Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Gionatan Danti]

Il 2021-01-28 19:17 James Pearson ha scritto:

I don't know of another way of testing if this build fixes the issue ?


According to Qualys blog, sudoedit -s '\' `perl -e 'print "A" x 65536'` 
should core-dump on vulnerable versions.


I just tried on stock 6.10 and it core-dumps, indeed. Upgrading to the 
OL6 sudo package fixes the issue, indeed (no more core dump).


So it seems to work fine to me.
Thanks.

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.da...@assyoma.it - i...@assyoma.it
GPG public key ID: FF5F32A8
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[James Pearson]

Barry Brimer:
>
> I just installed this on a previously fully updated CentOS Linux 6 (x86_64) 
> VM.
> The package installed fine, the sudo functionality still works but according 
> to
> the test described in the qualys advisory of running "sudoedit -s /”
> (without quotes) this system is still vulnerable.

I guess that is a question to ask those that support OL6 ?

I noticed the same - but I don't know if running 'sudoedit -s /' is an absolute 
measure of the vulnerability being fixed?

There is definitely a 'CVE-2021-3156' patch that is applied in the SRPM ...

I don't know of another way of testing if this build fixes the issue ?

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Barry Brimer]

I just installed this on a previously fully updated CentOS Linux 6 (x86_64) VM. 
The package installed fine, the sudo functionality still works but according to 
the test described in the qualys advisory of running "sudoedit -s /” (without 
quotes) this system is still vulnerable.

My CentOS Linux 7 (x86_64), CentOS Linux 8 (x86_64), and CentOS Stream 8 
(x86_64) VM running the actual CentOS package do not appear vulnerable running 
this test.

Migrating the previously mentioned CentOS Linux 6 vm to Oracle Linux and 
running the same test shows the fully updated Oracle Linux 6 to be vulnerable 
as well.

Has anyone else tried this? Do your results match or differ from mine?

Thanks,
Barry

On January 28, 2021 9:15:47 AM UTC, James Pearson  
wrote:
>Maxim Shpakov:
>>
>> You can use oracle linux 6 , it is still supported (till March 2021)
>
>Looks like Oracle's el6 sudo update is now available:
>
>https://yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm
>https://yum.oracle.com/repo/OracleLinux/OL6/latest/i386/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.i686.rpm
>http://oss.oracle.com/ol6/SRPMS-updates/sudo-1.8.6p3-29.0.2.el6_10.3.src.rpm
>
>* Tue Jan 26 2021 Qing Lin  -
>1.8.6p3-29.0.2.el6_10.3
>- backport the fix CVE-2021-3156.patch from ol7.
>
>James Pearson
>___
>CentOS mailing list
>CentOS@centos.org
>https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[James Pearson]

Maxim Shpakov:
>
> You can use oracle linux 6 , it is still supported (till March 2021)

Looks like Oracle's el6 sudo update is now available:

 
https://yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm
 
https://yum.oracle.com/repo/OracleLinux/OL6/latest/i386/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.i686.rpm
 http://oss.oracle.com/ol6/SRPMS-updates/sudo-1.8.6p3-29.0.2.el6_10.3.src.rpm

* Tue Jan 26 2021 Qing Lin  - 1.8.6p3-29.0.2.el6_10.3
- backport the fix CVE-2021-3156.patch from ol7.

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[James Pearson]

Christian Anthon>
> Centos-6 compatible packages are available from the official sudo
> webpage. It's a later version of sudo and I'm not sure if that will
> cause problems. I've tried installing it and so-far so-good.
>
> https://www.sudo.ws/download.html

One minor problem - if you have sudo configured to use LDAP (using 
/etc/sudo-ldap.conf), then upgrading using the sudo.ws RPM will rename 
/etc/sudo-ldap.conf as /etc/sudo-ldap.conf.rpmsave and stop sudo working with 
LDAP

Moving the original /etc/sudo-ldap.conf back fixes this - but it's a pity the 
sudo.ws RPM doesn't provide /etc/sudo-ldap.conf as a config file - which would 
prevent this happening

James Pearson
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Christian Anthon]

Centos-6 compatible packages are available from the official sudo 
webpage. It's a later version of sudo and I'm not sure if that will 
cause problems. I've tried installing it and so-far so-good.


https://www.sudo.ws/download.html

Cheers, Christian.

On 27/01/2021 08.38, Gionatan Danti wrote:

Hi all,
do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?

While CentOS 6 is now supported anymore, RedHat has it under its 
payedsupport agreement (see: 
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).


So I wonder if some community-packaged patch exists...
Thanks.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Maxim Shpakov]

I think it is just not released yet. OL6 is on support track still

On Wed, 27 Jan 2021 at 12:33, Simon Matter  wrote:

> > Hi
> >
> > You can use oracle linux 6 , it is still supported (till March 2021)
>
> But I don't find this sudo update or the recent openssl update in their
> repos? Is this for paying customers only or what?
>
> Simon
>
> >
> > On Wed, 27 Jan 2021 at 09:38, Gionatan Danti  wrote:
> >
> >> Hi all,
> >> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
> >>
> >> While CentOS 6 is now supported anymore, RedHat has it under its
> >> payedsupport agreement (see:
> >> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
> >>
> >> So I wonder if some community-packaged patch exists...
> >> Thanks.
> >>
> >> --
> >> Danti Gionatan
> >> Supporto Tecnico
> >> Assyoma S.r.l. - www.assyoma.it
> >> email: g.da...@assyoma.it - i...@assyoma.it
> >> GPG public key ID: FF5F32A8
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Gionatan Danti]

Il 2021-01-27 09:34 Walter H. ha scritto:

is that what you expect to find?
https://access.redhat.com/errata/RHSA-2021:0227


Yes, something similar...
Thanks.

--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.da...@assyoma.it - i...@assyoma.it
GPG public key ID: FF5F32A8
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Simon Matter]

> Hi
>
> You can use oracle linux 6 , it is still supported (till March 2021)

But I don't find this sudo update or the recent openssl update in their
repos? Is this for paying customers only or what?

Simon

>
> On Wed, 27 Jan 2021 at 09:38, Gionatan Danti  wrote:
>
>> Hi all,
>> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
>>
>> While CentOS 6 is now supported anymore, RedHat has it under its
>> payedsupport agreement (see:
>> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
>>
>> So I wonder if some community-packaged patch exists...
>> Thanks.
>>
>> --
>> Danti Gionatan
>> Supporto Tecnico
>> Assyoma S.r.l. - www.assyoma.it
>> email: g.da...@assyoma.it - i...@assyoma.it
>> GPG public key ID: FF5F32A8
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Maxim Shpakov]

Hi

You can use oracle linux 6 , it is still supported (till March 2021)

On Wed, 27 Jan 2021 at 09:38, Gionatan Danti  wrote:

> Hi all,
> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
>
> While CentOS 6 is now supported anymore, RedHat has it under its
> payedsupport agreement (see:
> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
>
> So I wonder if some community-packaged patch exists...
> Thanks.
>
> --
> Danti Gionatan
> Supporto Tecnico
> Assyoma S.r.l. - www.assyoma.it
> email: g.da...@assyoma.it - i...@assyoma.it
> GPG public key ID: FF5F32A8
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

[Walter H.]

is that what you expect to find?
https://access.redhat.com/errata/RHSA-2021:0227

On 27.01.2021 08:38, Gionatan Danti wrote:

Hi all,
do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?

While CentOS 6 is now supported anymore, RedHat has it under its 
payedsupport agreement (see: 
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).


So I wonder if some community-packaged patch exists...
Thanks.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 6 vs 7

[Mark Milhollan]

On Tue, 31 Mar 2020, Divine Tanyingoh wrote:


On centos 6 I cannot ping the hostname and get a
reply without first resolving in the /etc/hosts file by adding a new entry:
192.168.0.47  server1.example.com.

But for centos 7 I am able to ping the hostname and get a reply even when I
have not made any changes to the /etc/hosts file. Why is there this
difference between centos 6 vs 7.


Sounds like mDNS/Avahi is not being used/referenced on/by 6.


/mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 6 vs 7

[Divine Tanyingoh]

Thanks

On Tue, 31 Mar 2020 at 11:26, Stephen John Smoogen  wrote:

> On Tue, 31 Mar 2020 at 13:22, Divine Tanyingoh 
> wrote:
>
> > Issue: After installing vms on vmware, I noticed a difference in behavior
> > between centos 6 vs 7. On centos 6 I cannot ping the hostname and get a
> > reply without first resolving in the /etc/hosts file by adding a new
> entry:
> > 192.168.0.47  server1.example.com.
> >
> > But for centos 7 I am able to ping the hostname and get a reply even
> when I
> > have not made any changes to the /etc/hosts file. Why is there this
> > difference between centos 6 vs 7.
> >
> >
> That sounds more like a questions for VMware forums than here.. something
> in vmware is populating some sort of 'DNS' for you to do this. I don't know
> of any change in EL6 and EL7 that would do this by itselfd.
>
>
>
> > Thank you for your assistance.
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> --
> Stephen J Smoogen.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos 6 vs 7

[Stephen John Smoogen]

On Tue, 31 Mar 2020 at 13:22, Divine Tanyingoh 
wrote:

> Issue: After installing vms on vmware, I noticed a difference in behavior
> between centos 6 vs 7. On centos 6 I cannot ping the hostname and get a
> reply without first resolving in the /etc/hosts file by adding a new entry:
> 192.168.0.47  server1.example.com.
>
> But for centos 7 I am able to ping the hostname and get a reply even when I
> have not made any changes to the /etc/hosts file. Why is there this
> difference between centos 6 vs 7.
>
>
That sounds more like a questions for VMware forums than here.. something
in vmware is populating some sort of 'DNS' for you to do this. I don't know
of any change in EL6 and EL7 that would do this by itselfd.



> Thank you for your assistance.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 SELinux question: inbound ssh.

[Gordon Messmer]

On 8/17/19 6:42 PM, Robert Heller wrote:

Is there some hack to get SELinux to cooperate with this scheme?



restorecon -r -v /var/lib/amanda/.ssh

I haven't tested this, but there *is* a context specified for that path 
in /etc/selinux/targeted/contexts/files/file_contexts.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6/EPel: Missing EPel package?

[Ulf Volmer]

On 18.05.19 20:14, Robert Heller wrote:
> The EPel repo has a *nearly* complete collection of QT5 packages.  One 
> important one that *seems* to be missing: qmake.
> 
> There does not seem to be a package containing qmake in the collection of QT5 
> packages for CentOS 6!

There is /usr/lib64/qt5/bin/qmake from package qt5-qtbase-devel.

Best regards
Ulf
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and 389 Directory Server

[Leon Fauster via CentOS]

> Am 07.02.2019 um 19:16 schrieb Eugene Poole :
> 
> I'm not sure it this is the correct location to ask these questions, but ...
> 
> In the past when I worked for a living the place where I worked had thousands 
> of RHEL Linux servers on various hardware, but the access was controlled by 
> Windows Active Directory and a third party piece of software that was the 
> middle-man between the 2.
> 
> Now that I no longer work I'm trying to build a CentOS Linux environment 
> where the access is controlled by 389-Directory Server. But I have no 
> practical experience with 389-Directory Server (Question 1) so I'm looking 
> for a tutorial or 'How To' to put information into 389-DS from a machine that 
> is currently running? (Question 2) Can I export the 389-DS database to a LDIF 
> file, migrate my machine from CentOS 6 to CentOS 7 by doing a fresh CentOS 7 
> install. Install 389-DS and import the just created LDIF file?  I want to use 
> 389-DS (or OpenLDAP) because as my environment grows defining everything 
> locally is becoming hard to be exact.
> 
> Any comments will be helpful


https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html-single/identity_management_guide/

https://www.freeipa.org/page/Main_Page

--
LF

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Phil Perry]

On 16/01/2019 02:04, Jobst Schmalenbach wrote:

On Tue, Jan 15, 2019 at 07:43:02AM +, Phil Perry (ppe...@elrepo.org) wrote:

On 15/01/2019 01:29, Jobst Schmalenbach wrote:

On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) wrote:

On 14/01/2019 07:09, Jobst Schmalenbach wrote:

Below is my script for creating/updating an ipset to block my top 10
Hope that helps


Thanks, it did, cleared up conflicting info I found on the Internet.



Great.



I also wanted to go the "other way": disallow everything but 2 countries 
(AU,NZ).
There are even more conflicting ideas about how to do this, but I figured it 
out.



How you handle that will depend on the default policy of the chain.

I would use 2 rules - the first to accept connections from AU,NZ, and a 
second rule subsequently DROPing all other connections, as this will 
work regardless of the default policy of the chain and the intention of 
the rules is clear to anyone reading them.




Also I cannot see a difference in speed between using (maxmind)

   -A filter_countries -m geoip --src-cc AU,NZ -j ACCEPT

and (ipdeny)

   -A filter_countries -m set --set au.geoblock src -j ACCEPT

which is really good!



Yes, ipset is really efficient. My top 10 bad countries set above 
contains over 28,000 individual netblocks and runs on my EdgeRouter 
Lite, with a 500MHz embedded processor. The device is capable of Gigabit 
throughput, and I see no impact upon throughput with multiple iptables 
rules, many based on large ipsets.




Jobst





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Jobst Schmalenbach]

On Tue, Jan 15, 2019 at 07:43:02AM +, Phil Perry (ppe...@elrepo.org) wrote:
> On 15/01/2019 01:29, Jobst Schmalenbach wrote:
> > On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) 
> > wrote:
> > > On 14/01/2019 07:09, Jobst Schmalenbach wrote:
> Below is my script for creating/updating an ipset to block my top 10
> Hope that helps

Thanks, it did, cleared up conflicting info I found on the Internet.


I also wanted to go the "other way": disallow everything but 2 countries 
(AU,NZ).
There are even more conflicting ideas about how to do this, but I figured it 
out.


Also I cannot see a difference in speed between using (maxmind)

  -A filter_countries -m geoip --src-cc AU,NZ -j ACCEPT

and (ipdeny)

  -A filter_countries -m set --set au.geoblock src -j ACCEPT

which is really good!


Jobst



-- 
The future isn't what it used to be (it never was).

  | |0| |   Jobst Schmalenbach, General Manager
  | | |0|   Barrett & Sales Essentials
  |0|0|0|   +61 3 9533 , POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Phil Perry]

On 15/01/2019 01:29, Jobst Schmalenbach wrote:


On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) wrote:

On 14/01/2019 07:09, Jobst Schmalenbach wrote:

Hi

I use ipdeny's aggregated country lists to do the same thing:

http://www.ipdeny.com/ipblocks/data/aggregated/

I just feed this data directly into ipset/iptables via a script running on
my firewall (not a C6 box). ipset is a really efficient way of doing this.



Do you create a separate table, then feed every IP address (via ipset) into 
this chain?
Would you mind sharing this script?

thx
Jobst





Below is my script for creating/updating an ipset to block my top 10 
undesirable/abusive countries. It runs as a cron job up startup to 
initially populate it and again every X hours to update it on my 
EdgeRouter firewall device.


It can be relatively slow process creating very large sets, so we create 
a temp set and then swap the contents of the live set with the temp set 
and finally delete the temp set. This is a more efficient way of 
updating an existing set.


Once the ipset has been created, you can create rules in iptables to 
match against that set using -m set --match-set SETNAME.


Hope that helps

-- Phil


CountryList="cn ru ua kp kr br ro tr vn in"
if [ -e /tmp/countries.txt ]; then
rm /tmp/countries.txt
fi

for country in $CountryList; do
	curl -o /tmp/$country.txt 
http://www.ipdeny.com/ipblocks/data/aggregated/$country-aggregated.zone

cat /tmp/$country.txt >> /tmp/countries.txt
done

getnetblocks() {
cat < /tmp/cnblock.txt
sudo ipset -! -R < /tmp/cnblock.txt
sudo ipset -W geotmp COUNTRIES-BLOCK
sudo ipset -X geotmp

rm /tmp/cnblock.txt

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Kenneth Porter]

--On Monday, January 14, 2019 7:29 AM + Phil Perry  
wrote:



I use ipdeny's aggregated country lists to do the same thing:

http://www.ipdeny.com/ipblocks/data/aggregated/

I just feed this data directly into ipset/iptables via a script running
on my firewall (not a C6 box). ipset is a really efficient way of doing
this.


CentOS 7 uses firewalld which has direct support for ipsets in XML form. 
Hopefully the site will soon supply the data in that format. (But it's not 
hard to generate the files from their format.)


Note that a zip file of all the individual country files can be downloaded 
here:


http://www.ipdeny.com/ipblocks/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Jobst Schmalenbach]

On Mon, Jan 14, 2019 at 07:29:45AM +, Phil Perry (ppe...@elrepo.org) wrote:
> On 14/01/2019 07:09, Jobst Schmalenbach wrote:
> > Hi
> I use ipdeny's aggregated country lists to do the same thing:
> 
> http://www.ipdeny.com/ipblocks/data/aggregated/
> 
> I just feed this data directly into ipset/iptables via a script running on
> my firewall (not a C6 box). ipset is a really efficient way of doing this.


Do you create a separate table, then feed every IP address (via ipset) into 
this chain?
Would you mind sharing this script?

thx
Jobst



-- 
Computers are like air conditioners, they stop working properly if you open 
Windows!

  | |0| |   Jobst Schmalenbach, General Manager
  | | |0|   Barrett & Sales Essentials
  |0|0|0|   +61 3 9533 , POBox 277, Caulfield South, 3162, Australia
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Phil Perry]

On 14/01/2019 07:09, Jobst Schmalenbach wrote:

Hi

Specs in subject line: CentOS 6.X all latest patches), iptables 1.47, Apache2.2

I use the Geolite legacy databases together with iptables 1.47 to filter 
traffic for a variety of ports and only allow .AU traffic to have access.



I use ipdeny's aggregated country lists to do the same thing:

http://www.ipdeny.com/ipblocks/data/aggregated/

I just feed this data directly into ipset/iptables via a script running 
on my firewall (not a C6 box). ipset is a really efficient way of doing 
this.



Maxmind (https://dev.maxmind.com/geoip/geoip2/geolite2/) changed the default DB 
to the latest version which is GeoLite2, this leaves all users in need of the 
old Geolite Legacy database in the dark, they cannot update.

If I download a later version of xtables it will complain that it requires 
iptable>1.6 which I do not think I can get going on CentOS 6.X.


Is there a way that I can convert Geolite2 CSV files to Geolite Legacy CSV 
Files and then compile those into BE/LE?

Are there any other ways I can use Geolite2 on a CentOS 6.X system?

Does anyone have other ideas how to tackle this?

(this made me really sleep well!)


thanks
Jobst




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Johnny Hughes]

On 03/09/2018 12:46 PM, Peter Wood wrote:
> Hi Johnny,
> 
> Thank you for your reply.
> 
> It seems to me that my message may have came around as offensive but that
> was not my intend. I have basic understanding how things work and when I
> said CentOS I actually meant Red Hat and all its derivatives. I asked
> CentOS community because that's the community I'm member of. Not to say
> that CentOS is not secure or anything like that.
> 
> Anyway, I'm stuck with a few 32bit systems exposed to customers and I have
> to come up with an answer to their question about meltdown/spectre. At this
> point all I can say is that Red Hat hasn't patched 32bit systems but that
> is hard to believe so I assumed that I'm wrong and decided to ask the
> community.
> 
> Thank you,
> 
> -- Peter
> 

Not at all Peter .. I just wanted to take the opportunity to explain to
people what the CentOS Linux policy about security updates is and how we
handle security issues in CentOS Linux.

We strive to build updated source code as soon as it released by Red Hat
for RHEL .. BUT, we do no official testing for security (whether there
is an actual problem or not .. nor whether the updated source code fixes
said security problem).

We just build the source code as it comes out, when it is released, as
fast we we can.  We test that the resultant RPMs work and if we
introduce any inconsistencies in CentOS that do not exist in RHEL, we
try to fix and rebuild the packages.

But we don't make any claims that any security issues are fixed, or any
claims that CentOS Linux is fit for any purpose whatsoever.  CentOS
Linux us what it is .. a rebuild of the RHEL source code, as it is
released, modified to remove branding to comply with Red Hat's trademark
policy.  Nothing more, nothing less.

I am quite happy for people to discuss their testing of CentOS Linux for
Security issues and updates on this list (or where ever else they want),
with the understanding that there is no official testing performed or
assurance given by the CentOS Project with respect to security.

Again, I am not in any way offended or upset, not even in the slightest.
 I'm sorry if my email gave you that impression.

Thanks,
Johnny Hughes


> 
> On Fri, Mar 9, 2018 at 7:52 AM, Johnny Hughes  wrote:
> 
>> I have built all the source code releases from upstream for RHEL-6
>> regarding meltdown /spectre and released those into packages into the
>> CentOS Linux 6.9 updates repository.
>>
>> As to whether or not either Arch (x86_64 or i386) is or is not
>> vulnerable, the CentOS team does not test for or make claims concerning
>> security fitness.  What we do build the source code that is released
>> upstream.
>>
>> Users must test for (and validate) the security fitness of CentOS Linux
>> for their own usage profiles.  If you require fully tested solutions
>> with software assurance and validated security, that is what RHEL is
>> for, right?
>>
>>
>> You can read more about those issues here:
>> https://access.redhat.com/security/vulnerabilities/speculativeexecution
>>
>> Thanks,
>> Johnny Hughes
>>
>>
>> On 03/06/2018 04:35 PM, Peter Wood wrote:
>>> I have a clean install, fully updated CentOS 6 32-bit.
>>>
>>> When I run the Red Hat detection script:
>>> https://access.redhat.com/sites/default/files/spectre-
>> meltdown--a79614b.sh
>>>
>>> it finds that the system is vulnerable.
>>>
>>> Is this false positive or there is no patches for CentOS 6 32-bit
>> systems?
>>>
>>> Thank you,
>>>
>>> -- Peter




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Akemi Yagi]

On Mon, Mar 12, 2018 at 1:15 PM, Peter Wood  wrote:
> Awesome. Thank you.
>
> Embarrassing but I can't find the Q page with this question. Can you
> please post a link to it.
>
> Thanks,
>
> -- Peter

Here it is:

https://access.redhat.com/articles/3327321
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Peter Wood]

Awesome. Thank you.

Embarrassing but I can't find the Q page with this question. Can you
please post a link to it.

Thanks,

-- Peter

On Fri, Mar 9, 2018 at 11:16 AM, Akemi Yagi  wrote:

> On Fri, Mar 9, 2018 at 10:46 AM, Peter Wood 
> wrote:
>
> > Anyway, I'm stuck with a few 32bit systems exposed to customers and I
> have
> > to come up with an answer to their question about meltdown/spectre. At
> this
> > point all I can say is that Red Hat hasn't patched 32bit systems but that
> > is hard to believe so I assumed that I'm wrong and decided to ask the
> > community.
>
> According to a Q page about Meltdown and Spectre:
>
> Question - Is the patch available for 32 bit RHEL 6.9?
> Answer - 32-bit patches are pending, being of lower priority than our
> RHEL 5 work at this time.
>
> Apparently, it is not getting a high priority.
>
> Akemi
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Phil Perry]

On 09/03/18 19:16, Akemi Yagi wrote:

On Fri, Mar 9, 2018 at 10:46 AM, Peter Wood  wrote:


Anyway, I'm stuck with a few 32bit systems exposed to customers and I have
to come up with an answer to their question about meltdown/spectre. At this
point all I can say is that Red Hat hasn't patched 32bit systems but that
is hard to believe so I assumed that I'm wrong and decided to ask the
community.


According to a Q page about Meltdown and Spectre:

Question - Is the patch available for 32 bit RHEL 6.9?
Answer - 32-bit patches are pending, being of lower priority than our
RHEL 5 work at this time.

Apparently, it is not getting a high priority.

Akemi


I note Red Hat released el5 kernel updates on Wednesday for Meltdown and 
Spectre for both i386 and x86_64 architectures [RHSA-2018:0464-01], so 
maybe 32-bit rhel6 is next on the list (seems strange to me that Red Hat 
would prioritize RHEL5 over RHEL6, but there you go).


There is also a handy script to check the status on your systems here:

https://github.com/speed47/spectre-meltdown-checker

I do not have any el6 systems running so have not tried it on el6.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Akemi Yagi]

On Fri, Mar 9, 2018 at 10:46 AM, Peter Wood  wrote:

> Anyway, I'm stuck with a few 32bit systems exposed to customers and I have
> to come up with an answer to their question about meltdown/spectre. At this
> point all I can say is that Red Hat hasn't patched 32bit systems but that
> is hard to believe so I assumed that I'm wrong and decided to ask the
> community.

According to a Q page about Meltdown and Spectre:

Question - Is the patch available for 32 bit RHEL 6.9?
Answer - 32-bit patches are pending, being of lower priority than our
RHEL 5 work at this time.

Apparently, it is not getting a high priority.

Akemi
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Peter Wood]

Hi Johnny,

Thank you for your reply.

It seems to me that my message may have came around as offensive but that
was not my intend. I have basic understanding how things work and when I
said CentOS I actually meant Red Hat and all its derivatives. I asked
CentOS community because that's the community I'm member of. Not to say
that CentOS is not secure or anything like that.

Anyway, I'm stuck with a few 32bit systems exposed to customers and I have
to come up with an answer to their question about meltdown/spectre. At this
point all I can say is that Red Hat hasn't patched 32bit systems but that
is hard to believe so I assumed that I'm wrong and decided to ask the
community.

Thank you,

-- Peter


On Fri, Mar 9, 2018 at 7:52 AM, Johnny Hughes  wrote:

> I have built all the source code releases from upstream for RHEL-6
> regarding meltdown /spectre and released those into packages into the
> CentOS Linux 6.9 updates repository.
>
> As to whether or not either Arch (x86_64 or i386) is or is not
> vulnerable, the CentOS team does not test for or make claims concerning
> security fitness.  What we do build the source code that is released
> upstream.
>
> Users must test for (and validate) the security fitness of CentOS Linux
> for their own usage profiles.  If you require fully tested solutions
> with software assurance and validated security, that is what RHEL is
> for, right?
>
>
> You can read more about those issues here:
> https://access.redhat.com/security/vulnerabilities/speculativeexecution
>
> Thanks,
> Johnny Hughes
>
>
> On 03/06/2018 04:35 PM, Peter Wood wrote:
> > I have a clean install, fully updated CentOS 6 32-bit.
> >
> > When I run the Red Hat detection script:
> > https://access.redhat.com/sites/default/files/spectre-
> meltdown--a79614b.sh
> >
> > it finds that the system is vulnerable.
> >
> > Is this false positive or there is no patches for CentOS 6 32-bit
> systems?
> >
> > Thank you,
> >
> > -- Peter
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 i386 - meltdown and spectre

[Johnny Hughes]

I have built all the source code releases from upstream for RHEL-6
regarding meltdown /spectre and released those into packages into the
CentOS Linux 6.9 updates repository.

As to whether or not either Arch (x86_64 or i386) is or is not
vulnerable, the CentOS team does not test for or make claims concerning
security fitness.  What we do build the source code that is released
upstream.

Users must test for (and validate) the security fitness of CentOS Linux
for their own usage profiles.  If you require fully tested solutions
with software assurance and validated security, that is what RHEL is
for, right?


You can read more about those issues here:
https://access.redhat.com/security/vulnerabilities/speculativeexecution

Thanks,
Johnny Hughes


On 03/06/2018 04:35 PM, Peter Wood wrote:
> I have a clean install, fully updated CentOS 6 32-bit.
> 
> When I run the Red Hat detection script:
> https://access.redhat.com/sites/default/files/spectre-meltdown--a79614b.sh
> 
> it finds that the system is vulnerable.
> 
> Is this false positive or there is no patches for CentOS 6 32-bit systems?
> 
> Thank you,
> 
> -- Peter
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: Yum downloadonly changes local source repositories (and CentOS 7)

[Danny Smit]

For what its worth, I managed to get around the problem with a small
patch on yum itself:


--- ORIG/usr/lib/python2.6/site-packages/yum/yumRepo.py 2017-03-22
05:32:26.0 +
+++ NEW/usr/lib/python2.6/site-packages/yum/yumRepo.py  2018-02-14
09:14:04.879902463 +
@@ -863,6 +863,7 @@ class YumRepository(Repository, config.R
text=text,
cache=cache,
size=package.size,
+copy_local=1,
)

def getHeader(self, package, checkfunc = None, reget = 'simple',


Although newer versions of yum do not rename the local package
anymore, it still does not copy/download the package into the desired
"downloaddir".
I will try to report that upstream.

Regards,
Danny


On Tue, Feb 13, 2018 at 6:05 PM, Danny Smit  wrote:
> Hi All,
>
> I'm trying to use yum with the downloadonly option to collect a set of
> packages including dependencies. I noticed that even on CentOS 6 the
> downloadonly option is currently a default feature of the core of yum
> itself, which is nice.
>
> However something strange occurs when one of the repositories to
> download from is a local repository, like:
>
> [custom-repo]
> name=My custom repo
> baseurl=file:///repositories/mycustomrepo/
>
> I added such a repo to my yum configuration and then executed:
>
> yum install -y --downloadonly --downloaddir=downloads  custom_package
>
> When executing the above the package in question is suddenly renamed from:
>
> /repositories/mycustomrepo/x86_64/custom_package-1.1-2.el6.x86_64.rpm
>
> to
>
> /repositories/mycustomrepo/x86_64/custom_package-1.1-2.el6
>
> Note that the architecture part and file extension are removed with
> the file in the local repo, where I wouldn't expect yum to even try to
> change something there.
> Also nothing is downloaded into the downloads dir as specified.
>
> Strangely when it concerns a package that comes from a repository that
> is configured as an http URL, the download option works flawlessly.
>
> Has anyone else seen this behavior? Is it a bug? Or is there a way around 
> this?
> Actually I would even prefer not having to run yum as root for this,
> unfortunately yum to require write access to lock files in /var/.
>
> Platform: CentOS 6.9  (also not working with CentOS 7, then it keeps
> the file intact, but doesn't download either)
> Yum: 3.2.29-81.el6.centos
>
> Kind regards,
> Danny
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 6 Samba 4 specific question

[Clint Dilks]

On Thu, Dec 14, 2017 at 10:00 AM, Kienker, Fred  wrote:

> I am setting up a Samba 4 installation on CentOS 6.9. I have installed
> the samba4, samba4-common, and samba4-libs with all of the dependencies
> using YUM which appear to be all of the samba4 packages which are
> available.
>
>
>
> In the /usr/bin directory I can find smbcontrol and smbstatus but the
> smbpasswd command is missing. Checking on a current CentOS 7 all three
> of these commands are found. Of course with this command missing it’s
> quite hard to set up standard Samba users in the .tdb file used in the
> Classic mode.
>
>
>
> Can someone enlighten me as to what I have done wrong?
>
> Best regards,
>
> Fred
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


Hi,

It looks this should be provided by samba4-client, what result do you get
if you run

yum provides '/usr/bin/smbpasswd' ?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Sorin Srbu]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Mark
> Haney
> Sent: den 3 november 2017 18:03
> To: centos@centos.org
> Subject: Re: [CentOS] CentOS 6 P2V alternatives?
>
>
> I'll toss my two cents worth in having dealt with a similar situation
> recently (well 2015, but close enough).  If this server is /that/
> important, I'd really consider building a completely new virtual
> instance on the hypervisor of your choice.  Though, to be completely
> honest, Hyper-V is just awful in my testing. There are far more P2V
> options for VMWare, including it's own P2V software which I've not had
> particular trouble with in a half-decade, if you insist on a P2V migration.
>
> If we're just talking backups, Veeam for Hyper-V  (and ESXi) works
> really well and you can bring up the backed up VM on the fly if you need
> to recover data from it, or for DR/BC.  I've never had a problem with it
> and, at my last position, had it set to run the backups on a remote
> cloud in case of catastrophic damage to the office.  Of course, there's
> no such thing as too many backups, so critical data on a server like you
> have was replicated to a warm/cold site, or part of a cluster for DBs to
> make sure data integrity was kept and uptime maximized.

While Hyper-V is not ideal, it's good enough for our purpose. We made a choice 
a few years back to either completely rehaul our vm infrastructure or just 
hand it over to central IT at our university. The later option won, mostly 
because of the cost.
Since central IT uses Hyper-V, that's what we also use.

Building a completely new vm and somehow restore from backup the important 
parts, is what I'm looking at now.

Thanks for your feedback!


--
//Sorin
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Sorin Srbu]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Robert
> Nichols
> Sent: den 3 november 2017 14:46
> To: centos@centos.org
> Subject: Re: [CentOS] CentOS 6 P2V alternatives?
>
> How would you recover if that server were suddenly destroyed, let's say by a
> power supply failure that fried the motherboard and all the disks? If you 
> can't
> bring up a machine on new, bare iron starting with nothing but your backups
> and a CD or USB stick with a recovery tool, you need to seriously reconsider
> your backup strategy.

The important data is backed up properly.
I'm looking for a "quick fix" solution to clone the server as is. I'm pretty 
sure I can duplicate the setup for the license managers and intricate scripts, 
and what not. I'm just not too hot on spending a few weeks on this.

I'm aware of the fast - cheap - good pyramid. :-)

--
//Sorin
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Sorin Srbu]

> -Original Message-
> From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of hw
> Sent: den 3 november 2017 12:10
> To: centos@centos.org
> Subject: Re: [CentOS] CentOS 6 P2V alternatives?
> 
> I think I would try to create a VM that has the physical disks passed through
> and also has access to whatever storage it´s supposed to reside on once the
> conversion to a VM is completed.  Then copy it from the physical disks to that
> storage.
> 
> Converting without shutting the machine down is probably not possible.
> Passing the disks through may give you the advantage that the downtime can be
> kept to a minimum.

I touched the physical disk solution briefly while looking around, but felt at 
the time it was a tad bit complicated.

I'll have another look at this.

Thanks for the feedback!
--
//Sorin
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Mark Haney]

On 11/03/2017 12:48 PM, Robert Nichols wrote:

On 11/03/2017 09:02 AM, hw wrote:

Robert Nichols wrote:


How would you recover if that server were suddenly destroyed, let's 
say by a power supply failure that fried the motherboard and all the 
disks? If you can't bring up a machine on new, bare iron starting 
with nothing but your backups and a CD or USB stick with a recovery 
tool, you need to seriously reconsider your backup strategy.


That´s a very good point.

What options are there to make complete and consistent backups of 
machines
and VMs while they are running?  Just shutting down a VM to make a 
backup
is troublesome because you sometimes need to run 'virsh shutdown xx' 
several
times for the VM to actually shut down, and I have VMs that do not 
shut down
no matter how often you try.  If you manage to shut down the VM, 
there is no
guarantee that it will actually restart when you try --- and that 
goes for
non-VMs as well.  Shutting them down manually frequently to make 
backups is

not an option, either.


Every backup tool that can be run on a physical machine can also be 
run in the VM. For databases that cannot be simply copied while they 
are active, there should be a way to generate a snapshot or other 
consistent representation that can be backed up and restored if 
necessary, and any database that does not provide such a capability 
should not be considered suitable for the task at hand. Long-running 
jobs should always have checkpoints to allow them to be continued 
should the machine crash. (I have such a job running right now. 
Coincidentally, it's verifying the consistency of 3 years of backups 
that I just reorganized.)


There is no "one size fits all" answer. The needs of a transaction 
processing system that can never, ever lose a transaction once it's 
been acknowledged are radically different from those of a system that 
can afford to lose an hours, or days, worth of work.




I'll toss my two cents worth in having dealt with a similar situation 
recently (well 2015, but close enough).  If this server is /that/ 
important, I'd really consider building a completely new virtual 
instance on the hypervisor of your choice.  Though, to be completely 
honest, Hyper-V is just awful in my testing. There are far more P2V 
options for VMWare, including it's own P2V software which I've not had 
particular trouble with in a half-decade, if you insist on a P2V migration.


If we're just talking backups, Veeam for Hyper-V  (and ESXi) works 
really well and you can bring up the backed up VM on the fly if you need 
to recover data from it, or for DR/BC.  I've never had a problem with it 
and, at my last position, had it set to run the backups on a remote 
cloud in case of catastrophic damage to the office.  Of course, there's 
no such thing as too many backups, so critical data on a server like you 
have was replicated to a warm/cold site, or part of a cluster for DBs to 
make sure data integrity was kept and uptime maximized.


--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.ha...@neonova.net
www.neonova.net

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Robert Nichols]

On 11/03/2017 09:02 AM, hw wrote:

Robert Nichols wrote:



How would you recover if that server were suddenly destroyed, let's say by a 
power supply failure that fried the motherboard and all the disks? If you can't 
bring up a machine on new, bare iron starting with nothing but your backups and 
a CD or USB stick with a recovery tool, you need to seriously reconsider your 
backup strategy.


That´s a very good point.

What options are there to make complete and consistent backups of machines
and VMs while they are running?  Just shutting down a VM to make a backup
is troublesome because you sometimes need to run 'virsh shutdown xx' several
times for the VM to actually shut down, and I have VMs that do not shut down
no matter how often you try.  If you manage to shut down the VM, there is no
guarantee that it will actually restart when you try --- and that goes for
non-VMs as well.  Shutting them down manually frequently to make backups is
not an option, either.


Every backup tool that can be run on a physical machine can also be run in the 
VM. For databases that cannot be simply copied while they are active, there 
should be a way to generate a snapshot or other consistent representation that 
can be backed up and restored if necessary, and any database that does not 
provide such a capability should not be considered suitable for the task at 
hand. Long-running jobs should always have checkpoints to allow them to be 
continued should the machine crash. (I have such a job running right now. 
Coincidentally, it's verifying the consistency of 3 years of backups that I 
just reorganized.)

There is no "one size fits all" answer. The needs of a transaction processing 
system that can never, ever lose a transaction once it's been acknowledged are radically 
different from those of a system that can afford to lose an hours, or days, worth of work.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[hw]

Robert Nichols wrote:

On 11/03/2017 06:09 AM, hw wrote:

Sorin Srbu wrote:

Hello all,

This week I've tested out a few ways to do a P2V on a rather ancient CentOS
6 server, in order to move it to a Hyper-V host.

So far my tests have failed rather spectacularly.
Initially I was set on doing a simple dd-routine, but was told that the
server cannot be taken off-line as it's being used daily, so had to look for
other solutions.

The disk setup is currently as follows:

Three 500 GB sata-disks, sda, sdb and sdc, are used to build a software raid
called md0. No LVM's here.

Sdd is a 120 GB drive, with partitions for boot, swap, home and /.
No LVM's here either.

The farthest I've gotten is with the Rear solution.
http://relax-and-recover.org/

The backup goes well, but recovery for some reason fails to create initramfs
with all the installed kernels, as well as failing with an error saying it
cannot find /boot/grub, after which the recovery terminates.

Virtualizing systems like this is kinda' new to me, having it done on
Windows only, and I'm not really sure
how to proceed when it's a CentOS system in question.

The physical CentOS-server runs a few license managers and nfs-shares that
server molecular modeling software, that are rather intricately set up (I
inherited this server some fifteen years ago).

Are there any easier ways to do a P2V at all?



I think I would try to create a VM that has the physical disks passed through
and also has access to whatever storage it´s supposed to reside on once the
conversion to a VM is completed.  Then copy it from the physical disks to that
storage.

Converting without shutting the machine down is probably not possible.


How would you recover if that server were suddenly destroyed, let's say by a 
power supply failure that fried the motherboard and all the disks? If you can't 
bring up a machine on new, bare iron starting with nothing but your backups and 
a CD or USB stick with a recovery tool, you need to seriously reconsider your 
backup strategy.


That´s a very good point.

What options are there to make complete and consistent backups of machines
and VMs while they are running?  Just shutting down a VM to make a backup
is troublesome because you sometimes need to run 'virsh shutdown xx' several
times for the VM to actually shut down, and I have VMs that do not shut down
no matter how often you try.  If you manage to shut down the VM, there is no
guarantee that it will actually restart when you try --- and that goes for
non-VMs as well.  Shutting them down manually frequently to make backups is
not an option, either.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[Robert Nichols]

On 11/03/2017 06:09 AM, hw wrote:

Sorin Srbu wrote:

Hello all,

This week I've tested out a few ways to do a P2V on a rather ancient CentOS
6 server, in order to move it to a Hyper-V host.

So far my tests have failed rather spectacularly.
Initially I was set on doing a simple dd-routine, but was told that the
server cannot be taken off-line as it's being used daily, so had to look for
other solutions.

The disk setup is currently as follows:

Three 500 GB sata-disks, sda, sdb and sdc, are used to build a software raid
called md0. No LVM's here.

Sdd is a 120 GB drive, with partitions for boot, swap, home and /.
No LVM's here either.

The farthest I've gotten is with the Rear solution.
http://relax-and-recover.org/

The backup goes well, but recovery for some reason fails to create initramfs
with all the installed kernels, as well as failing with an error saying it
cannot find /boot/grub, after which the recovery terminates.

Virtualizing systems like this is kinda' new to me, having it done on
Windows only, and I'm not really sure
how to proceed when it's a CentOS system in question.

The physical CentOS-server runs a few license managers and nfs-shares that
server molecular modeling software, that are rather intricately set up (I
inherited this server some fifteen years ago).

Are there any easier ways to do a P2V at all?



I think I would try to create a VM that has the physical disks passed through
and also has access to whatever storage it´s supposed to reside on once the
conversion to a VM is completed.  Then copy it from the physical disks to that
storage.

Converting without shutting the machine down is probably not possible.


How would you recover if that server were suddenly destroyed, let's say by a 
power supply failure that fried the motherboard and all the disks? If you can't 
bring up a machine on new, bare iron starting with nothing but your backups and 
a CD or USB stick with a recovery tool, you need to seriously reconsider your 
backup strategy.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 P2V alternatives?

[hw]

Sorin Srbu wrote:

Hello all,

This week I've tested out a few ways to do a P2V on a rather ancient CentOS
6 server, in order to move it to a Hyper-V host.

So far my tests have failed rather spectacularly.
Initially I was set on doing a simple dd-routine, but was told that the
server cannot be taken off-line as it's being used daily, so had to look for
other solutions.

The disk setup is currently as follows:

Three 500 GB sata-disks, sda, sdb and sdc, are used to build a software raid
called md0. No LVM's here.

Sdd is a 120 GB drive, with partitions for boot, swap, home and /.
No LVM's here either.

The farthest I've gotten is with the Rear solution.
http://relax-and-recover.org/

The backup goes well, but recovery for some reason fails to create initramfs
with all the installed kernels, as well as failing with an error saying it
cannot find /boot/grub, after which the recovery terminates.

Virtualizing systems like this is kinda' new to me, having it done on
Windows only, and I'm not really sure
how to proceed when it's a CentOS system in question.

The physical CentOS-server runs a few license managers and nfs-shares that
server molecular modeling software, that are rather intricately set up (I
inherited this server some fifteen years ago).

Are there any easier ways to do a P2V at all?



I think I would try to create a VM that has the physical disks passed through
and also has access to whatever storage it´s supposed to reside on once the
conversion to a VM is completed.  Then copy it from the physical disks to that
storage.

Converting without shutting the machine down is probably not possible.  Passing
the disks through may give you the advantage that the downtime can be kept to
a minimum.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 SCL - httpd24 still being updated?

[Eric]

On Sun, Oct 29, 2017 at 8:01 AM, Johnny Hughes  wrote:

> On 10/28/2017 03:57 PM, Eric wrote:
> > Hello,
> >
> > Specifically this is in reference to RHSA-2017:2483, which should
> increment
> > the httpd24 packages to 25-9 in the SCL.  The SA was released on August
> > 16th 2017, so it has some age to it, but there's no corresponding CESA on
> > it and the SCL for 6 still sits at the previous, 25-8.
> >
> > Some links for reference:
> > https://access.redhat.com/errata/RHSA-2017:2483
> >
> > Online repo:
> > http://mirror.centos.org/centos/6/sclo/x86_64/rh/httpd24/
> >
> > Has this packaged reached its end of updates in this repo?  It's a good
> set
> > of CVEs at 70+ days now.
> >
> > Additionally, and while I don't expect this to be in the CentOS repo yet
> > due to its young age, there's another update to httpd24 that was just
> > released four days ago, RHSA-2017:3018.
> >
> > Looking for insight, or my own self initiated face palm because I'm
> missing
> > something.
> >
>
> We do not release official CentOS CESAs for SIG content.
>
> As to why that has not been released, or if it will be, the SIG will
> have to answer that.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
>
Thank you Johnny.  Apologies, that comment right there makes me realize I
should have directed this at the SCL SIG .  I'll do that now.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 SCL - httpd24 still being updated?

[Johnny Hughes]

On 10/28/2017 03:57 PM, Eric wrote:
> Hello,
> 
> Specifically this is in reference to RHSA-2017:2483, which should increment
> the httpd24 packages to 25-9 in the SCL.  The SA was released on August
> 16th 2017, so it has some age to it, but there's no corresponding CESA on
> it and the SCL for 6 still sits at the previous, 25-8.
> 
> Some links for reference:
> https://access.redhat.com/errata/RHSA-2017:2483
> 
> Online repo:
> http://mirror.centos.org/centos/6/sclo/x86_64/rh/httpd24/
> 
> Has this packaged reached its end of updates in this repo?  It's a good set
> of CVEs at 70+ days now.
> 
> Additionally, and while I don't expect this to be in the CentOS repo yet
> due to its young age, there's another update to httpd24 that was just
> released four days ago, RHSA-2017:3018.
> 
> Looking for insight, or my own self initiated face palm because I'm missing
> something.
> 

We do not release official CentOS CESAs for SIG content.

As to why that has not been released, or if it will be, the SIG will
have to answer that.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 for ARM?

[Peter Kjellström]

On Sun, 22 Oct 2017 12:54:04 -0400
mark  wrote:

> Hi, folks,
> 
> So, I want to rebuild my "ancient" HP netbook, from the ancient
> ubuntu netbook remix. Is there an *ARM* .iso, or net install
> somewhere? I'm not finding it, googling. Lots of Raspberry Pi, but

Centos has two ARM efforts (both clearly listed on the altarch centos
wiki page):

 Active Arch Groups

ARM32 build as armv7 (and others), buildsystem details at
https://wiki.centos.org/SpecialInterestGroup/AltArch/Arm32

ARM64 built as aarch64 : details at
https://wiki.centos.org/SpecialInterestGroup/AltArch/AArch64

Your netbook is an armv7 (I think) but unlikely to work out of the box..

AARCH64/ARMv8 is something different entierly

/Peter K


...

>   mark
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and crypttab

[Leon Fauster]

> Am 22.06.2017 um 21:05 schrieb m.r...@5-cent.us:
> 
> Folks,
> 
>   I have an issue: I've gotten that drive that I posted about the other
> day encrypted, and things were looking good... until there was a
> problem with another RAID attached to the box, and I wound up having to
> reboot.
> 
>   What had been /dev/sdb came up as /dev/sdc. So... is there any way
> other than using /dev/disk/by-uuid/ as the second field in
> /etc/crypttab to deal with this possibility?


Use UUID=xxx

cryptsetup luksUUID /dev/sdcx shows the corresponding ID

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and luksOpen

[m . roth]

Leon,

Leon Fauster wrote:
>> Am 20.06.2017 um 17:12 schrieb m.r...@5-cent.us:
>> Leon Fauster wrote:
 Am 20.06.2017 um 16:53 schrieb m.r...@5-cent.us:

 I've done that, and made the filesystem, but I can't mount it.

 CentOS 6.
 I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
 luks UUID in /etc/fstab. I cannot find the command that tells it to
 create the device in /dev/mapper from the info in /etc/crypttab.
>>>
>>>
>>> MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE}
>>> luks-$(cryptsetup
>>> luksUUID ${MAPDEVICE})
>>
>> Something's not right. I did
>> cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb))
>> --key-file /etc/crypt.pw
>>
>> It did want the password, so I added --key-file, but it seems to have
>> created /dev/mapper/luks, not the full luksUUID that's in both crypttab
>> and fstab.
>
> unmap: cryptsetup luksClose /dev/mapper/luks
>
> and then try again with following correction
>
> NOT ...UUID $(/dev/sdb)
> ...UUID /dev/sdb

Thank you *very* much for the help, and such fast responses. Googling
hadn't been helpful

I'm good now (and will be documenting it for my manager and the other admin).

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and luksOpen

[Leon Fauster]

> Am 20.06.2017 um 17:12 schrieb m.r...@5-cent.us:
> 
> Leon Fauster wrote:
>>> Am 20.06.2017 um 16:53 schrieb m.r...@5-cent.us:
>>> 
>>> Upgraded a RAID. Copied everything from backup.
>>> 
>>> And then my manager said I had to encrypt the drive.
>>> 
>>> I've done that, and made the filesystem, but I can't mount it.
>>> 
>>> CentOS 6.
>>> I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
>>> luks UUID in /etc/fstab. I cannot find the command that tells it to
>>> create the device in /dev/mapper from the info in /etc/crypttab.
>>> 
>>> Clues for the poor? Yes, the server will, at some point in the future,
>>> go to CentOS 7, but that needs my user to be off for a while, and his jobs
>>> run literally for weeks, with loads upwords of 30 on an HBS (honkin' big
>>> server)
>> 
>> MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup
>> luksUUID ${MAPDEVICE})
> 
> Something's not right. I did
> cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb))
> --key-file /etc/crypt.pw
> 
> It did want the password, so I added --key-file, but it seems to have
> created /dev/mapper/luks, not the full luksUUID that's in both crypttab
> and fstab.

unmap: cryptsetup luksClose /dev/mapper/luks

and then try again with following correction

NOT ...UUID $(/dev/sdb)
...UUID /dev/sdb

--
LF




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and luksOpen

[m . roth]

Leon Fauster wrote:
>> Am 20.06.2017 um 16:53 schrieb m.r...@5-cent.us:
>>
>> Upgraded a RAID. Copied everything from backup.
>>
>> And then my manager said I had to encrypt the drive.
>>
>> I've done that, and made the filesystem, but I can't mount it.
>>
>> CentOS 6.
>> I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
>> luks UUID in /etc/fstab. I cannot find the command that tells it to
>> create the device in /dev/mapper from the info in /etc/crypttab.
>>
>> Clues for the poor? Yes, the server will, at some point in the future,
>> go to CentOS 7, but that needs my user to be off for a while, and his jobs
>> run literally for weeks, with loads upwords of 30 on an HBS (honkin' big
>> server)
>
> MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup
> luksUUID ${MAPDEVICE})

Something's not right. I did
cryptsetup luksOpen /dev/sdb luks-$(cryptsetup luksUUID $(/dev/sdb))
--key-file /etc/crypt.pw

It did want the password, so I added --key-file, but it seems to have
created /dev/mapper/luks, not the full luksUUID that's in both crypttab
and fstab.

mark

> MAPDEVICE=/dev/sdxy ; mount /dev/mapper/luks-$(cryptsetup luksUUID
> ${MAPDEVICE}) /mnt
>
> --
> LF
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and luksOpen

[Leon Fauster]

> Am 20.06.2017 um 16:53 schrieb m.r...@5-cent.us:
> 
> Upgraded a RAID. Copied everything from backup.
> 
> And then my manager said I had to encrypt the drive.
> 
> I've done that, and made the filesystem, but I can't mount it.
> 
> CentOS 6.
> I have the entry in /etc/crypttab, and a key in /etc/crypt.pw, and the
> luks UUID in /etc/fstab. I cannot find the command that tells it to create
> the device in /dev/mapper from the info in /etc/crypttab.
> 
> Clues for the poor? Yes, the server will, at some point in the future, go
> to CentOS 7, but that needs my user to be off for a while, and his jobs
> run literally for weeks, with loads upwords of 30 on an HBS (honkin' big
> server)


MAPDEVICE=/dev/sdxy ; cryptsetup luksOpen ${MAPDEVICE} luks-$(cryptsetup 
luksUUID ${MAPDEVICE})
MAPDEVICE=/dev/sdxy ; mount /dev/mapper/luks-$(cryptsetup luksUUID 
${MAPDEVICE}) /mnt

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [CentOS 6] Possible bug in updating glibc?

[Jonathan Billings]

On Fri, Jun 02, 2017 at 06:40:57AM -0400, Leam Hall wrote:
> I'm running a KVM host on updated CentOS 6. The guest is built from the
> CentOS 6.9 dvd1 with just @base and @core package groups.
> 
> When I went to install mysql it failed due to incompatibilities with the
> libcc versions. Updated just glibc and glibc-common and then installed
> mysql. Shortly there after it started to freeze and lost connection.
> 
> The KVM host is fairly beefy and mysql wasn't doing anything but running
> with no queries or data. I rebooted the guest and it still had lock up
> issues.
> 
> When I rebuilt the guest and did a full yum update, to include kernel and
> kernel-headers, it seemed to run fine.
> 
> It seems like there's a dependency between glibc(-common) and something
> else. Or do I misunderstand?

How did you update the software?  If you had just run 'yum install
mysql' it should have pulled in all the dependencies.  Did you run a
'yum update' before trying to install mysql?

Its possible that your mirrors are out of sync and your system is
talking to a mirror with older RPMs, but without an actual error log,
its hard to tell what's going on.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] {centos 6} errors in libvirtd, all sites down, need advice

[Leon Fauster]

> Am 29.05.2017 um 22:52 schrieb Political Gateway :
> 
> 2016-09-07 15:56:13.228+: 24704: error : virFileRewrite:507 :
> cannot write data to file '/var/run/libvirt/qemu/main.mywebsite.com.xml.new': 
> No space left on device

clearly stated - no space left on device.

--
LF






___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 dhcpd custom log issues

[Mark Haney]

I've done more testing and I've found something very interesting.  I've
tested logging with our entire string (which will be below) with slight
changes to the 'if' statement solely looking at the 'dhcp-message-type = '
parameter.  Of the four message types we routinely see some work and some
don't: (ie: if option dhcp-message-type = # { log...)

Message-Type 1 (DISCOVER): logging works
Message-Type 2 (OFFER):  logging does NOT work
Message-Type 3 (REQUEST) logging works
Message-Type 5 (ACK) logging does NOT work

And by 'does not work' I mean it doesn't log anything at all.  As if it's
not matching on those message types at all. I know they are being logged in
syslog, where all these messages are logged to, so I know we're getting
OFFERs and ACKs, as they are logged normally in syslog.

So, anyone have any idea WTF is going on here?  I suppose I could log based
on REQUEST, but I'm afraid our data would be inaccurate if a request isn't
ACK'd.

On Fri, May 26, 2017 at 2:04 PM, Mark Haney  wrote:

> Hi all,
>
> I've got an issue with C6's dhcpd custom logging that I cannot figure
> out.  Hopefully someone has an idea, or has seen a similar issue.  We have
> dhcpd logging to /var/log/messages a custom header (DHCPUSER:) with MAC, IP
> and Circuit-ID.
>
> I'll not bore you with the guts, so here's the beginning of that line in
> dhcpd.conf:
>
> if exists agent.circuit-id
>  {
> log (info, concat( "DHCPUSER:,", concat (suffix (concat ("0",
> binary-to-ascii.
>
> We log this specifically to have rsyslog dump that line (keyed on
> DHCPUSER) into a MySQL database for use by a web app our development team
> built so that our customers can get reports on their DHCP leases.  (Neonova
> provides help desk, engineering and Tier 2 and 3 tech support to rural ISPs
> in the US.)
>
> Our problem is that this method logs every entry that has the CID in the
> packet.  Which covers most DHCP requests.  As such, with our bigger
> customers, this logging bogs down MySQL (and the file system on older ext3
> based CentOS 6 boxes we have out in the field) to the point where, after a
> major outage and recovery, the DHCP server can't handle the load and people
> are unable to get new DHCP leases, resulting in calls to our help desk.
>
> What I want to do is have this data logged in the DHCPUSER line on the
> DHCPACK and only that.  For some reason, when I try replace the above with
> 'if option dhcp-message-type = 5', nothing is getting logged.  All the
> instances of this I've googled have similar, notably one from ~2008 that
> has:
>
>  if exists agent.circuit-id and dhcp-message-type = 3
>
> and that apparently worked fine.  I know the circuit-id is included in the
> ACK packet (tcpdump is your friend), but even on the check to log for only
> the dhcp message type 5 isn't working.
>
> Are the newer dhcpd versions different syntactically?  What's the correct
> method for logging on the DCHP Message type with the most recent C6
> version? (dhcp-4.1.1-53.P1.el6.centos.x86_64)
>
> Any ideas?
>
> --
> [image: photo]
> Mark Haney
> Network Engineer at NeoNova
> 919-460-3330 <(919)%20460-3330> (opt 1) • mark.ha...@neonova.net
> www.neonova.net 
>   
> 
>



-- 
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.ha...@neonova.net
www.neonova.net 
  

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 / Intel CPU support

[John Hodrien]

On Thu, 11 May 2017, Darr247 wrote:


If you disable Intel Speedstep in the BIOS it should lock the CPU to its
fastest speed, but you lose power saving during idle.


Could you possibly also find that you're more restricted in your use of
TurboBoost in that state (if indeed it works properly without speedstep), and
so find it runs slower for some workloads?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 / Intel CPU support

[Darr247]

> Here's mine.  Interesting differences:

If you disable Intel Speedstep in the BIOS it should lock the CPU to its
fastest speed, but you lose power saving during idle.

On Thu, May 11, 2017 at 3:48 PM, ken  wrote:

> On 05/11/2017 12:45 PM, Leon Fauster wrote:
>
>> Am 11.05.2017 um 16:29 schrieb Leon Fauster :
>>>
>>> Am 11.05.2017 um 14:48 schrieb Leon Fauster :

 https://access.redhat.com/support/policy/intel

 shows mainly Xeon CPUs. What about

 Intel Core i7-6700 Quad-Core Skylake

 has the current EL6 variant support for it?

 Any experience? Feedback would be greatly appreciated.

>>>
>>> I found this
>>>
>>> linux-2.6.32-696.1.1.el6/arch/x86/kernel/setup.c
>>>
>>> 796 if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
>>> 797 ((boot_cpu_data.x86 == 6))) {
>>> 798 switch (boot_cpu_data.x86_model) {
>>> 799 case 94: /* Skylake-S */
>>> 800 case 86: /* Broadwell-DE SoC */
>>> 801 case 85: /* Purley */
>>> 802 case 79: /* Broadwell-EP and EX */
>>> 803 case 78: /* Skylake-Y */
>>> 804 case 77: /* Atom Avoton */
>>> 805 case 71: /* Broadwell-H */
>>> 806 case 70: /* Crystal Well */
>>> 807 break;
>>> 808 default:
>>> 809 if (boot_cpu_data.x86_model > 63) {
>>> 810 printk(KERN_CRIT
>>> 811"Detected CPU family %d model %d\n",
>>> 812boot_cpu_data.x86,
>>> 813boot_cpu_data.x86_model);
>>> 814 mark_hardware_unsupported("Intel CPU model");
>>> 815 }
>>> 816 break;
>>> 817 }
>>> 818 }
>>>
>>> not sure if "case 94: /* Skylake-S */" means support for Intel Core
>>> i7-6700 Quad-Core Skylake ...
>>>
>>
>> for the record:
>>
>> model 94 seems to be supported since EL6.7.
>>
>> A quick install could be booted without issues.
>>
>>
>> # cat /proc/cpuinfo | head -26 ; uname -a
>> processor   : 0
>> vendor_id   : GenuineIntel
>> cpu family  : 6
>> model   : 94
>> model name  : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
>> stepping: 3
>> microcode   : 85
>> cpu MHz : 3408.025
>> cache size  : 8192 KB
>> physical id : 0
>> siblings: 8
>> core id : 0
>> cpu cores   : 4
>> apicid  : 0
>> initial apicid  : 0
>> fpu : yes
>> fpu_exception   : yes
>> cpuid level : 22
>> wp  : yes
>> flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
>> mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall
>> nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology
>> nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2
>> ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt
>> tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch ida
>> arat epb xsaveopt pln pts dtherm hwp hwp_noitfy hwp_act_window hwp_epp
>> tpr_shadow vnmi flexpriority ept vpid fsgsbase bmi1 hle avx2 smep bmi2 erms
>> invpcid rtm rdseed adx
>> bogomips: 6816.05
>> clflush size: 64
>> cache_alignment : 64
>> address sizes   : 39 bits physical, 48 bits virtual
>> power management:
>>
>> Linux srv-s01.ccds.de 2.6.32-696.1.1.el6.x86_64 #1 SMP Tue Apr 11
>> 17:13:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>
>> --
>> LF
>>
>
> Here's mine.  Interesting differences:
>
> # cat /proc/cpuinfo | head -26; uname -a
> processor: 0
> vendor_id: GenuineIntel
> cpu family: 6
> model: 94
> model name: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
> stepping: 3
> microcode: 0x9e
> cpu MHz: 899.945
> cache size: 6144 KB
> physical id: 0
> siblings: 8
> core id: 0
> cpu cores: 4
> apicid: 0
> initial apicid: 0
> fpu: yes
> fpu_exception: yes
> cpuid level: 22
> wp: yes
> flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
> cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx
> pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl
> xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor
> ds_cpl vmx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe
> popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm
> 3dnowprefetch ida arat epb pln pts dtherm hwp hwp_noitfy hwp_act_window
> hwp_epp intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust
> bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt
> xsaveopt xsavec xgetbv1
> bogomips: 5184.00
> clflush size: 64
> cache_alignment: 64
> address sizes: 39 bits physical, 48 bits virtual
> power management:
>
> Linux null.example.com 3.10.0-514.16.1.el7.x86_64 #1 SMP Wed Apr 12
> 15:04:24 UTC 2017 x86_64 

Re: [CentOS] CentOS 6 / Intel CPU support

[ken]

On 05/11/2017 12:45 PM, Leon Fauster wrote:

Am 11.05.2017 um 16:29 schrieb Leon Fauster :


Am 11.05.2017 um 14:48 schrieb Leon Fauster :

https://access.redhat.com/support/policy/intel

shows mainly Xeon CPUs. What about

Intel Core i7-6700 Quad-Core Skylake

has the current EL6 variant support for it?

Any experience? Feedback would be greatly appreciated.


I found this

linux-2.6.32-696.1.1.el6/arch/x86/kernel/setup.c

796 if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
797 ((boot_cpu_data.x86 == 6))) {
798 switch (boot_cpu_data.x86_model) {
799 case 94: /* Skylake-S */
800 case 86: /* Broadwell-DE SoC */
801 case 85: /* Purley */
802 case 79: /* Broadwell-EP and EX */
803 case 78: /* Skylake-Y */
804 case 77: /* Atom Avoton */
805 case 71: /* Broadwell-H */
806 case 70: /* Crystal Well */
807 break;
808 default:
809 if (boot_cpu_data.x86_model > 63) {
810 printk(KERN_CRIT
811"Detected CPU family %d model %d\n",
812boot_cpu_data.x86,
813boot_cpu_data.x86_model);
814 mark_hardware_unsupported("Intel CPU model");
815 }
816 break;
817 }
818 }

not sure if "case 94: /* Skylake-S */" means support for Intel Core i7-6700 
Quad-Core Skylake ...


for the record:

model 94 seems to be supported since EL6.7.

A quick install could be booted without issues.


# cat /proc/cpuinfo | head -26 ; uname -a
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 94
model name  : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping: 3
microcode   : 85
cpu MHz : 3408.025
cache size  : 8192 KB
physical id : 0
siblings: 8
core id : 0
cpu cores   : 4
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 22
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc 
aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 
xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave 
avx f16c rdrand lahf_lm abm 3dnowprefetch ida arat epb xsaveopt pln pts dtherm 
hwp hwp_noitfy hwp_act_window hwp_epp tpr_shadow vnmi flexpriority ept vpid 
fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx
bogomips: 6816.05
clflush size: 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

Linux srv-s01.ccds.de 2.6.32-696.1.1.el6.x86_64 #1 SMP Tue Apr 11 17:13:24 UTC 
2017 x86_64 x86_64 x86_64 GNU/Linux

--
LF


Here's mine.  Interesting differences:

# cat /proc/cpuinfo | head -26; uname -a
processor: 0
vendor_id: GenuineIntel
cpu family: 6
model: 94
model name: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
stepping: 3
microcode: 0x9e
cpu MHz: 899.945
cache size: 6144 KB
physical id: 0
siblings: 8
core id: 0
cpu cores: 4
apicid: 0
initial apicid: 0
fpu: yes
fpu_exception: yes
cpuid level: 22
wp: yes
flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall 
nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good 
nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 
monitor ds_cpl vmx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 
x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm 
abm 3dnowprefetch ida arat epb pln pts dtherm hwp hwp_noitfy 
hwp_act_window hwp_epp intel_pt tpr_shadow vnmi flexpriority ept vpid 
fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed 
adx smap clflushopt xsaveopt xsavec xgetbv1

bogomips: 5184.00
clflush size: 64
cache_alignment: 64
address sizes: 39 bits physical, 48 bits virtual
power management:

Linux null.example.com 3.10.0-514.16.1.el7.x86_64 #1 SMP Wed Apr 12 
15:04:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 / Intel CPU support

[Leon Fauster]

> Am 11.05.2017 um 16:29 schrieb Leon Fauster :
> 
>> Am 11.05.2017 um 14:48 schrieb Leon Fauster :
>> 
>> https://access.redhat.com/support/policy/intel
>> 
>> shows mainly Xeon CPUs. What about
>> 
>> Intel Core i7-6700 Quad-Core Skylake
>> 
>> has the current EL6 variant support for it?
>> 
>> Any experience? Feedback would be greatly appreciated.
> 
> 
> I found this
> 
> linux-2.6.32-696.1.1.el6/arch/x86/kernel/setup.c
> 
> 796 if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
> 797 ((boot_cpu_data.x86 == 6))) {
> 798 switch (boot_cpu_data.x86_model) {
> 799 case 94: /* Skylake-S */
> 800 case 86: /* Broadwell-DE SoC */
> 801 case 85: /* Purley */
> 802 case 79: /* Broadwell-EP and EX */
> 803 case 78: /* Skylake-Y */
> 804 case 77: /* Atom Avoton */
> 805 case 71: /* Broadwell-H */
> 806 case 70: /* Crystal Well */
> 807 break;
> 808 default:
> 809 if (boot_cpu_data.x86_model > 63) {
> 810 printk(KERN_CRIT
> 811"Detected CPU family %d model %d\n",
> 812boot_cpu_data.x86,
> 813boot_cpu_data.x86_model);
> 814 mark_hardware_unsupported("Intel CPU model");
> 815 }
> 816 break;
> 817 }
> 818 }
> 
> not sure if "case 94: /* Skylake-S */" means support for Intel Core i7-6700 
> Quad-Core Skylake ...


for the record:

model 94 seems to be supported since EL6.7. 

A quick install could be booted without issues.


# cat /proc/cpuinfo | head -26 ; uname -a
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 94
model name  : Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
stepping: 3
microcode   : 85
cpu MHz : 3408.025
cache size  : 8192 KB
physical id : 0
siblings: 8
core id : 0
cpu cores   : 4
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 22
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov 
pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb 
rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc 
aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 
xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave 
avx f16c rdrand lahf_lm abm 3dnowprefetch ida arat epb xsaveopt pln pts dtherm 
hwp hwp_noitfy hwp_act_window hwp_epp tpr_shadow vnmi flexpriority ept vpid 
fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx
bogomips: 6816.05
clflush size: 64
cache_alignment : 64
address sizes   : 39 bits physical, 48 bits virtual
power management:

Linux srv-s01.ccds.de 2.6.32-696.1.1.el6.x86_64 #1 SMP Tue Apr 11 17:13:24 UTC 
2017 x86_64 x86_64 x86_64 GNU/Linux

--
LF

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 / Intel CPU support

[Leon Fauster]

> Am 11.05.2017 um 14:48 schrieb Leon Fauster :
> 
> https://access.redhat.com/support/policy/intel
> 
> shows mainly Xeon CPUs. What about
> 
> Intel Core i7-6700 Quad-Core Skylake
> 
> has the current EL6 variant support for it?
> 
> Any experience? Feedback would be greatly appreciated.


I found this

linux-2.6.32-696.1.1.el6/arch/x86/kernel/setup.c

 796 if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
 797 ((boot_cpu_data.x86 == 6))) {
 798 switch (boot_cpu_data.x86_model) {
 799 case 94: /* Skylake-S */
 800 case 86: /* Broadwell-DE SoC */
 801 case 85: /* Purley */
 802 case 79: /* Broadwell-EP and EX */
 803 case 78: /* Skylake-Y */
 804 case 77: /* Atom Avoton */
 805 case 71: /* Broadwell-H */
 806 case 70: /* Crystal Well */
 807 break;
 808 default:
 809 if (boot_cpu_data.x86_model > 63) {
 810 printk(KERN_CRIT
 811"Detected CPU family %d model %d\n",
 812boot_cpu_data.x86,
 813boot_cpu_data.x86_model);
 814 mark_hardware_unsupported("Intel CPU model");
 815 }
 816 break;
 817 }
 818 }

not sure if "case 94: /* Skylake-S */" means support for Intel Core i7-6700 
Quad-Core Skylake ...

--
LF




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[isdtor]

> Also, in case you're ever interested, I've written a script that 
> generates suitable IPv4-based filenames for pre-default usage:
> 
>https://github.com/heinlein/pxehex
 
gethostip ... I simply rebuilt the relevant C5 rpms for C6, 
system-config-netboot and system-config-netboot-cmd, IIRC.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[Pete Biggs]

> > > .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
> > >   .../pxelinux.cfg/01-88-99-aa-bb-cc-dd
> > >   .../pxelinux.cfg/C0A8025B
> > >   .../pxelinux.cfg/C0A8025
> > >   .../pxelinux.cfg/C0A802
> > >   .../pxelinux.cfg/C0A80
> > >   .../pxelinux.cfg/C0A8
> > >   .../pxelinux.cfg/C0A
> > >   .../pxelinux.cfg/C0
> > >   .../pxelinux.cfg/C
> > >   .../pxelinux.cfg/default
> > > 
> > > The first are MAC addresses, etc.
> > It shouldn't time out on trying to retrieve a file if the TFTP server
> > is responding - each attempted retrieval should return a "not found"
> > rather than sitting there doing nothing. Trying symlinking the MAC
> > address filename to 'default' so it retrieves it first before any
> > timeout could have happened.
> 
> You'd think. And as I said, this has been working for years, on three or
> four OEM's hardware. Suddenly, there's this new box from Penguin that's
> IBM-based, and it's using  something called "openether.org" firmware, and
> it takes minutes between timeouts, instead of seconds. 

Yeah, different hardware tickling different bugs ...

> I'm talking to the
> OEM, but trying to figure out what's going on. I haven't found a timeout
> on the server side, though I suspect there is one, but I really *don't*
> want to make it 20 min. I've also just been googling, trying to find out
> if -mapfile for tftp will let me rename what it's looking for to
> "default", but that search is going nowhere, fast.

On the TFTP server can you not just do

  ln -s default b8945908-d6a6-41a9-611d-74a6ab80b83d

or 

  cp default b8945908-d6a6-41a9-611d-74a6ab80b83d

rather than playing with mapping files - just for testing purposes.

Have you tried pxelinux.0 instead of gpxelinux.0? Or possibly iPXE?

> > 
> > Also, you might like to try tcpdump to see what is actually happening
> > on the TFTP port.
> 
> I'm under the impression I know - the client *tells* me what it's looking
> for, in the order above, but it sits there, and sits there, before it
> tries the next option.
> 
I was more thinking of seeing if the server responds at all - the
symptoms you see look like the server either ignoring the commands or
just not seeing them. I would suggest that a firewall is in the way
somewhere or wrong subnet or something like that, but as you say, it's
working for other clients.

P.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[John R Pierce]

On 4/11/2017 2:01 PM, Bruce Ferrell wrote:
Whatever openether.org is, it sounds buggy. 



there's no such domain.there's a softether.org, which is a VPN 
package, and some kinda github.com/openether which appears to be 
Ethereum blockchain based distributed computing related.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[Bruce Ferrell]

On 04/11/2017 01:33 PM, m.r...@5-cent.us wrote:

Pete Biggs wrote:

We've been using pxeboot to pull up a menu, to build or rebuild
machines for years. We have this new server, and it fails. Times out.
What's happening is that it tries in this order
 .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
.../pxelinux.cfg/01-88-99-aa-bb-cc-dd
.../pxelinux.cfg/C0A8025B
.../pxelinux.cfg/C0A8025
.../pxelinux.cfg/C0A802
.../pxelinux.cfg/C0A80
.../pxelinux.cfg/C0A8
.../pxelinux.cfg/C0A
.../pxelinux.cfg/C0
.../pxelinux.cfg/C
.../pxelinux.cfg/default

The first are MAC addresses, etc.

To be pedantic, the first one is a MAC address, the others are hex
versions of IP addresses - i.e. 192.168.2.91 (the discovered DHCP IP
address)

I understand all that.

  I want it to pull default. It takes
*minutes* to time out each option, so after a dozen or 15 min, when it
gets to defaul, tftp has timed it out.

It shouldn't time out on trying to retrieve a file if the TFTP server
is responding - each attempted retrieval should return a "not found"
rather than sitting there doing nothing. Trying symlinking the MAC
address filename to 'default' so it retrieves it first before any
timeout could have happened.

You'd think. And as I said, this has been working for years, on three or
four OEM's hardware. Suddenly, there's this new box from Penguin that's
IBM-based, and it's using  something called "openether.org" firmware, and
it takes minutes between timeouts, instead of seconds. I'm talking to the
OEM, but trying to figure out what's going on. I haven't found a timeout
on the server side, though I suspect there is one, but I really *don't*
want to make it 20 min. I've also just been googling, trying to find out
if -mapfile for tftp will let me rename what it's looking for to
"default", but that search is going nowhere, fast.

Also, you might like to try tcpdump to see what is actually happening
on the TFTP port.

I'm under the impression I know - the client *tells* me what it's looking
for, in the order above, but it sits there, and sits there, before it
tries the next option.

mark


Whatever openether.org is, it sounds buggy.

I do a lot of pxe and your post intrigued me so I poked around some and when I 
try openether.org, it redirects to www.openether.org and fails.

Might I suggest this page:

http://www.syslinux.org/wiki/index.php?title=PXELINUX.

There is some discussion of broken pxe stacks and just as a test for you, how 
about pxe on a floppy/cdrom/usb key?  I've done crazy things like that on 
occasion.

One other possibility that just occurred to me is it may not be a bug per se, but a UEFI pxe boot attempt... Which could do this too. I just *LOVE* UEFI pxe and someday I will find 
the person who thought it up in a dark alley and make them show me a universal setup.





___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[m . roth]

Pete Biggs wrote:
>
>>We've been using pxeboot to pull up a menu, to build or rebuild
>> machines for years. We have this new server, and it fails. Times out.
>> What's happening is that it tries in this order
>> .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
>>  .../pxelinux.cfg/01-88-99-aa-bb-cc-dd
>>  .../pxelinux.cfg/C0A8025B
>>  .../pxelinux.cfg/C0A8025
>>  .../pxelinux.cfg/C0A802
>>  .../pxelinux.cfg/C0A80
>>  .../pxelinux.cfg/C0A8
>>  .../pxelinux.cfg/C0A
>>  .../pxelinux.cfg/C0
>>  .../pxelinux.cfg/C
>>  .../pxelinux.cfg/default
>>
>> The first are MAC addresses, etc.
>
> To be pedantic, the first one is a MAC address, the others are hex
> versions of IP addresses - i.e. 192.168.2.91 (the discovered DHCP IP
> address)

I understand all that.
>
>>  I want it to pull default. It takes
>> *minutes* to time out each option, so after a dozen or 15 min, when it
>> gets to defaul, tftp has timed it out.
>
> It shouldn't time out on trying to retrieve a file if the TFTP server
> is responding - each attempted retrieval should return a "not found"
> rather than sitting there doing nothing. Trying symlinking the MAC
> address filename to 'default' so it retrieves it first before any
> timeout could have happened.

You'd think. And as I said, this has been working for years, on three or
four OEM's hardware. Suddenly, there's this new box from Penguin that's
IBM-based, and it's using  something called "openether.org" firmware, and
it takes minutes between timeouts, instead of seconds. I'm talking to the
OEM, but trying to figure out what's going on. I haven't found a timeout
on the server side, though I suspect there is one, but I really *don't*
want to make it 20 min. I've also just been googling, trying to find out
if -mapfile for tftp will let me rename what it's looking for to
"default", but that search is going nowhere, fast.
>
> Also, you might like to try tcpdump to see what is actually happening
> on the TFTP port.

I'm under the impression I know - the client *tells* me what it's looking
for, in the order above, but it sits there, and sits there, before it
tries the next option.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[Pete Biggs]

>We've been using pxeboot to pull up a menu, to build or rebuild
> machines for years. We have this new server, and it fails. Times out.
> What's happening is that it tries in this order
> .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
>   .../pxelinux.cfg/01-88-99-aa-bb-cc-dd
>   .../pxelinux.cfg/C0A8025B
>   .../pxelinux.cfg/C0A8025
>   .../pxelinux.cfg/C0A802
>   .../pxelinux.cfg/C0A80
>   .../pxelinux.cfg/C0A8
>   .../pxelinux.cfg/C0A
>   .../pxelinux.cfg/C0
>   .../pxelinux.cfg/C
>   .../pxelinux.cfg/default
> 
> The first are MAC addresses, etc.

To be pedantic, the first one is a MAC address, the others are hex
versions of IP addresses - i.e. 192.168.2.91 (the discovered DHCP IP
address)

>  I want it to pull default. It takes
> *minutes* to time out each option, so after a dozen or 15 min, when it
> gets to defaul, tftp has timed it out.

It shouldn't time out on trying to retrieve a file if the TFTP server
is responding - each attempted retrieval should return a "not found"
rather than sitting there doing nothing. Trying symlinking the MAC
address filename to 'default' so it retrieves it first before any
timeout could have happened.

Also, you might like to try tcpdump to see what is actually happening
on the TFTP port.

P.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and pxeboot

[Paul Heinlein]

On Tue, 11 Apr 2017, m.r...@5-cent.us wrote:


Hi, folks,

  We've been using pxeboot to pull up a menu, to build or rebuild
machines for years. We have this new server, and it fails. Times out.
What's happening is that it tries in this order
   .../pxelinux.cfg/b8945908-d6a6-41a9-611d-74a6ab80b83d
.../pxelinux.cfg/01-88-99-aa-bb-cc-dd
.../pxelinux.cfg/C0A8025B
.../pxelinux.cfg/C0A8025
.../pxelinux.cfg/C0A802
.../pxelinux.cfg/C0A80
.../pxelinux.cfg/C0A8
.../pxelinux.cfg/C0A
.../pxelinux.cfg/C0
.../pxelinux.cfg/C
.../pxelinux.cfg/default

The first are MAC addresses, etc. I want it to pull default. It takes
*minutes* to time out each option, so after a dozen or 15 min, when it
gets to defaul, tftp has timed it out.


I've never seen that sort of delay before, but it's tough to strace an 
PXE environment. :-)



Now, our dhcpd config has this for pxeboot:
group
{
   allow booting;
   allow bootp;
   filename "gpxelinux.0";
   option-209 =  "pxelinux.cfg/default";
   option subnet-mask 255.255.254.0;
   option routers  ;
   default-lease-time 172800; # 2 days.
   max-lease-time 432000; # 5 days.


Do you have a next-server option that points to your tftp server? I've 
always hardcoded an IPv4 address into that setting:


group {
  # normal stuff
  next-server 10.11.12.13;
  filename "gpxelinux.0";
}

Also, in case you're ever interested, I've written a script that 
generates suitable IPv4-based filenames for pre-default usage:


  https://github.com/heinlein/pxehex

--
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, apcupsd

[Jonathan Billings]

On Fri, Apr 07, 2017 at 01:12:55PM -0400, m.r...@5-cent.us wrote:
> Hi, folks,
> 
>Anyone know what apcupsd is no longer in the EPEL repo for CentOS/RHEL
> 6? It's still in for 7.

As far as I can tell, the el6 EPEL package hasn't been built for a
while.

(looking at https://bodhi.fedoraproject.org/updates/?packages=apcupsd)

Perhaps you need to bug the EPEL maintainer to build it?

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[Liam O'Toole]

On 2017-02-01, m.r...@5-cent.us
 wrote:

[...]

> I just tried, both on 6.8 and 7.3, and yum tells me "nothing to do", so I
> can't downgrade. By the way, googling, I find it's been filed as a bug
> with upstream:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1411972
>
> mark

For what it's worth, the resource[1] mentioned in the bug report works
just fine without Flash. :-)

1: http://www.bbc.co.uk/radio/player/bbc_radio_three

-- 

Liam

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[m . roth]

Fred Smith wrote:
> On Wed, Feb 01, 2017 at 10:54:58AM -0500, m.r...@5-cent.us wrote:
>> I wrote:
>> Anyone else seeing this? I'm playing streaming media, and after about
10 or 15 min, flash-plugin crashes. I've had this happen today on
streams from two separate radio stations.
>> *
>>
>> So, is anyone else having this issue? Not only am I having it, but I'm
seeing it on other users, running CentOS 7. On my system, I see in my
logs
>> plugin-containe[17209]: segfault at 3e78991a13c4 ip 7f06e29fe522 sp
7ffe9b68de08 error 6 in libflashplayer.so[7f06e238d000+107b000]
>>
>> I'm running Version : 24.0.0.194 on CentOS 6.8, which appears to be
the same version as is running on CentOS 7, though I see it on
someone's 7.3 with flash-plugin 24.0.0.186. That's from Dec 10, and
that's about when, IIRC, I started seeing crashes.
>
> This may not be the same thing:
>
> I'm running Centos-7, up to date. Flash seems to mostly work fine,... I
can see videos on CNN, for example, as well as other places.
>
> however, I have a weekly online course that uses Adobe Connect,
> which requires flash. At least in the Firefox that ships with (and is
updated occasionally by) Centos, flash crashes whenever I try to open
Connect. If I back out the 24.x.x.x flash version and go back to the
11.x.x.x version it works fine.
>
I just tried, both on 6.8 and 7.3, and yum tells me "nothing to do", so I
can't downgrade. By the way, googling, I find it's been filed as a bug
with upstream:

https://bugzilla.redhat.com/show_bug.cgi?id=1411972

mark



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[Fred Smith]

On Wed, Feb 01, 2017 at 10:54:58AM -0500, m.r...@5-cent.us wrote:
> I wrote:
> Anyone else seeing this? I'm playing streaming media, and after about 10
> or 15 min, flash-plugin crashes. I've had this happen today on streams
> from two separate radio stations.
> *
> 
> So, is anyone else having this issue? Not only am I having it, but I'm
> seeing it on other users, running CentOS 7. On my system, I see in my logs
> plugin-containe[17209]: segfault at 3e78991a13c4 ip 7f06e29fe522 sp
> 7ffe9b68de08 error 6 in libflashplayer.so[7f06e238d000+107b000]
> 
> I'm running Version : 24.0.0.194 on CentOS 6.8, which appears to be
> the same version as is running on CentOS 7, though I see it on someone's
> 7.3 with flash-plugin
> 24.0.0.186. That's from Dec 10, and that's about when, IIRC, I started
> seeing crashes.
> 
> I can't believe that we're the only ones with the problem.
> 
> mark


This may not be the same thing:

I'm running Centos-7, up to date. Flash seems to mostly work fine,...
I can see videos on CNN, for example, as well as other places.

however, I have a weekly online course that uses Adobe Connect,
which requires flash. At least in the Firefox that ships with (and
is updated occasionally by) Centos, flash crashes whenever I try
to open Connect. If I back out the 24.x.x.x flash version and go
back to the 11.x.x.x version it works fine.

Fred

-- 
---
 .Fred Smith   /  
( /__  ,__.   __   __ /  __   : / 
 //  /   /__) /  /  /__) .+'   Home: fre...@fcshome.stoneham.ma.us 
//  (__ (___ (__(_ (___ / :__ 781-438-5471 
 Jude 1:24,25 -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing - anyone have a clue?

[m . roth]

m.r...@5-cent.us wrote:
> I wrote:
> Anyone else seeing this? I'm playing streaming media, and after about 10
> or 15 min, flash-plugin crashes. I've had this happen today on streams
> from two separate radio stations.
> *
>
> So, is anyone else having this issue? Not only am I having it, but I'm
> seeing it on other users, running CentOS 7. On my system, I see in my logs
> plugin-containe[17209]: segfault at 3e78991a13c4 ip 7f06e29fe522 sp
> 7ffe9b68de08 error 6 in libflashplayer.so[7f06e238d000+107b000]
>
> I'm running Version : 24.0.0.194 on CentOS 6.8, which appears to be
> the same version as is running on CentOS 7, though I see it on someone's
> 7.3 with flash-plugin
> 24.0.0.186. That's from Dec 10, and that's about when, IIRC, I started
> seeing crashes.
>
> I can't believe that we're the only ones with the problem.
>

Note that I just looked, and I seem to be seeing GPF on CentOS 7.
kernel: traps: plugin-containe[14051] general protection ip:7f441b23bfaf
sp:7ffc39a76df0 error:0 in libflashplayer.so[7f441abc8000+107b000]

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, flash-plugin crashing

[Richard]

> Date: Monday, January 30, 2017 13:56:24 -0500
> From: m.r...@5-cent.us
>
> Anyone else seeing this? I'm playing streaming media, and after
> about 10 or 15 min, flash-plugin crashes. I've had this happen
> today on streams from two separate radio stations.
> 
>mark


Care to provide any specifics?

   - URL(s) of content that is causing the crashes
   - flash plugin release number
   - firefox version
   - OS version


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, firefox, PIV cards

[m . roth]

Hi, Todd,

Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS wrote:
> m.roth at 5-cent.us further wrote:
> ##
> m.roth at 5-cent.us wrote:
>>
>>Up until a few weeks ago, it worked as it has been for years:
>> firefox,security device is libcoolkey, and pcscd.
>>
>>Today, I go to use it (I have done updates sine I last used it), and
>> try preferences->advanced->certificates, and it hangs. My most recent
>> try was for over 20 min. If you move something over the window, then
>> move it away, it's a blank window. Pull out the card, and *some* of the
>> time, it pops up the window showing no certs, having never asked for a
>> PIN. The rest of the time, firefox crashes, hard.
>>
>>I know the pcscd part works - I used it via a script this morning
>> from the command line, as does pkcs15-tool from the command line.
>>
>>Anyone got any clues? Maybe I should downgrade (if I can) firefox?


Before I start, let me say it was resolved - my manager has a script that
does something to the profiles (which I need to look at). There's a good
chance that the Chain of Authorities had either expired, or gotten hosed
somehow (that's my guess).

> Not yet had the issue(s) but I do have some questions:
> 1) is this with the same physical PIV that you have been using "Up until a
> few weeks ago", that is did you (or the affected person) get a new PIV
> recently?

Yes.

> 1a) does firefox have the certificate authorities loaded which cover the
> card in question (make sure to trace back to the root CA, there have been
> changes)?

It used to.
>
> 2) have you tried just `yum downgrade firefox` and see if it works?

Tried that.

> 4) interrupted updates?  i.e., `yum complete-transaction` (sp???)  `yum
> reinstall firefox nss coolkey pcscd`
>
Shouldn't have been any... though I did an update, and forgot to
disableexcludes, since I didn't feel like screwing with rebuilding my
NVidia driver.

> Even when this disclaimer is not here:
> I am not a contracting officer. I do not have authority to make or modify
> the terms of any contract.

Yeah, me neither.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, firefox, PIV cards

[Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS]

m.roth at 5-cent.us further wrote:
##
m.roth at 5-cent.us wrote:
> Hi, folks,
>
>Up until a few weeks ago, it worked as it has been for years: firefox,
> security device is libcoolkey, and pcscd.
>
>Today, I go to use it (I have done updates sine I last used it), and
> try preferences->advanced->certificates, and it hangs. My most recent
> try was for over 20 min. If you move something over the window, then
> move it away, it's a blank window. Pull out the card, and *some* of the
> time, it pops up the window showing no certs, having never asked for a
> PIN. The rest of the time, firefox crashes, hard.
>
>I know the pcscd part works - I used it via a script this morning from
> the command line, as does pkcs15-tool from the command line.
>
>Anyone got any clues? Maybe I should downgrade (if I can) firefox?
>
Additional info: I tried bringing up firefox with two other profiles. One
didn't have coolkey as a security device, but when I tried to add it, it
responded with "cannot add module".

Yet a third profile, that had both libcoolky and the older onepin, and
that popped up a window saying I needed to authenticate, sat there with no
way to put a pin in, then, when I pulled the card, it flashed the popup
window with my certs.

Yes, at this time, I'm looking at issues with firefox.

So - has anyone else had this problem?

   mark
#

Not yet had the issue(s) but I do have some questions:
1) is this with the same physical PIV that you have been using "Up until a few 
weeks ago", that is did you (or the affected person) get a new PIV recently?
1a) does firefox have the certificate authorities loaded which cover the card 
in question (make sure to trace back to the root CA, there have been changes)?

2) have you tried just `yum downgrade firefox` and see if it works?
2a) I would be tempted to do something on the order of `rpm -qa --last |head 
-50` and then for each package seen there do an rpm -q --verify (syntax unsure) 
on them to be sure all the packages got installed correctly.

3) same as (2) but with recent nss|coolkey|pcscd updates?

4) interrupted updates?  i.e., `yum complete-transaction` (sp???)  `yum 
reinstall firefox nss coolkey pcscd`

Even when this disclaimer is not here:
I am not a contracting officer. I do not have authority to make or modify the 
terms of any contract.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: environment variables and cronjobs ...

[Philippe BOURDEU d'AGUERRE]

Le 01/12/2016 à 17:23, Liam O'Toole a écrit :

On 2016-12-01, Walter H.
 wrote:

Hello,

in

/etc/cron.d/test

I've this:

50 15 * * * root ( date ; echo "---" ; env ; echo "---" ; set )

/tmp/test.txt


and I thought I would be shown environment variables which are defined
in

e.g.  /etc/profiles.d/proxy.sh or /etc/profiles.d/proxy.csh

but this isn't like this ...


That is the expected behaviour.



where do I have to define e.g.
export http_proxy="http://proxy.local:3128/;
in order to have it in cron jobs?

Thanks,
Walter


You can set the variable in the cron job itself. See, for example,
/etc/cron.d/0hourly, where several variables are set.



You can also set environment variables in /etc/environment. They will be 
read by pam module pam_env.

--
Philippe BOURDEU d'AGUERRE
AIME - Campus de l'INSA http://aime-toulouse.fr/
135 av. de Rangueil Tél +33 561 559 885
31077 TOULOUSE Cedex 4 - FRANCE Fax +33 561 559 870
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, firefox, PIV cards

[m . roth]

m.r...@5-cent.us wrote:
> Hi, folks,
>
>Up until a few weeks ago, it worked as it has been for years: firefox,
> security device is libcoolkey, and pcscd.
>
>Today, I go to use it (I have done updates sine I last used it), and
> try preferences->advanced->certificates, and it hangs. My most recent
> try was for over 20 min. If you move something over the window, then
> move it away, it's a blank window. Pull out the card, and *some* of the
> time, it pops up the window showing no certs, having never asked for a
> PIN. The rest of the time, firefox crashes, hard.
>
>I know the pcscd part works - I used it via a script this morning from
> the command line, as does pkcs15-tool from the command line.
>
>Anyone got any clues? Maybe I should downgrade (if I can) firefox?
>
Additional info: I tried bringing up firefox with two other profiles. One
didn't have coolkey as a security device, but when I tried to add it, it
responded with "cannot add module".

Yet a third profile, that had both libcoolky and the older onepin, and
that popped up a window saying I needed to authenticate, sat there with no
way to put a pin in, then, when I pulled the card, it flashed the popup
window with my certs.

Yes, at this time, I'm looking at issues with firefox.

So - has anyone else had this problem?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: environment variables and cronjobs ...

[Liam O'Toole]

On 2016-12-01, Walter H.
 wrote:
> Hello,
>
> in
>
> /etc/cron.d/test
>
> I've this:
>
> 50 15 * * * root ( date ; echo "---" ; env ; echo "---" ; set )
>>>/tmp/test.txt
>
> and I thought I would be shown environment variables which are defined
> in
>
> e.g.  /etc/profiles.d/proxy.sh or /etc/profiles.d/proxy.csh
>
> but this isn't like this ...

That is the expected behaviour.

>
> where do I have to define e.g.
> export http_proxy="http://proxy.local:3128/;
> in order to have it in cron jobs?
>
> Thanks,
> Walter

You can set the variable in the cron job itself. See, for example,
/etc/cron.d/0hourly, where several variables are set.

-- 

Liam

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

[Walter H.]

On Tue, November 22, 2016 22:40, James B. Byrne wrote:
>
> On Sun, November 20, 2016 12:43, Walter H. wrote:
>
>>
>> https://box.domain1.com works
>> but
>> https://box.domain2.com results in  'Certificate name mismatch'
>>
>>
>
> What are the contents of the certificate(s) you have configured for
> tls?  What AltSubject names, if any, do the certificate(s) support?
>
both were wildcard certificates, one for each domain ...


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

[James B. Byrne]

On Sun, November 20, 2016 12:43, Walter H. wrote:

>
> https://box.domain1.com works
> but
> https://box.domain2.com results in  'Certificate name mismatch'
>
>

What are the contents of the certificate(s) you have configured for
tls?  What AltSubject names, if any, do the certificate(s) support?

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI? Solved ...

[Walter H.]

It is solved, I don't know why but
SNI works only with hosts that are
declared with ServerName
and not with ServerAlias

so I did the following ...

I made an include file that contained everything of the virtualhost 
except the ServerAdmin and ServerName declarations

and did this:


ServerAdmin webmaster@domain#.com
ServerName vhost.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl



ServerAdmin webmaster@domain#.com
ServerName box.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl



ServerAdmin webmaster@domain#.com
ServerName calcbox.domain#.com:443
Include /etc/httpd/conf/vhosts/vhost-ssldom#-box.incl


...

Greetings,
Walter


On 20.11.2016 18:24, Walter H. wrote:

Hello,

is Apache 2.2 which is part of the CentOS distribution capable of SNI?

I have troubles that are coming from server side (CentOS 6.8, Apache 
2.2.15)

just did  'yum update'


in
/etc/httpd/conf/httpd.conf

I've the following

NameVirtualHost ipaddr:443

Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf

both 'vhost'-files are like this:


ServerAdmin webmaster@domain#.com

ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443

...
SSLEngine on

SSLStrictSNIVHostCheck on

SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt

...


only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...

what is missing in my config.?

Thanks,
Walter




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

[Walter H.]

On 20.11.2016 18:33, David Nelson wrote:

It doesn't appear you have a ServerName or ServerAlias for the naked domains 
(sans subdomain), so they're both being answered by the first VirtualHost entry?

this is not the problem

meant

https://box.domain1.com works
but
https://box.domain2.com results in  'Certificate name mismatch'

Thanks,
Walter


On Nov 20, 2016, at 9:24 AM, Walter H.  wrote:

Hello,

is Apache 2.2 which is part of the CentOS distribution capable of SNI?

I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
just did  'yum update'


in
/etc/httpd/conf/httpd.conf

I've the following

NameVirtualHost ipaddr:443

Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf

both 'vhost'-files are like this:


ServerAdmin webmaster@domain#.com

ServerName vhost.domain#.com:443
ServerAlias box.domain#.com:443
ServerAlias calcbox.domain#.com:443
ServerAlias proxybox.domain#.com:443

...
SSLEngine on

SSLStrictSNIVHostCheck on

SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt

...


only
https://domain1.com/...
works
https://domain2.com/...
results in a certificate CN mismatch ...

what is missing in my config.?

Thanks,
Walter




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, Apache 2.2.15 and SNI?

[David Nelson]

It doesn't appear you have a ServerName or ServerAlias for the naked domains 
(sans subdomain), so they're both being answered by the first VirtualHost 
entry? 

> On Nov 20, 2016, at 9:24 AM, Walter H.  wrote:
> 
> Hello,
> 
> is Apache 2.2 which is part of the CentOS distribution capable of SNI?
> 
> I have troubles that are coming from server side (CentOS 6.8, Apache 2.2.15)
> just did  'yum update'
> 
> 
> in
> /etc/httpd/conf/httpd.conf
> 
> I've the following
> 
> NameVirtualHost ipaddr:443
> 
> Include /etc/httpd/conf/vhosts/vhost-ssldom1-box.conf
> Include /etc/httpd/conf/vhosts/vhost-ssldom2-box.conf
> 
> both 'vhost'-files are like this:
> 
> 
> ServerAdmin webmaster@domain#.com
> 
> ServerName vhost.domain#.com:443
> ServerAlias box.domain#.com:443
> ServerAlias calcbox.domain#.com:443
> ServerAlias proxybox.domain#.com:443
> 
> ...
> SSLEngine on
> 
> SSLStrictSNIVHostCheck on
> 
> SSLCertificateFile /etc/httpd/conf/ssl.crt/domain#-host.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain#-host.key
> SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server-chain.crt
> 
> ...
> 
> 
> only
> https://domain1.com/...
> works
> https://domain2.com/...
> results in a certificate CN mismatch ...
> 
> what is missing in my config.?
> 
> Thanks,
> Walter
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

[Arun Khan]

On Wed, Aug 31, 2016 at 8:59 AM, Alexander Farber
 wrote:
> You should have provided more info initially.
>
> "goes out in text format" might mean several things.
>

I don't know what you mean by "several things"

In the context of logwatch the only options are HTML or TEXT.  Please see my OP.

Thanks for your assistance.

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

[Alexander Farber]

You should have provided more info initially.

"goes out in text format" might mean several things.

On Wed, Aug 31, 2016 at 5:31 PM, Arun Khan  wrote:

> On Wed, Aug 31, 2016 at 7:58 AM, Alexander Farber
>  wrote:
> > logwatch is run as cronjob.
>
> Let's take cron out of the picture.  Invoking logwatch from an
> interactive shell -- no joy.  The report still goes out in text
> format.
>
> -- Arun Khan
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

[Arun Khan]

On Wed, Aug 31, 2016 at 7:58 AM, Alexander Farber
 wrote:
> logwatch is run as cronjob.

Let's take cron out of the picture.  Invoking logwatch from an
interactive shell -- no joy.  The report still goes out in text
format.

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

[Alexander Farber]

logwatch is run as cronjob.

On Wed, Aug 31, 2016 at 4:11 PM, Arun Khan  wrote:

> On Mon, Aug 29, 2016 at 10:24 PM, Alexander Farber
>  wrote:
> > No, I mean there is sometimes a variable for mail format too:
>
> The HTML formatting is a logwatch option, invoked through the
> logwatch.conf file.
>
> -- Arun Khan
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

[Arun Khan]

On Mon, Aug 29, 2016 at 10:24 PM, Alexander Farber
 wrote:
> No, I mean there is sometimes a variable for mail format too:

The HTML formatting is a logwatch option, invoked through the
logwatch.conf file.

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: files now owned by nobody:nobody

[Pat Haley]

The setting the Domain = line in /etc/idmapd.conf option solved our problem

Thanks


On 08/29/2016 07:23 PM, Frank Cox wrote:

On Mon, 29 Aug 2016 18:59:31 -0400
Pat Haley wrote:


We noticed that all the files were owned by nobody

Here are my notes for dealing with this issue:

If all users come up as nobody on a nfs mount:

Add nfs server name to the Domain = line in /etc/idmapd.conf on both the server 
and the clients, i.e. Domain = nameof.server

/sbin/service rpcidmapd restart
/sbin/service nfslock restart
/sbin/service nfs restart

Also, the complete hostname as specified (nameof.server) must be in /etc/hosts 
on the nfs clients as well as the server

---
try
/usr/sbin/nfsidmap -c
on the client.
Since I put this into my /etc/rc.local , I don't have the problem any
longer.
---
1) /etc/idmapd.conf
# Set domain to the domain name shared by your NFS servers.
Domain: mycompany.com
Set local-realms to the name of the nfs servers you'll be using. THIS
WASN'T MENTIONED ELSEWHERE.
Local-Realms: nfs1.mycompany.com,nfs2.mycompany.com
# make the above changes on all the servers in question.

2) /etc/hosts: list with all the NFS servers you specified in local-realms 
above. This way DNS errors don't make your servers get hung
1.2.3.4nfs1.mycompany.com
1.2.3.5nfs2.mycompany.com

3) Make sure you synchronize your /etc/passwd files so that the account
IDs match up or you'll get very strange results.

4) Reboot EVERYTHING. Restarting services was not enough.
For documentation's sake, I restarted rpcidmapd, nfslock, and nfs, but didn't 
get the correct permissions until reboot. It doesn't seem important to run the 
nfs service on the
clients.

5) Client mount:
# CLI
/bin/mount -t nfs servername:/path/to/share /local/mount/point

# /etc/fstab
servername.com:/path/to/share/local/mount/mount nfs ro,nolock0 0

# mount -a




--

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pat Haley  Email:  pha...@mit.edu
Center for Ocean Engineering   Phone:  (617) 253-6824
Dept. of Mechanical EngineeringFax:(617) 253-8125
MIT, Room 5-213http://web.mit.edu/phaley/www/
77 Massachusetts Avenue
Cambridge, MA  02139-4301

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: files now owned by nobody:nobody

[m . roth]

Jonathan Billings wrote:
> On Mon, Aug 29, 2016 at 06:59:31PM -0400, Pat Haley wrote:
>> ... We
>> noticed that all the files were owned by nobody (with nobody as the
>> group).
>
> If its NFSv4, then its most likely a problem with your idmapper.  Make
> sure that the rpc.idmapd is running on your client, and that your
> server has appropriate ID mapping enabled.
>
> If its NFSv4, are you using sec=krb5*?

I gather other folks have been saying to fix Domain =, and make sure
Method = nsswitch is not commented out, in /etc/idmapd.conf. Other things:
   1. *also* in /etc/idmapd.conf, go further down, and comment out or
   delete the *other* schema - for example, the UMICH schema is
   by default enabled, for some reason. *Definitely* disable that.
   Scroll to the bottom of the file, to make sure nothing else is
   on by default.
   2. nsswitch - check /etc/nsswitch.conf

Then restart idmapd.

mark


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: files now owned by nobody:nobody

[Jonathan Billings]

On Mon, Aug 29, 2016 at 06:59:31PM -0400, Pat Haley wrote:
> ... We
> noticed that all the files were owned by nobody (with nobody as the group).

If its NFSv4, then its most likely a problem with your idmapper.  Make
sure that the rpc.idmapd is running on your client, and that your
server has appropriate ID mapping enabled.

If its NFSv4, are you using sec=krb5*?

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

[Alexander Farber]

No, I mean there is sometimes a variable for mail format too:

# crontab -l
CONTENT_TYPE="text/plain; charset=utf-8"
MAILFROM=webmas...@xxx.de
MAILTO=alexander.far...@xxx.com
LANG=en_US.UTF-8
PGHOST=/tmp
#minute hourmdaymonth   wdaycommand


On Tue, Aug 30, 2016 at 3:37 AM, Arun Khan  wrote:

> On Sun, Aug 28, 2016 at 10:56 PM, Alexander Farber
>  wrote:
> > Maybe the format is set in
> >
> > sudo crontab -l
>
> You mean in the way it is invoked from the cron entry?
>
>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

[Arun Khan]

On Sun, Aug 28, 2016 at 10:56 PM, Alexander Farber
 wrote:
> Maybe the format is set in
>
> sudo crontab -l

You mean in the way it is invoked from the cron entry?

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: files now owned by nobody:nobody

[Pat Haley]

I believe NFSv4.  On the machine that contains the physical disks (is 
that the "server" or the "NSF mount"?) the relevant line from /etc/fstab 
seems to be


UUID=bde58f42-4ac4-4763-b0a8-f83723f0e2a0 /home ext4defaults  1 2

while on my front-end machine its

mseas-data2:/home   /home  nfs defaults0 0

where mseas-data2 is the name of the machine that contains the physical 
disks.  Note that it isn't just root that's becoming "nobody" but all 
the users


Thanks


On 08/29/2016 07:14 PM, John R Pierce wrote:

On 8/29/2016 3:59 PM, Pat Haley wrote:
We are running a cluster under CentOS 6.6.  We recently attached a 
new NAS device, running CentOS 6.8 and rsync'd our user file system 
to it.  We noticed that all the files were owned by nobody (with 
nobody as the group).  We copied over the /etc/passwd and /etc/group 
files from our front-end server to our NAS server.  If we log in to 
the NAS server we see the files owned by their correct owners. 
However, doing an ls from the front-end server or any of the compute 
nodes still shows the files owned by "nobody".  We rebooted one of 
the compute nodes but it still sees the files owned by nobody.


a CentOS server isn't really a 'NAS device', as NAS implies an 
appliance storage device.


this is NFS?   NFSv3, or NFSv4?   what NFS options are on the server 
and on the NFS mount?quite often NFS servers force root to nobody.





--

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Pat Haley  Email:  pha...@mit.edu
Center for Ocean Engineering   Phone:  (617) 253-6824
Dept. of Mechanical EngineeringFax:(617) 253-8125
MIT, Room 5-213http://web.mit.edu/phaley/www/
77 Massachusetts Avenue
Cambridge, MA  02139-4301

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: files now owned by nobody:nobody

[Frank Cox]

On Mon, 29 Aug 2016 18:59:31 -0400
Pat Haley wrote:

> We noticed that all the files were owned by nobody

Here are my notes for dealing with this issue:

If all users come up as nobody on a nfs mount:

Add nfs server name to the Domain = line in /etc/idmapd.conf on both the server 
and the clients, i.e. Domain = nameof.server

/sbin/service rpcidmapd restart
/sbin/service nfslock restart
/sbin/service nfs restart

Also, the complete hostname as specified (nameof.server) must be in /etc/hosts 
on the nfs clients as well as the server

---
try
/usr/sbin/nfsidmap -c
on the client.
Since I put this into my /etc/rc.local , I don't have the problem any 
longer.
---
1) /etc/idmapd.conf
# Set domain to the domain name shared by your NFS servers.
Domain: mycompany.com
Set local-realms to the name of the nfs servers you'll be using. THIS 
WASN'T MENTIONED ELSEWHERE.
Local-Realms: nfs1.mycompany.com,nfs2.mycompany.com
# make the above changes on all the servers in question.

2) /etc/hosts: list with all the NFS servers you specified in local-realms 
above. This way DNS errors don't make your servers get hung
1.2.3.4nfs1.mycompany.com
1.2.3.5nfs2.mycompany.com

3) Make sure you synchronize your /etc/passwd files so that the account 
IDs match up or you'll get very strange results.

4) Reboot EVERYTHING. Restarting services was not enough. 
For documentation's sake, I restarted rpcidmapd, nfslock, and nfs, but didn't 
get the correct permissions until reboot. It doesn't seem important to run the 
nfs service on the 
clients.

5) Client mount:
# CLI
/bin/mount -t nfs servername:/path/to/share /local/mount/point

# /etc/fstab
servername.com:/path/to/share/local/mount/mount nfs ro,nolock0 0

# mount -a


-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6: files now owned by nobody:nobody

[John R Pierce]

On 8/29/2016 3:59 PM, Pat Haley wrote:
We are running a cluster under CentOS 6.6.  We recently attached a new 
NAS device, running CentOS 6.8 and rsync'd our user file system to 
it.  We noticed that all the files were owned by nobody (with nobody 
as the group).  We copied over the /etc/passwd and /etc/group files 
from our front-end server to our NAS server.  If we log in to the NAS 
server we see the files owned by their correct owners. However, doing 
an ls from the front-end server or any of the compute nodes still 
shows the files owned by "nobody".  We rebooted one of the compute 
nodes but it still sees the files owned by nobody.


a CentOS server isn't really a 'NAS device', as NAS implies an appliance 
storage device.


this is NFS?   NFSv3, or NFSv4?   what NFS options are on the server and 
on the NFS mount?quite often NFS servers force root to nobody.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 - logwatch report not in HTML format

[Alexander Farber]

Maybe the format is set in

sudo crontab -l

Am Montag, 29. August 2016 schrieb Arun Khan :

> CentOS 6 (amd64) up to date with latest security / bug fixes.
>
> The logwatch reports come in plain text even though the config states HTML.
>
> 
> mailer = "/usr/sbin/sendmail -t"
> TmpDir = /tmp
> MailFrom = logwa...@example.com 
> MailTo = admin1 admin2 admin3
> Range = yesterday
> Detail = Medium
> HostName = www.example.com
> Print = No
> Output = mail
> Format = html
> 
>
> The same settings in Debian/Ubuntu servers send the reports in HTML format.
>
> In my search, I did not come across any solution for CentOS 6.
>
> Any ideas on how to get logwatch to generate HTML reports?
>
> Thanks for your help.
>
> -- Arun Khan
> ___
> CentOS mailing list
> CentOS@centos.org 
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and an SAS drive, hardware

[Paul Heinlein]

On Tue, 26 Jul 2016, John R Pierce wrote:


On 7/26/2016 2:56 PM, m.r...@5-cent.us wrote:

 Yeah, well, the thing is, for years I've just been shoving
 ordinary SATA drives into the same server, to use to copy from
 other machines via rsync, getting a drive ready to replace in
 another server. I've never had trouble with SATA. This is the
 first time with an SAS drive.


mixing SAS and SATA on the same backplane can be problematic, 
depending on the system.


Yep.

--
Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and an SAS drive, hardware

[John R Pierce]

On 7/26/2016 2:56 PM, m.r...@5-cent.us wrote:

Yeah, well, the thing is, for years I've just been shoving ordinary SATA
drives into the same server, to use to copy from other machines via rsync,
getting a drive ready to replace in another server. I've never had trouble
with SATA. This is the first time with an SAS drive.


mixing SAS and SATA on the same backplane can be problematic, depending 
on the system.


all my SAS2008 LSI cards, I've reflashed with the IT firmware, this 
turns them into straight host bus adapters, with no hardware raid at 
all, then if I need raid, I use mdraid (or zfs or whatever).



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and an SAS drive, hardware

[m . roth]

John R Pierce wrote:
> On 7/26/2016 2:38 PM, Peter wrote:
>> On 27/07/16 09:11,m.r...@5-cent.us  wrote:
>>> >This is... odd. Got a 6.8 box, a Dell R320 lspci tells me
>>> >01:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS
>>> 2008 [Falcon] (rev 03)
>>> >so it*should*  accept an SAS drive. I've got a Cheetah that's a few
>>> years old, and having pulled it out of another server (in the
datecenter), I
>>> put it in this box to zero it out for reuse... and the box refuses to see
>>> the drive.*Nothing*  in dmesg,*nothing*  in /var/log/messages, and I
tried
>>> >echo "0" etc to get the SCSI buses to rescan.
>>> >
>>> >Anyone have any ideas?

>> That's a hardware RAID controller, so it won't (by default) see single
>> drives and pass them directly to the OS like a normal disk controller
>> would.  You need to go into the RAID config (you should see an option to
>> do this at boot) and configure a RAID with a single disk in a RAID0
>> configuration.
>
> or use the MegaCli from linux to do the same, but the syntax is nasty

Yeah, well, the thing is, for years I've just been shoving ordinary SATA
drives into the same server, to use to copy from other machines via rsync,
getting a drive ready to replace in another server. I've never had trouble
with SATA. This is the first time with an SAS drive.

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and an SAS drive, hardware

[John R Pierce]

On 7/26/2016 2:38 PM, Peter wrote:

On 27/07/16 09:11,m.r...@5-cent.us  wrote:

>This is... odd. Got a 6.8 box, a Dell R320 lspci tells me
>01:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2008
>[Falcon] (rev 03)
>so it*should*  accept an SAS drive. I've got a Cheetah that's a few years
>old, and having pulled it out of another server (in the datecenter), I put
>it in this box to zero it out for reuse... and the box refuses to see the
>drive.*Nothing*  in dmesg,*nothing*  in /var/log/messages, and I tried
>echo "0" etc to get the SCSI buses to rescan.
>
>Anyone have any ideas?

That's a hardware RAID controller, so it won't (by default) see single
drives and pass them directly to the OS like a normal disk controller
would.  You need to go into the RAID config (you should see an option to
do this at boot) and configure a RAID with a single disk in a RAID0
configuration.


or use the MegaCli from linux to do the same, but the syntax is nasty



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6 and an SAS drive, hardware

[Peter]

On 27/07/16 09:11, m.r...@5-cent.us wrote:
> This is... odd. Got a 6.8 box, a Dell R320 lspci tells me
> 01:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2008
> [Falcon] (rev 03)
> so it *should* accept an SAS drive. I've got a Cheetah that's a few years
> old, and having pulled it out of another server (in the datecenter), I put
> it in this box to zero it out for reuse... and the box refuses to see the
> drive. *Nothing* in dmesg, *nothing* in /var/log/messages, and I tried
> echo "0" etc to get the SCSI buses to rescan.
> 
> Anyone have any ideas?

That's a hardware RAID controller, so it won't (by default) see single
drives and pass them directly to the OS like a normal disk controller
would.  You need to go into the RAID config (you should see an option to
do this at boot) and configure a RAID with a single disk in a RAID0
configuration.


Peter
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, iscsi issue, [SOLVED]

[m . roth]

m.r...@5-cent.us wrote:
> Hi, folks,
>
>Ok, I had iscsi working. Then I umounted the filesystem, and deleted
> the logical volume, then the RAID, and recreated it with a) 4 more
> drives (or was it six?), gave it a new RG name, and a new VD name.
>
>I can ping the IP, but can't rediscover it - just get "no portals
> found". I'm finding a fair number of people with this issue, googling,
> but not a lot of answers. Anyone know what I've done wrong?
>
Solved. I had to attach the VD to the LU, on the iSCSI box side.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 6, mptfusion software? sort of solved

[m . roth]

More googling, and then something I wouldn't have thought of: smartctl
doesn't work on this HBA against /dev/sd*. HOWEVER, it's happy as a clam
against /dev/sgx, and there's my RAID, /dev/sg0 and /dev/sg1 (which lshw
also was able to show me), but now, at least, I can run smartctl tests on
the drives, and hopefully one will say, "Bad! Bad!".

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos