Re: [CentOS] Newest kernel issue, C7

[m . roth]

On 2021-08-03 10:20, Jonathan Billings wrote:

On Tue, Aug 03, 2021 at 10:17:09AM -0400, mark wrote:
Just fullyu updated yesterday. The reboot gets past Centos (core)... 
and
reboots. Repeatedly. messages *look* as though it got up... and then 
reboot.


Are you booting into graphical.target (gdm) or multi-user.target (text
login)?  Have you removed 'rhgb quiet' from the kernel parameters to
see what it is doing?  Can you boot into the rescue target and poke
around in the journal to see what's going on?


Since I.m traveling, I.ll do some when I get home...but as a sysadmin, I 
*always* remove the rhgb quiet. Iknow it got past the base, and had 
gotten to welcome to:, Sometheing shortly after that, it reboots. Is 
there still the interactive option? If so, I can use that... thanks


  mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C 7: smpboot: CPU 16 is now offline, and slabs...

[m . roth]

m.r...@5-cent.us wrote:
> m.r...@5-cent.us wrote:
>> m.r...@5-cent.us wrote:
>>> Current kernel, and I just booted, and dmesg shows, of the 32 cores, 0,
>>> 2, 4 and 6 ok, and *all* other show "is now offline.
>>>
>>> What's happening here?
> 
> Ok, more info. I found how to online a CPU -
> echo 1 > /sys/devices/system/cpu/cpu23/online
>
> Perhaps I should have started with 1,3, etc, but I was doing the 20's,
> instead. Got to CPU27... and the system rebooted.
>
> Now I'm wondering if the offline'd CPUs have something to do with the fact
> that this (and an identical one, in the datacenter, are rebooting around
> 04:00 every day. Btw, they're Dell PE R530's from 2016
>
Still more info (come on, folks, help me out!): these two machines that
keep rebooting, and only one other that doesn't, have Intel E5-2630's in
them. These two are v3, while the one other is a v.2. The latter's
microcode is
microcode: CPU0 sig=0x306e4, pf=0x1, revision=0x428
while on the two that reboot, they have
microcode: CPU0 sig=0x306f2, pf=0x1, revision=0x3a

Anyone think I might be going down the wrong path? Any thoughts at all? If
not, any cmts on my downgrading to the previous microcode? This happened
once a week ago, and then, starting last Friday, began happening at least
around 04:00 every day.

mark



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C 7: smpboot: CPU 16 is now offline, and slabs...

[m . roth]

m.r...@5-cent.us wrote:
> m.r...@5-cent.us wrote:
>> Current kernel, and I just booted, and dmesg shows, of the 32 cores, 0,
>> 2, 4 and 6 ok, and *all* other show "is now offline.
>>
>> What's happening here?

Ok, more info. I found how to online a CPU -
echo 1 > /sys/devices/system/cpu/cpu23/online

Perhaps I should have started with 1,3, etc, but I was doing the 20's,
instead. Got to CPU27... and the system rebooted.

Now I'm wondering if the offline'd CPUs have something to do with the fact
that this (and an identical one, in the datacenter, are rebooting around
04:00 every day. Btw, they're Dell PE R530's from 2016

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C 7: smpboot: CPU 16 is now offline, and slabs...

[m . roth]

m.r...@5-cent.us wrote:
> Current kernel, and I just booted, and dmesg shows, of the 32 cores, 0, 2,
> 4 and 6 ok, and *all* other show "is now offline.
>
> What's happening here?
>
A followup: I also find a core in /var/spool/abrt, and "reason" is
 kernel BUG at mm/slub.c:3601!

In googling, I see threads about incorrect calculation of slabs. Following
one thread, I find
cat /sys/kernel/slab/:t-048/cpu_slabs

gives me

4 N0=4

Meanwhile, slabtop shows
 Active / Total Slabs (% used)  : 25927 / 25927 (100.0%)

Which changes, but just varying around that number, and st 100%.

So: should I increase the number of slabs, using the kernel parm of
swiotlb, and if so, for what I show above, should I set it to, say, 32000?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C 7: smpboot: CPU 16 is now offline

[m . roth]

Current kernel, and I just booted, and dmesg shows, of the 32 cores, 0, 2,
4 and 6 ok, and *all* other show "is now offline.

What's happening here?

 mark


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Generic linux question: sysctl and swiotlb

[m . roth]

Anyone know if I can increase the size of swiotlb using sysctl, rather
than waiting to reboot?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C7, kernel oops, sllub.c

[m . roth]

Anyone else seeing this: I've seen it with different line # as an upstream
bug: kernel BUG at mm/slub.c:3601.

When I look for slub.c, I think I found a slightly different version,
since that's a blank line, but it's in the function slab_memory_callbac.

On a possibly related note, one of my users who runs debian has been
getting a ton of radeon errors... and guess what, it's to do with
slab_callback.

Anyone want me to post the backtrace from the abort?

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, encryption, and clevis

[m . roth]

Valeri Galtsev wrote:
>
>
> On 06/08/18 15:45, m.r...@5-cent.us wrote:
>> Valeri Galtsev wrote:
>>> On 06/08/18 15:26, m.r...@5-cent.us wrote:
>> 
> On a similar note: one of the companies whose software scientists
> here
> were using a lot (IDL is a product) changed hand several times, and
> last owner changed licensing terms and stopped signing perpetual
>> licenses.
> With perpetual license you were able to keep upgrading software
> during
> support period, usually 1 year, and keep using last version later
> forever only you are locked to that older version. They stopped
> signing
> perpetual licenses, and made it "software for rent" with 1 year rent
> term. When that happened I recommended all our people to avoid using
> IDL in new projects (python was my recommendation as fair replacement
> -
> just what I know, not that I consider it better than other
>> alternatives). As
> a programmer (former I should say, as I don't put my dirty hands into
> code lately, almost not) I wouldn't invest my time into mastering
> something that I not necessarily will have access to at some point in
> a
> future...

 Yeah. We have a number of folks here using R, and fewer still using
 Matlab.
>>>
>>> Sounds like your former matlab users are happy with R (bad name, BTW,
>>> try to search...). Thanks, I will know now what to mention as
>>> alternative if it will be about matlab!
>>>
>> And it has heavy hooks for python. And it's open source. Matlab may have
>> more sophisticated tools, but
>
> I know about R, I set it up for those who asks, have it on main number
> crunchers here. I just never played with it myself, and didn't have any
> idea that matlab users may be happy about it. But now I know, thanks
> again!

I've never played with it either - it's statistical software, I think. I
just install and upgrade

Have a good weekend.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, encryption, and clevis

[m . roth]

Valeri Galtsev wrote:
> On 06/08/18 15:26, m.r...@5-cent.us wrote:

>>> On a similar note: one of the companies whose software scientists here
>>> were using a lot (IDL is a product) changed hand several times, and
>>> last owner changed licensing terms and stopped signing perpetual
licenses.
>>> With perpetual license you were able to keep upgrading software during
>>> support period, usually 1 year, and keep using last version later
>>> forever only you are locked to that older version. They stopped signing
>>> perpetual licenses, and made it "software for rent" with 1 year rent
>>> term. When that happened I recommended all our people to avoid using
>>> IDL in new projects (python was my recommendation as fair replacement -
>>> just what I know, not that I consider it better than other
alternatives). As
>>> a programmer (former I should say, as I don't put my dirty hands into
>>> code lately, almost not) I wouldn't invest my time into mastering
>>> something that I not necessarily will have access to at some point in a
>>> future...
>>
>> Yeah. We have a number of folks here using R, and fewer still using
>> Matlab.
>
> Sounds like your former matlab users are happy with R (bad name, BTW,
> try to search...). Thanks, I will know now what to mention as
> alternative if it will be about matlab!
>
And it has heavy hooks for python. And it's open source. Matlab may have
more sophisticated tools, but

   mark "now, there is the guy who runs R jobs on a server with
   a ton of memory *and* to Tesla cards that run for,
   literally, 2-3 *weeks*. Lotta data"

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, encryption, and clevis

[m . roth]

Valeri Galtsev wrote:
> On 06/08/18 13:48, m.r...@5-cent.us wrote:
>> Frank Cox wrote:
> so if it would work, replace shortname with short and short1?
>>>
>>> With all of this hokey-pokey surrounding licensing and mac addresses, I
>>> wonder if this outfit is actually still in compliance with the terms of
>>> their license for this software, whatever it may be?
>>>
>>> If the software licensed to run only on Machine X and Machine X has now
>>> been junked and replace by Machine Y,  then isn't the solution to
>>> obtain a license for the software for Machine Y or be out-of compliance
>>> regardless of the technical ability to spoof whatever it's looking for?
>
> Frank, I 100% agree with you. The only case with spoofed MAC address and
> license that may have chance to stand in court will be if all below are
> true:
>
> 1. the company issued perpetual license.
> 2. the company does not exist
> 3. the original hardware died (be it motherboard whose embedded NIC
> license was locked to or network card)
> 4. single replacement machine (meeting requirements of license;
> sometimes it is number of CPUs/cores, memory, etc) is used to replace it
> [imminently needing to spoof MAC address]
> 5. fair effort was made to find and notify about the above whoever
> inherited rights of dissolved company
>
> But I bet the lawyer can find flaws in what I tried to say.

Both users' old workstations were at least 6 years old, maybe more. They
got surplused (I'm the one who did that). So it's only on the two machines
that the licenses were for. But I assume it was very expensive when
they bought it.
>
> On a similar note: one of the companies whose software scientists here
> were using a lot (IDL is a product) changed hand several times, and last
> owner changed licensing terms and stopped signing perpetual licenses.
> With perpetual license you were able to keep upgrading software during
> support period, usually 1 year, and keep using last version later
> forever only you are locked to that older version. They stopped signing
> perpetual licenses, and made it "software for rent" with 1 year rent
> term. When that happened I recommended all our people to avoid using IDL
> in new projects (python was my recommendation as fair replacement - just
> what I know, not that I consider it better than other alternatives). As
> a programmer (former I should say, as I don't put my dirty hands into
> code lately, almost not) I wouldn't invest my time into mastering
> something that I not necessarily will have access to at some point in a
> future...

Yeah. We have a number of folks here using R, and fewer still using Matlab.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, encryption, and clevis

[m . roth]

Frank Cox wrote:
>> > so if it would work, replace shortname with short and short1?
>
> With all of this hokey-pokey surrounding licensing and mac addresses, I
> wonder if this outfit is actually still in compliance with the terms of
> their license for this software, whatever it may be?
>
> If the software licensed to run only on Machine X and Machine X has now
> been junked and replace by Machine Y,  then isn't the solution to obtain a
> license for the software for Machine Y or be out-of compliance regardless
> of the technical ability to spoof whatever it's looking for?
>
It's apparently a very good molecular modeling program, and to be real, my
users tell me that the company that bought the original company wants, and
I'm not making this up, $15k US to generate a license for a new
workstation. And there's two? three? workstations that run it.

And this is a US gov't agency (civilian secrot). Budget? We don' need no
steenkeen budgets, the Magic Hand of the Market will produce all the
results we need.

   mark "not including building maintenance budgets"

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, encryption, and clevis

[m . roth]

Valeri Galtsev wrote:
>
>
> On 06/08/18 10:27, m.r...@5-cent.us wrote:
>> John Hodrien wrote:
>>> On Fri, 8 Jun 2018, m.r...@5-cent.us wrote:
>>>
 We've been required to encrypt h/ds, and so have been rolling that out
 over the last year or so. Thing is, you need to put in a password, of
 course, to boot the system. My manager found a way to allow us to
 reboot without being at the system's keyboard, a package called
 clevis. Works fine... except in a couple of very special cases.

 Those systems, the problem is that, due to older software, and *very*
 expensive licenses that are tied to a MAC address, I have to spoof the
 MAC address since my users got new(er) machines.

 Clevis is trying to contact its password server, using the *real* MAC
 address, but our DHCP has to serve the *spoofed* MAC address. I know,
 from trying, that I can't have two entries for the same system. Can
 anyone suggest a solution?
>>>
>>> Nothing wrong with having two MAC addresses listed for one IP.  With
>>> ISC DHCP the label for a host has to be unique, but the hostname doesn't.
>>
>> The IP's not the problem, it's dhcpd gagging on two entries, two MAC
>> addresses, for the same server name - think dhcpd.conf.local
>
> When I have a machine that can comes with different MAC addresses, and I
> have to give it the same IP, here is what I have in DHCP server
> configuration (Mac addresses and IP address are obfuscated below):
>
> # tricky machine
> host tricky {
>hardware ethernet xx:xx:xx:xx:xx:xx;
>fixed-address A.B.C.D;
> }
>
> # tricky machine again
> host tricky1 {
>hardware ethernet yy:yy:yy:yy:yy:yy;
>fixed-address A.B.C.D;
> }
>
Hmmm... wonder if it will gag - we don't put the IP in that, that comes
from DNS. The format we use is
   host  P hardware ethernet ; fixed-address
;}

so if it would work, replace shortname with short and short1?

  mark



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7, encryption, and clevis

[m . roth]

John Hodrien wrote:
> On Fri, 8 Jun 2018, m.r...@5-cent.us wrote:
>
>> We've been required to encrypt h/ds, and so have been rolling that out
>> over the last year or so. Thing is, you need to put in a password, of
>> course, to boot the system. My manager found a way to allow us to reboot
>> without being at the system's keyboard, a package called clevis. Works
>> fine... except in a couple of very special cases.
>>
>> Those systems, the problem is that, due to older software, and *very*
>> expensive licenses that are tied to a MAC address, I have to spoof the
>> MAC address since my users got new(er) machines.
>>
>> Clevis is trying to contact its password server, using the *real* MAC
>> address, but our DHCP has to serve the *spoofed* MAC address. I know,
>> from trying, that I can't have two entries for the same system. Can anyone
>> suggest a solution?
>
> Nothing wrong with having two MAC addresses listed for one IP.  With ISC
> DHCP the label for a host has to be unique, but the hostname doesn't.

The IP's not the problem, it's dhcpd gagging on two entries, two MAC
addresses, for the same server name - think dhcpd.conf.local

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C7, encryption, and clevis

[m . roth]

We've been required to encrypt h/ds, and so have been rolling that out
over the last year or so. Thing is, you need to put in a password, of
course, to boot the system. My manager found a way to allow us to reboot
without being at the system's keyboard, a package called clevis. Works
fine... except in a couple of very special cases.

Those systems, the problem is that, due to older software, and *very*
expensive licenses that are tied to a MAC address, I have to spoof the MAC
address since my users got new(er) machines.

Clevis is trying to contact its password server, using the *real* MAC
address, but our DHCP has to serve the *spoofed* MAC address. I know, from
trying, that I can't have two entries for the same system. Can anyone
suggest a solution?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] A touch conused on context

[m . roth]

Ok, we've got a set of directories bind mounted on our standard mount
point for the web. The directory tree's been set with semanage fcontext -t
-e /var/www . In one of the websites under there is
/cgi-bin, and under *there are a couple of subdirectories, and a
.dat file that is written to (I thihnk it's a counter, or whatever). Yet I
see sealerts complaining that, if it was in enforcing mode, would not
allow the .cgi that's in the cgi-bin write access on the file.

What am I missing here?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Trying to print...

[m . roth]

Well... we've got this poster printer. Been printing for years. There was
an, um, incident at work, and long story short, the .ppd that I had had to
create was lost. I've pretty much recreated it, and cupstestppd only gives
a few warnings... but: I've got it set up in cups on my C 6 server, to go
to the JetDirect socket, but I try to print, and it tries to send the
file, and the next thing I know, cups says the printer's paused, and in
messages I've got a "broken pipe" line.

The printer does its internal cleanings and self-tests fine, and I can
telnet to the printer.

Any thoughts?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 (using iptables) removed firewalld

[m . roth]

Steve Frazier wrote:
>  Thank you.  I apologize for sending something that could be read.  There
> are more examples in there that I had commented out.
> Anyway,  here is my working iptables-save.  If someone could review my
> output and let me know if I am missing anything and if the order of the
> rules are the most secure they could be.
> TIA.
>
Steve,

   Do you have any idea of what you're writing? Why are you emailing -
this *is* an email list - with run-on lines? I mean, really, can you
read what you sent, below?

  mark
> Steve
>
> # Generated by iptables-save v1.4.21 on Fri Jun  1 10:34:39
> 2018*mangle:PREROUTING ACCEPT [12219:2602452]:INPUT ACCEPT
> [8766:2101480]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT
> [7093:2183351]:POSTROUTING ACCEPT [7093:2183351]COMMIT# Completed on Fri
> Jun  1 10:34:39 2018# Generated by iptables-save v1.4.21 on Fri Jun  1
> 10:34:39 2018*nat:PREROUTING ACCEPT [3836:607509]:INPUT ACCEPT
> [130:21132]:OUTPUT ACCEPT [42:19744]:POSTROUTING ACCEPT [40:19121]-A
> POSTROUTING -o eth1 -j MASQUERADECOMMIT# Completed on Fri Jun  1 10:34:39
> 2018# Generated by iptables-save v1.4.21 on Fri Jun  1 10:34:39
> 2018*filter:INPUT DROP [253:85405]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT
> [7093:2183351]-A INPUT -m set --match-set blacklist src -j DROP-A INPUT -i
> lo -j ACCEPT-A INPUT -s mypublicip1 -i eth0 -j ACCEPT-A INPUT -s
> mypublicip2 -i eth0 -j ACCEPT-A INPUT -s myublicip3 -i eth0 -j ACCEPT-A
> INPUT -s 192.168.20.0/23 -i eth1 -j ACCEPT-A INPUT -s myipprovider1 -i
> eth0 -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -s myipprovider2 -i eth0
> -p udp -m udp --dport 5060 -j ACCEPT-A INPUT -m state --state
> RELATED,ESTABLISHED -j ACCEPT-A FORWARD -m set --match-set blacklist src
> -j DROP-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j
> ACCEPT-A FORWARD -i eth0 -o eth1 -j ACCEPT-A FORWARD -i eth1 -o eth1 -j
> REJECT --reject-with icmp-port-unreachableCOMMIT# Completed on Fri Jun  1
> 10:34:39 2018~~
>
> Steve
>
>
>
>
> On Friday, June 1, 2018, 9:37:57 AM EDT, m.r...@5-cent.us
>  wrote:
>
>  Steve Frazier wrote:
>>  Hello, 
>> I hope that I can ask some questions on this mailing list about
>> IPTables.
>> I am more familiar with IPTABLES instead of FIREWALLD.  I disabled
>> FIREWALLD and installed iptables-services.
>> I have put together a script that I found on the web on how to set up a
>> good set of IPTABLES rules to keep my server as secure as possible.
> 
> That's *extremely* hard to read, esp. given that the numbered commands
> would fail, as they don't seem to be comments.
>
> Could you run it, and then give us the o/p of iptables-save?
>
>     mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 (using iptables) removed firewalld

[m . roth]

Steve Frazier wrote:
>  Hello, 
> I hope that I can ask some questions on this mailing list about IPTables.
> I am more familiar with IPTABLES instead of FIREWALLD.  I disabled
> FIREWALLD and installed iptables-services.
> I have put together a script that I found on the web on how to set up a
> good set of IPTABLES rules to keep my server as secure as possible.

That's *extremely* hard to read, esp. given that the numbered commands
would fail, as they don't seem to be comments.

Could you run it, and then give us the o/p of iptables-save?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.5 gui login root only

[m . roth]

isdtor wrote:
>
>> Sounds like an authorization issue. Have you checked both
>> /var/log/messages and /var/log/secure? If you're using /etc/password,
>> are
>> its permissions and ownership correct? Are the user's home directories
>> owned by them?
>
> Nothing relevant in these log files.  The test user is in NIS and home
> directory is auto-mounted.  All of this works, user can login through text
> console and ssh.  selinux is disabled.  But even startx isn't working, and
> again the Xorg log doesn't give any indication what might be the problem.
>
Now it begins to sound like a video driver problem. What video do you have?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7.5 gui login root only

[m . roth]

isdtor wrote:
> Taking first steps on CentOS 7 1804.
>
> Logging into the Gnome/Gnome classic desktop from gdm works only for root.
> For other users, the screen flashes and the login screen returns.
> KDE/Plasma login is successful but ends up with a black screen with mouse
> pointer while all desktop processes appear to be running.
>
> The CentOS 7 system is running in a CentOS6 KVM virtual machine, which may
> be the problem. I have no physical machine for testing right now.
>
> These logins work for non-root users when the system is built from the
> CentOS 7 DVD. The non-working installation stems from a kickstart install
> which essentially includes a much larger number of packages, some 6k vs.
> 2.5k from DVD install). Maybe there are conflicts, but I have not been
> able to isolate anything.
>
Sounds like an authorization issue. Have you checked both
/var/log/messages and /var/log/secure? If you're using /etc/password, are
its permissions and ownership correct? Are the user's home directories
owned by them?

   mark
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS6: HELP! EFI boot fails after replacing disks...

[m . roth]

Robert Heller wrote:
> At Tue, 29 May 2018 06:47:06 -0700 CentOS mailing list 
> wrote:
>> On 05/29/2018 06:33 AM, Robert Heller wrote:
>> >
>> >> The UUID in the EFI boot options is
>> >> 99E275E7-75A0-4B37-A2E6-C5385E600CB, which
>> >> does not to match anything, but the system is only happy booting the
>> >> old disk...
>> > And at this point, it will only boot in legacy mode off the old disk.
>>
>> That's what I meant, I think.'?'? Legacy mode is BIOS-compatible.'?'? If
>> you're booting in legacy mode, you can't access the UEFI variables. The
>> old disk probably has GRUB installed on the first block.'?'? It might be
>> booting in legacy mode *because* the UEFI boot option's UUID doesn't
>> match your partition.
>
> OK,  I think at this point it is not wanting to even boot the old disk in
> EFI mode.  Maybe because the old disk is no longer in SATA port 0
(/dev/sda).
> It is not wanting to boot the new disk in EFI mode and won't boot from the
> Optical disk in EFI mode (at least I cannot figure out how to do that).

Y'know, what you just wrote above... that makes it sound like you need to
go into the BIOS and reset the boot order.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vsftpd vs. iptables firewall script

[m . roth]

Nicolas Kovacs wrote:
> Le 23/05/2018 à 16:58, m.r...@5-cent.us a écrit :
>> A suggestion: once you've got the firewall issue dealt with, set selinux
>> into permissive mode; *then* you can figure out what it's complaining
>> about, while at the same time, your system will be available. Once
>> you've
>> fixed those issues, then you can make it enforcing.
>
> This is always my approach. Turns out the solution was rather simple
> here. After switching SELinux to permissive mode and connecting to the
> server, I did this:
>
>   # sealert -a /var/log/audit/audit.log
>
> The problem here was that I got a small tsunami of suggestions. But in

ARGH! No. We get entries in /var/log/messages that tell you run run
sealert *with* a given number. I just highlight, copy and run that, not
try to read the whole audit log.

   mark
> the middle of this flood, I got a boolean to set, so on a hunch, I tried
> that:
>
>   # setsebool -P ftpd_full_access 1
>
> Turns out this solved all SELinux-related problems. So Vsftp works
> perfectly now with my custom Iptables firewall *and* SELinux in
> enforcing mode.
>
> Cheers & thanks for all your suggestions.
>
> Niki
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Site : https://www.microlinux.fr
> Blog : https://blog.microlinux.fr
> Mail : i...@microlinux.fr
> Tél. : 04 66 63 10 32
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vsftpd vs. iptables firewall script

[m . roth]

Nicolas Kovacs wrote:
> Hi,
>
> I'm currently setting up a local FTP server, to receive disk images sent
> with G4L (Ghost4Linux).
>
> This server has been running Slackware Linux before, and the Vsftpd
> setup was relatively simple.
>
> With CentOS things seem to be slightly different, so I'm currently
> trying to work things out. For the moment, two things seem to be
> creating problems, the simple iptables firewall and SELinux.
>
> When I disable the firewall and SELinux, Vsftp works as expected. So far
> so good.
>
> Now let's tackle this one dragon at a time. First the firewall. I'm

A suggestion: once you've got the firewall issue dealt with, set selinux
into permissive mode; *then* you can figure out what it's complaining
about, while at the same time, your system will be available. Once you've
fixed those issues, then you can make it enforcing.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Vsftpd vs. iptables firewall script

[m . roth]

Nicolas Kovacs wrote:
> Le 23/05/2018 à 16:36, Nux! a écrit :
>> Try "iptables -I INPUT" for your FTP rule.
>
> Doesn't work. I redirected all my errors to /var/log/messages, so here's
> what I get when I try to connect Filezilla to that server.
>
> May 23 16:48:58 c7-server kernel: +++ IPv4 packet rejected +++ IN=enp0s3
> OUT= MAC=08:00:27:00:00:03:d4:85:64:b2:b2:1b:08:00 SRC=192.168.2.2
> DST=192.168.2.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30737 DF PROTO=TCP
> SPT=51474 DPT=38714 WINDOW=29200 RES=0x00 SYN URGP=0
>
> I'm clueless here.

Oh, hell, it just hit me: are you using C7? If so, start out by running
firewall-cmd --list-all

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C 7, selinux, and rpc.gssd

[m . roth]

Folks,

As systems are upgraded, we're getting a ton of complaints
(fortunately, we're in permissive mode) that would break everything.
All of them involve rpc.gssd, and I see a number of bugs listed when I
search.

Note that I first saw this on a RHEL system, but now I'm seeing it on
CentOS 7. I'm bringing it up here, because, given that there are
multiple reported, that there's some bigger picture involving policy
and rpc.gssd.

I'll note that some of the reported bugs were *closed last year, or
before, so it seems to me an old issue resurfaced.

Example.
SELinux is preventing /usr/sbin/rpc.gssd from using the block_suspend
capability.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] The right way to deal with in-house development

[m . roth]

Ok, what's the "correct" way to deal with systems developed in-house, that
have their own sets up subdirectories.

And why, for that matter, does running sealert give me the full path to
the executable, like openjdk... but *not* the full path to the file it's
trying to operate on, and I'm left going "ok, where was the file it
deleted? (we're running in permissive mode - overwhelmingly, developers
and subject matter experts no less than nothing about selinux).

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] could not resolve mirrorlist.centos.org

[m . roth]

Richard wrote:
>> Date: Tuesday, May 15, 2018 12:01:59 -0400
>> From: m.r...@5-cent.us
>>
>>I've got managers on me, I'm rebuilding this system as C 7...
>> and I'm getting the above. No idea. It pings, but pointing a
>> browser to  there gives me "invalid release".
>>
>>Anyone else having trouble?

> If you want a list of the mirrors, go to:
>
>

Never mind. I'd installed a minimal basic system, and had added our local
repo, and then went to run a large script... and somewhere, for no reason
I know, it had shut down the NIC-formerly-known-as-eth0. I brought that
up,  and all was well.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] could not resolve mirrorlist.centos.org

[m . roth]

Hi, folks,

   I've got managers on me, I'm rebuilding this system as C 7... and I'm
getting the above. No idea. It pings, but pointing a browser to  there
gives me "invalid release".

   Anyone else having trouble?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Latest CentOS does not boot, Proliant ML330 G6

[m . roth]

Jari Fredriksson wrote:
> Hello all.
>
> I just upgraded to the latest and tried to reboot: kernel panic and dead
> as a brick.
>
> Luckily GRUB still works and booting the to the next option in boot menu
> succeeds.
>
> How can this be? This OS is assumed to be solid as a brick :)
>
Do you have any excludes in /etc/yum.conf? We had an issue about a year
ago, where, in spite of exclude kernel, someone other than me ran an
update, or there was some auto-update, I don't remember, and it appeared
to *partly* install the kernel... and did not appear to do any
post-install actions (like building the ramdisk). I reinstalled the
kernel, with my usual disableexcludes=all, and the upgrade succeeded, and
all was good.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum-cron

[m . roth]

John Hodrien wrote:
> On Fri, 11 May 2018, m.r...@5-cent.us wrote:
>
>> And there is *NO* reason whatever for a "yum-hourly*. None. This is
>> CentOS, not ubuntu-snapshot-of-the-moment.
>
> Did you have a look at what the hourly run does by default?
>
Ok, I just did, and I see in the configuration file for yum-cron-hourly
that it won't do anything by default, so my aggro level is subsiding.

Still, I literally do not see any need whatever for an hourly check. As I
noted, this isn't ubuntu current (as opposed to LTS)

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum-cron

[m . roth]

Jon Pruente wrote:
> On Fri, May 11, 2018 at 10:36 AM,  wrote:
>>
>> And there is *NO* reason whatever for a "yum-hourly*. None. This is
>> CentOS, not ubuntu-snapshot-of-the-moment.
>>
>> I don't know if this is from upstream or not, but it's wrong. I mean,
>> even Redmond only pushes out patches once or twice a month, except for
>> critical fixes.,,,.
>
> Are willing to wait up to 24 hours for new security patches, or only an
> hour?

In a work environment? Or production? No way is there going to be an
instant update. In most cases, you need to test whether that update is
going to break things, and that will get you a ton more grief from users
and management.

Even if it's rated "critical", it needs to be tested one predetermined
systems before rolling it out to everyone.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Yum-cron

[m . roth]

Ok, I've just had issues this morning, and went and *looked*. I can see a
yum-cron running monthly, sure. Running weekly, I guess. Running daily?
Why?

And there is *NO* reason whatever for a "yum-hourly*. None. This is
CentOS, not ubuntu-snapshot-of-the-moment.

I don't know if this is from upstream or not, but it's wrong. I mean, even
Redmond only pushes out patches once or twice a month, except for critical
fixes.,,,.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[m . roth]

Sean wrote:
> Probably too late for consideration at this point, but there are
> Enterprise Class SSDs available with DoD/NSA certified/approved self
encryption
> capability.  The concept is that encryption is a hardware feature of the
> drive, when you want to dispose of it, you throw away the key.  This
> allows vendors to receive broken drives back from GOV/MIL clients
securely so
> that failure methods can be researched.
>
> Dell and EMC have been presenting this to us at storage briefs for a
> couple of years now.
>
On the one hand, it's certainly not too late - we're trying to figure out
what to do *before* it happens, so we don't run around like chickens with
their head cut off when it does.

On the other hand... static, and unchanging, right, and how many minutes
of Amazon S3 will it take to break the encryption?

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: hardware: sanitizing a dead SSD?

[m . roth]

James Szinger wrote:
> Disclaimer: My $dayjob is with a government contractor, but I am speaking
> as  private citizen.
>
> Talk to your organization's computer security people.  They will have a
> standard procedure for getting rid of dead disks.  We on the internet
> can't > know what they are.  I'm betting it involves some degree of
paperwork.
>
> Around here, I give the disks to my local computer support who in turn
> give them the institutional disk destruction team.  I also zero-fill the
disk
> if possible, but that's not an official requirement.  The disk remains
> sensitive until the process is complete.
>
Federal contractor here, too. (I'm the OP). For disks that work, shred or
DBAN is what we use. For dead disks, we do the paperwork, and get them
deGaussed. SSD's are a brand new issue. We haven't had to deal with them
yet, but it's surely coming, so we might as well figure it out now.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: hardware: sanitizing a dead SSD?

[m . roth]

Anyone have any clues about how to sanitize a dead SSD? We haven't had it
yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
dead disk gets deGaussed, but what the hell do you do with a SSD?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] More oddities...

[m . roth]

From: Marcelo Ricardo Leitner 
On Tue, May 01, 2018 at 03:28:29PM -0400, m.r...@5-cent.us wrote:
>> My manager's workstation is C 7.4, and it started screaming yesterday
>> about issues with ata5.
>
>> Except that he has one internal and one external drive, and a DVD. Anyone
>> have clues as to what could be causing this, or where to start looking?

> ata'5' is about the port it is connected and not related to the count
> of devices in there.

> You should be able to match it with:
> ls -l /sys/class/block | grep ata5
> There sould be a symlink like:
> lrwxrwxrwx.  1 root root 0 abr 29 19:23 sda ->
> ../../devices/pci:00/:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda

> Or by going through boot dmesg.

Good thought... but no joy. I see links with sda, sda1, sdb, sdb1 and
sdb2, and four for dm-[0-3], and nothing else. Looking in that symlink, I
see
ll /sys/devices/pci\:00/\:00\:1f.2/ata5/
total 0
drwxr-xr-x.  6 root root0 May  2 10:12 ./
drwxr-xr-x. 10 root root0 May  2 10:11 ../
drwxr-xr-x.  3 root root0 May  2 10:14 ata_port/
drwxr-xr-x.  4 root root0 May  2 10:14 host4/
drwxr-xr-x.  5 root root0 May  2 10:14 link5/
drwxr-xr-x.  2 root root0 May  2 10:14 power/
-rw-r--r--.  1 root root 4096 May  2 10:14 uevent
$ ll /sys/devices/pci\:00/\:00\:1f.2/ata5/host4/
total 0
drwxr-xr-x. 4 root root0 May  2 10:14 ./
drwxr-xr-x. 6 root root0 May  2 10:12 ../
drwxr-xr-x. 2 root root0 May  2 10:15 power/
drwxr-xr-x. 3 root root0 May  2 10:15 scsi_host/
lrwxrwxrwx. 1 root root0 May  1 17:59 subsystem ->
../../../../../bus/scsi/
-rw-r--r--. 1 root root 4096 May  2 10:15 uevent

Finally, I did
ll /sys/devices/pci\:00/\:00\:1f.2/ata5/host4/scsi_host/host4/
total 0
drwxr-xr-x. 3 root root0 May  2 10:15 ./
drwxr-xr-x. 3 root root0 May  2 10:15 ../
-rw-r--r--. 1 root root 4096 May  2 10:15 active_mode
-r--r--r--. 1 root root 4096 May  2 10:15 ahci_host_cap2
-r--r--r--. 1 root root 4096 May  2 10:15 ahci_host_caps
-r--r--r--. 1 root root 4096 May  2 10:15 ahci_host_version
-r--r--r--. 1 root root 4096 May  2 10:15 ahci_port_cmd
-r--r--r--. 1 root root 4096 May  2 10:15 can_queue
-r--r--r--. 1 root root 4096 May  2 10:15 cmd_per_lun
lrwxrwxrwx. 1 root root0 May  2 10:15 device -> ../../../host4/
-rw-r--r--. 1 root root 4096 May  2 10:15 eh_deadline
-rw-r--r--. 1 root root 4096 May  2 10:15 em_buffer
-rw-r--r--. 1 root root 4096 May  2 10:15 em_message
-r--r--r--. 1 root root 4096 May  2 10:15 em_message_supported
-r--r--r--. 1 root root 4096 May  2 10:15 em_message_type
-r--r--r--. 1 root root 4096 May  2 10:15 host_busy
--w---. 1 root root 4096 May  2 10:15 host_reset
-rw-r--r--. 1 root root 4096 May  1 18:00 link_power_management_policy
drwxr-xr-x. 2 root root0 May  2 10:15 power/
-r--r--r--. 1 root root 4096 May  2 10:15 proc_name
-r--r--r--. 1 root root 4096 May  2 10:15 prot_capabilities
-r--r--r--. 1 root root 4096 May  2 10:15 prot_guard_type
--w---. 1 root root 4096 May  2 10:15 scan
-r--r--r--. 1 root root 4096 May  2 10:15 sg_prot_tablesize
-r--r--r--. 1 root root 4096 May  2 10:15 sg_tablesize
-rw-r--r--. 1 root root 4096 May  2 10:15 state
lrwxrwxrwx. 1 root root0 May  1 18:00 subsystem ->
../../../../../../../class/scsi_host/
-rw-r--r--. 1 root root 4096 May  2 10:15 supported_mode
-rw-r--r--. 1 root root 4096 May  2 10:15 uevent
-r--r--r--. 1 root root 4096 May  2 10:15 unchecked_isa_dma
-r--r--r--. 1 root root 4096 May  2 10:15 unique_id
-r--r--r--. 1 root root 4096 May  2 10:15 use_blk_mq

And nothing else.  Note that the it's running 3.10.0-862.el7.x86_64.

Seems to have given up, for at least now, but could start flooding the
logs again

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] More oddities...

[m . roth]

My manager's workstation is C 7.4, and it started screaming yesterday
about issues with ata5.

Except that he has one internal and one external drive, and a DVD. Anyone
have clues as to what could be causing this, or where to start looking?

He's rebooted it, and before that, I tried rescan-scsi-bus.sh, with no joy.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: hardware, odd PSU issue

[m . roth]

We have an HP blade enclosure for SL230s Gen 8. Went to replace the four
PSUs in it, 1500W. Got them from one vendor, "refurbished"... and *none*
worked. Returned them, and got them from another vendor, and *none*
worked.

Something odd here. For one, the LED doesn't light up when I'm holding the
PSU and plug it in. Then there's something I just noticed late yesterday:
in the socket of the PSU, on the shorter side of the trapezoid, there are
four copper strips, running from the inside out.

Anyone run into this before? Do these not power up, because they need some
sort of odd power cord with something for those copper strips?

  mark, befuddled

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: thunderbird annoyance

[m . roth]

incoming-cen...@rjl.com wrote:
> Is the folder that you have selected inside of an account whose email
> address is exactly the same as the one that get's cc'ed?  I could see
> where if the messages were forwarded to a different email account, it
> would do this. If this is not the case, go into
> edit->preferences->advanced-config->config editor (like the about:config
> in firefox) and search for cc_ and see if any of those variables are
> turned on.
>
Nothing, there, and looking for reply, I see
mailnews.reply_to_self_check_all_ident;false

   mark
> Nataraj
>
> On 04/27/2018 10:51 AM, m.r...@5-cent.us wrote:
>> incoming-cen...@rjl.com wrote:
>>> On 04/27/2018 07:55 AM, m.r...@5-cent.us wrote:
 Does anyone know if it's even possible to NOT cc myself when I hit
 reply
 all?

 Geez, that's what's in the sent folder
>>> Check your settings for account setting->copies & folders->cc these
>>> email addresses
>>>
>>> When I do a "reply all" I do not get cc'ed.
>>>
>> Just did, and cc these email addresses is not checked.
>>
>>  mark
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: thunderbird annoyance

[m . roth]

incoming-cen...@rjl.com wrote:
> On 04/27/2018 07:55 AM, m.r...@5-cent.us wrote:
>> Does anyone know if it's even possible to NOT cc myself when I hit reply
>> all?
>>
>> Geez, that's what's in the sent folder
>
> Check your settings for account setting->copies & folders->cc these
> email addresses
>
> When I do a "reply all" I do not get cc'ed.
>
Just did, and cc these email addresses is not checked.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: thunderbird annoyance

[m . roth]

Does anyone know if it's even possible to NOT cc myself when I hit reply all?

Geez, that's what's in the sent folder

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] formating DVR-RW

[m . roth]

Michael Hennebry wrote:
> My Centos 6 wodim tell me that it can only format DVD+RW.
> I have DVD-RWs.
> Even when I format a DVD-RW on my standalone DVD recorder,
> wodim still will not write to it.
> Is there a centos-6-useable mechanism
> for formatting and writing DVD-RWs?
>
Have you ever used k3b? It works very nicely.

> Michael   henne...@web.cs.ndsu.nodak.edu
> "Sorry but your password must contain an uppercase letter, a number,
> a haiku, a gang sign, a heiroglyph, and the blood of a virgin."
>   --
Now that's a complete impossibility. I mean, where can you find a virgin
who can (legally) give blood?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] BUG: soft lockup - CPU#0 stuck for 36s! [swapper/0:0]

[m . roth]

Adam Tauno Williams wrote:
> On Mon, 2017-08-07 at 15:26 +, KM wrote:
>> All,This happens on all of our CentOS 7 VMs.  but as stated in the
>> email trail, the file softlockup_thresh does not exist.  Should it be
>> added?  What is the best way to get rid of this behavior.
>> Thanks in advance and sorry if I missed something along the way.KM
>
> Yes, I see this behavior as well.  Never have found a solution - other
> than increasing the threshold and pretending it doesn't happen.
>
We see it a fair bit, and this is on server running on bare metal, not VMs.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpc.statd is not running but is required for remote locking.

[m . roth]

marcos sr wrote:
> Hello
>
> I'm trying to mount a nfs system. But i receive this message:
>
> mount  -t nfs  :/backup /backupnfs
> mount.nfs: rpc.statd is not running but is required for remote locking.
> mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
> mount.nfs: an incorrect mount option was specified
>
> After a fews searchs on google
>
> i tried to execute the files:
>
> sbin/rpc.statd
> /usr/sbin/start-statd


No.

First, what are you running, C6 or C7?

Note that autors and idmapd are not enabled by default, so you need to
a) fix either /etc/auto.master or auto. to include what you want
mounted, then edit /etc/idmapd.conf to correct it. Then

c6:
chkconfig idmapd on
chkconfig autofs on
service idmapd start
service autofs start

D7:
 systemctl enable idmapd
 systemctl start idmapd
 systemctl enable autofs
 systemctl start autofs

Those should start the required daemons. DON'T execute the individual
files manually.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Create CentOS 6 system as "clone" of another - with LVM and different disk sizes

[m . roth]

Toralf Lund wrote:
> Hi,
>
> I just found myself having to set up a new CentOS 6 system with a nearly
> identical configuration to an existing host, so I thought I would just
>
>  1. Do a minimal install to set up partitions etc. on the new system.
>  2. Create an image of the existing system using Clonezilla
> (http://www.clonezilla.org)
>  3. Run a Clonezilla restore on the new system.
>
> - as I though it would be a lot simpler than replicating the exact
> package selection, installing the same users, doing the same manual
> config edits (which are required) etc.
>
> It turns out that it wasn't quite as easy, though. The problem is that
> the system use LVM2 volumes for the filesystems, and the new host has a
> slightly smaller disk than the other, and Clonezilla seems unable to
> restore to a volume that's smaller than the one that was cloned - even
> if the actual data fits.
>
> I guess I could temporarily reduce the LVM volume sizes on the existing
> units and clone again, but I'd rather not if I can avoid it. Just
> copying file-by-file could be an option, too, but I somehow feel less
> comfortable doing that than the above; there is something about the way
> I could end up with a mixture of my "minimal install" and the "cloned"
> data, I suppose.
>
> Does anyone have any other ideas about how I might achieve what I want?

Manually clone it.

On the new machine:
mkdir /new
mkdir /boot/new
rsync -HPavzx --exclude=/old --exclude=/var/log/wtmp $machine:/. /new/.
rsync -HPavzx $machine:/boot/. /boot/new/.

where $machine is the system you're cloning from. You might want to
exclude other logfiles.

To prevent problems with the Ethernet interfaces:

rsync -HPavzx /etc/sysconfig/network-scripts/ifcfg-eth*
/new/etc/sysconfig/network-scripts
rsync -HPavzx /etc/sysconfig/hwconf /new/etc/sysconfig
rsync -HPavzx /boot/grub/device.map /boot/new/grub/
rsync -HPavzx /etc/udev/rules.d/70-persistent-net.rules
/new/etc/udev/rules.d/

Clean log files - you don't really want any of the old systems:

find /new/var/log/ -type f -exec cp /dev/null {} \;

Copy the original SSH keys - you do *not* want the keys of the system
you're cloning from:

rsync -HPavzx /etc/ssh/ssh_host* /new/etc/ssh

Now rotate: zsh, because it lets you load it's builtin-s, so mv works

zsh
zmodload zsh/files

cd /boot
mkdir old
mv * old
mv old/lost+found .
mv old/new/* .

# Root partition.
cd /
mkdir old
mv * old
mv old/lost+found .
#mv old/root . -- WHY?
mv old/scratch .
mv old/new/* .

sync
sync

Also you might want to

  touch /.autorelabel

to shut up selinux.

Note that this assumes the same CPU, etc, Otherwise, you might need to
make a new initrd.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Wich is best for backup? nfs of iscsi?

[m . roth]

marcos sr wrote:
> Hello
>
> I have a CentOS VM with a lots of inodes, and 500GB +/-, running under
> hyper-v . Which is best for backup them? What is the pros and cons?
>
500GB? Buy an eSATA card, external bay, and drop a 4TB drive in.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] motion

[m . roth]

Got a CentOS 7 box running motion. Selinux is complaining that one of the
scripts motion runs is mislabeled. Here's what it is.
system_u:object_r:nfs_t:s0   /home/motion/bin/on_move_end

Now, ~motion is NFS mounted, and we've got use_nfs_home_dirs --> on, so
what *would* the proper label be, or do I really need to create a policy
for this?

 mark


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Windows PC PostScript printer driver -> CUPS data import fails

[m . roth]

Gary Stainburn wrote:
> On Thursday 12 April 2018 16:06:06 m.r...@5-cent.us wrote:

>> I'd recommend, to start, installing msttcorefonts, and see if that
>> helps.
>
> Thanks for this. I will try these two options if I need to.
>
> However, I have found in Windows 10 there is a printer driver Microsoft
> "Print to PDF" which creates a PDF file without the initial PS stage.
This is
> better because it now keeps some of the non-display characters that the
original
> method lost.

Also, if you're printing to pdf in Windows, see if there's an option to
"embed font".

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Windows PC PostScript printer driver -> CUPS data import fails

[m . roth]

Yan Li wrote:
> On 04/12/2018 03:08 AM, Gary Stainburn wrote:
>> The PDF contains:
>>
>> ERROR: invalidfileaccess
>> OFFENDING COMMAND: .findfont
>> OPERAND STACK:
>> r
>> /usr/share/X11/fonts/Type1/UTBI.pfa
>> --nostringval--
>> true
>> NimbusMonL-Regu
>> Courier
>> --nostringval--
>> Courier
>> 4544317
>> Courier
>> Font
>> Courier
> It seems that .findfont can't find a font file that the PS file is
> asking for. Is it possible that your Windows 10 is printing using some
> new fonts that your CentOS doesn't have?
>
> I'd try:
> 1. Use ps2ascii instead of ps2pdf+pdftotext.
>
> 2. Copy all font files from Windows 10 to your CentOS. Maybe put them in
> ~/.fonts and see if that could make ps2pdf happy.
>
I'd recommend, to start, installing msttcorefonts, and see if that helps.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Semi-OT: install python package in userspace

[m . roth]

Valeri Galtsev wrote:

>>> On Fri, 6 Apr 2018 17:25 ,  wrote:
>>>
 CentOS 7 box. As there's no package in any of the repos, we're trying
 to install scikit-learn in the user's space. It refuses. My late try
was,
 after d/l a .whl from last year, hoping that would work with the numpy
 package in the regular repos, I did a pip install --user
 scikit-learn..., and it still seems to want to write to system space:
  OSError: [Errno 13] Permission denied:
 '/usr/lib64/python2.7/site-packages/numpy-1.7.1.dist-info

 Anyone got any pointers?

> Mark, python is a "sneaky snake" ;-) and some modules may require
> particular version of dependencies, therefore they may ignore your
> system wide numpy (even though it may just may be compatible with them),
> and may demand latest version of numpy. Which will explain pip (or
> other) attempting to pull dependencies which allegedly are available
> system wide already.
>
> Just speculating, your own research on your particular issue may give
> your better answer.

Well, my manager came back, and he's got me using virtenv. Having read
about it, I like it.  Oh, and the issue with the system numpy in
site-packages was that, for some reason, it was *not* world-readable.
Fixed that.

So, I'm working on trying to install scipy in the virtenv... and for
unknown reasons, it simply can't find the system libs. I did this before
the last attempt to
export LAPACK=/usr/lib64/liblapack.so.3
export BLAS=/usr/lib64/libblas.so.3
and just added export LD_LIBRARY_PATH=/usr/lib64
Still can't find them.

Clues on this one?

mark


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Semi-OT: install python package in userspace

[m . roth]

Richard Demeny wrote:
> Just sudo it
>
> On Fri, 6 Apr 2018 17:25 ,  wrote:
>
>> CentOS 7 box. As there's no package in any of the repos, we're trying to
>> install scikit-learn in the user's space. It refuses. My late try was,
>> after d/l a .whl from last year, hoping that would work with the numpy
>> package in the regular repos, I did a pip install --user
>> scikit-learn...,
>> and it still seems to want to write to system space: OSError: [Errno 13]
>> Permission denied:
>> '/usr/lib64/python2.7/site-packages/numpy-1.7.1.dist-info
>>
>> Anyone got any pointers?
>>
First, this is a mailing list, not Outlook. Please don't top post.

Second, No. You do not appear to understand the issues.

I am *NOT* installing it as root. This is my manager's approach, and I
agree with it. As it's not a package, in a std. repo, it would not be
updated for bugfixes, and, far more critically, security fixes, when we do
that every month. That's why we want it installed in the user's space.

These are servers, used by many researchers, not someone's home Linux box.
And even at home, I wouldn't install it that way.

And I want him to use the system numpy, not install a newer one, that
would also have the same update issues. Btw, numpy in the std. repos
hasn't been seen a package update since 2015, which is why I'm trying to
install a scikit-learn from last year

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Semi-OT: install python package in userspace

[m . roth]

CentOS 7 box. As there's no package in any of the repos, we're trying to
install scikit-learn in the user's space. It refuses. My late try was,
after d/l a .whl from last year, hoping that would work with the numpy
package in the regular repos, I did a pip install --user scikit-learn...,
and it still seems to want to write to system space: OSError: [Errno 13]
Permission denied:
'/usr/lib64/python2.7/site-packages/numpy-1.7.1.dist-info

Anyone got any pointers?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] memory cgroup max_usage_in_bytes question

[m . roth]

Stijn De Weirdt wrote:
> hi all,
>
> can someone help explaining what we are seeing? it makes no sense to us.
> this is a host running centos 7.4 with 3.10.0-693.17.1 kernel, and it
> has 192GB of ram
>
>> [] free -b
>>   totalusedfree  shared  buff/cache
>> available
>> Mem:201402642432 14413479936 7564277760048586752 111346384896
>> 185689632768
>> Swap:   2147483238431961088 21442871296
>> [] cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes
>> 273102151680
>
> how can the max be so much higher than total, and this is not even memsw?
>
> either we're very tired and are overlooking something obvious, or
> there's something new to be learned ;)
>
Wonder if it's overcommitting memory.VMs do that, as a matter of course.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What is the universal (world wide) understanding behind degaussing harddisks?

[m . roth]

Fred Smith wrote:
> On Mon, Apr 02, 2018 at 05:29:13PM +0100, Phil Dobbin wrote:
>> On 02/04/18 15:09, wwp wrote:
>>
>> > Hello,
>> >
>> >
>> > On Mon, 2 Apr 2018 10:01:56 -0400 m.r...@5-cent.us wrote:
>> >
>> >> Turritopsis Dohrnii Teo En Ming wrote:
>> >>> Good evening from Singapore!
>> >>>
>> >>> The foremost question which I want to ask is, what is the universal
>> >>> (world wide) understanding behind degaussing hard drives?
>> >>>
>> >>> I work for No Secrets Agency (NSA) Pte Ltd (fictitious company name
>> >>> used). My sales manager Edward Joseph Snowden (fictitious individual
>> >>> name used) had *promised* our customer Leave Me in the Lurch (S) Pte
>> >>> Ltd (fictitious company name used) that we would "DEGAUSS" their
>> hard
>> >>> disks after the PC replacement and data migration exercise for 15
>> >>> trillion PCs (fictitious number used).
>> >>>
>> >>> PC = Personal Computer, which includes desktops and laptops
>> >>>
>> >> 
>> >> A little too much other info, and overly eloquent. However, if your
>> >> company told the client that you were going to deGauss all the h/d,
>> that's
>> >> what you need to do, contractually.
>> >>
>> >> If they've had a second discussion, and only want the data deleted,
>> that's
>> >> another story.
>> >>
>> >> Is the data on a different partition than the o/s (i.e., /data? If
>> so, you
>> >> can easily wipe the data, using say, shred, or DBAN (which offers
>> both
>> >> 3-pass and the full 7-pass DoD 5220.22-M). If it's in the same
>> partition,
>> >> and the same filesystem, you've got other issues. How do you
>> *guarantee*
>> >> that there's no user data - say, installed third-party software mixed
>> with
>> >> the o/s?
>> >>
>> >> Note that you really do have to make any third-party software, if
>> it's
>> >> commercial, Go Away.
>> >
>> > Note that the original message has also been sent to the fedora users
>> > mailing list, no doubt it's spam now.
>>
>> this message turned up on ubuntu users as well.
>
> which explains why I'm NOT going to view the attached file. You neer
> know what is in it.
>
Perhaps, then, the poster needs their head deGaussed

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What is the universal (world wide) understanding behind degaussing harddisks?

[m . roth]

Turritopsis Dohrnii Teo En Ming wrote:
> Good evening from Singapore!
>
> The foremost question which I want to ask is, what is the universal
> (world wide) understanding behind degaussing hard drives?
>
> I work for No Secrets Agency (NSA) Pte Ltd (fictitious company name
> used). My sales manager Edward Joseph Snowden (fictitious individual
> name used) had *promised* our customer Leave Me in the Lurch (S) Pte
> Ltd (fictitious company name used) that we would "DEGAUSS" their hard
> disks after the PC replacement and data migration exercise for 15
> trillion PCs (fictitious number used).
>
> PC = Personal Computer, which includes desktops and laptops
>

A little too much other info, and overly eloquent. However, if your
company told the client that you were going to deGauss all the h/d, that's
what you need to do, contractually.

If they've had a second discussion, and only want the data deleted, that's
another story.

Is the data on a different partition than the o/s (i.e., /data? If so, you
can easily wipe the data, using say, shred, or DBAN (which offers both
3-pass and the full 7-pass DoD 5220.22-M). If it's in the same partition,
and the same filesystem, you've got other issues. How do you *guarantee*
that there's no user data - say, installed third-party software mixed with
the o/s?

Note that you really do have to make any third-party software, if it's
commercial, Go Away.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] xfs file system errors

[m . roth]

Jerry Geis wrote:
> How do I fix an xfs file system error ?
>
> I searched and it says to run xfs_repair /dev/sda1 - did not work.
> I got an error on boot and the machine dropped into service mode by
> entering the PW. I entered the above command and it said couldnt load
> library...
>
> SO I rebooted, dropped into rescue mode. Again I entered the command above
> and it said teh same thing.something about could not load library
>
> What am I missing ? Thanks,

Question #0: where is the library? It's not on /dev/sda1, is it?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Squid + SquidGuard : static block page not working

[m . roth]

Nicolas Kovacs wrote:
> Hi,
>
> I've been working with Squid + SquidGuard for a few years, though only
> on Slackware. I'm currently transferring my proxy expertise to CentOS 7,
> and right now I'm having a little problem with that.
>
> Squid works perfectly so far as a transparent HTTP + HTTPS cache proxy.
>
> The next step is to add SquidGuard, so I installed it and edited the
> most basic /etc/squid/squidGuard.conf file possible.
>
> In this setup, my workstation (192.168.2.2) is allowed to access
> anything on the Web, and all other client machines on the networks are
> blocked and should be redirected to the avertissement.html block page
> for every request.


Stupid questions:
   0. Does http://nestor.microlinux.lan/avertissement.html exist?
   1. What are its ownership and group?
   2. Can Apache access that directory and file?

mark


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] An selinux issue

[m . roth]

CentUS 7.4

>From sealert:
SELinux is preventing /usr/sbin/sshd from read access on the file
/etc/ssh/moduli.

*  Plugin restorecon (94.8 confidence) suggests  


If you want to fix the label.
/etc/ssh/moduli default label should be etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/ssh/moduli
<...>
Additional Information:
Source Contextsystem_u:system_r:sshd_t:s0-s0:c0.c1023
Target Contextsystem_u:object_r:unlabeled_t:s0
Target Objects/etc/ssh/moduli [ file ]
Sourcesshd
Source Path   /usr/sbin/sshd
-

Except:
ls -laFZ /etc/ssh/moduli
-rw-r--r--. root root system:object_r:etc_t:s0 /etc/ssh/moduli

ls -laFZ /usr/sbin/sshd
-rwxr-xr-x. root root system_u:object_r:sshd_exec_t:s0 /usr/sbin/sshd*

And I even restarted sshd. So, what's selinux seeing that I'm not?


  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] A question about smb.conf between C6 and c7

[m . roth]

Are there any? Will a C 6 conf work under C 7?

A pointer to a README would be appreciated on configuration differences,
if any.

Thanks in advance.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Two MACs for one IP

[m . roth]

The reason I want to assign one IP to two MAC addresses is that I have one
(and only one) user for whom I have to spoof the MAC address (it's a case
of stupid software licensing). But... his system is encrypted. Now, we're
using clevis to allow reboots without someone being at the keyboard to
type in the password. Those of you who've looked at clevis see where this
is going: clevis uses the *real* firmware MAC address to get the key from
the latchset server... while currently, the dhcpd *only* knows the spoofed
MAC address.

After the system's unlocked, it boots, and comes up with the spoofed MAC
address.

It *appears* I can do this, but I thought I'd ask here if there were any
issues that dhcpd itself would have if I do.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] OT: configuring xming to know putty's not in a std. location

[m . roth]

Pete Biggs wrote:
> On Wed, 2018-02-07 at 14:45 -0500, m.r...@5-cent.us wrote:
>> Is there some way to do this? I've got the current putty (actually,
>> putty-cac), pageant, and plink in my user's Downlods directory - neither
>> he nor I have admin authority on his laptop, and Desktop support's
>> teleworking today - but I can't seem to find a way to configure xming to
>> look there for putty.
>>
>> Or is it start putty, *then* start xming?
>>
>
> No start xming in passive mode (I don't know xming so don't know how to
> do that - you just want to start the xserver and not have it start any
> applications on the remote machine).
>
> Start putty with X11 forwarding turned on and connect.
>
> You should now be able to start X programs.
>
> The important thing is that the server needs to be started before
> initiating the connection so that a display can be assigned.

Thank you! That did it. He's happy.
>
> Can I suggest an alternative though. I've started using MobaXterm
> recently and I'm quite impressed: X11 server, SSH/putty client built
> in, GL capable etc.  Home use is free.

I can look at it, but this is what he knows, and he's too busy to try
something else. Hell, he's just pushed me updating and rebooting his
at-work CentOS workstation until next week, and I have a job to keep them
going, not for my convenience. 

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] OT: configuring xming to know putty's not in a std. location

[m . roth]

Is there some way to do this? I've got the current putty (actually,
putty-cac), pageant, and plink in my user's Downlods directory - neither
he nor I have admin authority on his laptop, and Desktop support's
teleworking today - but I can't seem to find a way to configure xming to
look there for putty.

Or is it start putty, *then* start xming?

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Allowing non-root users to reboot a workstation

[m . roth]

Felipe Westfields wrote:
> I would like to be able to allow regular users that don't have admin
> privileges to be able to reboot their workstation. (they're software
> developers so rebooting their workstation doesn't affect anybody else)
>
> I tried changing the ownership of /sbin/reboot and /sbin/shutdown to
> root:users and permissions to 550, but that didn't work - it's still
> asking
> for root privileges.
>
> Possibly the problem might be that there's centralized LDAP
> authentication, not local, so the changes I made only apply to
> local accounts?
>
> Any suggestions?

Um, I take it that a three-finger kill doesn't work?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Slightly OT : newsletters, mail formatting and netiquette

[m . roth]

Cameron Smith wrote:
> Look into mutipart and offer both html and plain text in the same email.
> This allows the client to view it as they see fit.
>
> If you do send html it has a much more restrictive implementation than
> html
> and css for a webpage so study up on what you can and can't do.
> Mailchimp has some great info about this.
>
Personally, I'd suggest giving the subscribers the *option* of either. I
really dislike HTML email, and even when I can read it, it's *really*
ugly.

But then, I also consider HTML email a *great* way to spread malware.

mark
> Cameron
>
> On Fri, Feb 2, 2018 at 1:36 AM, Nicolas Kovacs  wrote:
>
>> Hi,
>>
>> This question is not exactly CentOS-related strictly speaking, but here
>> goes. I'm running a few newsletter servers for myself and a handful of
>> clients on public CentOS servers with PHPList.
>>
>> For the last twenty years or so I've followed the basic rule that mails
>> should have no formatting whatsoever, only simple text. And now I wonder
>> if that basic rule of netiquette also applies to newsletters.
>>
>> I'm a subscriber to a series of tech-related newsletters, and I couldn't
>> help but notice that they all seem to be HTML-formatted, even those from
>> respectable hardcore geek groups.
>>
>> So my somewhat naive question: is HTML formatting acceptable in
>> newsletters?
>>
>> Cheers,
>>
>> Niki
>> --
>> Microlinux - Solutions informatiques durables
>> 7, place de l'église - 30730 Montpezat
>> Site : https://www.microlinux.fr
>> Blog : https://blog.microlinux.fr
>> Mail : i...@microlinux.fr
>> Tél. : 04 66 63 10 32
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] logging in

[m . roth]

Interesting. lastlog was always my go-to. However, at least in C6, last
gets it, while lastlog does not.

How odd.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] logging in

[m . roth]

Marcelo Roccasalva wrote:
> On Tue, Jan 30, 2018 at 3:26 PM,  wrote:
>>
>> This is odd.
>>
>> We're seeing a *lot* of
>> sshd[8400]: Timeout, client not responding.
>
> Is it possible you are testing ssh availability from nagios, monit, or
> some other software that connects to the port 22 without logging in?
>
Ok, I guess I wasn't clear. First, selinux is in permissive mode. Second,
I, my manager, and another user have all logged into the server. Yet
lastlog | grep -v Never shows only root and the years-old security
account. It doesn't show any of us.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] logging in

[m . roth]

This is odd.

We're seeing a *lot* of
sshd[8400]: Timeout, client not responding.
So I'm trying to find out whose client is having issues. Trying to figure
that, after processes are gone, I tried looking in lastlog, which is where
it gets odd. lastlog shows root coming in, and it shows a security account
coming in... years ago.

I see one of our users logging in a goodly number of times... but lastlog
doesn't show him. I just logged in as myself, no password, using keys...
and lastlog doesn't show me, or my manager, or anyone else.

Does anyone have any idea why lastlog's not recording *all* logins?

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /lib/firmware/microcode.dat update on CentOS 6

[m . roth]

Leroy Tennison wrote:
> What's amazing to me is, after "Intel Inside - don't divide" (their 486
> debacle), they didn't learn and have a better plan for addressing these
> kinds of things.
>
Or, as some of us back then referred to it, the RePentium chip (think
again...)

mark
> - Original Message -
> From: "Chris Murphy" 
> To: "centos" 
> Sent: Wednesday, January 24, 2018 12:06:01 PM
> Subject: Re: [CentOS] /lib/firmware/microcode.dat update on CentOS 6
>
> On Tue, Jan 23, 2018 at 4:26 AM, Johnny Hughes  wrote:
>
>>
>> Here are a couple of posts for our reading pleasure:
>>
>> Intel recommends not installing the microcode now:
>> http://intel.ly/2DsL9qz
>
> Except this doesn't mention microcode at all. I can't even tell WTF
> they're recommending not doing in this doc, it's that badly written.
> You have to infer, by reading two prior docs, that they're referring
> to microcode. And then you have to assume that's still what they're
> referring to when they say:
>
> "We recommend that OEMs, cloud service providers, system
> manufacturers, software vendors and end users stop deployment of
> current versions."  Current versions of what? Microcode?
>
> But yes, indeed they appear to have pulled the 20180108 microcode,
> which was previously set to latest at this link, and it is now
> reverted to the 20171117 microcode.
>
> https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File?v=t
>
> What these means for people who have CPUs which were not crashing
> (rebooting being a new euphemism for crashing) , but saw variant 2
> Spectre mitigation with the 20180108 microcode, will lose full
> mitigation until Intel gets its ducks into a row.
>
>
> *eye roll*
>
>
>
>> Linus Torvalds agrees:
>> http://tcrn.ch/2n2mEcA
>
> His comments aren't about microcode though. And it also looks like he
> got IBRS and IBPB confused. The better post on this front is
>
> https://lkml.org/lkml/2018/1/22/598
>
> As far as I know, there still is no mitigation for Spectre variant 1.
>
>
>
> --
> Chris Murphy
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] An rpm specfile quesstion [SOLVED]

[m . roth]

m.r...@5-cent.us wrote:
> I've built an rpm package to distribute an executable and datafiles, but I
> need to link to the executable, with the symlink with a different name,
> into /usr/sbin/
>
> If I make the symlink in the %post, it doesn't show if you do rpm -ql, and
> /usr/sbin/link gives "not owned by any package". If I make  path>/usr/bin during the %install, trying to install it gives me
> /usr/sbin's already owned by the filesystem package.
>
> What's the correct way to do this, so it shows with rpm -ql?
>
Never mind, folks, the error was in my %files section. My manager had the
correct answer, to use /usr/libexec and /usr/sbin, so the build didn't try
to package the directories.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] An rpm specfile quesstion

[m . roth]

I've built an rpm package to distribute an executable and datafiles, but I
need to link to the executable, with the symlink with a different name,
into /usr/sbin/

If I make the symlink in the %post, it doesn't show if you do rpm -ql, and
/usr/sbin/link gives "not owned by any package". If I make /usr/bin during the %install, trying to install it gives me
/usr/sbin's already owned by the filesystem package.

What's the correct way to do this, so it shows with rpm -ql?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7 autofs flakyness

[m . roth]

I have a user who couldn't get in via WinSCP to a server. Got him to log
in via putty, and that was fine. But he still couldn't get in the other
way. At my manager's suggestion, I restarted autofs... and everything
worked.

Note that his home director5y was already automounted via NFS, after he
logged in via putty. We've seen other, similar oddities with NFS. Is
anyone else seeing this, or have a clue?

Btw, there were no errors showing in /var/log/messages, journal, I saw
this in dmesg: task mount.nfs:83892 blocked for more than 120 seconds, but
that was from four days ago, and my user just reported the problem
yesterday, though he hadn't tried to use WinSCP in about a month.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 1600x900 not available

[m . roth]

Sean Smith wrote:
>
> On 01/11/2018 12:34 PM, m.r...@5-cent.us wrote:
>> Sean Smith wrote:
>> 
>>> setting my resolution to 1600x900 is a cheesy, yet effective, way to do
>>> get what I need.
>>>
>>> ...Now if I can just get my touchpad to FRICK'N disable while typing.
>>>
>> If/when you do, *PLEASE* post the solution. If you're a manager, or
>> gamer, I guess touchpads are great. If you're *typing*, they're dreadful,
>> that's where the ball of my thumb goes.
>
> Okay, got the "disable touchpad while typing" thingy working.
>
> Here's what I did:
>
> Install dconf-editor if you haven't already.
>
> Then, from a console (not as su), run:
>
> dconf write /org/gnome/desktop/peripherals/touchpad/disable-while-typing
> true
>
> This seems to have worked for me.
>
I usually run kde, so I'll have to look for something similar. Thanks,
though.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] 1600x900 not available

[m . roth]

Sean Smith wrote:

> setting my resolution to 1600x900 is a cheesy, yet effective, way to do
> get what I need.
>
> ...Now if I can just get my touchpad to FRICK'N disable while typing.
>
If/when you do, *PLEASE* post the solution. If you're a manager, or gamer,
I guess touchpads are great. If you're *typing*, they're dreadful, that's
where the ball of my thumb goes.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] An rpmbuild spec question

[m . roth]

Jonathan Billings wrote:
> On Wed, Dec 27, 2017 at 06:09:21PM -0500, m.r...@5-cent.us wrote:
>> Sure. I think I'm closer, but I'm also at the point where I'm just
>> trying things. My current issue, that I keep falling back to, is the
>> install *INSISTS* that it has to add a - after version.
>>
>> %prep
>>
>> %install
>> mkdir $RPM_BUILD_DIR/opt/smipmicfg-%{version}
>>  install -m 744 -d %{buildroot}/%{name}-%{version}
>>
>> %clean
>> rm -rf %{buildroot}
>>
>> %files
>> %{buildroot}/%{name}
>>
>> All I want to build is a package to create /opt/smipmicfg-1.20.0, and
>> copy
>> files into it.
>>
>> What I see from the rpmbuild is
>> + cd /usr//local//src//rpmbuild/BUILD
>> + '['
>> /usr/local/src/rpmbuild/BUILDROOT/smipmicfg-1.27.0-.el7.centos.x86_64
>> '!='
>> / ']'
>> And you see that "-" after the name/version
>
> You're missing a lot of package metadata in your spec file.
>
> I suggest starting over, install rpmdevtools, use:
>
> rpmdev-newspec -t minimal smipmicfg
>
> It will create a file smipmicfg.spec, and it will be fully populated
> with a mimimal spec file.  You can probably just remove the %build
> section entirely, and just use the %install section to extract the
> contents of the tarball (or just create the dir and copy %{SOURCE0} to
> %buildroot/opt/smipmicfg-1.20.0 if it's just one file and not a
> tarball).  It sounds like most of the problems you're having is that
> you've got a fragment of a SPEC file and not the whole thing.

The "most of a specfile" is something I copied and hacked. Thanks, I'd
seen and installed rpmdevtools, but your comments help. Much appreciated.

And I'm about to take off for a long weekend, so I'll be back at this next
week.

Happy New Year to all, and may the new one be better than the old (PLEASE!).

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 7 and btrfs

[m . roth]

Matt wrote:
> I am setting up a new test server.  Doing a fresh install from CD onto
> a couple 4TB drives.  Would like to try btrfs in a RAID 1 format.  Are
> there any how to's on how to do that?

I was under the impression that upstream was deprecating BTRFS.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] An rpmbuild spec question

[m . roth]

Stephen John Smoogen wrote:
> On Wed, Dec 27, 2017 at 3:41 PM  wrote:
>
>> I'm trying to build a package to create a directory and install some
>> files. My rpmbuild keeps failing, unable to cd into the directory, "no
>> such". Now, in the tmpfile, I *see* it cd'ing into BUILD/opt, and the
>> source was unzipped and untared into BUILD/opt/smipmicfg-1.27.0. In the
>> spec file, I've even added a cd $RPM_BUILD_ROOT/opt, and I see it cd to
>> there... and then it says it fails cd'ing into the directory under it.
>>
>> I've been doing a lot of googling, but nothing seems to fix this. Anyone
>> got a clue?
>>
> Can you post any of the rpm spec file OR the tmp file? Without that it is
> very hard to know what you are trying to do and what it is actually doing
> instead.
>
Sure. I think I'm closer, but I'm also at the point where I'm just trying
things. My current issue, that I keep falling back to, is the install
*INSISTS* that it has to add a - after version.

%prep

%install
mkdir $RPM_BUILD_DIR/opt/smipmicfg-%{version}
 install -m 744 -d %{buildroot}/%{name}-%{version}

%clean
rm -rf %{buildroot}

%files
%{buildroot}/%{name}

All I want to build is a package to create /opt/smipmicfg-1.20.0, and copy
files into it.

What I see from the rpmbuild is
+ cd /usr//local//src//rpmbuild/BUILD
+ '['
/usr/local/src/rpmbuild/BUILDROOT/smipmicfg-1.27.0-.el7.centos.x86_64 '!='
/ ']'
And you see that "-" after the name/version

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] An rpmbuild spec question

[m . roth]

I'm trying to build a package to create a directory and install some
files. My rpmbuild keeps failing, unable to cd into the directory, "no
such". Now, in the tmpfile, I *see* it cd'ing into BUILD/opt, and the
source was unzipped and untared into BUILD/opt/smipmicfg-1.27.0. In the
spec file, I've even added a cd $RPM_BUILD_ROOT/opt, and I see it cd to
there... and then it says it fails cd'ing into the directory under it.

I've been doing a lot of googling, but nothing seems to fix this. Anyone
got a clue?

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Unable to run TeamViewer 13 under Centos 7 (amd64)

[m . roth]

Manish Jain wrote:
>
> On 12/19/17 22:11, Manish Jain wrote:
>> On 12/19/17 22:07, Jonathan Billings wrote:
>>> On Tue, Dec 19, 2017 at 02:54:36PM +, Manish Jain wrote:
 I uninstalled the old TV, and installed the version you indicated, but
 I
 get nothing at all:

 /home/bourne # teamviewer

 Init...
 CheckCPU: SSE2 support: yes
 Checking setup...
 Launching TeamViewer ...
 Launching TeamViewer GUI ...
 /home/bourne #

 I deleted ~/.config/teamviewer* and ~/.local/share/teamviewer*, but
 still no luck.

 Is it possible that this has something to do with Centos 7 running as
 a
 vm (under VirtualBox) in my box ? (But then, Manjaro vm works fine).
>>>
>>> Maybe you have a customized $PS1 (or other shell) but with a shell
>>> prompt that includes '#', it makes me wonder if you're running this as
>>> the logged-into-X user or as root?
>>>
>>
>> Hi Jonathan,
>>
>> Thanks for joining the thread.
>>
>> I am doing this as a normal user (bourne), logged in with xfce4.
>
> I recreated the vm - this time letting the TV rpm pull in all its deps.
> But the situation remains the same - No TV window from teamviewer.
>
Have you tried looking in either ~/.xsession-errors or /var/log/Xorg.0.log?

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Question on CentoS 7.4 on nvidia

[m . roth]

Yan Li wrote:
> If you need to use a non stock kernel, you can also try to download the
> latest driver directly from nvidia. The nvidia official driver is very
> easy to install and works with almost all kernel versions. It can also be
> easily uninstalled too.

Make sure you have the correct one, though. I have a number of systems
with older NVidia cards, and have to pick and choose the correct "legacy"
driver.

mark
>
> On Dec 14, 2017 1:51 PM, "Jerry Geis"  wrote:
>
>> I installed the elrepo kmod-nvidia and also the nvidia-detect and
>> modules
>> (see below).
>>
>> I had X working with the 3.10 from Centos  - but video was freezing. SO
>> I
>> thought I would try the elrepo kernel. I installed that and X does not
>> come
>> up?
>>
>> How do I re-make the nvidia module for 4.14.5 kernel? I want to make
>> sure
>> the kmod kernel did it.   I 'm thinking it did not.
>>
>> lspci | grep VGA says GT218
>>
>> Or  what do I look at now to see why X is not coming up?
>>
>> Thanks,
>>
>> Jerry
>>
>> uname -r
>> 4.14.5-1.el7.elrepo.x86_64
>>
>>
>> grep EE /var/log/Xorg.0.log
>> (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
>> [   136.998] (EE) NVIDIA: Failed to initialize the NVIDIA kernel module.
>> Please see the
>> [   136.998] (EE) NVIDIA: system's kernel log for additional error
>> messages and
>> [   136.998] (EE) NVIDIA: consult the NVIDIA README for details.
>> [   136.998] (EE) No devices detected.
>> [   136.998] (EE)
>> [   136.998] (EE) no screens found(EE)
>> [   136.998] (EE)
>> [   136.998] (EE) Please also check the log file at
>> "/var/log/Xorg.0.log"
>> for additional information.
>> [   136.998] (EE)
>> [   137.004] (EE) Server terminated with error (1). Closing log file.
>>
>> uname -a
>>
>> rpm -qa | grep kernel
>> kernel-3.10.0-693.el7.x86_64
>> kernel-tools-3.10.0-693.5.2.el7.x86_64
>> abrt-addon-kerneloops-2.1.11-48.el7.centos.x86_64
>> kernel-headers-3.10.0-693.5.2.el7.x86_64
>> kernel-ml-devel-4.14.5-1.el7.elrepo.x86_64
>> kernel-devel-3.10.0-693.el7.x86_64
>> kernel-3.10.0-693.5.2.el7.x86_64
>> kernel-ml-4.14.5-1.el7.elrepo.x86_64
>> kernel-tools-libs-3.10.0-693.5.2.el7.x86_64
>> kernel-devel-3.10.0-693.5.2.el7.x86_64
>> [root@mediaport14 ~]# rpm -qa | grep kernel-ml
>> kernel-ml-devel-4.14.5-1.el7.elrepo.x86_64
>> kernel-ml-4.14.5-1.el7.elrepo.x86_64
>>
>>
>> # rpm -qa | grep nvidia
>> kmod-nvidia-340xx-340.102-4.el7_4.elrepo.x86_64
>> nvidia-detect-384.90-1.el7.elrepo.x86_64
>> yum-plugin-nvidia-1.0.2-1.el7.elrepo.noarch
>> nvidia-x11-drv-340xx-340.102-1.el7.elrepo.x86_64
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LUKS question

[m . roth]

John Hodrien wrote:
> On Wed, 13 Dec 2017, Kern, Thomas (CONTR) wrote:
>
>> If your requirement is for the entire system to be encrypted then I
>> think the only is a system rebuild, but if you can convince management
that a
>> good compromise is encrypting only the applications and their data, you
>> should be
>> able to add encrypted storage, copy the sensitive files and wipe the old
>> allocations. I have done this for a test system encrypting a MySQL
>> database
>> instance and a web server instance, in anticipation of an "encrypted at
>> rest" directive coming down from management.
>
> How about:
>
> Add temporary storage, encrypted, set as a PV, add to VG.  Rebuild
> initramfs,
> and reboot, confirming that it properly unlocks the storage as expected.
> pvmove, delete internal PV and replace with encrypted PV, pvmove back?
>
> You'd hope that'd be quite tolerant of being interrupted in the middle.
>
> If you're happy that works, the same recipe should work without a reboot.
>
Or, as we're doing, make sure everyone's off, make a final full backup (I
assume you're doing nightly backups), rebuild, then restore from backup.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] upgrading python

[m . roth]

Larry Martell wrote:
> On Mon, Dec 11, 2017 at 4:32 PM, Larry Martell 
> wrote:
>> On Mon, Dec 11, 2017 at 4:25 PM, Clint Dilks 
>> wrote:
>>> On Tue, Dec 12, 2017 at 10:09 AM, Larry Martell
>>> 
>>> wrote:
 On Tue, Dec 5, 2017 at 8:22 AM, Pete Biggs  wrote:
 > On Tue, 2017-12-05 at 14:16 +0100, Kai Grunau wrote:
 >> On 05.12.2017 14:05, Larry Martell wrote:
 >> > I am running CentOS 7 and I have python version:
 >> > Python 2.7.5 (default, Sep 15 2016, 22:37:39)
 >> > I need a newer version of 2.7 to pick up a bug fix. How can I do
 >> that (without breaking anything in CentOS)?

 > Or use Software Collections, the Python27 package from there has
 > 2.7.13
 >  https://www.softwarecollections.org/en/scls/rhscl/python27/
 >  https://wiki.centos.org/AdditionalResources/Repositories/SCL

 I followed the instructions at the first link and I still only seem to
 have 2.7.5. How can I specify a newer version?
>>
>>> Hi, perhaps reading https://www.softwarecollections.org/en/ and
>>> https://www.softwarecollections.org/en/scls/rhscl/python27/ will help.
>>>
>>> Have you done scl enable python27 bash in your current shell?
>>
>> Thanks. Missed that. Now I do get 7.5.13 but it seems I have to type
>> that command in each new shell. Can I make that the default python? I
>> want django and uWSGI to use that version.

I guess my very brief suggestion  wasn't understood: in whatever shell
script you use to start the tools you want to use, insert, at the top,
right under the #!/bin/bash, the line
 . /opt//enable
so that the paths are set for that shell script, and all its children.
This will not result in you going into python's command line, nor will it
affect anything else, including yum.

   mark


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] upgrading python

[m . roth]

Pete Biggs wrote:
> On Mon, 2017-12-11 at 15:44 -0600, Frank Cox wrote:
>> On Mon, 11 Dec 2017 16:32:06 -0500
>> Larry Martell wrote:
>>
>> > Can I make that the default python?
>>
>> ~/.bashrc
>>
> No. I'm not entirely sure that is a good idea! No, not all.
>
> 'scl enable python27 bash' creates a *new* shell with the correct
> environment.  As each invocation of bash reads .bashrc, it will also
> create another new shell which will then read .bashrc and create
> another shell 
>
> Depending on the speed of your machine and disks and how much memory
> you have, it will take a few seconds to a few minutes to grind your
> machine to a halt.

The simplest way is to . https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7 and docker storage (folllowing myself up)

[m . roth]

m.r...@5-cent.us wrote:
> Gianluca Cecchi  wrote:
>> Date: Thu, 30 Nov 2017 09:55:58 +0100
>> On Wed, Nov 29, 2017 at 10:23 PM,  wrote:
>>
>>> The latter would explain the message my user's job gave him when it
>>> tried to umount /
>>>
>>> A bit of googling, and I see something called overlayFS can be used...
>>> but I know nothing about that, or how dangerous it is.  Anyone got a
>>> pointed to something more than the minimal how to configure docker
>>> to use it?
>>>
>> You could follow CentOS Atomic SIG
>> https://wiki.centos.org/SpecialInterestGroup/Atomic
>> http://www.projectatomic.io/download/
>>
>> and/or read here and adapt in case for your storage needs:
>> http://www.projectatomic.io/docs/docker-storage-recommendation/
>>
>> See also here for overlayfs addiction in CentOS Atomic Host in September
>> this year
>> https://seven.centos.org/2017/09/new-centos-atomic-host-with-overlayfs-storage/
>>
> Interesting, but it doesn't help me: I can't rebuild the server, it's in
> use, and I yum installed docker from the std. repos. What I see from the
> links tells me how to switch storage, not how to manually configure
> overlay2 storage, and whether I can do as I said, and point it to an
> NFS-mounted location.
>
I just found some RH documentation for C 7 on overlayfs, and I see it says
that NFS is only usable for the the docker graphs So, I just found, on
the two systems I'm working with it on, an unused drive. Does anyone know
if it is the case that I *cannot* use the partition, but need to make an
LVM on it, for docker to use it?

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C7 and docker storage

[m . roth]

Gianluca Cecchi  wrote:
> Date: Thu, 30 Nov 2017 09:55:58 +0100
> On Wed, Nov 29, 2017 at 10:23 PM,  wrote:
>
>> The latter would explain the message my user's job gave him when it tried
>> to umount /
>>
>> A bit of googling, and I see something called overlayFS can be used... but
>> I know nothing about that, or how dangerous it is.  Anyone got a pointed
>> to something more than the minimal how to configure docker to use it?
>>
> You could follow CentOS Atomic SIG
> https://wiki.centos.org/SpecialInterestGroup/Atomic
> http://www.projectatomic.io/download/
>
> and/or read here and adapt in case for your storage needs:
> http://www.projectatomic.io/docs/docker-storage-recommendation/
>
> See also here for overlayfs addiction in CentOS Atomic Host in September
> this year
> https://seven.centos.org/2017/09/new-centos-atomic-host-with-overlayfs-storage/
>
Interesting, but it doesn't help me: I can't rebuild the server, it's in
use, and I yum installed docker from the std. repos. What I see from the
links tells me how to switch storage, not how to manually configure
overlay2 storage, and whether I can do as I said, and point it to an
NFS-mounted location.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C 7, docker, and storage

[m . roth]

I may have missed some overnight replies to my question from yesterday -
if so, sorry.

>From my googling, it looks like I should change from the loopback device
to overlayFS (with overlay2). What I haven't found is, first and foremost,
more clarity on configuring storage.

It *appears* that the loopback storage is just a directory under
/var/lib/docker (yet I see a reference in someone's blog to ~docker - *is*
/var/lib/docker intended as ~docker?

Can I make a docker directory elsewhere, on another filesystem that has a
lot of space, and configure docker to use that, or do I need to symlink
from /var/lib/docker to the new place? And should I move all the old stuff
under /var/lib/docker to the new location (of course have shut down
docker)?

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C7 and docker storage

[m . roth]

Was working on docker on a server, and on startup, I see
Nov 29 10:58:27  dockerd-current:
time="2017-11-29T10:58:27.612849959-05:00" level=warning msg="devmapper:
Usage of loopback devices is strongly discouraged for production use.
Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to
dm.thinpooldev section."
Nov 29 10:58:27  dockerd-current:
time="2017-11-29T10:58:27.655600686-05:00" level=warning msg="devmapper:
Base device already exists and has filesystem xfs on it. User specified
filesystem  will be ignored."

The latter would explain the message my user's job gave him when it tried
to umount /

A bit of googling, and I see something called overlayFS can be used... but
I know nothing about that, or how dangerous it is.  Anyone got a pointed
to something more than the minimal how to configure docker to use it?

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Missing /usr/share/perl5 in C7

[m . roth]

Mark Haney wrote:
> On 11/29/2017 01:43 PM, m.r...@5-cent.us wrote:
>> Mark Haney wrote:
>
>>>
>>> Any idea what happened?
>>
>> No idea what could have happened, but if it were me, I wouldn't copy
>> anything - I'd yum reinstall instantly. You have no idea what *else* is
>> missing.
>>
>> Thinking about it... you might consider verifying the entire system.
>> Since something's missing from initscripts, I'd worry a *lot*.
>
> Believe me, I am.  Unfortunately and unbeknownst to me, this box has
> been in production on the customer side for a couple of weeks now.
> I've checked every other box that's been kickstarted for the last month
> and none show the same problems.  It's really bizarre.

Some admin ran find / -exec rm -f {} \;, when they meant to run find
/somepathorother.
>
> And as far as the /etc/init.d/functions file goes, C7 doesn't place it
> there, it's in /etc/rc.d/init.d/functions, so symlinking to it from
> /etc/init.d/ fixed that particular problem.
>
> The weird issue with /usr/share/perl5/ is that there was some files and
> directories there, just not everything, so it wasn't completely empty.
> I have no real answer to that, though.
>
> But, right now, the box is stable for what it will be doing, and I've
> got a production MySQL server to troubleshoot why it's imploded twice
> the last two nights after being up for 400 days without trouble.
>
> The joys of dealing with multiple dumpster fires at a time is why I love
> (and hate) IT.
>
Best of luck.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Missing /usr/share/perl5 in C7

[m . roth]

Mark Haney wrote:
> I'm under a bit of a crunch here, so any immediate help would be
> appreciated. We kickstart our customer boxes and have started migrating
> to CentOS 7.  We're running Radiator 4.6 1 (I know, but bear with me)
> and we just deployed our first radius box to a customer to be turned up
> today. (I know, I know. I had no idea it wasn't being tested sooner than
> this.)
>
> I was brought in because the strict.pm perl module was missing and
> causing compilation errors.  It turns out nearly the entire
> /usr/share/perl5/  directory was pretty much empty.  I ended up having
> to copy that directory over from another C7 server which was intact.
>
> yum whatprovides /usr/share/perl5/strict.pm tells me it's the base
> perl-5.16.x package, which is installed on this box.
>
> Any idea what happened?

No idea what could have happened, but if it were me, I wouldn't copy
anything - I'd yum reinstall instantly. You have no idea what *else* is
missing.

Thinking about it... you might consider verifying the entire system. Since
something's missing from initscripts, I'd worry a *lot*.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] C 7, lockd issue

[m . roth]

I thnk I posted this last week, but to refresh your minds (for Americans,
after all the turkey): two C7 boxes, updated. box 1 is exporting
directories; box 2 is not running nfs.  From box 1, every minute, I get
<...> kernel: lockd: server fred.local not responding, timed out

Now, on box 2, fred is eth0:fred, and is one of five secondaries on eth0.
When I do an ip a, it shows as the last one. Further, df shows no
directory from box 1 being mounted.

So, does anyone have a clue on this?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Failed attempts

[m . roth]

Lamar Owen wrote:
> On 11/28/2017 12:04 PM, Valeri Galtsev wrote:
>> Thanks, Lamar! that is very instructive.
> You're welcome.
>
>>   I was always unimpressed with
>> persistence of attempts to make more secure (less pickable) cylinder
>> cased
>> locks (precision, multi-level, pins at a weird locations/angles).
>
> The best way to make an unpickable lock is to make the tolerances of the
> pins and the cylinder bore as tight as possible, since picking relies on
> part tolerances to work.  But several sidebar designs are out there that
> are pretty hard to pick, including Schlage Primus, the various Medeco
> styles, and others, such as the Kaba dimple locks used on Cisco Metro
> 1500 DWDM gear for power switches (the lasers are powerful enough to
> permanently damage your eyes in short order in those).

Whenever I get a CAT scan, I point out to the techs that half the warning
label is missing: all I see is "Do not start into laser", and not the rest
that reads "with remaining eye".

Don't mind me: I just spent *far* too long doing my "mid-year performance
checkin" for my employer, in Workday (the sooner that dies, the better),
and it was designed by idiots, and is not suitable for what 90% of the
company does And I'm *really* aggravated.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Admins supporting both RHEL and CentOS

[m . roth]

Joseph L. Casale wrote:
> With a few exceptions, I see most admins treat CentOS as a single
> rolling release and rely on the ABI commitment assuming things
> just work between point releases. On the other hand I see the
> opposite with RHEL where admins constrain installations to the
> point release.
>
> What is the case with users on this list who support both?
>
Only time we use CR is on *some* servers during the upgrade to a new
subrelease. Otherwise, nope.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Failed attempts

[m . roth]

Pete Biggs wrote:
> On Mon, 2017-11-27 at 12:10 -0500, Jerry Geis wrote:
>> hi All,
>>
>> I happened to login to one of my servers today and saw 96000 failed
>> login attempts. shown below is the address its coming from. I added it
to my
>> firewall to drop.
>>
>> Failed password for root from 123.183.209.135 port 14299 ssh2
>>
>> FYI - others might be seeing it also.
>>
> As others have said, it's normal: dictionary based brute forcing of
> root; and no surprise that that IP is based in China. Welcome to the
> Internet.

As opposed to, say, Brazil (yes, for some reason, a lot hit us from there).
>
> Primarily you need to make sure your root password is strong so it
> isn't vulnerable to this sort of attack. If it is, then the most nasty
> thing about this sort of thing is that your logs fill up.
>
> For your sanity then you can do the following:
>
>   - disallow ssh root logins by password (login as an unprivileged user
>  or use keys)

If you're not doing the above, you should start doing that... about 10
years ago. Disallow root login except via keys this very minute, and do it
everywhere.
>
>   - run something like fail2ban which will block a host for a
> predetermined amount of time after a number of failures.

We've been running fail2ban at work for a good bunch of years, and I run
it at home. It's good, and std. repo.
>
>   - don't run ssh on 22, use a different port.  (Things get a lot
> quieter when you do that, but it comes with it's own problems and don't
> get complacent because someone will find the port eventually.)

I consider that pointless security-through-obscurity.
>
>   - if you only have a limited number of hosts or subnets logging in to
> your machine, adjust the firewall so that only they are allowed
> through.

Yep. And iptables rules are not that big a deal to write.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] skypeforlinux lacks dependencies, won't update

[m . roth]

ken wrote:
> On 11/19/2017 12:53 PM, vychytraly . wrote:
>> Maybe try flatpak version? there should be no problems with dependencies
>> there... :)
>
> Thanks, I didn't know about flatpak... even tho it's in the base repo! 
> I have to admit though, after reading through the flatpak website about
> it, I still don't understand how it could overcome the dependency
> problem with the skypeforlinux update.  Grateful for enlightenment.
>
>
Unrelated comment: I was interested to see that there is a current skype
for linux.

Then I remembered that M$ is scanning skype connections, the same way
google scans your gmail emails.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] semi-OT:apcupsd

[m . roth]

John R Pierce wrote:
> On 11/17/2017 7:16 AM, m.r...@5-cent.us wrote:
>> I can't seem to find apcupsd for C 6. Just went to epel's website, and
>> not
>> visible. Anyone have a clue?
>>
>
> suggestion, use NUT instead, the Network UPS Tools  works for all
> sorts of UPS's, not just APC, and supports a master/slave sort of
> network control of power management.
> here's the project site for an overview... http://networkupstools.org/
>
> nut is in EPEL
>
I started looking at that last year... and could not find, in its
documentation, how to set up almost all of what we have: APC rackmount
UPSes with APC's weired RJ-45-toUSB cable. APCUPSd made that very easy,
and was, in fact, the default configuration.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] semi-OT:apcupsd

[m . roth]

wwp wrote:
> On Fri, 17 Nov 2017 10:34:53 -0500 Digimer  wrote:
>
>> On 2017-11-17 10:16 AM, m.r...@5-cent.us wrote:
>> > I can't seem to find apcupsd for C 6. Just went to epel's website, and
>> not
>> > visible. Anyone have a clue?
>>
>> I can't speak to epel, but we have copies of it if that helps you;
>>
>> https://alteeve.com/files/apcupsd/
>
> The (S)RPMs are also easy to find for CentOS 7, for instance at
> pkgs.org:
>  https://pkgs.org/download/apcupsd
>
Sorry, I should have said I need it for C 6. I've tried install 3-14.14,
and it wants a newer glibc than C6 offers.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] semi-OT:apcupsd

[m . roth]

I can't seem to find apcupsd for C 6. Just went to epel's website, and not
visible. Anyone have a clue?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gnome boot problem

[m . roth]

dominic adair-jones wrote:
> On Fri, Nov 17, 2017 at 9:14 AM,   wrote:
>> dominic adair-jones wrote:
>>> going to run journalctl this evening when i get in and relay any errors
>>> i see.
>>>
>>> On Thu, Nov 16, 2017 at 6:01 PM, Pete Biggs  wrote:
 On Thu, 2017-11-16 at 22:45 +, dominic adair-jones wrote:
> Ok that's what I figured Ive narrowed it down to Plymouth but I
> haven't found much info on what the fix is.

 No, plymouth is the process that controls the booting process. It is
 not the problem. It is doing exactly what it's supposed to be doing -
 waiting for a process to finish before going on to its next task. You
 should use journalctl to see what task it is waiting on.

>  As of now I can ctl alt f2 and run
> startx to get to a desktop.

 What graphics card do you have?

>  When I try to run gui (such as keepnote or
> chromium) from within my vms now tho I get errors.

 What errors.

>> Please stop top posting.
>>
>> It really sounds like a graphics driver error. Have you looked in
>> /var/log/Xorg.0.log?
> sorry about that first time publicly posting like this. I will check
> this evening. I did remove the x0rg drivers and plymouth but didnt
> check the logs as it got late.

Reading the thread in this post, I see you saying that startx works
That would suggest that graphics works, but something in trying to go into
runlevel 5 is funny.

Stupid question: how long have you waited? C7 seems to take an
unconsciously long time for the X login to come up.

Do you see the screen go into graphical mode during the boot? You know,
when it'll go black, then smaller fonts, and more lines on the screen?

Starting to wonder about a timing issue, with a driver not loading.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] gnome boot problem

[m . roth]

dominic adair-jones wrote:
> going to run journalctl this evening when i get in and relay any errors i
> see.
>
> On Thu, Nov 16, 2017 at 6:01 PM, Pete Biggs  wrote:
>> On Thu, 2017-11-16 at 22:45 +, dominic adair-jones wrote:
>>> Ok that's what I figured Ive narrowed it down to Plymouth but I haven't
>>> found much info on what the fix is.
>>
>> No, plymouth is the process that controls the booting process. It is
>> not the problem. It is doing exactly what it's supposed to be doing -
>> waiting for a process to finish before going on to its next task. You
>> should use journalctl to see what task it is waiting on.
>>
>>
>>>  As of now I can ctl alt f2 and run
>>> startx to get to a desktop.
>>
>> What graphics card do you have?
>>
>>>  When I try to run gui (such as keepnote or
>>> chromium) from within my vms now tho I get errors.
>>
>> What errors.
>>
Please stop top posting.

It really sounds like a graphics driver error. Have you looked in
/var/log/Xorg.0.log?

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] run bash from cron

[m . roth]

Mark Haney wrote:
> On 11/15/2017 11:48 AM, m.r...@5-cent.us wrote:
>> Mark Haney wrote:
>>> For the record, this was the only option to handle the task I'm having
>>> issues with inside cron.
>>>
>> Yes. Do not trust your environment, running as a cron job, to be what
>> you think it is. Try testing it by have your cron job, at the top of the
>> script, issue the env command.
>>
> I'm not sure I follow, where should the env command be placed?  At the
> front of the cron line?
>
crontab -e
1 1 * * * run_my_script

Ok, I forget if you said it was perl or bash...

more run_my_script
#!/bin/bash

env



Is that clearer?

   mark





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] run bash from cron

[m . roth]

Mark Haney wrote:
> This might be a bit OT, but I've never had to do this before and what
> I've googled doesn't seem to be working.
>
> I have an ansible playbook that I'm working on that I want to run as a
> cronjob.  One task I'm having trouble with is where I have a text file
> with lines like:
>
> rd.pl "blah blah"
> rd.pl "blah blah blah"
>
> This text file has to be 'executed' using 'bash filename.txt'. (Don't
> ask why, I'm working on code that isn't mine.) When I run the playbook
> in a console this bit works perfectly.  However, when it's being run
> from cron, it dies with 'rd.pl: command not found'.  My original thought
> is that cron's $PATH is missing the location to this rd.pl file (it's in
> /root/bin), so one suggestion from the Google was to add the path into
> /etc/crontab, but I'm still having the same problem.  At this stage,
> I've no idea what to try next.  Any ideas?
>
> For the record, this was the only option to handle the task I'm having
> issues with inside cron.
>
Yes. Do not trust your environment, running as a cron job, to be what you
think it is. Try testing it by have your cron job, at the top of the
script, issue the env command.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos