Re: [CentOS] Change default font size in terminal
From: Yawei Guo > I want to change default font size in terminal. The size is too small for a > 1920x1080 screen. Thank you very much. In the terminal profile preferences menu, change the font size... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync question: building list taking forever
On Mon, Oct 20, 2014 at 3:05 PM, Tim Dunphy wrote: > > > > > Don't forget that the time taken to build the file list is a function > of > > > the number of files present, and not their size. If you have many > > millions > > > of small files, it will indeed take a very long time. Over sshfs with > > > a slowish link, it could be days. > > > > > > and it may end up failing silently or noisily anyway. > > > Ahhh, but isn't that part of the beauty of adventure that being a linux > admin is all about? *twitch* > > Adventure? Nah, that's why my rsync scripts rsync chunks of the filesystem rather than all of it in one go, and why it gets to run twice each time. Once bitten, twice shy. Cheers, Cliff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 116, Issue 11
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. Continuous Release (CR) Repository updates arereleased for CentOS-6.6 (Johnny Hughes) -- Message: 1 Date: Tue, 21 Oct 2014 06:28:28 -0500 From: Johnny Hughes To: CentOS-Announce Subject: [CentOS-announce] Continuous Release (CR) Repository updates are released for CentOS-6.6 Message-ID: <5446435c.6080...@centos.org> Content-Type: text/plain; charset="utf-8" We have released the following updates into the 6.5/cr repository: http://lists.centos.org/pipermail/centos-cr-announce/2014-October/thread.html The updates include everything that will be on the 6.6 ISO Sets and also everything to date that will be in 6.6 Updates. We will continue to put updates into 6.5 CR until we actually release CentOS-6.6. For information on the CR repository, see this link: http://wiki.centos.org/AdditionalResources/Repositories/CR Thanks, Johnny Hughes -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-announce/attachments/20141021/02d617e1/attachment-0001.sig> -- ___ CentOS-announce mailing list centos-annou...@centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 116, Issue 11 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync question: building list taking forever
On Mon, October 20, 2014 10:49, Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote: > > [OP: `they don't allow ssh between the datacenters` ...but... they nfs between > them...??? ME: much head scratching.] We have a Value Added Network (VAN) provider who insists on a similar thing. We were given sftp access to our transaction files but not ssh. They also will not run an rsync daemon for us. We ended up locally mounting the remote host directories with fuse-ssh (sshfs) over sftp using RSA keys to bypass the interactive logins. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba 4.1.6
On 10/18/2014 8:06 AM, Arun Khan wrote: On Sat, Oct 18, 2014 at 1:21 AM, Bowie Bailey wrote: Can this package coesist with the current Samba package, or do I need to remove the CentOS Samba package first? Both packages would want to use the same ports netbios ports. I understand that. But if they install into different locations, I should theoretically be able to have them both installed as long as I don't try to have both of them active at the same time. That's really what I was asking -- Does the Sernet package install into the same location as the base Samba package or are there package dependencies that would prevent it from being installed alongside the base package? But it's a moot point for me now since I've found a way around the problem I was hoping to solve by switching to 4.1.6. -- Bowie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] creating a floppy image from a linux file
On Mon, Oct 20, 2014 at 9:01 AM, Dan Hyatt wrote: > My chicken and egg. > > I was hoping to > 1. create a baseline image that I can clone > 2. get a centos image on a VM guest, have my own management servers > (including pxe boot) that I own and control. > > > Once I have one or two, I can expand my private cloud as large as I > want...and building new guest servers will take minutes. Please don't top-post. ;-) 1) yes, if you include the kickstart in an ISO, you'll have to modify ISOs for each release that comes out. 2) I'd suggest discounting the idea of a floppy image and go for a PXE server. 3) Your problems with a PXE server are probably for two reasons: a) you don't control the network, so the boot file is not set ; b) you don't have VMware's networking configured properly. 4) Simple solution (_within your control_): Make a separate bridge via VMware for a "kickstart network". Build one VM manually and set up DHCP/TFTP/DNS Forwarder/HTTP/ip_forward/NAT Masquerading. Put one NIC in your NATted VMware bridge (or another bridge that facilitates reaching the Internet (unless you run your own package mirror on that "manual VM"). Put the other NIC in that "kickstart network" bridge ... make HTTP (for pulling the config), DHCP, and TFTP listen on that interface and that interface only. Spin up your remaining VMs via PXE. This takes some work up front, but it will save you time in the long run. Changing a kickstart config or adding a new one is painless. > > > On 10/17/2014 5:06 PM, John R Pierce wrote: > >> On 10/17/2014 1:55 PM, Dan Hyatt wrote: >> >>> I am still trying to get kick-start centos in my vmware5 because pxe >>> cannot find the pxe server. I do not control the dhcp or pxe server. >>> >> >> this is on ESXI? you /could/ create a virtual network thats not routed >> or bridged to your actual networks, then create your own PXE/DHCP server on >> this virtual network, and then connect your new VM to that private virtual >> net for installation, switching it over to the regular networks when its >> done installingI've done crazier things on ESXI :) >> >> >> >> > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Loss of Ethernet adaptor
On 16-10-2014 13:47, Akemi Yagi wrote: On Wed, Oct 15, 2014 at 8:41 AM, James B. Byrne wrote: This is a return to an issue I first raised back in June. We had a similar occurrence in September while I was away and so I am revisiting the entire matter. Steve Clark on 6 Jun 16:02 2014 wrote: Hi, We ran into this problem also - the interface would disappear. There is newer e1000e driver that fixes it or you could add pcie_aspm=off to your kernel command line. HTH, Steve I have run into other reports of similar occurrences and some of these refer to this bug report: https://bugzilla.redhat.com/show_bug.cgi?id=632650 I'm the one who did the submission. Some of my comments (which I thought were helpful) have been hidden by Red Hat. However, that report is closed as being a duplicate of: https://bugzilla.redhat.com/show_bug.cgi?id=562273 Which is not available to viewing by the great unwashed. I don't have access, either. The host is running CentOS-6.5 with all updates applied to date. My question is: Has this issue been addressed in the official e1000e module or not? if not then does the recommendation to "add pcie_aspm=off to your kernel command line" hold? My suggestion for you is to give ELRepo's kmod-e1000e a try. It has the latest version from Intel (3.1.0.2) as opposed to the version in the EL kernels (2.3.2-k). There are known cases in which a later version resolved issues. Both BZs above are RHEL 5 specific, being 562273 a "driver update" one. Did you report this against any RHEL6 too? Marcelo ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IP aliasing on CentOS 7
Hello all, Thank you for all the great responses. I meant to reply earlier but it slipped my mind. Sorry. OK, so according to my experience here is what seems to work. 1) nmtui Using this utility one can do that without delving into the nitty-gritty, it seems. 2) By editing the config file. So let us say we have the NIC eno16780032 If you now edit your config file ( /etc/sysconfig/network-scripts/ifcfg-eno16780032 ) to look like this -- TYPE=Ethernet BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=eno16780032 UUID=f303271a-dc5c-4fd6-ac61-73c7b78a5b2b ONBOOT=yes DNS1=10.1.3.5 DOMAIN=insideidc.com IPADDR1=10.1.3.226 PREFIX1=24 HWADDR=00:50:56:A6:11:CA IPADDR=10.1.3.220 PREFIX=24 GATEWAY=10.1.3.10 DNS2=10.1.3.1 DNS3=10.1.3.2 IPV6_PEERDNS=yes IPV6_PEERROUTES=yes -- you are going to have two IP addresses (in this scenario, 10.1.3.220 and 10.1.3.226) assigned to the same NIC. NOTICE: ifconfig will not show them all, use "ip a show" to see them. Once again, thank you all for responding. Cheers, Boris. On Wed, Oct 15, 2014 at 5:12 PM, Boris Epstein wrote: > Hello all, > > is there a good wirte-up on how edit script files in > the /etc/sysconfig/network-scripts directory on Centos & to assign multiple > IP addresses to the same NIC on boot? > > Thanks for any and all help. > > Cheers, > > Boris. > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fwd: A CentOS list favor, please: an ethtool question
-- Forwarded message -- From: Date: Tue, Oct 21, 2014 at 2:33 PM Subject: A CentOS list favor, please: an ethtool question To: Les Mikesell Hi, Les, May I ask you to forward this to the list? I know I got one email from Karanbir after he modded me so that I couldn't post to the list... but in the last week, I've tried emailing Johnny, and I also sent one to Karanbir, figuring that if he was moderating me, I'd send a post to him to moderate, and got a response from neither... and I'm suspecting that any email I send to *any* address at centos.org goes to /dev/null, and he seems to have forgotten me altogether. Anyway, I'm rsyncing directories over the net, from a 6.5 box to a 6.5 box, and it's going *very* slowly, hours for < 100G. Trying to see if there was a network issue, I tried ethtool on the older box that I'm pulling from, and the relevant lines that surprised me are these: Advertised auto-negotiation: Yes Speed: Unknown! Duplex: Unknown! (255) Port: Twisted Pair PHYAD: 1 Transceiver: internal Auto-negotiation: on Note it's a tg3 driver. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: A CentOS list favor, please: an ethtool question
On 10/21/2014 02:37 PM, Les Mikesell wrote: > > Hi, Les, > >May I ask you to forward this to the list? I know I got one email from > Karanbir after he modded me so that I couldn't post to the list... but > in the last week, I've tried emailing Johnny, and I also sent one to > Karanbir, figuring that if he was moderating me, I'd send a post to him > to moderate, and got a response from neither... and I'm suspecting that > any email I send to *any* address at centos.org goes to /dev/null, and > he seems to have forgotten me altogether. Or we're a tad busy with getting 6.6 built, tested and out the door (among other tasks). Please don't circumvent the mod status for the mailing list. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Conduct on the CentOS List
On Wed, Oct 15, 2014 at 11:20 AM, Alain Reguera Delgado wrote: > On 10/9/14, Karanbir Singh wrote: > ... >> The power of an open source project is in the community. If the >> community gets broken, the project loses its fundamental >> reason-for-being. Code alone does not make open source, and community >> is made through people treating each other with respect. >> >> * Do not make personal attacks >> * Do not threaten people >> * Do not harass people >> * Do debate ideas on the merits of the idea alone >> * Do help each other keep a civil tone while remaining civil >> * Do treat others with respect > > This can be considered the social behavior part of CentOS Project > corporate identity. It is an essential part of what the CentOS Project > is. It should be respected, supported and reinforced in all > environments and directions. It is a source of education for all us, > worth to accept and follow with humbleness. > And in other news, people on the internet have no sense of humor. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Testing "dark" SSL sites
So, with all the hubbub around POODLE and ssl, we're preparing a new load balancer using HAProxy. So we have a set of unit tests written using PHPUnit, having trouble validating certificates. How do you test/validate an SSL cert for a prototype "foo.com" server if it's not actually active at the IP address that matches DNS for foo.com? For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass an explicit "host: foo.com" http header but that fails for SSL certificate validation. You can also set a hosts file entry, but that's also rather painful. Is there a better option? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing "dark" SSL sites
On 10/21/2014 04:57 PM, li...@benjamindsmith.com wrote: > So, with all the hubbub around POODLE and ssl, we're preparing a new load > balancer using HAProxy. > > So we have a set of unit tests written using PHPUnit, having trouble > validating certificates. How do you test/validate an SSL cert for a prototype > "foo.com" server if it's not actually active at the IP address that matches > DNS for foo.com? > > For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass an > explicit "host: foo.com" http header but that fails for SSL certificate > validation. > > You can also set a hosts file entry, but that's also rather painful. Is there > a > better option? > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos I just disabled SSLv3 altogether on my server and just use TLS. On my site I only use TLS 1.2 and not earlier versions or SSL so I was never affected by POODLE. -- Travis Kendrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing "dark" SSL sites
On Tue, Oct 21, 2014 at 02:57:42PM -0700, li...@benjamindsmith.com wrote: > So we have a set of unit tests written using PHPUnit, having trouble > validating certificates. How do you test/validate an SSL cert for a prototype > "foo.com" server if it's not actually active at the IP address that matches > DNS for foo.com? openssl s_client -connect ip.ad.dr.ess:443 then decode the cert e.g. $ openssl s_client -connect 1.2.3.4:443 < /dev/null >| cert Now you can use the "x509" to look at various things eg $ openssl x509 -in cert -subject -noout subject= /description=foobar/C=US/CN=ssl.example.com/emailAddress=f...@example.com "man x509" -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing "dark" SSL sites
On Tuesday, October 21, 2014 06:07:29 PM Stephen Harris wrote: > On Tue, Oct 21, 2014 at 02:57:42PM -0700, li...@benjamindsmith.com wrote: > > So we have a set of unit tests written using PHPUnit, having trouble > > validating certificates. How do you test/validate an SSL cert for a > > prototype "foo.com" server if it's not actually active at the IP address > > that matches DNS for foo.com? > > openssl s_client -connect ip.ad.dr.ess:443 > then decode the cert > > e.g. > $ openssl s_client -connect 1.2.3.4:443 < /dev/null >| cert > > Now you can use the "x509" to look at various things > eg > $ openssl x509 -in cert -subject -noout > subject= > /description=foobar/C=US/CN=ssl.example.com/emailAddress=f...@example.com > > "man x509" The issue is that I wouldn't consider myself qualified to make sense of this output. Curl noticed when an intermediate SSL cert wasn't installed correctly, so if possible I'd really like to use a CLI "browser" such as curl or wget. I've already confirmed for example, that using openssl s_client as you mention above doesn't actually check the certs, just lists them. Thus, the recent issues with firefox and intermediate certs would be tough to look for ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing "dark" SSL sites
On Tuesday, October 21, 2014 05:02:53 PM Travis Kendrick wrote: > On 10/21/2014 04:57 PM, li...@benjamindsmith.com wrote: > > So, with all the hubbub around POODLE and ssl, we're preparing a new load > > balancer using HAProxy. > > > > So we have a set of unit tests written using PHPUnit, having trouble > > validating certificates. How do you test/validate an SSL cert for a > > prototype "foo.com" server if it's not actually active at the IP address > > that matches DNS for foo.com? > > > > For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass > > an explicit "host: foo.com" http header but that fails for SSL > > certificate validation. > > > > You can also set a hosts file entry, but that's also rather painful. Is > > there a better option? > > ___ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > > I just disabled SSLv3 altogether on my server and just use TLS. On my > site I only use TLS 1.2 and not earlier versions or SSL so I was never > affected by POODLE. As far as I can tell, this comment is not related to the question I asked... at all. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing "dark" SSL sites
On Tue, Oct 21, 2014 at 04:17:25PM -0700, li...@benjamindsmith.com wrote: > I've already confirmed for example, that using openssl s_client as you mention > above doesn't actually check the certs, just lists them. Actually it does check them as well. e.g. openssl s_client -connect localhost:443 < /dev/null > /dev/null depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=a.example.com/emailAddress=r...@a.example.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=a.example.com/emailAddress=r...@a.example.com verify error:num=10:certificate has expired notAfter=Aug 9 23:55:39 2014 GMT verify return:1 depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=a.example.com/emailAddress=r...@a.example.com notAfter=Aug 9 23:55:39 2014 GMT verify return:1 DONE Notice the "verify error" lines; it's both self-signed _and_ expired. In chained certs it'll check each of the chains. e.g. openssl s_client -connect www.google.com:443 < /dev/null > /dev/null CONNECTED(0003) depth=3 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority verify return:1 depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA verify return:1 depth=1 /C=US/O=Google Inc/CN=Google Internet Authority G2 verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority You can do a _LOT_ with the openssl command line (e.g. show all the intermediate certs in detail with -showcerts). 'man s_client' If you have a server with a broken intermediate chain then run the command and see what it returns. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing "dark" SSL sites
On 10/21/2014 06:24 PM, li...@benjamindsmith.com wrote: > On Tuesday, October 21, 2014 05:02:53 PM Travis Kendrick wrote: >> On 10/21/2014 04:57 PM, li...@benjamindsmith.com wrote: >>> So, with all the hubbub around POODLE and ssl, we're preparing a new load >>> balancer using HAProxy. >>> >>> So we have a set of unit tests written using PHPUnit, having trouble >>> validating certificates. How do you test/validate an SSL cert for a >>> prototype "foo.com" server if it's not actually active at the IP address >>> that matches DNS for foo.com? >>> >>> For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass >>> an explicit "host: foo.com" http header but that fails for SSL >>> certificate validation. >>> >>> You can also set a hosts file entry, but that's also rather painful. Is >>> there a better option? >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> I just disabled SSLv3 altogether on my server and just use TLS. On my >> site I only use TLS 1.2 and not earlier versions or SSL so I was never >> affected by POODLE. > As far as I can tell, this comment is not related to the question I asked... > at all. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos I thought you were talking about dealing with POODLE. Maybe I misunderstood. -- Travis Kendrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing "dark" SSL sites
On 10/21/2014 06:24 PM, li...@benjamindsmith.com wrote: > On Tuesday, October 21, 2014 05:02:53 PM Travis Kendrick wrote: >> On 10/21/2014 04:57 PM, li...@benjamindsmith.com wrote: >>> So, with all the hubbub around POODLE and ssl, we're preparing a new load >>> balancer using HAProxy. >>> >>> So we have a set of unit tests written using PHPUnit, having trouble >>> validating certificates. How do you test/validate an SSL cert for a >>> prototype "foo.com" server if it's not actually active at the IP address >>> that matches DNS for foo.com? >>> >>> For non-ssl sites, I can specify the url like http://1.2.3.4/path and pass >>> an explicit "host: foo.com" http header but that fails for SSL >>> certificate validation. >>> >>> You can also set a hosts file entry, but that's also rather painful. Is >>> there a better option? >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> I just disabled SSLv3 altogether on my server and just use TLS. On my >> site I only use TLS 1.2 and not earlier versions or SSL so I was never >> affected by POODLE. > As far as I can tell, this comment is not related to the question I asked... > at all. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Maybe I did misunderstood, in which case ignore my post and/or remove it as it didn't help. -- Travis Kendrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
