about 80% of the default 
lease time, a behavior I can understand.  However, several of my 
guests, with their own iPads, I-watches, iPhones, connect to my 
network (via a wireless access point which does not do routing 
functions) and they're renewing once every 20-30 seconds.  In 
addition, these devices also loose connectivity for brief intervals, 
which seems to be roughly synchronized with dhcp renewal.  This last 
fact I deduce by doing "tail -f /etc/log/messages" and hearing them 
say "lost connection" at just about the same moment the DHCPREQUEST 
and DHCPACK statements show up.


It's difficult to believe that Apple IOS devices (all of which are 
running apple's latest) have a dhcp client problem not shared by 
windows or even linux hosts.


Does anyone have any clues?

does your dhcpd update the dns? name resolution for devices seems to be 
required for some applications and thus the dns needs to know about the 
leases. Have you checked your dhcpd log entries and your dns log 
entries? I have had situations where the dhcpd lease is dropped due to 
not being able to complete dns update of the info - thus the client 
retries again and again - they do get onto the internet but the 
connection drops and a new lease is requested,

HTH

David Kurn
San Francisco

DHCPD.CONF file is excerpted below:


ddns-update-stylenone;

subnet 192.168.155.0 netmask 255.255.255.0 {
authoritative;
option routers 192.168.155.2;
option subnet-mask255.255.255.0;
option broadcast-address192.168.155.255;
option domain-name"daku.org";
option domain-name-servers192.168.155.2;
option netbios-name-servers192.168.155.2;

option time-offset-28800;# Pacific standard time

range dynamic-bootp192.168.155.200 192.168.155.254;
default-lease-time1800;
max-lease-time3600;
}




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS7 changes strike again.

[Rob Kampen]

Still in the process of migrating from an old CentOS5 server to a brand 
new CentOS7.


After finally getting Virtualbox-5.0 installed and a new Wondoze10 Pro 
installed it became time to shift the data from the old server to the new.


The old server is headless and I installed the old WindozeXP into the 
Virtualbox4.x via the command line.
To do some of the admin I needed to attach to the windoze via a gui and 
used rdesktop via an ssh tunnel of port 3389. This "just worked" with my 
old CentOS6 laptop and workstations.


So now I try to connect to the old server via my laptop also running a 
recent CentOS7 install using rdesktop - no joy.

the ssh command is
>ssh servername -L 3389:127.0.0.1:3389
and then also from my laptop
rdesktop -a 16 -N 127.0.0.1:3389 -u rkampen -p-

only to get
ERROR: Failed to open display:

various google searches offer suggestions
prepending
DISPLAY=:0.0
gives
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

ERROR: Failed to open display: :0.0

tried setting selinux to permissive mode - still no joy.

All this just worked with my old CentOS6 laptop and work station, 
however I no longer have access to that.
I guess there have been some "improvements" with the advent of gnome3 
that now prevent this from working, however my knowledge of how this 
rdesktop interacts with the local display manager are sketchy at best.


Any suggestions from those of you that understand this stuff way better 
than I do?

TIA
Rob
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos