from:"rainer"

Re: [CentOS] Centos versions in the future?

2021-07-08 Thread Rainer Duffner



> Am 08.07.2021 um 17:38 schrieb Nikolaos Milas :
> 
> On 8/7/2021 6:19 μ.μ., Valeri Galtsev wrote:
> 
>> ...
>> Of course, tastes differ, but still, only those who tasted both things can 
>> have fairly say what is better to one's own taste.
>> ...
>> But even as part of our infrastructure fled to FreeBSD...
>> ...
> 
> As a side note:
> 
> l never used FreeBSD, even though I've heard good things about it. Frankly, I 
> loathe its devil logo. I know it's probably derived from the Unix "daemons", 
> yet I fail to get reconciled with it. It's simply appalling to me (even if 
> it's smiling) :(
> 
> I don't require any reply on my above comment (I might even be called naive 
> or whatever). It's some kind of personal confession which I feel I need to 
> express somehow. I simply wish FreeBSD people changed this logo at some 
> point...
> 
> I wonder whether FreeBSD users are expressing similar concerns... I am not 
> following any FreeBSD activity or discussion.
> 
> Cheers,
> Nick



There was a contest to change the logo a while (10-12-ish years) ago, and the 
official logo is now that:

https://freebsdfoundation.org/about-us/about-the-foundation/project/

However, that logo wasn’t universally liked by some core-members and it looks 
like the „Daemon“ is thus still in use.

The „Daemon“ is IMO somehow more approachable and „cute“ if you want to say 
that.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Expand XFS filesystem on CentOS Linux release 8.2.2004 (Core)

2021-03-12 Thread Rainer Duffner



> Am 12.03.2021 um 15:23 schrieb Thomas Mueller :
> 
> On 3/12/21 1:45 PM, Kaushal Shriyan wrote:
>> Is there a way to expand xfs filesystem /dev/nvme0n1p2 which is 7.8G and
>> occupy the remaining free disk space of 60GB?
> 
> parted porbably could do it. there is also a gparted gui 
> (https://gparted.org/ ), but doesn't seem to be in 
> CentOS 8.
> 
> Maybe boot from a livecd that includes the gui tool, like 
> https://gparted.org/livecd.php  or 
> https://www.system-rescue.org/ 


If the downtime is acceptable, that’s almost always the smartest thing to do, 
IMO.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel/64 CentOS VM running on a Mac M1?

2021-01-29 Thread Rainer Duffner



> Am 29.01.2021 um 10:27 schrieb Thomas Bendler :
> 
> On Fri, Jan 29, 2021 at 10:06 AM Rainer Duffner 
> wrote:
> 
>> [...]
>> Apple’s M1 are (probably) great - but only if you want to run macOS on it.
>> Anything else and the compromises will likely be even more severe than
>> those that had to be made in the earliest days of running Linux on a laptop.
>> [...]
> 
> 
> Did you try it or is this just a guess? I use Ubuntu in a VM on the M1.
> As I mentioned there are currently some restrictions but the direction
> already looks quite promising. At least far away from any earliest
> days …
> 

It’s an assumption.


If it works, that’s great. I use a 2018 MacMini (with 32GB RAM) and run VMs on 
it.

I do like macOS, I just wouldn’t want to run a server on it ;-)

The 16GB RAM limit would be a show-stopper for me.

Unfortunately, Apple don’t have Fusion or Parallels or VirtualBox installed on 
their demo-units.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel/64 CentOS VM running on a Mac M1?

2021-01-29 Thread Rainer Duffner



> Am 29.01.2021 um 02:11 schrieb Lists :
> 
> My Dell Precision M3800 running Fedora works great but is really starting to 
> show its age, and I'm thinking about getting a new Mac M1-based laptop as it 
> would really be useful for Video production. 
> 
> But I really need to have a IA64 CentOS 7/8 VMs running locally for 
> development as I'm often on the road and flaky Internet makes it a necessity 
> to 
> keep productivity up. I've been unable to officially confirm that VMWare/
> Parallels/VirtualBox intend to support IA64 based OS's and it *needs* to be 
> an 
> exact (VM) copy of production so I can trial environments and builds prior to 
> roll out. 
> 
> Calling around, I actually got ahold of a sales staff at Parallels who 
> assured 
> me (in broken India-accent English) that "of course all OS will supported 
> when 
> the trial complete" but given that I wasn't sure that he really understood my 
> question I remain uncertain. 



If you need Intel VMs, there’s no way around Intel hardware at the moment. 
Especially, if performance matters.

I would wait until 11th generation Intel CPUs or even better AMD Ryzen are 
available for Dell’s mobile workstation-line (if you want to stay in that 
product-line, which is not the worst thing to do).

Apple’s M1 are (probably) great - but only if you want to run macOS on it. 
Anything else and the compromises will likely be even more severe than those 
that had to be made in the earliest days of running Linux on a laptop.

Personally, I would also consider the Lenovo E15 (AMD Ryzen), it mostly seems 
to work with Ubuntu, which means you would likely have to use Fedora for the 
time being.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I'm looking forward to the future of CentOS Stream

2020-12-13 Thread Rainer Duffner



> Am 13.12.2020 um 20:44 schrieb Simon Avery :
> 
>> 
>>> And there's *a lot* more than five of us.
>> 
>> Here is number six.
>> 
> 
> Just one of those groups energised from this decision is Rocky Linux. There
> are 4,606 people on their Slack right now, which did not even exist a week
> ago.



IIRC, one of the reasons cited that CentOS „merged“ with RedHat back then was 
that a lot of people were using CentOS, but there wasn’t enough money generated 
to pay the developers.

A lot of them were basically working for free.

That is never sustainable. At least not for a long time.

It’s also not often the case that you can split this kind of work into a 
thousand work-packages and have everybody just work 1/2 hour a day on it.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Oracle Linux 8 - short experiment with install and basic setup of Mate Desktop

2020-12-13 Thread Rainer Traut


You have not asked me, but I have another thing to add - maybe related.

Am 13.12.20 um 09:54 schrieb Simon Matter:

Le 13/12/2020 à 05:30, Frank Cox a écrit :

So after reading other folks' opinions of an Oracle Linux 8 (thanks
again,
Nicolas!) trial installation, I decided to crank up a Virtual Box
session
and try an install myself.


I've made a few corrections to the article. If there's enough demand, I
could
translate it into english:

https://blog.microlinux.fr/migration-centos-oracle-linux/

Thanks for the heads-up for EPEL. I'll look into that.



Hi Nicolas,

I've already mentoned the EPEL issue in one of my post together with
another thing I saw:

'dnf check-upgrade' shows some .src packages in the list of updatable
packages.

Did you also see this?


When mirroring their bunch of OL[6-8] and OVM34 this works really good
with reposync.
But it pulls in all their src rpms.

The solution is to specify all needed "ARCHes" like:

$ reposync -a i386 -a i686 -a x86_64 -a noarch



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is Oracle a real alternative to Centos?

2020-12-10 Thread Rainer Traut





Am 09.12.20 um 17:52 schrieb Frank Cox:

On Wed, 9 Dec 2020 11:18:25 +0100
Rainer Traut wrote:


Based on my extremely limited knowledge around Oracle Linux, it sounds like
that might be a go-to solution for Centos refugees.

But is it, really?



Yes, it is better than Centos and in some aspects better than RHEL:

- faster security updates than Centos, directly behind RHEl
- better kernels than RHEL and CentOS (UEKs) wih more features
- free to download (no subscription needed):
https://yum.oracle.com/oracle-linux-isos.html
- free to use:
https://yum.oracle.com/oracle-linux-8.html
- massive amount of extra packes and full rebuild of EPEL (same link):
https://yum.oracle.com/oracle-linux-8.html


You sound like you know what's what with Oracle Linux, so here are a few 
follow-up questions.

Someone else on this list said that the reason he stopped installing it was 
because every time he did, he got snowed under with sales calls from Oracle.  
Have you found this to be the case?


I'll try to answer best to my knowledge.


Is it necessary to create an Oracle account to do anything with Oracle Linux 
that can't be done without creating an account?

No Account needed.


In other words, does Oracle Linux demand that you log into Oracle to complete 
an installation, update that installation, install software from their 
epel-equivalent, or do any other of the regular sysadmin activities that one 
would expect to be doing?

No.


If I start installing Oracle Linux on my machines or my client's machines, what 
benefit do I get by signing up for an Oracle account that I don't have if I 
don't sign up for one?

I have an oracle account but never used it for/with Oracle linux.


Does Oracle Linux have a free support and discussion mailing list similar to 
this one?

There are oracle communities where you need an oracle account:
https://community.oracle.com/tech/apps-infra/categories/oracle_linux


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/

2020-12-09 Thread Rainer Traut





Am 08.12.20 um 22:30 schrieb Frank Cox:

Prior to this point it's been a difference without any difference, but I wonder 
if Oracle actually re-creates RHEL or if they re-create Centos.

Oracle was/is much faster in releasing updates, point releases and releases.
They don't need Centos to get OL going.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS-devel] https://blog.centos.org/2020/12/future-is-centos-stream/

2020-12-09 Thread Rainer Traut





Am 08.12.20 um 19:20 schrieb Alan Mead:

On 12/8/2020 11:28 AM, Johnny Hughes wrote:

I have been doing this for 17 years. I would continue doing for 17
more.  But it is what it is and wishing for it to be different is not
going to happen.  I know .. I've tried.


We owe everyone who worked on CentOS a big thank you.

I think a lot of people are overwhelmed by the fact that the CentOS we
knew appears to be dying (was killed, in fact).

I wonder what the ultimate outcome will be. Probably RHEL will get a few
new subscribers and some CentOS users will migrate to stream, but I
think this will ultimately diminish Red Hat within the Linux world.
Probably net advantage to Ubuntu.


These are exactly my thoughts of what will happen.


I shudder to imagine a world where Oracle Linux replaces CentOS.


This has already happened-
Just take a look in Oracle's yum repository and you see the available
options.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/

2020-12-09 Thread Rainer Traut


Wrong.

Am 08.12.20 um 18:25 schrieb J Martin Rushton via CentOS:

The first thing Oracle wants is for you to sign up for an Oracle
account.  Hmm, I'll give Springdale a try.  For those with long
memories, remember the DEC RDMS promises prior to take over, and the
aftermath?


Isos are here:
https://yum.oracle.com/oracle-linux-isos.html

Repository is here:
https://yum.oracle.com/oracle-linux-8.html

Already stated by someone else:
Free as CentOS, faster updates than CentOS, and with some extra support,
BTRFS and a newer kernel, for example.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is Oracle a real alternative to Centos?

2020-12-09 Thread Rainer Traut


Hi,

Am 08.12.20 um 19:03 schrieb Jon Pruente:

On Tue, Dec 8, 2020 at 11:54 AM Frank Cox  wrote:



Based on my extremely limited knowledge around Oracle Linux, it sounds
like that might be a go-to solution for Centos refugees.

But is it, really?



KVM is a subscription feature. They want you to run Oracle VM Server for
x86 (which is based on Xen) so they can try to upsell you to use the Oracle
Cloud. There's other things, but that stood out immediately.

Oracle Linux FAQ (PDF):
https://www.oracle.com/a/ocom/docs/027617.pdf


There is no subscription needed. All needed repositories for the oVirt
based virtualization are freely available.

https://docs.oracle.com/en/virtualization/oracle-linux-virtualization-manager/getstart/manager-install.html#manager-install-prepare
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Is Oracle a real alternative to Centos?

2020-12-09 Thread Rainer Traut





Am 08.12.20 um 18:54 schrieb Frank Cox:

Is Oracle a real alternative to Centos?  I'm asking because genuinely don't 
know; I've never paid any attention to Oracle's Linux offering before now.

But today I've seen a couple of the folks here mention Oracle Linux and I see 
that Oracle even offers a script to convert Centos 7 to Oracle.  Nothing about 
Centos 8 in that script, though.

https://linux.oracle.com/switch/centos/

That page seems to say that Oracle Linux is everything that Centos was prior to 
today's announcement.

But someone else here just said that the first thing Oracle Linux does is to 
sign you up for an Oracle account.

So, for people who know a lot more about these things than I do, what's the downside of 
using Oracle Linux versus Centos?  I assume that things like epel/rpmfusion/etc will work 
just as they do under Centos since it's supposed to be bit-for-bit compatible like Centos 
was.  What does the "sign up with Oracle" stuff actually do, and can you 
cancel, avoid, or strip it out if you don't want it?

Based on my extremely limited knowledge around Oracle Linux, it sounds like 
that might be a go-to solution for Centos refugees.

But is it, really?



Yes, it is better than Centos and in some aspects better than RHEL:

- faster security updates than Centos, directly behind RHEl
- better kernels than RHEL and CentOS (UEKs) wih more features
- free to download (no subscription needed):
https://yum.oracle.com/oracle-linux-isos.html
- free to use:
https://yum.oracle.com/oracle-linux-8.html
- massive amount of extra packes and full rebuild of EPEL (same link):
https://yum.oracle.com/oracle-linux-8.html


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS-devel] https://blog.centos.org/2020/12/future-is-centos-stream/

2020-12-08 Thread Rainer Duffner



> Am 08.12.2020 um 18:02 schrieb Phelps, Matthew :
> 
> The whole point of CentOS was so that we didn't have to "engage." We don't
> have time for that.
> 


You do understand that Open Source does not work like that?


> We just want a stable re-compile of RHEL, as promised. CentOS has been
> diverging from this for a while (note the change in version names/numbers)
> and we DON'T WANT THAT!


If you cannot justify the expenses for RHEL, then you need to compromise.
That’s like requesting free Windows licenses.

Either use Fedora, or CentOS Stream or something different.

You will likely find, however, that most Open Source software is driven by the 
people who commit code (the successful ones at least).

Those who commit code are nowadays usually employed by a company, which in 
itself either makes money directly or indirectly from the work of the people 
who commit the code.

So, you will quickly be back to square one, unless you want to run stuff like 
Debian or Ubuntu, which are mainly Linux-kernel+some stuff nowadays, whereas 
RHEL + CentOS forms a complete system (with additional software that RedHat has 
developed or acquired over the years).

Debian + Ubuntu are no replacements for CentOS/RHEL, IMO. They are something 
different.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS-devel] https://blog.centos.org/2020/12/future-is-centos-stream/

2020-12-08 Thread Rainer Duffner



> Am 08.12.2020 um 15:32 schrieb Phelps, Matthew :
> 
> This is really, really bad for the majority of us using CentOS.
> 



Of course it is.


> Is there any way we can lobby for the reversal of this decision? Remember
> that the -devel mailing list, and IRC channels *do not* represent the vast
> majority of CentOS users. Most of us are just sysadmins trying to keep our
> systems that have been using CentOS for many, many years running and our
> procedures for installing, and patching systems working after whatever
> changes have been mysteriously decided upon, and forced on us.
> 
> We will be forced to look at other distributions now; and forced to do a
> ton of unnecessary work to deal with this.



The reality is that it was always on borrowed time.

Getting RHEL without paying for it and with slight delays in updates (most 
people don’t even update that often anyway) wasn’t going to be sustainable, 
ever.

If your business case resolves around being able to freeload on the work of 
others, then there’s a serious problem with the business case.

And I say that as somebody who has installed a large portion of the CentOS8 
(and 7) servers at work.

Not sure what we ourselves are going to do about it, though.

I would hate to switch to Ubuntu for the stuff I like CentOS most for (for 
some, it’s arguably not the greatest distro).

We might end up licensing RHEL for that - and the rest maybe Fedora.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with reposync and createrepo on CentOS 7 for RHEL8/CentOS8 repo?

2020-02-25 Thread rainer


Am 2020-02-25 13:50, schrieb Marek Blaha:

Hi,
I tried to reproduce the issue but without success, everything seems
to be working fine (I've copied
repodata directory created by the reposync on Centos7 machine to RHEL8
server to /tmp/pg12repo directory):




Hi,

you are right.
I later realized that I forgot to add a step:

dnf -qy module disable postgresql


I'm sorry for the noise.

It would probably do well for me to read the documentation...

Even more so, as RedHat seems to be the only one in Linux-land that 
produces coherent and up-to-date documentation - and receives 
comparatively little praise for it.



Best Regards
Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Problems with reposync and createrepo on CentOS 7 for RHEL8/CentOS8 repo?

2020-02-24 Thread rainer


Hi,

I'm trying to mirror the PostgreSQL12 RHEL8 repo:

https://download.postgresql.org/pub/repos/yum/12/redhat/rhel-8-x86_64/


[root@cobbler yum.repos.d]# cat pgdg-12-centos8.repo

# PGDG Red Hat Enterprise Linux / CentOS stable repositories:

[pgdg12-rhel8]
name=PostgreSQL 12 for RHEL/CentOS $releasever - $basearch
baseurl=https://download.postgresql.org/pub/repos/yum/12/redhat/rhel-8-x86_64
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG

# Source RPMs (SRPM), and their testing repositories:


Then I run:

reposync --repoid=pgdg12-rhel8 --download_path=/repo/8


createrepo /repo/8/pgdg12-rhel8


However, when I try to install it on the target-server, it just doesn't 
find the postgresql12 binaries.


[root@my-db11-test yum.repos.d]# dnf search postgresql12
Last metadata expiration check: 0:24:06 ago on Mon 24 Feb 2020 11:18:20 
AM CET.
 
Name & Summary Matched: postgresql12 
=

postgresql12-debugsource.x86_64 : Debug sources for package postgresql12
postgresql12-debuginfo.x86_64 : Debug information for package 
postgresql12
postgresql12-libs-debuginfo.x86_64 : Debug information for package 
postgresql12-libs
postgresql12-test-debuginfo.x86_64 : Debug information for package 
postgresql12-test
postgresql12-devel-debuginfo.x86_64 : Debug information for package 
postgresql12-devel
postgresql12-pltcl-debuginfo.x86_64 : Debug information for package 
postgresql12-pltcl
postgresql12-plperl-debuginfo.x86_64 : Debug information for package 
postgresql12-plperl
postgresql12-server-debuginfo.x86_64 : Debug information for package 
postgresql12-server
postgresql12-contrib-debuginfo.x86_64 : Debug information for package 
postgresql12-contrib
postgresql12-llvmjit-debuginfo.x86_64 : Debug information for package 
postgresql12-llvmjit
postgresql12-plpython-debuginfo.x86_64 : Debug information for package 
postgresql12-plpython
postgresql12-plpython3-debuginfo.x86_64 : Debug information for package 
postgresql12-plpython3
= 
Name Matched: postgresql12 
==
postgresql12-libs.x86_64 : The shared libraries required for any 
PostgreSQL clients

postgresql12-odbc.x86_64 : PostgreSQL ODBC driver
postgresql12-devel.x86_64 : PostgreSQL development header files and 
libraries
postgresql12-llvmjit.x86_64 : Just-in-time compilation support for 
PostgreSQL
postgresql12-plpython.x86_64 : The Python procedural language for 
PostgreSQL



Is there something obvious (or not so obvious) that I forgot?



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OwnCloud vs NextCloud

2020-02-22 Thread Rainer Duffner




> Am 23.02.2020 um 03:02 schrieb bryn1u85 . :
> 
> The Nextcloud has more features and all are for free. The ownCloud has some
> for enterprise features which are paid. Soo i think the choice is clear.


Really depends on those features - and their price.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] tomcat package and repo for centos8

2020-01-02 Thread Rainer Traut


Thank you, I will try that.

Am 19.12.19 um 17:40 schrieb Richard G:

On Fri, Dec 13, 2019 at 3:04 PM Richard G  wrote:

On Fri, Dec 13, 2019 at 2:34 PM Rainer Traut  wrote:

Is there any other third party repository which builds tomcat for
centos/rhel 8?


I intend to build tomcat 8 and 9 for CentOS 8 in my harbottle-main
repo ( https://harbottle.gitlab.io/harbottle-main ), just as I did for
CentOS 7, but I'm having trouble with the log4j dependency in CentOS 8
(see my recent emails to this list).


OK, I've built Tomcat 8 and 9 for CentOS 8. Docs here:
https://gitlab.com/harbottle/harbottle-main/blob/master/docs/tomcat8.md
https://gitlab.com/harbottle/harbottle-main/blob/master/docs/tomcat9.md

Please test and let me know if they are OK.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] tomcat package and repo for centos8

2019-12-13 Thread Rainer Traut


Hi all,

sadly there is no epel tomcat package so far.
As per
https://bugzilla.redhat.com/show_bug.cgi?id=1745960
there is no progress for three months.

Is there any other third party repository which builds tomcat for
centos/rhel 8?

Thx
Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] upgrading from CentOS 7 to 8

2019-10-01 Thread Rainer Duffner



> Am 01.10.2019 um 22:19 schrieb Valeri Galtsev :
> 
> I routinely upgrade FreeBSD. Last time it was 11.3 to 12.0. Always smooth. 
> Maybe I'm just lucky...



No, it works very well.

But it’s designed with an eventual upgrade in mind.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] AnyConnect on C8??

2019-09-28 Thread Rainer Duffner



> Am 29.09.2019 um 03:15 schrieb Fred Smith :
> 
> the AnyConnect vpn doesn't appear to be available on C8. Looked at
> rpmfusion and don't see it there either.
> 
> anyone know when/if it might ever be? or where?
> 
> thanks in advance!
> -- 




Even the latest version is only supported on RHEL7 (and 6, surprisingly)

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect48/feature/guide/anyconnect48features.html

You can only download it with an active subscription, though.

However, you’re looking for openconnect anyway:
https://www.infradead.org/openconnect/packages.html


Have you tried rebuilding one of the „matching“ Fedora SRPMs?



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Any ETA for the cloud-images?

2019-09-26 Thread rainer


Hi,

I see they are being built, but they can't be accessed directly.



Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 8 Mate?

2019-09-25 Thread Rainer Traut




Am 25.09.19 um 08:18 schrieb Ljubomir Ljubojevic:

All I need for work that feeds me is one good work environment and that
is MATE. All tray icons are visible so I can see if message or mail
comes without need to move more then eyeball. And stablity of CentOS
makes it best option even though versions of apps are not latest and
greatest, it is enough they do the job needed.


Exactly :)
Could not explain better.

Rainer

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8.0 1905 is now available for download

2019-09-24 Thread Rainer Duffner



> Am 24.09.2019 um 21:11 schrieb Phil Perry :
> 
> Mainline kernel packages are available from elrepo for el8. Current version 
> is kernel-ml-5.3.x:
> 
> https://elrepo.org/linux/kernel/el8/x86_64/RPMS/ 
> 
> 
> Is that new enough for you?


Sorry to ask this dumb question, but what’s the disadvantage of using such a 
kernel?

I assume, some of the newer kernel-features would need special utilities or 
upgraded versions of the utilities included?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to increase DNS reliability?

2019-07-25 Thread rainer


Am 2019-07-25 15:41, schrieb hw:

On 7/25/19 2:53 PM, rai...@ultra-secure.de wrote:

Am 2019-07-25 14:51, schrieb hw:

Hi,

how can DNS reliability, as experienced by clients on the LAN who are
sending queries, be increased?

Would I have to set up some sort of cluster consisting of several
servers all providing DNS services which is reachable under a single
IP address known to the clients?

Just setting up several name servers and making them known to the 
clients

for the clients to automatically switch isn't a good solution because
the clients take their timeouts and users lacking even the most basic
knowledge inevitably panic when the first name server does not answer
queries.


Run a local cache (unbound) and enter all your local resolvers as 
upstreams.


That can fail just as well --- or be even worse when the clients can't 
switch
over anymore.  I have that and am avoiding to use it for some clients 
because

it takes a while for the cache to get updated when I make changes.

However, if that cache fails, chances are that the internet connection 
is also
down in which case it can be troublesome to even get local host names 
resolved.

When that happens, trouble is to be expected.



Anything else is - IMHO - much more work, much more complicated and much 
more likely to fail, in a more spectacular way.

Especially all those keepalive "solutions".

I have found that I need to restart unbound if all upstreams had failed.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to increase DNS reliability?

2019-07-25 Thread rainer


Am 2019-07-25 14:51, schrieb hw:

Hi,

how can DNS reliability, as experienced by clients on the LAN who are
sending queries, be increased?

Would I have to set up some sort of cluster consisting of several
servers all providing DNS services which is reachable under a single
IP address known to the clients?

Just setting up several name servers and making them known to the 
clients

for the clients to automatically switch isn't a good solution because
the clients take their timeouts and users lacking even the most basic
knowledge inevitably panic when the first name server does not answer
queries.


Run a local cache (unbound) and enter all your local resolvers as 
upstreams.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] RedHat SCL. Who maintains rh-php72?

2019-07-16 Thread rainer


Hi,

I realized this still uses php 7.2.10, while 7.2.20 was released almost 
two weeks ago.


How are these packages updated? Who does that?



Any idea how to get the update in?




Regards
Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RHEL 8 released

2019-05-07 Thread rainer


Am 2019-05-07 17:51, schrieb Fabian Arrotin:

On 07/05/2019 16:23, Alessandro Baggi wrote:

Il 07/05/19 16:07, Rich Bowen ha scritto:

This morning Red Hat announced the general availability of Red Hat
Enterprise Linux 8.

More details at
https://www.redhat.com/en/about/press-releases/red-hat-enterprise-linux-8-every-enterprise-every-cloud-every-workload?sc_cid=701f201OIIOAA4





Hi Rich,
thank you for the great news.

When c8 will be released?
When epel repository will be usable with C8?

Thanks in advance


Please let's stop trolling this channel already .. we're busy on it, so
no need to ask in loop ...



You forgot to preempt the "But why didn't you start with the 
betas?"-question.

;-)

RHEL8 is available, for sale, right now.

I'm sure that if a business case can be made, RHEL8 is worth it.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Please Recommend Affordable and Reliable Cloud Storage for 50 TB of Data

2019-02-15 Thread rainer


What's the data worth?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 and backup solution

2019-02-01 Thread Rainer Traut


Borg backup from EPEL.

VG
Rainer

Am 27.01.19 um 12:56 schrieb Alessandro Baggi:

Hey there,
what type of backup solution do you use on C7?


Thanks in advance
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Where to buy S/MIME ??

2018-11-27 Thread Rainer Duffner



> Am 28.11.2018 um 00:47 schrieb Alice Wonder :
> 
> On 11/27/2018 03:33 PM, Gordon Messmer wrote:
>> On 11/25/18 5:35 AM, Alice Wonder wrote:
>>> The "free for personal" S/MIME from Comodo didn't work. Browser said it did 
>>> but there was nothing to export for me to then import. I suspect it is 
>>> because I used private browser window,
>> Probably, yes.  I've used that service in the past without issue.
>>> I really don't like the idea of a private key stored in browser anyway. And 
>>> it never asked for a password to encrypt the private key
>> Setting a password will protect all of the certificates stored by Firefox.  
>> Select: Preferences -> Privacy and Security -> Security Devices (under 
>> Certificates) -> Software Security Device -> Change password
>> Chrome may have a similar option, but I don't see it and I don't see 
>> documentation for it.\
>>> nor let me specify key strength (only let me choose between medium and high 
>>> - I assume high is 4096 but I don't know, it didn't say)
>> There's very little harm in getting a certificate and examining it to find 
>> out.  You can destroy it later with no ill effect.
> 
> I actually went for a more complex scenario, I've created my own CA complete 
> with CRL.
> 
> It's nice because with S/MIME you really want two certs - one for signing 
> (where ecdsa can be used) and one for when you need to receive encrypted. And 
> I have multiple e-mail accounts I want to do thus with.
> 
> Could have done self-signed too but this at least allows me to revoke if a 
> device like laptop or phone w/ private key is stolen.
> 
> Does mean those who want to confirm my messages have to import my root key 
> but that's for them to decide.
> 
> Web browsers are applications that exist for the explicit purpose of 
> downloading and executing untrusted code. It does not seem like that is a 
> very wise environment to use for generating long term cryptography keys. It 
> really doesn't.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


Well, your own CA’s certificates are basically self-signed.

It’s of course a free country and you can do what you want - but in your case, 
you could just as well use GPG and be done with it. You could place your GPG 
public key where your root-certificate is placed and people could download and 
import that public key.
The point of S/MIME is that there is a central authority to validate the owners 
of the certificates and no peer-to-peer fingerprint checking etc. a la GPG/PGP 
is needed.

It does have better native support in MUAs, I’ll give you that.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT] Where to buy S/MIME ??

2018-11-25 Thread Rainer Duffner



> Am 25.11.2018 um 14:35 schrieb Alice Wonder :
> 
> Hi, I'm getting increasingly paranoid.
> 
> Something I said on a certain social media site several months ago was 
> modified - then reported - then by account was banned until I agreed to 
> delete it.
> 
> Obviously since what I said was modified I didn't have any issue with 
> deleting it but I want more than just DKIM sigs on my e-mail now.
> 
> Anyway looking for S/MIME I can use to sign and/or encrypt but mostly sign. 
> Not interested in GnuPG or self-signed S/MIME - I want something that can be 
> trusted because someone else that is trusted actually vouched for me.
> 
> The "free for personal" S/MIME from Comodo didn't work. Browser said it did 
> but there was nothing to export for me to then import. I suspect it is 
> because I used private browser window, I really don't like the idea of a 
> private key stored in browser anyway. And it never asked for a password to 
> encrypt the private key, nor let me specify key strength (only let me choose 
> between medium and high - I assume high is 4096 but I don't know, it didn't 
> say)
> 
> Didn't like the "browser generated" process, even if it had worked and 
> generated the final product I could export - I really didn't like the process 
> and have serious questions about the wisdom of a private key without a pass 
> phrase stored in an application that interacts with web sites.
> 
> Anyway so used openssl to create private key (with aes-256 encryption and 
> pass phrase) and then a CSR.
> 
> But I can't find anyone who sells certs for S/MIME to send the CSR too.
> 
> Globalsign but they wanted $89 - no one else.
> 
> Found a few sites that offered to "send me a quote" that I think were 
> intended for corporate accounts.
> 
> Where do regular users who just want an inexpensive certificate usable for 
> S/MIME from a CSR generated the traditional way go to buy a cert?
> 
> -=-
> 
> Off Topic 2
> 
> I'm going to strangle whoever it is at Google that thinks it is a good idea 
> to put so many video results at the top of search results for this kind of 
> thing. I'm really getting sick of how highly ranked videos now are in search 
> engines.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



Good question.

Usually, these are more targeted towards businesses, ordering a number of 
client-certificates (not just one or two).

Do you have a business (your website looks like a business)?

Here in Switzerland, we use QuoVadis for these certificates (and the normal 
ones). I’m not sure if they provide service to US citizens.

I suggest you consider subscribing to ProtonMail, if nothing else comes 
forwards.

They’ve got a „2 years for 1“ special up for another couple of hours.



Best Regards
Rainer



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Video from the CentOS Dojo at CERN now available

2018-11-23 Thread rainer


Am 2018-11-23 00:01, schrieb Mark Rousell:

On 22/11/2018 21:44, Rainer Duffner wrote:



Am 22.11.2018 um 22:41 schrieb Frank :

Is it only me or are the talks not public on YouTube. When I open the
link, it says "Private Video" for every entry in the playlist.


Nope.

Probably need an account.
Which I don’t have.


Do you mean Youtube account or some other sort? I've got a YT account
but the videos are still all private.



Ah, OK.

So it's not that.

Well, whoever uploaded them needs to "unlock" them for the public then.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Video from the CentOS Dojo at CERN now available

2018-11-22 Thread Rainer Duffner



> Am 22.11.2018 um 22:41 schrieb Frank :
> 
> Is it only me or are the talks not public on YouTube. When I open the
> link, it says "Private Video" for every entry in the playlist.


Nope.

Probably need an account.
Which I don’t have.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OL 7.6 is out

2018-11-07 Thread Rainer Traut


Hi there,

just fyi, Oracle Linux 7.6 is out.
The release is available in the repos.

Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Red Hat is Planning To Deprecate KDE on RHEL By 2024

2018-11-02 Thread Rainer Duffner



> Am 02.11.2018 um 21:02 schrieb Frank Cox :
> 
> But it's interesting nonetheless.


AFAIK, Gnome was favored vs. KDE because of some accessibility issues.

Yet, I once read a review that claimed that even though Gnome was the 
„official“ desktop of RHEL, their KDE implementation was more feature-complete 
than SuSE’s on SLES.

Which was pretty depressing to read, TBH.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IBM buying RedHat

2018-10-30 Thread Rainer Duffner



> Am 30.10.2018 um 20:37 schrieb mark :
> 
>> 
> Unless I'm misremembering, these are midway between small server and
> mainframe. I just did a search, and only found used systems, never new,
> and they were all "refurbed", starting at $1500, and going up to $22k...
> and still refurbed.
> 
> I think my guess of new, > $100k is about right.
> 
>mark
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



Found something:

https://www.nextplatform.com/2018/02/15/ins-outs-ibms-power9-zz-systems/


That’s the entry-level, I presume?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IBM buying RedHat

2018-10-30 Thread rainer


Am 2018-10-30 15:53, schrieb Simon Matter:

Still I wasn't sure how to compare the real life speed of POWER9 
compared

to something like the AMD EPYC 7601.


It probably depends on the workload.


And then, will everything work smooth
on POWER the same way it does on the AMD?


AFAIK, there were a lot of microcode-updates from AMD to fix bugs in the 
first batches of Threadripper and Epyc.


It was not smooth sailing from the very beginning.


POWER seems still not a first
preference arch for CentOS, so how would it impact us? Is it smart to 
add
another CPU arch if we still have to run some X86 code, like in our 
case

SAP MaxDB (which is also available for AIX on POWER but not Linux on
POWER)?

In the end we decided for AMD EPYC but kept the POWER thing in mind. 
Now

that IBM announces the purchase of RedHat it just reminded me that this
could become interesting again in the future. Let's see how it goes.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IBM buying RedHat

2018-10-30 Thread rainer


Am 2018-10-30 10:03, schrieb Eddie G. O'Connor Jr.:




_To me it looks pathetic that a lively profitable entity with an
entirely different corporate psychology is consumed by big
conglomerates. What for? _



Even more profit.
Also, borrowing money is still very cheap these days (AFAIK, Amazon has 
financed most of their expansion - this is only possible because of 
continuously low interest rates) and companies want to take advantage of 
that, while low interest rates lasts.



_By the way I am 60 and been following Linux/Linus since Kernel 0.99.
Some time before RedHat appeared strong on the scene."_
_ _
_Andreas - 10.2018 _

It might not be a "PROBABLE" scenario...but its is a POSSIBLE one!
What would that entail? Just because Red Hat is a strong contributor
to the code nowif "Big Daddy" says to pull the plugwho's to
refuse them?...they OWN Red Hat now!



Yes, possible.

As of currently, RedHat isn't really replaceable.

IBM might sack half of the RHAT devs but that doesn't mean they could 
continue to write their code at some other place.
That other place would have to pay them, too, and it's unlikely to be 
for the same thing as before.


You can clearly see that in the OpenSolaris forks: a lot of people were 
let go, but none of the forks really took off.

The people went elsewhere.

IBM knows all this. There's likely going to be MSFT-licensing squeeze 
going to happen in the (somewhat distant) future.

And a push to cloud (and OpenShift).

From what I hear, almost all software-vendors are increasing licensing 
costs next year. Not only MSFT. Everybody that thinks they can get away 
with raising prices is doing so right now.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IBM buying RedHat

2018-10-30 Thread rainer

Am 2018-10-30 08:06, schrieb Eddie G. O'Connor Jr.:

Yeah.I guess that's one way to look at it.

My biggest worry? Is I've placed so much time and effort "getting to
know" Fedora and its intricacies, idiosyncrasies, its ins and
outs...dealt with ridicule on this very same list when I first
started, have "cut my teeth" on learning VERY hard lessons about
certain syntax in the Terminal and what NOT to type...only to have
that all "taken" away from me at the whim of IBM. It just seems
unfair. I'm hoping like H3LL that the developers @ Fedora are
seriously thinking about forking "Just In Case"!? I mean they could
still use the .RPM extensions, and possibly even still pull their code
from RHEL, but at least they would be autonomous and wouldn't have to
rely on IBM's good will in order to keep on churning out whatto
me...is the best Linux distro on the planet! As I write thisI'm
eyeballing the spare ThinkPad T-410 that I've neglected since I have
Fedora running on a Dell XPS, and I'm thinking its time to get "back
to my roots" and to find a distro I can put on that device and run
without concernI've heard some decent things about this "Pop-OS"
which comes with System76's hardware. Maybe I'll give that a
spin..then like I had said before...there's always Debian plain
vanilla...with maybe MATE or Cinnamon?.or else its going to have
to be where I buckle down and finally learn all there is to know about
LFS and Arch Linux and then move on to one of those...(God!.at
47!?its like how can I POSSIBLY start over again!?...) and THIS is
the kind of turmoil that ensues when a corporation buys a fully
functioning open course company!

I think you seriously underestimate the amount of influence and sheer
man-power RedHat brings to Linux - and IBM, too.

https://www.linuxfoundation.org/blog/2017/10/2017-linux-kernel-report-highlights-developers-roles-accelerating-pace-change/

There's a reason RHEL is an enterprise-distribution - and Debian et.al.
aren't (and never will, outside their niches).

RedHat writes ton of code that is needed for Linux to be truly
"Enterprise" and that exists nowhere else.
The above statistics is only the kernel - but Enterprise Linux is so
much more than a kernel.
That code isn't going to write itself, nor is somebody else going to
pick up unless someone will pay the bill.
Maybe somebody can fork all the code and maintain it for a while - but
to stay relevant, there must be further development, a roadmap ...

Sure, there's Google and a couple of other companies - but they really
only write for themselves and as much as people try cargo-culting them,
most companies aren't Google and their use-case hardly matches anyone
else's.

I still remember when SAP announced that their engineers had ported
their ERP to Linux - a sparetime-project at the beginning - and they
were making it a tier 1 platform.

That was over 20 years ago.

Linux has come a long way.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] email Server for CentOS 7

2018-10-01 Thread Rainer Duffner



> Am 01.10.2018 um 18:54 schrieb Kenneth Porter :
> 
> --On Monday, October 01, 2018 6:37 PM +0200 Peter Eckel  
> wrote:
> 
>> I fully agree with most of the former, except for the Google part. Google
>> is to privacy what a shark pool is to a carp. If possible, avoid Google
>> at all cost, and particularly for E-Mail. There are services around that
>> cost a very small amount of money (e.g. mailbox.org or posteo.de),
>> provide a very reasonable service and do *not* peek into your mail for
>> advertisement targets and sell your data to their customers.
> 
> Fastmail looks attractive to me as it's IMAP-friendly. I run my own server 
> but I'm recommending to my family that they move their accounts there if I 
> "get hit by a bus".
> 
> 
> 
> I mostly run my own server because it's easy to create an infinite number of 
> disposable "plussed" addresses as website login names. I've got a sendmail 
> rule that lets me use a dot instead of a plus sign in such addresses to get 
> around the websites that refuse a plus sign in an address.
> 
> 
> 
>> You should also run your own DNS in that case, as many modern features of
>> secure mail services are tightly linked to DNS (e.g. SPF, DKIM, DMARC
>> etc.). DNSsec is preferred.
> 
> This can be split. I let my hosting provider host my public domain name on 
> their DNS servers. But I run a caching nameserver on my mail server to do the 
> various lookups it requires. A forwarding nameserver for blacklist lookups is 
> NOT recommended because of the way the various DNS-based blacklisting 
> databases license their service.
> 


I run my own mail-server on FreeBSD and qmail (setup mostly using a script from 
Matt Simerson: https://github.com/msimerson/Mail-Toaster-6).
I need to re-do it at some point.

I’m always debating moving to Zimbra (OpenSource Edition, or Zimbra Suite).

If I wouldn’t run my own, I’d probably switch to Protonmail. 
Fastmail is also an option.

DNS (authority) is best run at your hosting-provider or even at a specialized 
DNS provider, depending on requirements.

Everything else is just asking for trouble.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Certificates

2018-09-01 Thread Rainer Duffner



> Am 01.09.2018 um 18:00 schrieb Leon Fauster via CentOS :
> 
> Out of curiosity - do you change also the private key every time? 



I’m pretty sure LE creates a new private key, too.
From a cursory glance at lego’s certificate directory on a server with a couple 
of dozens of LE certificates at least.
 
After all, changing the private key is what this is all about (showing that 
you’re still in charge).


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Certificates

2018-09-01 Thread Rainer Duffner



> Am 01.09.2018 um 12:51 schrieb Pete Biggs :
> 
> That was until LetsEncrypt comes along - it has the backing of some big
> names and *IS* an effective business model for small and private
> customers.


What *is* the business model of Let’s Encrypt?

Are they going to issue „Pro“ certificates at some point that cost money?

Running a CA is not expensive per se - it’s the audits that the CAB 
(CA+Browser) Forum mandates that are expensive.

In the beginning, the certificates had a certain level of trust with them that 
came both from the high prices (deterring drive-by crooks) and the fact that 
some sort of vetting was made to ensure that nobody could have issued a 
certificate for a domain they didn’t really control.

But the later step is not very friendly to automation. And CAs can principally 
issue certificates for any domain - a fact brought home by the compromise of 
Dutch CA DigiNotar in the Fall 2011.
Adding to the fact is a concentration-process in the industry that leads to 
fewer and fewer companies that know less and less of their customers.

These days, a certificate just shows that the communication is encrypted. 
Whether the other endpoint is what it claims to be is of no concern to any 
third-party involved in setting up that communication-process.

There’s even talk about deprecating the special handling browsers have for 
EV-certificates from future versions of Mozilla.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install C7 on HP DL360e G8

2018-06-27 Thread Rainer Duffner




> Am 27.06.2018 um 22:11 schrieb mark :
> 
> Dumb question: is the RAID set up? Some controllers will not even show the
> drive if you haven't at least set it as RAID 0.


Well, OP says that BIOS reports one drive - so it seems to be setup.


Screenshot of the boot-up screen where the controller shows the logical drive 
would help.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wildcard certificate

2018-06-16 Thread Rainer Duffner via CentOS



> Am 17.06.2018 um 00:24 schrieb Keith Keller via CentOS :
> 
> On 2018-06-16, Gordon Messmer via CentOS  wrote:
>> 
>> https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
>> 
>> Wildcard support is new, but it's available!  :)
> 
> Cool!  I had read about wildcard support being planned a few months ago
> but totally forgot about it.
> 


AFAIK, it’s only available with the DNS-challege.

You must have authority over your DNS and use one of the supported providers 
(or build your own).




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wildcard certificate

2018-06-15 Thread Rainer Duffner



> Am 15.06.2018 um 21:07 schrieb Jerry Geis :
> 
> They are all just - BEGIN CERTIFICATE    and everything else is
> encrypted of course.
> 


No, it’s not.

You can look at it with

openssl x509 -text -in file.crt -noout


> They did not give a private key - I presumed with a wild card it was not
> needed? again -never done this so just guessing.


No. The certificate itself is what gets sent to every browser. It’s not secret 
or encrypted.

You need a certificate, the corresponding private key and in almost all 
instances the intermediate certificate (or certificates, depending on how many 
sub-CAs below the Root-CA it was issued from).


Normally (well, for certain definitions of normal), you generate the private 
key yourself and generate a CSR, a certificate signing request from that key.
The key is just 2048 bytes of random data.

The CSR is what get’s signed by the CA’s private key and contains all the 
information in the certificate that you can view by clicking on the lock-icon 
in the browser.

I usually do this like below

bla=the_domain.toplevel
openssl req -newkey rsa:2048 -nodes -out $bla.csr -keyout $bla.key -sha256

(for wildcard, I usually call the files „star.domain.toplevel“)

And then you can send the CSR to whoever has it signed, or in our case, I log 
into my managed PKI console and submit it myself for my supervisor to confirm 
it and then I download the certificate.


This is done because  the private key should in theory never leave the system 
it was generated on, to ensure its secrecy.


Sending a private key by email is NOT secure.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wildcard certificate

2018-06-15 Thread Rainer Duffner



> Am 15.06.2018 um 20:37 schrieb Jerry Geis :
> 
> Hi all - I am trying to figure out how to add a wild card certificate given
> to me for a CentOS installation.   I have a script that sets up HTTPS so I
> am a little familiar with things - but they provided me two files:
> name_ee.crt
> name_i1.crt
> 
> I'm not sure how to apply that to the /etc/httpd/conf.d/ssl.conf file?
> Anyone done that before ?
> 
> My initial searches were not helpful. Thanks,



And where’s the private key?


Can you post the lines in the files that start with five (or so) dashes („-„)?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] git public web frontends

2018-06-06 Thread rainer


Am 2018-06-06 12:06, schrieb Alice Wonder:

Hello,




But... can anyone recommend a web front end?



Just use gitlab.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 on Dell Latitude E6500

2018-05-13 Thread Rainer Fügenstein

Mike, Johnny,

BIOS is version A29, which is the latest one on the dell website.

> Does this laptop have the Nvidia Quadro graphics option? If so try 
> booting with NOMODESET. Also, if available in the BIOS turn OFF 
> switchable graphics.

no,  it  just  has  intel onboard graphics, there's also no option for
switchable graphics in the BIOS. NOMODESET didn't change anything, but
it inspired me to remove the "quiet" kernel parameter.

now the following message can be seen:

duplicate  ACPI  video bus devices for the same VGA controller, please
try  module  parameter "video.allowduplicates=1" if the current driver
doesn't work.  

I  just don't know where to put this video.allow... parameter. did not
work as grub kernel parameter.

-- 
Best regards,
 Rainermailto:r...@oudeis.org

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 on Dell Latitude E6500

2018-05-12 Thread Rainer Fügenstein

Hello Jonathan,

Saturday, May 12, 2018, 9:39:01 PM, you wrote:

> At a bare minimum, I'd try using CentOS 7 1804:
> http://isoredirect.centos.org/centos/7/isos/x86_64/

thanks;  after  some  waiting  time,  1804  now  keeps repeating "dracut
initqueue  timeout - starting timeout scripts" for a while, then drops
into the emergency shell. no suspicious error messages in the log.

did  change  SATA  mode  from ATA to AHCI in the BIOS, but this didn't
change anything.

-- 
Best regards,
 Rainermailto:r...@oudeis.org

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 7 on Dell Latitude E6500

2018-05-12 Thread Rainer Fügenstein

Hi,

I   tried   to   install  Centos7  x86_64  minimal 1503-01 from an USB
flash drive on my old Dell Latitude E6500 laptop.

boots up in text mode, switches text resolution, writes:

Started Show Plymouth Boot Screen
Reached Target Paths
Reached Target Basic System.

then   hangs   for  some  time,  eventually  starting dracut emergency
shell. log says:

multipathd: sdb: spurious uevent, path already in pathvec
multipathd: sda: spurious uevent, path already in pathvec

interesting:
sdb  is the internal 240GB kingston SSD drive (existing ntfs bitlocker
partition recognized as sdb1)

sda is the write protected USB stick, recognised as CDROM drive.

4GB rom
intel 45 express chipset
mobile intel GMA 4500MHD graphics
intel 5100AGN wifi

what to try next? any additional infos I can give you?

thnx in advance.

-- 
Best regards,
 Rainer  mailto:r...@oudeis.org

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

2018-05-09 Thread rainer


Am 2018-05-09 13:00, schrieb Leon Fauster:
Am 08.05.2018 um 21:46 schrieb Stephen John Smoogen 
:


On 8 May 2018 at 15:34,   wrote:
Anyone have any clues about how to sanitize a dead SSD? We haven't 
had it
yet, but we're sure it's coming. Esp. since I'm a federal contractor, 
a

dead disk gets deGaussed, but what the hell do you do with a SSD?



SSD disks must be shredded as the data has been written over multiple
sectors many times to 'even the writes'. This allows for even a 'dead'
disk to be disassembled with 'off-the-shelf' equipment to extract
items from the dead places. Depending on the data involved, there may
be different levels of shredding and destruction of shreds required.



What would someone use to do this? An industrial blender, circular saw 
...?



Lot's of specialized companies in that field.

Some of our customers require a protocol of destruction for disks, with 
serial numbers.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

2018-05-08 Thread Rainer Duffner



> Am 08.05.2018 um 21:34 schrieb m.r...@5-cent.us:
> 
> Anyone have any clues about how to sanitize a dead SSD? We haven't had it
> yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
> dead disk gets deGaussed, but what the hell do you do with a SSD?
> 

If you don’t want to shred, use full-disk-encryption (laptop/pc).

In a server, shredding is probably the sanest option.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

2018-03-29 Thread rainer


Am 2018-03-29 09:38, schrieb Nicolas Kovacs:

Le 29/03/2018 à 06:44, Keith Keller a écrit :

I wonder how much support there is for NIS any more in recent
distros. Is it possible CentOS 7 doesn't support NIS, or does but is
buggy?


I'm planning to test this very soon, probably during the next week, and
I'll report back.

Cheers from another ex-Slackware user who migrated to CentOS. :o)

Niki



According to this:

https://access.redhat.com/solutions/7247


it's still possibly.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

2018-03-26 Thread rainer


Am 2018-03-26 10:46, schrieb Clint Dilks:

Hi, as you why it is insecure the biggest reason is that it is trivial 
for
a user to get sensitive information about other users.  Particularly 
things
like password hashes, and with the compute power available today 
cracking a

hash is not impractical.



You don't even need to crack them yourself.
If you have the hashes, you can just use rainbow-tables available 
online, sometimes for a small fee.


Still relying on NIS is barely different from not having a password at 
all and just using a login.

In both cases, you have to trust your users - it's no different.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] How insecure is NIS ? Possible alternatives ?

2018-03-26 Thread rainer


Am 2018-03-26 10:28, schrieb isdtor:
Over the next month I have to setup a new network in a local school, 
and

I wonder if I should use NIS/NFS. I still have my own documentation,
it's simple and somewhat bone-headed to setup, and it just works.


In my opionion, there is a serious gap in this area. It's either NIS,
simple, easy to setup yet insecure, or LDAP/FreeIPA/RH Id management
server at a complexity at least one order of magnitude beyond NIS.

There's also the option of using AD if such infrastructure exists. RH
ID management has been completely dismissed by colleagues who know
both it and AD, and favour the latter.




The issue is that the problem itself isn't simple to begin with.

And so, the solutions have become quite complicated. Windows makes it 
all work quite nicely, apparently - but it works best with Windows.


I recently came across this article:

https://fy.blackhats.net.au/blog/html/2017/05/23/kerberos_why_the_world_moved_on.html


In W10/Server 2016, MSFT has added even more security to Kerberos to 
address the issues glanced at the above article.

Don't have a link for those, it was an article on paper.

Not sure if RedHat is ever going to implement those.


I've got the same problem. We should unify authentication to our 
servers. The problem is that we, being an MSP, operate what I call a 
very "balkanized" environment.
For security-concerns, it was traditionally frowned upon to have a 
single authentication service. So each customer is on its own network 
and users are local.


I'm still looking into RedHat IPA - specifically for its ssh-key 
management and sudoers-file management capabilities - but I'm also 
considering running an internal CA and using certificates to 
authenticate (I'll have to read-up on this). This is AFAIK the way 
people like Facebook or Netflix run their shops.


Usually, if you're not Google, Amazon, Facebook or Netflix, it's also 
not a good idea to try to copy their "patterns" - but this might be an 
exception.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Document/collaboration server advise needed

2018-01-22 Thread Rainer Duffner



> Am 22.01.2018 um 21:50 schrieb Valeri Galtsev :
> 
> Dear All,
> 
> Three groups of scientists need to write documents collaboratively. They are 
> going to use MS PowerPoint, Word, also store PDF files. They want to be able 
> to add external people from other groups they collaborate with and give them 
> access to some areas or "projects". In other words, they want some 
> collaborative work environment, mostly to work on documents.
> 
> In the past scientists were using TeX, and one of version control systems 
> (CVS, subversion,...). And all was great, as TeX files (pretty much like 
> programs software developers write) are ASCII text files, and diff of two 
> version is rather small...
> 
> Unlike the past scientists I work for plan to use MS PowerPoint, Word, also 
> store PDF files. All these are effectively binary files for version control 
> systems, then versions will not be stored as a small diff, but each version 
> ends up being the whole document.
> 
> One obvious solution may be: just buy office365.com  
> service, or set up MS server on our own machine. And these are the two things 
> I am trying to avoid.
> 
> Could someone recommend open source software? Some collaborative suite 
> focused mostly on working on documents, with web based interface.
> 
> I run owncloud server for my Department, and one in general can use that, but 
> I hope to find something more focused towards collaborative work.
> 
> Thanks a lot for your advises and pointers.





Well, there’s Collabra Online - 
https://www.collaboraoffice.com/collabora-online/ 
 - but I think it just 
allows you to edit documents on the browser.
It can’t really allow two people editing the same document at the same time and 
then merge it - something that AFAIK Sharepoint can do. At least, I was under 
the impression that it can do that.

You can download their CODE VM and check it out.

For just file-sharing, there’s also SeaFile.

But I see they also integrate with Collabra these days….
https://www.seafile.com/en/features/


For project management, there’s stuff like Project Open 
(http://www.project-open.com  ) - but you have to 
see for yourself if it fits your use-case.


Good luck and keep us updated about what you ended up doing.






___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question about a bug in bugzilla

2017-10-31 Thread Rainer Duffner


> Am 31.10.2017 um 12:17 schrieb James Pearson <jame...@moving-picture.com>:
> 
> That BZ has a status of 'ON_QA' - so I guess Redhat haven't released 
> '-3' yet ...
> 
> When they do, they normally update the BZ - and make the source 
> available - at which point, CentOS will rebuild the update and make it 
> available
> 
> James Pearson


Ah, OK.
Thanks.

In the meantime, I downgraded to the working version.




Regards
Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Question about a bug in bugzilla

2017-10-31 Thread Rainer Duffner

Hi,

I have a CentOS 7 server which shows bug 1487266

https://bugzilla.redhat.com/show_bug.cgi?id=1487266 
<https://bugzilla.redhat.com/show_bug.cgi?id=1487266>


It says, it’s fixed in 
java-1.8.0-openjdk-1.8.0.151-3.b12.el7

I updated this package, and now it shows as

java-1.8.0-openjdk-headless-1.8.0.151-1.b12.el7_4.x86_64

So, is there another update coming or are these the same packages?

Because the „-1“-version didn’t fix the problem.




Best Regards
Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] scp setup jailed chroot on Centos7

2017-10-24 Thread rainer


Am 2017-10-24 12:19, schrieb Adrian Jenzer:


Hi Rainer
I would if I could but external offers only FTP and SCP...

Regards Adrian



AFAIK, for scp you need a proper shell.

I've done that exactly once (chrooted ssh) and it was such a pain that I 
vowed to never do it again.


The problem is that inside the chroot, you need:

 - nameresolution
 - a minimal passwd/shadow/group file (or ldap)
 - maybe for scp, you can get away with a rather minimal device-tree - 
but for actual SSH access, I needed a fairly complete device tree inside 
the chroot (ttys ...).
 - that was with FreeBSD 10, I never tried it with anything else (due to 
its history with jails, creating functional, limited chroot-environments 
is somewhat in its genes, so to speak)


Somebody sent me the link to these scripts:

https://github.com/codelibre-net/schroot

Maybe you can use those scripts - I've never tried them.


Also, there's scp-only:
https://github.com/scponly/scponly/wiki

Haven't used that in years, either.
Concern over that one seemed to be that it's "another" shell and nobody 
had apparently done a thorough audit of it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] scp setup jailed chroot on Centos7

2017-10-20 Thread Rainer Duffner


> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer :
> 
> Dear all
> 
> I'm looking for instructions on how to setup a jailed chroot directory for 
> user which needs to upload via scp to the server.
> Especially I miss clear instructions about what needs to be in the jailed 
> directory available, like binaries, libraries, etc...
> Without jail I get it to work, but I want to prevent user downloading for 
> example /etc folder from the server.
> 
> Does anybody have a link or list valid for Centos7
> 



Can’t you use SFTP?

AFAIK, sftp automatically chroots a user with no valid shell (provided the home 
directory is owned by root and not writeable by the user and you use Subsystem 
internal-sftp).



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS, PHP & OwnCloud/Nextcloud: the version dilemma

2017-09-19 Thread rainer


Am 2017-09-19 20:06, schrieb Jonathan Billings:

On Tue, Sep 19, 2017 at 07:59:00PM +0200, rai...@ultra-secure.de wrote:

With PHP, I try to stay as close to upstream as possible.
If upstream EOLs a version, it's time to upgrade.

If you want something stable, don't run PHP.


Unfortunately, with that philosophy but not much systems management
experience, you end up with custom-compiled and local installs of PHP
that get no security updates, particularly as you get version lock-in
by the web application developers, or when you have a sysadmin move on
to a new position or company.




Yep.
We've got a lot of those "abandoned" PHP webs that can't be moved 
because they only run on anything between PHP 4.4 and 5.5


Usually it's Typo3 or so.
To move from Typo3 4.3 on PHP 5.3 to PHP 7, you'd have to upgrade to 
Typo3 6.something on that PHP5.3 host, then move that installation to a 
PHP 5.5 host, where you could upgrade to Typo3 7 LTS, which you could 
then move to a PHP 7 host.
Obviously, none of the custom extensions and a lot of "hacks" would 
survive even the first upgrade/move - and thankfully usually everybody 
is sane enough to even think about doing that.


You'd have to start from scratch, which would cost the customer real 
money (would have to pay some agency to re-design the website), so it 
never gets done.
This is especially true for customers from the hospitality sector, which 
are especially stingy for any kind of expenditures. Because, as 
everybody can see, the website still runs and as such it does not need 
an upgrade.



I think the statement "If you want something stable, don't run PHP" is
a very wise statement though.



PHP is not stable in the same sense as RHEL 7 is stable.
On RHEL, it's sort-of stable - but only for a rather small amount of PHP 
modules.
And as such, it's not (IMO) useful for anything but legacy stuff that 
you can't move or upgrade.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS, PHP & OwnCloud/Nextcloud: the version dilemma

2017-09-19 Thread rainer


Am 2017-09-19 09:36, schrieb Nicolas Kovacs:

Hi,

I'm currently experimenting with OwnCloud and Nextcloud on a sandbox
CentOS 7 server. I've been using OwnCloud for the last two years for my
own purposes on a Slackware server, and I'm quite happy with it.

In my humble opinion, every admin who wants to host OwnCloud or
Nextcloud on a RHEL/CentOS server is confronted with a version dilemma.

1. CentOS 7 sports PHP 5.4, which has been officially EOL for quite 
some

time, but Red Hat will provide security update backports until 2024.
Which is fine.

2. Currently supported versions of Nextcloud (namely the 11.x and 12.x
branch) require a minimum of PHP 5.6. Which seems reasonable. But if I
pull in PHP 5.6 from Webtatic, for example, I only get the "official"
PHP support, which will end in 2018 for the 5.6 branch. And no security
backports.

3. The solution would be to go with Nextcloud 10, which only requires
PHP 5.4, and which is also provided in package form by EPEL. 'yum info
nextcloud' shows that the current EPEL version is 10.0.4... but a peek
on the Nextcloud homepage shows me that this version is officially
unsupported. Uh oh.

4. Some of the stuff I'm hosting on my CentOS 7 server (like CMSMS) is
not compatible with PHP 7.x versions.

So right now I don't see a solution for this. As far as I can see, the
"least evil" solution would be to pull in PHP 5.6 from Webtatic and go
for Nextcloud 11.x, and have an EOL for both around next summer.

I'd be curious if some of you are familiar with this sort of dilemma (I
guess so) and how you manage it.



I'm not familiar with running PHP on CentOS at all.

IMO, the default PHP-RPMs are not designed to be used for anything as 
dynamic as Own or NextCloud (or just about any other PHP project that 
isn't already dead).


PHP has a completely different release-model than RHEL.

As such, the version of PHP that comes with RHEL will almost always be 
outdated.



RedHat knows this and it seems it's available via SCL (Software 
Collections).



There's this KB article about it:

https://access.redhat.com/solutions/2146821


The gist of this is:

"Resolution
PHP v7.0 is available , however PHP v7.1 is still not available. We are 
already tracking this in a Feature Request to include rh-php-71 under 
Bug 1435193.
PHP v7.0 was first made available for RHEL 6 & RHEL 7 via Red Hat 
Software Collections (RHSCL) v2.3 as the rh-php70 collection

RHEA-2016:2730 - Product Enhancement Advisory"


https://www.softwarecollections.org/en/scls/rhscl/rh-php70/


With PHP, I try to stay as close to upstream as possible.
If upstream EOLs a version, it's time to upgrade.

If you want something stable, don't run PHP.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Apache 2.2 EOL - what is Red Hat's story for RHEL6?

2017-09-12 Thread Rainer Duffner


> Am 12.09.2017 um 21:34 schrieb Warren Young :
> 
> I’d assume they’re just going to make their own fixes,


I would be really surprised if they wouldn’t be among the main contributors 
already (if not the main contributor) - or at least have staff that are very 
familiar with the source.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cyrus spool on btrfs?

2017-09-09 Thread Rainer Duffner


> Am 09.09.2017 um 19:22 schrieb hw :
> 
> Mark Haney wrote:
>> On 09/08/2017 01:31 PM, hw wrote:
>>> Mark Haney wrote:
>>> 
>>> I/O is not heavy in that sense, that´s why I said that´s not the 
>>> application.
>>> There is I/O which, as tests have shown, benefits greatly from low latency, 
>>> which
>>> is where the idea to use SSDs for the relevant data has arisen from.  This 
>>> I/O
>>> only involves a small amount of data and is not sustained over long periods 
>>> of time.
>>> What exactly the problem is with the application being slow with spinning 
>>> disks is
>>> unknown because I don´t have the sources, and the maker of the application 
>>> refuses
>>> to deal with the problem entirely.
>>> 
>>> Since the data requiring low latency will occupy about 5% of the available 
>>> space on
>>> the SSDs and since they are large enough to hold the mail spool for about 
>>> 10 years at
>>> its current rate of growth besides that data, these SSDs could be well used 
>>> to hold
>>> that mail spool.
>> See, this is the kind of information that would have made this thread far 
>> shorter.  (Maybe.)  The one thing that you didn't explain is whether this 
>> application is the one /using/ the mail spool or if you're adding Cyrus to 
>> that system to be a mail server.
> 
> It was a simple question to begin with; I only wanted to know if something 
> speaks
> against using btrfs for a cyrus mail spool.  There are things that speak 
> against
> doing that with NFS, so there might be things with btrfs.
> 
> The application doesn´t use the mail spool at all, it has its own dataset.
> 
> Do you use hardware RAID with SSDs?
 We do not here where I work, but that was setup LONG before I arrived.
>>> 
>>> Probably with the very expensive SSDs suited for this ...
>> Possibly, but that's somewhat irrelevant.  I've taken off the shelf SSDs and 
>> hardware RAID'd them.  If they work for the hell I put them through 
>> (processing weather data), they'll work for the type of service you're 
>> saying you have.
> 
> Well, I can´t very well test them with the mail spool, so I´ve beeing going
> with what I´ve been reading about SSDs with hardware RAID.


It really depends on the RAID-controller and the SSDs.
Every RAID-controller has a maximum number of IOPS it can process.


Also, as pointed out, consumer SSD have various deficiencies that make them 
unsuitable for enterprise-use:


https://blogs.technet.microsoft.com/filecab/2016/11/18/dont-do-it-consumer-ssd/ 



Enterprise SSDs also fail much more predictably. You basically get an SLA with 
them about the DWPD/TBW data.

For small amounts of highly volatile data, I recommend looking into Optane SSDs.



> 
> Well, that´s a problem because when you don´t want md-RAID and can´t do 
> hardware RAID,
> the only other option is ZFS, which I don´t want either.  That leaves me with 
> not using
> the SSDs at all.
> 



As for BTRFS: RedHat dumped it.
So, it’s a SuSE/Ubuntu thing right now.
Make of that what you want ;-)

Personally, I’d prefer to use ZFS for SSDs. No Hardware-RAID for sure. Not sure 
if I’d use it on anything else but FreeBSD (even though a Linux port is 
available and code-wise it’s more or less the same).

From personal experience, it’s better to even ditch the non-RAID HBA and just 
go with NVMe SSDs for the 2.5“ drive slots (a.k.a. 8639 a.k.a U.2 form factor).
If you have spare PCIe slots, you can also go for HHHL PCIe NVMe cards - but of 
course, you’d have to RAID them.






___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Updated Apache httpd packages?

2017-08-24 Thread Rainer Traut



Am 23.08.2017 um 16:31 schrieb Johnny Hughes:

On 08/22/2017 03:21 AM, Rainer Traut wrote:



Am 21.08.2017 um 21:40 schrieb Erik Osterholm:

I'm concerned about the vulnerability at https://access.redhat.com/
errata/RHSA-2017:2479

I see via https://lists.centos.org/pipermail/centos-announce/
2017-August/022518.html that Centos 6 has received the fix for this. Is
there a roadmap for when Centos 7 will receive the fix?

Thanks!


You can switch to Oracle Linux, 7.4 is out for weeks now.


Anyone who wants to switch to Oracle Linux .. have at it.

PS - it has only been 3 weeks since the RHEL release .. and I expect
that the CR release will happen some time today.


What's the problem with Oracle Linux?
Isn't it compatible?

Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Updated Apache httpd packages?

2017-08-22 Thread Rainer Traut




Am 21.08.2017 um 21:40 schrieb Erik Osterholm:

I'm concerned about the vulnerability at https://access.redhat.com/
errata/RHSA-2017:2479

I see via https://lists.centos.org/pipermail/centos-announce/
2017-August/022518.html that Centos 6 has received the fix for this. Is
there a roadmap for when Centos 7 will receive the fix?

Thanks!


You can switch to Oracle Linux, 7.4 is out for weeks now.

Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What RH-like on a Dell XPS 15 (9590)?

2017-07-27 Thread Rainer Duffner


> Am 27.07.2017 um 22:48 schrieb vychytraly . <vychytr...@gmail.com>:
> 
> Maybe CentOS 7.4 would have backported compatibility for your hardware. I
> had similar issues with Intel GPU not being recognized, which was solved by
> "i915 preliminary hw support enabled" method. Try to have a look on that.


https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_hardware_enablement.html
 
<https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/new_features_hardware_enablement.html>


Well, the only thing that catches my eye here is the support for newer Intel 
PCHs.

Skylake (Purley) servers exist, so I would assume that RHEL would need to 
support these chipsets.

Wireless, GPUs etc - that’s something different.


Of course, there’s always SLES (or SLED, in the OPs case), which has a somewhat 
more recent kernel, AFAIK - if we’re playing „Anything but Ubuntu“.
;-)

The above beta came out in May. So I’d hazard a guess and say it’ll be late 
autumn before we see a release and I’d hope for a pre-christmas CentOS 7.4 
release….



Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Need a bit of 'archeocomputing' help on CentOS 7.

2017-04-22 Thread Rainer Duffner

> Am 22.04.2017 um 15:42 schrieb Lamar Owen :
> 
> On 04/21/2017 12:11 PM, Lamar Owen wrote:
>> ...
>> The latest version of libc5 I know of that was shipped by Red Hat is in RHL 
>> 6.2, libc-5.3.12.  (There is a 5.4, but not sure of stability or 
>> compatibility).
>> ...
>> I've successfully set up the bridging; a CentOS 7 VM on the same host has 
>> full connectivity.  So it's something about the rtl8139 and the 2.0.36 
>> kernel.  What is the oldest distribution you've done on KVM on C7?
> Ok, so I've progressed somewhat on this.  Here's what I've so far found:

Silly question: isn’t there something like a „compat-CentOS5“-package one can 
install and that contains all the base-libraries for CentOS 5?

I run a FreeBSD 6 (32 bit) binary on a 64 bit FreeBSD 11 VM (because the 
source, if we had it, would most likely not compile with whatever LLVM ships 
with 11 …).
FreeBSD offers „compat“ packages down to version 4. These are libraries that 
install into /usr/lib/compat.

Obviously, the system is designed for this - but why is nobody doing this for 
Linux?

I just looked it up:
FreeBSD 4.0 was released over 17 years ago, around the same time as RHL 6.2…

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] qmail package for CentOS 7

2017-03-15 Thread rainer


Am 2017-03-15 06:22, schrieb Keith Keller:

On 2017-03-14, rai...@ultra-secure.de  wrote:


You could try Matt Simerson's Toaster:

https://github.com/msimerson/Mail-Toaster-6

It does a lot more than just qmail and replaced as much of qmail as
possible...


But is it for Linux?  The Wiki says:

"each component is thinly provisioned in a FreeBSD jail."

If it uses something as low level as a FreeBSD jail it might be
difficult to get working in linux.



Ah, yes.
The previous version also worked on Linux (supposedly).
Still available on github.

Qmail is a very special beast...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problem getting ssh agent forwarding to work

2017-03-14 Thread rainer


Am 2017-03-14 10:44, schrieb Ralph Angenendt:

You might want to take a look at /var/log/secure on the machine you're
logging into, that might have more information on why the key wasn't
accepted.



D'uh.

I had made a typo.
The authorized_keys file wasn't exactly named like it should have been.

LogLevel DEBUG revealed that...


I feel silly
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] qmail package for CentOS 7

2017-03-14 Thread rainer


Am 2017-03-14 10:19, schrieb Alice Wonder:

On 03/14/2017 12:53 AM, Rajmohan Banavi wrote:
Is there any package available for qmail? I am having hard time 
finding it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



I doubt it, qmail is quite deprecated and does not support any modern
TLS capabilities without a ton of community provided patches.

I doubt even with community supported patches that it will ever
support RFC 7672 which is important (it takes the "opportunistic" out
of opportunistic TLS when both servers implement it, preventing
protocol downgrade attacks that now are as easy as removing the
STARTTLS)



You could try Matt Simerson's Toaster:

https://github.com/msimerson/Mail-Toaster-6


It does a lot more than just qmail and replaced as much of qmail as 
possible...


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Problem getting ssh agent forwarding to work

2017-03-14 Thread rainer


Hi,

I need to get agent-forwarding working.


I have:
 - a local OpenSUSE 42.1 box, where my key(s) reside (ssh agent running 
and working)

 - a remote FreeBSD 10.3 box, where I can login with my key (works)
 - from the FreeBSD box, I need to get to a CentOS 7 box (without 
entering a password - does not work)



On the FreeBSD box, I can see my keys, when I type ssh-add -l

I've enabled ssh agent forwarding locally and on the FreeBSD server (in 
sshd and ssh config).

I've enabled ssh agent forwarding on the CentOS server

[root@centos7-server ~]# grep Agent /etc/ssh/sshd_config
AllowAgentForwarding yes

My public key resides in the authorized_key file on the CentOS server.


Still, I get a password-prompt.

(I've disabled SELinux).

I admit I never use agent-forwarding (I just don't need it).

I set a password on the account and when I enter that password, I can 
login. So, it shouldn't a problem with the account per-se.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] GCC 4.9 in CentOS 7 ??

2017-02-09 Thread Rainer Traut


Thx, this is very clear and helpful.
My question is, what is needed to build rpms against such scl packages?
Any documentation or examples somewhere?


Am 06.02.2017 um 18:38 schrieb Paul Heinlein:

On Sun, 5 Feb 2017, Gordon Messmer wrote:


Yes.  Use the software collections.

https://www.softwarecollections.org/en/

https://www.softwarecollections.org/en/scls/rhscl/devtoolset-4/


There are three ways to utilize SCLs: a temporary subshell invoked with
the scl utility, a session-long environment shift by sourcing the
package's 'enable' script, or a permanent alteration of your shell
profile to include the package's bin/ and lib/ directories.

I outline the first two methods in a blog post you may find helpful:

  https://www.madboa.com/blog/2016/08/29/scl-intro/

(There's no advertising on my site and I make no revenue from it.)


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fwd: EPEL-ANNOUNCE Re: Upcoming OwnCloud changes in EPEL

2016-06-09 Thread Rainer Traut



Am 04.06.2016 um 00:47 schrieb James Hogarth:

Since this is becoming a recurring topic as EL6, and now EL7, begin to show
their age I did a write up on the options and how to use them today:

https://www.hogarthuk.com/?q=node/15


Thank you very much for this.
Very useful.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7 postfix problem

2016-01-28 Thread Rainer Traut


Hi Timo,

Am 28.01.2016 um 15:27 schrieb Timo Schoeler:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
smtp  inet  n   -   n   -   -   smtpd -v <= !!!
#smtp  inet  n   -   n   -   1   postscreen
#smtpd pass  -   -   n   -   -   smtpd

smtpd -v instead of smtpd -- that will hopefully give some more insight.


Did that and I think I have a candidate:

# grep B8678C1DD078 /var/log/maillog

Jan 28 15:35:11 x postfix/smtpd[17752]: input attribute value: B8678C1DD078
Jan 28 15:35:11 x postfix/smtpd[17752]: B8678C1DD078: client=x, 
sasl_method=LOGIN, sasl_username=x
Jan 28 15:35:11 x postfix/cleanup[17755]: B8678C1DD078: 
message-id=<1535444742.91269.1453991711730.JavaMail.tomcat@x>
Jan 28 15:35:11 x postfix/smtpd[17752]: > x: 250 2.0.0 Ok: queued as 
B8678C1DD078
Jan 28 15:35:11 x postfix/qmgr[17622]: B8678C1DD078: from=, 
size=20507, nrcpt=1 (queue active)


And another one working with the same destination domain:

# grep 9DD4AC1DD078 /var/log/maillog

Jan 28 15:35:11 x postfix/smtpd[17752]: input attribute value: 9DD4AC1DD078
Jan 28 15:35:11 x postfix/smtpd[17752]: 9DD4AC1DD078: client=x, 
sasl_method=LOGIN, sasl_username=x
Jan 28 15:35:11 x postfix/cleanup[17755]: 9DD4AC1DD078: 
message-id=<995903891.91260.1453991711622.JavaMail.tomcat@x>
Jan 28 15:35:11 x postfix/qmgr[17622]: 9DD4AC1DD078: from=, 
size=3099, nrcpt=1 (queue active)
Jan 28 15:35:11 x postfix/smtpd[17752]: > x: 250 2.0.0 Ok: queued as 
9DD4AC1DD078
Jan 28 15:35:11 x postfix/smtp[17756]: 9DD4AC1DD078: to=, relay=x:25, 
delay=0.11, delays=0.02/0/0.04/0.05, dsn=2.0.0, status=sent (250 2.0.0 
Ok: queued as AE7B241052)

Jan 28 15:35:11 x postfix/qmgr[17622]: 9DD4AC1DD078: removed

In the broken one there is a qmgr missing and smtp is not sending out.
Any ideas?

Thx
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7 postfix problem

2016-01-28 Thread Rainer Traut


Think it was a rate limit set in journalctl...

I hopefully fixed it by:

[root@ ~]# cat /etc/systemd/journald.conf.d/noratelimit.conf
[Journal]
RateLimitBurst=0

and

[root@ ~]# systemctl restart systemd-journald

Thx

Am 28.01.2016 um 16:15 schrieb Rainer Traut:


# grep B8678C1DD078 /var/log/maillog

Jan 28 15:35:11 x postfix/smtpd[17752]: input attribute value: B8678C1DD078
Jan 28 15:35:11 x postfix/smtpd[17752]: B8678C1DD078: client=x,
sasl_method=LOGIN, sasl_username=x
Jan 28 15:35:11 x postfix/cleanup[17755]: B8678C1DD078:
message-id=<1535444742.91269.1453991711730.JavaMail.tomcat@x>
Jan 28 15:35:11 x postfix/smtpd[17752]: > x: 250 2.0.0 Ok: queued as
B8678C1DD078
Jan 28 15:35:11 x postfix/qmgr[17622]: B8678C1DD078: from=,
size=20507, nrcpt=1 (queue active)

And another one working with the same destination domain:

# grep 9DD4AC1DD078 /var/log/maillog

Jan 28 15:35:11 x postfix/smtpd[17752]: input attribute value: 9DD4AC1DD078
Jan 28 15:35:11 x postfix/smtpd[17752]: 9DD4AC1DD078: client=x,
sasl_method=LOGIN, sasl_username=x
Jan 28 15:35:11 x postfix/cleanup[17755]: 9DD4AC1DD078:
message-id=<995903891.91260.1453991711622.JavaMail.tomcat@x>
Jan 28 15:35:11 x postfix/qmgr[17622]: 9DD4AC1DD078: from=,
size=3099, nrcpt=1 (queue active)
Jan 28 15:35:11 x postfix/smtpd[17752]: > x: 250 2.0.0 Ok: queued as
9DD4AC1DD078
Jan 28 15:35:11 x postfix/smtp[17756]: 9DD4AC1DD078: to=, relay=x:25,
delay=0.11, delays=0.02/0/0.04/0.05, dsn=2.0.0, status=sent (250 2.0.0
Ok: queued as AE7B241052)
Jan 28 15:35:11 x postfix/qmgr[17622]: 9DD4AC1DD078: removed

In the broken one there is a qmgr missing and smtp is not sending out.
Any ideas?


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C7 postfix problem

2016-01-28 Thread Rainer Traut


Hi all,

topology: java/tomcat app mailing to the outside via a C7 postfix relay 
server.


problem: java app submits mail to postfix but there is _nothing_ logged 
in the postfix maillog.
This happen for 2/3 of all mail submitted. We cannot see any trace of 
this submitted mail either incoming/stored/outgoing.


Log from java app (shortened):
DEBUG: getProvider() returning 
javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun 
Microsystems, Inc]

DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "", port 25, isSSL false
DEBUG SMTP: Attempt to authenticate
AUTH LOGIN
235 2.7.0 Authentication successful
DEBUG SMTP: use8bit false
DEBUG SMTP: Verified Addresses
DATA
354 End data with .
message text***
250 2.0.0 Ok: queued as 8D83AC2756DF
QUIT
221 2.0.0 Bye

Log from the postfix server:
[root@xxx postfix]# grep 8D83AC2756DF /var/log/maillog
[root@xxx postfix]#

This happens for 2/3 of all messages send to this server.

Any idea what is happening here?

Thx Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] getting a CentOS6 VM on VMware ESXi platform to recognize a new disk device

2015-11-04 Thread Rainer Traut


Am 04.11.2015 um 17:26 schrieb Boris Epstein:


It was a SCSI controller.




It usually works very nice here,
Have you added only the disk or by accident another scsi controller?
This happens (you probably know) if you select another bus while 
creating the disc.


VG Rainer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] open-vm-tools on CentOS 6

2014-11-11 Thread Rainer Traut


Why?
VMWare's rpm repo is well maintained until EL6.

Am 11.11.2014 um 14:22 schrieb Nux!:

I would use the open-vm-tools from EPEL in EL6 as well.



VG Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] open-vm-tools on CentOS 6

2014-11-11 Thread Rainer Traut


I know that open-vm-tools is maintained by vmware.
I meant the Vmware repo is alway matching latest vSphere release.

But:
- doesn't contain newer pv drivers
- isn't on par with vSphere releases

For example:
9.4.6  Dyno Hongjun Fu h...@vmware.com
Release matching the vSphere 5.5p02 release.
9.4.0  Dmitry Torokhov d...@vmware.com
Release matching the vSphere 5.5 release.

There is no 9.4.6 rpm for C7 but we are running vSphere 5.5p02

VG Rainer


Am 11.11.2014 um 16:17 schrieb Reindl Harald:

the ones from EPEL too
guess who maintains the packages

Wed Jul 16 2014 Ravindra Kumar ravindraku...@vmware.com - 9.4.6-1

https://koji.fedoraproject.org/koji/packageinfo?packageID=15954
https://koji.fedoraproject.org/koji/buildinfo?buildID=545136

Am 11.11.2014 um 15:22 schrieb Rainer Traut:

Why?
VMWare's rpm repo is well maintained until EL6.

Am 11.11.2014 um 14:22 schrieb Nux!:

I would use the open-vm-tools from EPEL in EL6 as well



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install Centos 6 x86_64 on Dell PowerEdge 2970 and a SSD (hardware probing issues)

2014-08-31 Thread Rainer Duffner


Am 31.08.2014 um 21:52 schrieb Jason Pyeron jpye...@pdinc.us:

 I have a fleet of 2970s and we are upgrading the hardrives on the motherboard 
 SATA ports (A/B not the PERC backplane) when a detecting hardware is 
 performed the system crashes, reboots and gives an E1422 error code (useless 
 video: https://www.youtube.com/watch?v=PhyMeUHJar4).
 
 We narrowed it down to a motherboard BIOS issue, if we remove the SSD or add 
 noprobe to the kernel the installer does not crash. 




Is that actually a supported configuration (in the Dell-sense)?.

Which is the „primary hard drive then? SATA or PERC?

Have you booted any other OS on it?
FreeBSD 10?
CentOS7?

Ubuntu?

Note that I have no idea about Dell servers. I’ve never worked with them in my 
professional life - but my experience is that trying the same thing more than 
three times in a row is a waste of time (and nerves: I can literally see my 
life being shortened by watching server-BIOS boot-up screens…)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install Centos 6 x86_64 on Dell PowerEdge 2970 and aSSD (hardware probing issues)

2014-08-31 Thread Rainer Duffner


Am 31.08.2014 um 23:03 schrieb Jason Pyeron jpye...@pdinc.us:


 
 Is that actually a supported configuration (in the Dell-sense)?.
 
 
 Yes. They support internal SATA drives, we are changing from spinning drives 
 to SSD. I am working with Dell to get a BIOS patch, but I wont hold my breath.
 
 





You can always try to install RHEL6 and open a ticket with RedHat if that 
fails, too….


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] latest freeIPA on CentOS

2014-07-14 Thread Rainer Duffner

Am Mon, 14 Jul 2014 11:47:32 -0400
schrieb Johnny Tan johnnyd...@gmail.com:

 We're looking to run freeipa on CentOS-6.5.
 
 It seems the version available for 6.5 is 3.0, whereas the latest 3.x
 is 3.3.5 (available in F19  20). And now I see 4.0 was just released
 and will be in F21 (with support for native OTP-based 2FA!).
 


CentOS7 has 3.3

I don't know if RedHat will backport it to 6.x like they did previously.

I think we will start with what is in CentOS 7.0 and see how far we get.
We will even buy RHEL-lics for it.

I certainly don't want to run Fedora in production - and I don't want
to do the backport for  such a complicated piece of software myself.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] latest freeIPA on CentOS

2014-07-14 Thread Rainer Duffner


Am 14.07.2014 um 21:02 schrieb Jitse Klomp jitsekl...@gmail.com:

 2014-07-14 17:57 GMT+02:00 Rainer Duffner rai...@ultra-secure.de:
 
 CentOS7 has 3.3
 
 I don't know if RedHat will backport it to 6.x like they did previously.
 
 I think we will start with what is in CentOS 7.0 and see how far we get.
 We will even buy RHEL-lics for it.
 
 I certainly don't want to run Fedora in production - and I don't want
 to do the backport for  such a complicated piece of software myself.
 
 
 RH will *not* do a backport of 3.3 to RHEL 6.x.


I was pretty certain about it, too - but I don’t read the free-ipa lists 
(already too many subscriptions I can barely glance over…).

So, thanks for bringing it to everyone’s attention ;-)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Cemtos 7 : Systemd alternatives ?

2014-07-12 Thread Rainer Duffner


Am 12.07.2014 um 17:08 schrieb Lamar Owen lo...@pari.edu:

 [I wasn't going to reply; but after thinking about it for quite a while, 
 there are a few points here that deserve just a bit of level-headed 
 attention.]
 
 On 07/11/2014 10:53 AM, David G. Miller wrote:
 Les Mikesell lesmikesell@... writes:
 
 Or, if you want things to respawn, the original init handled that 
 very nicely via inittab.
 
 Replying to Les' comment:  the original inittab respawn method is 
 completely brain-dead, blindly respawning without any thought for what 
 conditions might need to be checked, etc.



That’s probably true.

But still, I believe that much of the complexity of systemd (that it apparently 
has) comes from the fact that it’s most intended to provide a „smooth“ desktop 
experience.

Now, it looks like almost everything is a „service“.

Can I pick an example?

[root@ipa ~]# systemctl list-unit-files |grep ssh
sshd-keygen.service static  
sshd.serviceenabled 
sshd@.service   static  
sshd.socket disabled


What is the difference between sshd.service and sshd@.service?
Am I right in assuming that the sshd-keygen.service is responsible for creating 
the initial host-keys?

I may be wrong, but sshd works nice on my 100+ servers without a special 
service for this. In fact, I loathed the Solaris-behavior, where you had to 
„refresh“ the service for this (or something to this effect)
On FreeBSD, if I want to create new keys, I delete the old ones and restart the 
service.
I very rarely need that, so I just assume it’s the same on RHEL. 

Can anyone give an example from a stock RHEL7 install that could not have been 
done with a traditional SysV-init?




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] block level changes at the file system level?

2014-07-03 Thread Rainer Duffner


Am 03.07.2014 um 21:19 schrieb John R Pierce pie...@hogranch.com:

 On 7/2/2014 12:53 PM, Lists wrote:
 I'm trying to streamline a backup system using ZFS. In our situation,
 we're writing pg_dump files repeatedly, each file being highly similar
 to the previous file. Is there a file system (EG: ext4? xfs?) that, when
 re-writing a similar file, will write only the changed blocks and not
 rewrite the entire file to a new set of blocks?
 
 Assume that we're writing a 500 MB file with only 100 KB of changes.
 Other than a utility like diff, is there a file system that would only
 write 100KB and not 500 MB of data? In concept, this would work
 similarly to using the 'diff' utility...
 
 you do realize, adding/removing or even changing the length of a single 
 line in a block of that pg_dump file will change every block after it as 
 the data will be offset ?
 
 may I suggest that instead of pg_dump, you use pg_basebackup and WAL 
 archiving...  this is the best way to do delta backups of a sql database 
 server.
 
 


Additionally, I’d be extremely careful with ZFS dedup.

It uses much more memory than „normal“ ZFS and tends to consume more I/Os, too.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Information Week: RHEL 7 released today

2014-06-11 Thread Rainer Duffner


Am 10.06.2014 um 22:28 schrieb Eero Volotinen eero.voloti...@iki.fi:

 direct use of Microsoft's Active Directory sounds intresting? via samba
 4? or via other implementation?
 
 Eero



It comes with IPA:
http://www.freeipa.org/page/Main_Page
RHEL7 comes with a pretty recent version, from what I could see in the RC.

It’s basically AD rebuilt with Open Source tools.
It’s an impressive undertaking.


Too bad all our RHEL subscriptions at work seem to have run out….
So I actually have to wait for CentOS ;-)



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mother board recommendation

2014-06-03 Thread Rainer Duffner


Am 03.06.2014 um 20:26 schrieb Lists li...@benjamindsmith.com:

 On 05/16/2014 11:23 AM, m.r...@5-cent.us wrote:
 hardware doesn't support ECC.
 snip
 Oh, right, *all* the servers here use ECC DIMMs. And you really, REALLY
 don't want to go there: a) price, b) n/s is not buffered is not
 registered, none of the above compatible in the same bank, and oh, yes,
 dual rank is *not* compatible with single rank or quad rank... I kid you
 not. I've had servers simply not boot by mixing two of those, and let's
 not forget not fitting in the slot, and c) see a).
 
 
 ECC is such a horrible pain in the rear. If you don't have things like 
 SLA in your casual vocabulary, pretty much any desktop board works 
 find for Centos6. For spare/personal/backups servers, I use whatever old 
 hardware sits in the junk room.
 
 Anything using ECC is such a pain to match up correctly that I tend to 
 buy motherboard/RAM/CPU from a vendor as a package unit so it's 
 warranted to work together. Registered/Unregistered, CAS timing, 
 single/double/quad ranked, never mind voltages, and making sure your CPU 
 supports it!
 
 For all the promises of better uptimes, I've had far more trouble with 
 mis-matched  ECC than I've ever experienced in bad non-ECC RAM. Truly, 
 this is a sorry showing for ECC.


It’s also a bit of a sorry showing for the admin putting together the system.

As for the original request:
Maybe take a look at a HP Microserver or one of the entry-level ML-servers?


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mother board recommendation

2014-06-03 Thread Rainer Duffner


Am 03.06.2014 um 22:39 schrieb m.r...@5-cent.us:

 Warren Young wrote:
 On 6/3/2014 12:26, Lists wrote:
 
 Registered/Unregistered, CAS timing,
 single/double/quad ranked, never mind voltages, and making sure your CPU
 supports it!
 
 All of those specs are listed in the motherboard manual.  If you're
 buying your RAM from a reseller that doesn't give you the corresponding
 specs to match up against the mobo specs, stop buying from that vendor.
 
 There are vendors that will match up your specific motherboard with the
 RAM that works in it, and will exchange the RAM for the right stuff if
 by some tiny chance they specified the wrong stuff.  (e.g. Crucial)
 
 Buried in some of them, and others, well, it tells you what it will
 take... and it *assumes* that you're just building the system, and buying
 all the DIMMs as one batch, *not* that you're replacing a failed DIMM. But
 you've got to match even things like cl2whatever. If it doesn't have
 *exactly* what's on the other DIMMs, it won't work.



That’s why you replace both.
Or, if you build your own servers in significant quantities, you’ve got to do 
you’re own stock-keeping.
Need 24 hard drives? Buy 30!
Need 12 PSUs for 6 servers? Buy 16.

That, or buy COTS-hardware from Dell, HP, IBM, Fujitsu with a support-contract….




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OEM suggestions

2014-06-01 Thread Rainer Duffner


Am 30.05.2014 um 20:28 schrieb John R Pierce pie...@hogranch.com:

 On 5/30/2014 11:14 AM, Rainer Duffner wrote:
 Also, due to the fact that they don’t offer a SAS-Controller that does JBOD, 
 you have to setup each drive individually as a RAID0
 
 hmm?
 
 The HP H220, H221, H220 are SAS2 HBAs.   also the S08e but thats older, 
 and was only sold to support a specific P2000g3 array. AFAIK, the H22x 
 are LSI 2008 based (9211-xx)




Interesting.
Thanks a lot.

It’s sometime very difficult to find HP products that aren’t by default in 
their servers.


AFAIK, the 9211-series card don’t have the „right“ firmware for „IT-mode“ that 
would be required for an „ideal“ ZFS setup.

I’m not sure if one could flash those - they probably have an OEM firmware.


Maybe I can have one ordered to try it out.




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OEM suggestions

2014-05-30 Thread Rainer Duffner


Am 30.05.2014 um 19:34 schrieb John R Pierce pie...@hogranch.com:

 On 5/30/2014 5:28 AM, Andrew Holway wrote:
 
 As I think about it, the control node for the UV 2000 looks an*awful*  lot
 like a Penguin
 
 SuperMicro gear is only as good as the server integration company selling
 it.
 
 bingo.I think too many people buy 'whitebox' supermicro stuff direct 
 and self-integrate, then are surprised when there are issues.   
 Integration needs to include testing.   All that integration and testing 
 is why brands like HP are more expensive, you can usually assume its 
 going to work.




True.
The thing I hate about HP is that their SSD offerings are IMO a joke.

Not only are they several times as expensive as an equivalent Intel SSD (even 
taking into account that we don’t pay list-price) but in addition, they perform 
only half as well (in terms of IOP/s).

I suspect it’s because HP does not include a super cap and thus their SSDs 
don’t do write-caching (which the Intel does).

Also, due to the fact that they don’t offer a SAS-Controller that does JBOD, 
you have to setup each drive individually as a RAID0 - which is totally stupid, 
once you run something like FreeBSD where HPACUCLI is not available. Each 
failed drive necessitates a reboot then.

I could of course buy an LSI JBOD controller (which would also allow me to buy 
Intel SSDs) - but what’s the point of buying a HP server then?

IMO, HP does not want you to actually make good use of current-generation 
enterprise-SSDs - they’d prefer you buy a couple of dozens of P2000 arrays 
instead…

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Old HP Xeon server blade with only SCSI HDD ports CentOS

2014-04-11 Thread Rainer Duffner

Am Fri, 11 Apr 2014 11:40:30 -0300
schrieb Fernando Cassia fcas...@gmail.com:

 On Fri, Apr 11, 2014 at 11:28 AM, m.r...@5-cent.us wrote:
 
  Again, you could hit eBay for a power supply. But all the servers,
  including blades, that I ever worked with were 120v or 220V (ok,
  this is the US). Is the psu in the box dead?
 
 
 There's no PSU in the box. I've got the enclosure as well! It's one
 of these
 http://www.harddrivesdirect.com/product_info.php?products_id=142183
 
 In the back all the blades are connected to an interconnect power
 regulator board that goes to two large round prongs the kind used in
 20 AMP 220/240 V AC plugs. But right now I'm 99% sure right now that
 this works with 48VDC. The blades have tiny power regulator boards
 next to the (proprietary?) blade power connector...  and on the
 internal side of such connector the markings say 48V for the white
 wire and 0V for the black wire.



What about networking?

They either have shared networking (AFAIK) or there needs to be a
module the lets you connect the blades to a switch...

If you have no budget, blades are the worst to work with ;-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Centos 6.5 on USB stick performance / stalls

2014-02-27 Thread Rainer Traut

Hi,

I am running C6.5 64bit on an USB stick connected to a HP DL360G7;
It is usually an ESXi host but eg for firmware updates (not available on 
SPP) I use this local installation.

Problem are the lags and unresponsiveness we are seeing for example when 
running yum update in the installation phase. The whole system stalls 
but there is no io in vmstat.

 From what google tells us, this is a known problem with linux.
But is there anything we can do to mitigate?

steps so far: mount / with ext4: defaults,data=writeback,noatime,nodiratime

Thx
Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] usb umts stick recommendation for centos 6

2014-02-11 Thread Rainer Traut

Hi,

we have a DSL outage in our office, which will last for one week.

So I have to use an usb umts stick, can someone recommend a stick / 
provider for germany?

Maybe which works out of the box?

I know O2 has explicit Linux support but only Fedora 16 and up

Thx
Rainer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Perl516 SCL modules

2014-02-10 Thread Rainer Traut

Am 10.02.2014 11:12, schrieb Nicole Hähnel:
 ERROR: Command failed:
# ['/usr/bin/yum-builddep', '--installroot',
 '/var/lib/mock/epel-6-x86_64/root/',
 '/var/lib/mock/epel-6-x86_64/root///builddir/build/SRPMS/perl516-perl-Email-Valid-0.184-1.el6.src.rpm']
 Getting requirements for perl516-perl-Email-Valid-0.184-1.el6.src
-- Already installed : 4:perl516-perl-5.16.3-12.el6.centos.alt.x86_64
-- Already installed :
 perl516-perl-ExtUtils-MakeMaker-6.66-1.el6.centos.alt.noarch
-- perl516-perl-MailTools-2.13-1.el6.noarch
-- perl516-perl-Net-DNS-0.74-1.el6.x86_64
-- Already installed :
 perl516-perl-Test-Simple-0.98-12.el6.centos.alt.noarch
 Error: Package: perl516-perl-Net-DNS-0.74-1.el6.x86_64 (perl516_local)
  Requires: perl516-perl(Win32::IPHelper)
 Error: Package: perl516-perl-Net-DNS-0.74-1.el6.x86_64 (perl516_local)
  Requires: perl516-perl(Win32::TieRegistry)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

 DEBUG: kill orphans


 I do not understand why Win32::IPHelper and Win32::TieRegistry is needed
 with perl516 and with rhel6 standard perl not.

The problem seems to be if the perl module is build with mock 
scl-perl516 then there is a wierd dependency of
perl516-perl(Win32::IPHelper) and perl516-perl(Win32::TieRegistry)

Rainer




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading Perl (modules) / RequestTracker

2014-02-05 Thread Rainer Duffner

Am Wed, 05 Feb 2014 06:23:25 +0100
schrieb Chris ch2...@arcor.de:

 Well, it seems you have to install RT manually on CentOS 6 [1].
 
 On 02/05/2014 12:33 AM, Rainer Duffner wrote:
  I have no experience with Debian/Ubuntu, but I’d really only use
  packages in case I could package them up myself, specifically for
  this task.
 
 For Debian, there are packages readily available, which get updated
 automatically.

Well, there are also packages for FreeBSD.
RT and all dependencies.

 I had not any problems with dependencies. You don't
 have to do anything. Sorry, to say this on this list, but this is a
 task I would choose Debian for [2].


The reason I wouldn't just blindly install or update packages is that I
don't believe that even the Debian guys do sufficient testing to ensure
that RT actually works after the update.


This is, of course, a highly RT-specific discussion.
But in defense of CentOS, I don't see a fundamental problem running RT
on it - actually, due to the long support-cycles, it might even be
better suited than e.g. Ubuntu LTS. Ticketing-Systems usually have
exceptionally long replacement-cycles.
You just have to make sure you know what you are doing and find a
usable change-management strategy.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Upgrading Perl (modules) / RequestTracker

2014-02-04 Thread Rainer Duffner


Am 04.02.2014 um 22:49 schrieb Michael Mol mike...@gmail.com:

 I'm attempting to install RequestTracker on CentOS 6.5. Running make
 testdeps as recommended by RT's installation guide, I'm presented with
 lists of missing Perl modules.
 
 One of these lines reads:
 
Encode = 2.39 ...MISSING
 
 
 Now, yum whatprovides '*/Encode.pm'  informs me that that module is
 part of the core Perl distribution, and is installed on my system.
 Opening the file itself reveals:
 
 # $Id: Encode.pm,v 2.35 2009/07/13 00:49:38 dankogai Exp $
 
 so I know that I have version 2.35 of that module installed, and
 obviously that's  2.39. So I need to get 2.39 installed.
 
 What is the correct way to do this on CentOS? The last time I had to do
 anything like this, it was on a Debian box, I went through the process
 recommended by the guys in #perl, and was left with a broken system
 that was a real joy to piece back together…


I’m not sure about CentOS.
This guide:
http://binarynature.blogspot.pt/2013/05/install-request-tracker-4.html

suggest installing all the modules via CPAN (onto the original installation).

I don’t believe this is going to work very well, once it touches modules 
already part of the initial installation (as in your case).

Historically, you were best off with installing a perl from source into a 
different directory and using RT’s installer to fix all the dependencies.

You can then update these modules as needed or required by security-issues / RT 
updates/upgrades, without interfering with the base OS update mechanism.

If you choose this route, I would suggest using the NGINX+fast-cgi 
implementation, as you don’t have to worry about the mod_perl from base etc.

Admittedly, this reduces CentOS to little more than a kernel+filesystem+sshd - 
but unless you find a repository that provides all the modules (well over a 
hundred last time I counted, significantly more if you enable all the optional 
dependencies) in all the right versions, all of the time, you will have a hell 
of a problem keeping RT running smoothly.

I have no experience with Debian/Ubuntu, but I’d really only use packages in 
case I could package them up myself, specifically for this task.





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS-announce] CentOS Project joins forces with Red Hat

2014-01-16 Thread Rainer Duffner


Am 17.01.2014 um 01:18 schrieb Karanbir Singh mail-li...@karan.org:

 On 01/13/2014 09:14 AM, Andreas Kasenides wrote:
 Apparently nto all is well with the take-over.
 Here is an example. Should I stop mirroring CentOS in the fear of being
 arrested next time a I visit the US on vacation?
 
 
 I dont understand your question or statement, what are you saying here ?
 Can you say the same thing, but a bit in a more verbose manner ?
 



I think he refers to:

You may not provide CentOS software or technical information to individuals or 
entities located in one of these countries or otherwise subject to these 
restrictions.“

He fears that he’s held responsible if someone from Iran uses e.g. his mirror 
to download the stuff.

Maybe thinking of this incident:
http://www.huffingtonpost.com/2012/06/19/apple-store-refuses-to-sell-ipad-to-iranian_n_1609734.html

Though the ban on iPhones seems to have been lifted, actually:

http://appleinsider.com/articles/13/08/27/apple-to-start-sales-of-devices-going-to-iran-after-us-sanctions-lifted

Can you check with „your“ legal department if Open Source operating systems are 
still not allowed to be exported to „certain countries?

I really hope someone at the treasury department gets the irony of not allowing 
a „free“ operating system being exported from a „free“ country to an „unfree“ 
country….



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] A question about 7

2014-01-15 Thread Rainer Duffner

Am Wed, 15 Jan 2014 16:25:04 +0200
schrieb JC Putter jcput...@gmail.com:

 How about using ethtool -p which causes the LED of the NIC to blink?
 



Very useful, unless the datacenter isn't in the basement ;-)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

1 2 3 4 5 6 >

1 - 100 of 519 matches

Mail list logo