Re: [CentOS] Extending a CentOS disk without reboot

2015-12-23 Thread Gordon Messmer

On 12/21/2015 11:15 AM, Sander Kuusemets wrote:
So what happened, is that after another administrator had extended the 
disk from VMWare, I tried to extend it from the OS side.

...
Now's when the problems happened. After writing the partition table I 
got the usual "Busy" error. But I needed to do this without downtime. 
So, what did I try to get the kernel acknowledge the partition size 
change:

...

* partprobe -s


Well, partprobe is the standard advice for this situation, but I don't 
think it actively does anything with the -s flag.  That could have been 
the problem, but I'm not certain.


And while dmesg reported that it recognized the partition change, LVM 
did still not see it.


You didn't include "pvresize" in that list, so I presume you didn't do 
it.  That's the command that will inform LVM of the change.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] systemd-sysctl not running on boot

2015-12-23 Thread Ofer Hasson
Added some info from the my system:

[root@web-devel-local-1 ~]# uname -a
Linux web-devel-local-1.in.parkam-ip.com 3.10.0-327.3.1.el7.x86_64 #1 SMP
Wed Dec 9 14:09:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux


[root@web-devel-local-1 ~]# cat /etc/sysctl.d/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an
/etc/sysctl.d/.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 0
kernel.panic = 20
kernel.sem = 250 65000 32 256
vm.swappiness = 10
net.ipv4.conf.all.log_martians = 1
kernel.dmesg_restrict = 1
vm.dirty_ratio = 15
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.disable_ipv6 = 1
kernel.kptr_restrict = 1


[root@web-devel-local-1 ~]# systemctl status systemd-sysctl
● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static;
vendor preset: disabled)
   Active: active (exited) since Thu 2015-12-24 09:05:15 IST; 3min 8s ago
 Docs: man:systemd-sysctl.service(8)
   man:sysctl.d(5)
  Process: 488 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited,
status=0/SUCCESS)
 Main PID: 488 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/systemd-sysctl.service

Dec 24 09:05:14 web-devel-local-1.in.parkam-ip.com systemd[1]: Starting
Apply Kernel Variables...
Dec 24 09:05:15 web-devel-local-1.in.parkam-ip.com systemd[1]: Started
Apply Kernel Variables.


[root@web-devel-local-1 ~]# reboot


[root@web-devel-local-1 ~]# cat /proc/sys/vm/swappiness
30

[root@web-devel-local-1 ~]# /usr/lib/systemd/systemd-sysctl
[root@web-devel-local-1 ~]# cat /proc/sys/vm/swappiness
10


[root@web-devel-local-1 ~]# cat
/usr/lib/systemd/system/systemd-sysctl.service
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Apply Kernel Variables
Documentation=man:systemd-sysctl.service(8) man:sysctl.d(5)
DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service
After=systemd-modules-load.service
Before=sysinit.target shutdown.target
ConditionPathIsReadWrite=/proc/sys/

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/systemd/systemd-sysctl



On Thu, Dec 24, 2015 at 9:01 AM, Ofer Hasson  wrote:

> also in /etc/sysctl.d/
>
> On Thu, Dec 24, 2015 at 8:58 AM, Gordon Messmer 
> wrote:
>
>> On 12/23/2015 05:08 AM, Ofer Hasson wrote:
>>
>>> By running "systemctl status systemd-sysctl" I also receive the same
>>> output, but a simple "cat /proc/sys/vm/swappiness" returns the default
>>> value, and not the one set by my conf file.
>>>
>>
>> All of mine, as set by files in /etc/sysctl.d/, are correct after boot.
>> Where is your conf file?
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] systemd-sysctl not running on boot

2015-12-23 Thread Ofer Hasson
also in /etc/sysctl.d/

On Thu, Dec 24, 2015 at 8:58 AM, Gordon Messmer 
wrote:

> On 12/23/2015 05:08 AM, Ofer Hasson wrote:
>
>> By running "systemctl status systemd-sysctl" I also receive the same
>> output, but a simple "cat /proc/sys/vm/swappiness" returns the default
>> value, and not the one set by my conf file.
>>
>
> All of mine, as set by files in /etc/sysctl.d/, are correct after boot.
> Where is your conf file?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] systemd-sysctl not running on boot

2015-12-23 Thread Gordon Messmer

On 12/23/2015 05:08 AM, Ofer Hasson wrote:

By running "systemctl status systemd-sysctl" I also receive the same
output, but a simple "cat /proc/sys/vm/swappiness" returns the default
value, and not the one set by my conf file.


All of mine, as set by files in /etc/sysctl.d/, are correct after boot.  
Where is your conf file?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network configuration issue with second public ip on CentOS 6

2015-12-23 Thread Gordon Messmer

On 12/23/2015 06:06 AM, Meikel wrote:
I want to add a second public ip (failover ip) to the server and did 
follow the instructions in the CentOS-section of 
http://hilfe.ovh.de/AdministrationIpAliasHinzufuegen


What you're attempting to do is called "multi-homed routing" and isn't 
covered very well by that document.  Try this one, or use Google to find 
another guide:

https://blogs.oracle.com/networking/entry/advance_routing_for_multi_homed

After executing the required steps I'm not able to reach the host via 
the second ip from an external host. I tried it with ping and with ssh 
commands.


I expect that your host is receiving the ICMP request packets and 
responding.  The problem is the response.  The reply packet has the 
correct source and destination addresses, and the kernel must consult 
its routing table to determine how and where to send it. There is only 
one route back to the destination address (the address from which you 
pinged the system), and that is the default route. Your system sends the 
packet out that link, where it is probably dropped by an upstream router 
since it came from an address that they don't handle.


Your system needs both an additional default route, and rules to 
determine which route to use for which packets.  The above link will 
help you set up both.


Here the content of the config files (I anonymized the server ip with 
xx.xx.xx.xx and the failover ip with yy.yy.yy.yy):


$ cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=
NOZEROCONF=true
GATEWAY=xx.xx.xx.254


Don't set GATEWAY here.


$ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
IPADDR=yy.yy.yy.yy
NETMASK=255.255.255.255
ONBOOT=yes


As discussed, that's not a usable NETMASK.  You should ignore pretty 
much everything in the document you linked to.


When I restart the network I get a message (two times) saying 
"RTNETLINK answers: Operation not supported".


I'm pretty sure that those are the result of the bad NETMASK.


IPv6 is disabled by kernel parameter "ipv6.disable=1" in /etc/grub.conf


I would discourage everyone from doing that.

The two mac addresses I see for eth0 and eth0:0 with the "ifconfig" 
command are the same. In the OVH/Soyoustart.com GUI I created a 
virtual mac for the failover ip, I'm not sure if that virtual mac 
should come into play somewhere?


I don't think there's any reason to have a virtual MAC.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network services start before network is up since migrating to 7.2

2015-12-23 Thread Gordon Messmer

On 12/23/2015 08:38 AM, Sylvain CANOINE wrote:

Then I'm wondering :
2/ why "After=foo" does not imply "Requires=foo" for systemd 219, while it 
appeared to be in systemd 208. Either it's a regression, or the behaviour of 208, although logical, 
is buggy.


I'm not entirely certain, but "After=" is independent of "Requires=", as 
documented on an up-to-date install of CentOS 7.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] C7 apache file access

2015-12-23 Thread Robert Moskowitz



On 12/24/2015 01:08 AM, Gordon Messmer wrote:

On 12/23/2015 11:15 AM, Robert Moskowitz wrote:

Wiaht is this httpd_user_content_t?


That is an selinux context which httpd is allowed to access.  It is 
defined as the label for files matching the regex 
/home/[^/]*/((www)|(web)|(public_html))(/.+)? in 
/etc/selinux/targeted/contexts/files/


"restorecon" can be used to reset contexts to those defined in that 
directory.


Why on files I create on this system and not those I cp from a USB 
drive?


Because you used cp -a, which preserves permissions and labels, among 
other attributes.  Normally, files inherit a context from their parent 
directory.


Ah yes.  I was lazy, as 'all' I really wanted was to maintain timestamps 
on those files.  Serves me right...


thanks for the explaination.

New server is more solid than current, so I am going to launch it 
tomorrow.  Then on to BIND testing.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] C7 apache file access

2015-12-23 Thread Gordon Messmer

On 12/23/2015 11:15 AM, Robert Moskowitz wrote:

Wiaht is this httpd_user_content_t?


That is an selinux context which httpd is allowed to access.  It is 
defined as the label for files matching the regex 
/home/[^/]*/((www)|(web)|(public_html))(/.+)? in 
/etc/selinux/targeted/contexts/files/


"restorecon" can be used to reset contexts to those defined in that 
directory.



Why on files I create on this system and not those I cp from a USB drive?


Because you used cp -a, which preserves permissions and labels, among 
other attributes.  Normally, files inherit a context from their parent 
directory.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread Fred Smith
On Wed, Dec 23, 2015 at 03:34:56PM -0700, Wes James wrote:
> 
> > On Dec 22, 2015, at 9:13 PM, Fred Smith  
> > wrote:
> > 
> > On Tue, Dec 22, 2015 at 09:03:28PM -0700, Wes James wrote:
> >> 
> >>> On Dec 22, 2015, at 8:06 PM, Fred Smith  
> >>> wrote:
> >>> 
> >>> Attempting to install latest Calibre on Centos-7, getting:
> >>> 
> >> 
> >> typed in "calibre ssl install error” to google
> >> 
> >> first hit:
> >> 
> >> http://stackoverflow.com/questions/26615914/calibre-fails-to-install 
> >> 
> >> 
> >> not sure if it helps (the no check cert option??)
> > 
> > Nope. makes no difference.
> 
> 
> I just went through the build it yourself process.  Give this a try:

Wes, thanks for following up.

But I wonder if Calibre is worth that much work?

The specific problem I had can be worked around just by following the
instructions on the Calibre downloadpge for "manual install". I did
that and it appears to work properly.

> 
> open terminal
> 
> cd Downloads
> 
> download qt-unified-linux-x64-2.0.2-2-online.run from 
> http://www.qt.io/download-open-source/
> chmod +x qt-unified-linux-x64-2.0.2-2-online.run
> sudo ./qt-unified-linux-x64-2.0.2-2-online.run
> 
> after install qt above, edit your .bashrc file and add:
> 
> export PATH=/opt/Qt/5.5/gcc_64/bin:$PATH
> 
> then run
> 
> . ~/.bashrc
> 
> sudo yum install python-devel -y
> 
> wget http://sourceforge.net/projects/pyqt/files/sip/sip-4.17/sip-4.17.tar.gz
> tar -zxf sip-4.17.tar.gz
> cd sip-4.17
> python configure.py
> make
> sudo make install
> 
> cd ..
> 
> sudo yum install python-pip -y
> sudo pip install mechanize
> sudo yum install ImageMagick-devel -y
> sudo yum install libxslt-devel libxml2-devel -y
> 
> wget 
> http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
> sudo rpm -Uvh nux-dextop-release-0-5.el7.nux.noarch.rpm
> sudo yum install python-cssutils -y
> 
> sudo yum install podofo -y
> sudo yum install libwmf -y
> sudo yum install libmtp-devel -y
> sudo yum install python-netifaces -y
> sudo yum install python-psutil -y
> sudo yum install python-apsw -y
> sudo yum install python-dbus -y
> sudo yum install python-pygments -y
> sudo yum install optipng -y
> 
> 
> wget 
> http://sourceforge.net/projects/pyqt/files/PyQt5/PyQt-5.5.1/PyQt-gpl-5.5.1.tar.gz
> tar -zxf PyQt-gpl-5.5.1.tar.gz
> cd PyQt-gpl-5.5.1
> python configure.py --disable QtPositioning
> make
> sudo make install
> 
> cd ..
> 
> sudo yum install python-imaging -y
> sudo yum install sqlite-devel -y
> sudo yum install chmlib-devel -y
> sudo yum install podofo-devel -y
> sudo yum install libusbx-devel -y
> sudo yum install qt5-qtbase-static -y
> sudo yum install libudev-devel -y
> sudo yum install openssl-devel -y
> sudo yum install libicu-devel -y
> sudo yum install libXrender-devel -y
> 
> 
> curl -L http://code.calibre-ebook.com/dist/src | tar xvJ
> cd calibre-2.47.0
> 
> sudo python setup.py install
> 
> then type in the program name at the terminal prompt and press enter:
> 
> calibre

-- 
---
Under no circumstances will I ever purchase anything offered to me as
the result of an unsolicited e-mail message. Nor will I forward chain
letters, petitions, mass mailings, or virus warnings to large numbers
of others. This is my contribution to the survival of the online
community.
 --Roger Ebert, December, 1996
- The Boulder Pledge -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Starting stunnel on boot with CentOS7

2015-12-23 Thread Kahlil Hodgson
​Apologies. My bad. The service file was copied across from F22.

# Service file from Fedora 22

[Unit]
Description=SSL tunnel for network daemons
After=syslog.target network.target

[Service]
ExecStart=/usr/bin/stunnel
Type=forking
PrivateTmp=true

[Install]
WantedBy=multi-user.target
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network configuration issue with second public ip on CentOS 6

2015-12-23 Thread Valeri Galtsev

On Wed, December 23, 2015 5:00 pm, Louis Lagendijk wrote:
> On Wed, 2015-12-23 at 19:04 +0100, Patrick Bervoets wrote:
>>
>> > Op 23 dec. 2015 om 18:31 heeft Valeri Galtsev > > o.edu> het volgende geschreven:
>> >
>> >
>> > >
>> >
>> > If I understand IP networking correctly, you only can have
>> > "aliases" of
>> > the interface appear on the _same_ network segment (I'm tempted to
>> > say
>> > same class C network) as the main IP of interface, say you have:
>> >
>> > DEVICE=eth0
>> > IPADDR=x.y.z.w
>> > NETMASK=255.255.255.0
>> > GATEWAY=x.y.z.254
>> >
>> > Then with the restriction I mentioned you can have alias:
>> >
>> > DEVICE=eth0:0
>> > IPADDR=x.y.z.a
>> > NETMASK=255.255.255.255
>> >
>> > Note that "x.y.z." part is the same in both IPs.
>> >
>> > Somebody may correct me if I'm wrong.
>> >
>> > Valeri
>> >
>> > >
>> > >
>> I have used an 10. Alias on a 192. Interface so it is possible
>> Patrick
>
> I believe you are right. A netmask of 255.255.255.255 however seems
> wrong. With that netmask a broadcast for address resolution will not
> work... 

NETMASK=255.255.255.255 for alias interface serves very simple purpose. It
allows to avoid processing of all broadcasts on particular segment of the
network through alias interface as well. As main interface already does
it, you don't want duplication of the same through alias interface. In
general, if you make NETMASK=255.255.255.0 for alias, all should work (on
Linux I'm sure it will, on FreeBSD you will get an error), but with this
setting you do bizarre thing I described above. All these packets are sent
to kernel, and the difference is in kernel network stack of Linux and
FreeBSD, I figure.

Valeri

> Louis
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] CentOS 7.2 installer missing virt-what

2015-12-23 Thread Chris Adams
Once upon a time, Louis Lagendijk  said:
> On Wed, 2015-12-23 at 13:55 -0600, Chris Adams wrote:
> > In previous CentOS releases, virt-what was included in the install
> > image.  This made it easy for me to spin a custom ISO with my package
> > set and a kickstart that would add open-vm-tools or ovirt-guest-agent 
> > as
> > appropriate (when installing the respective guest environments).
> > 
> > I updated my ISO to 7.2, and virt-what is nowhere to be found.  I
> > assume
> > this is copied from RHEL; anybody know any explanation?
> > 
> > For now, I'm falling back to matching strings in
> > /sys/class/dmi/id/product_name.  Is there some better way to
> > determine
> > what (if any) virtual environment the installer is running under?
> > 
> Just install package virt-what?

This is in the installer itself, specifically in the %pre section of a
kickstart file (to determine which packages to install).  You can't just
"yum install virt-what" there.

-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network configuration issue with second public ip on CentOS 6

2015-12-23 Thread John R Pierce

On 12/23/2015 10:04 AM, Patrick Bervoets wrote:

Then with the restriction I mentioned you can have alias:
>
>DEVICE=eth0:0
>IPADDR=x.y.z.a
>NETMASK=255.255.255.255
>
>Note that "x.y.z." part is the same in both IPs.
>
>Somebody may correct me if I'm wrong.
>
>Valeri
>

>>
>>

I have used an 10. Alias on a 192. Interface so it is possible


well, whats the subnet mask the /rest/ of the 10.x hosts on that 
physical LAN segment are using ? the alias has to match the network.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network configuration issue with second public ip on CentOS 6

2015-12-23 Thread Louis Lagendijk
On Wed, 2015-12-23 at 19:04 +0100, Patrick Bervoets wrote:
> 
> > Op 23 dec. 2015 om 18:31 heeft Valeri Galtsev  > o.edu> het volgende geschreven:
> > 
> > 
> > > 
> > 
> > If I understand IP networking correctly, you only can have
> > "aliases" of
> > the interface appear on the _same_ network segment (I'm tempted to
> > say
> > same class C network) as the main IP of interface, say you have:
> > 
> > DEVICE=eth0
> > IPADDR=x.y.z.w
> > NETMASK=255.255.255.0
> > GATEWAY=x.y.z.254
> > 
> > Then with the restriction I mentioned you can have alias:
> > 
> > DEVICE=eth0:0
> > IPADDR=x.y.z.a
> > NETMASK=255.255.255.255
> > 
> > Note that "x.y.z." part is the same in both IPs.
> > 
> > Somebody may correct me if I'm wrong.
> > 
> > Valeri
> > 
> > > 
> > > 
> I have used an 10. Alias on a 192. Interface so it is possible
> Patrick

I believe you are right. A netmask of 255.255.255.255 however seems
wrong. With that netmask a broadcast for address resolution will not
work... 
Louis
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] CentOS 7.2 installer missing virt-what

2015-12-23 Thread Louis Lagendijk
On Wed, 2015-12-23 at 13:55 -0600, Chris Adams wrote:
> In previous CentOS releases, virt-what was included in the install
> image.  This made it easy for me to spin a custom ISO with my package
> set and a kickstart that would add open-vm-tools or ovirt-guest-agent 
> as
> appropriate (when installing the respective guest environments).
> 
> I updated my ISO to 7.2, and virt-what is nowhere to be found.  I
> assume
> this is copied from RHEL; anybody know any explanation?
> 
> For now, I'm falling back to matching strings in
> /sys/class/dmi/id/product_name.  Is there some better way to
> determine
> what (if any) virtual environment the installer is running under?
> 
Just install package virt-what?

# yum provides */virt-what
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * nux-dextop: li.nux.ro
virt-what-1.13-6.el7.x86_64 : Detect if we are running in a virtual
machine
Repo: base
Matched from:
Filename: /usr/sbin/virt-what



virt-what-1.13-6.el7.x86_64 : Detect if we are running in a virtual
machine
Repo: @cr
Matched from:
Filename: /usr/sbin/virt-what

BR, Louis

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread Wes James

> On Dec 22, 2015, at 9:13 PM, Fred Smith  wrote:
> 
> On Tue, Dec 22, 2015 at 09:03:28PM -0700, Wes James wrote:
>> 
>>> On Dec 22, 2015, at 8:06 PM, Fred Smith  
>>> wrote:
>>> 
>>> Attempting to install latest Calibre on Centos-7, getting:
>>> 
>> 
>> typed in "calibre ssl install error” to google
>> 
>> first hit:
>> 
>> http://stackoverflow.com/questions/26615914/calibre-fails-to-install 
>> 
>> 
>> not sure if it helps (the no check cert option??)
> 
> Nope. makes no difference.


I just went through the build it yourself process.  Give this a try:

open terminal

cd Downloads

download qt-unified-linux-x64-2.0.2-2-online.run from 
http://www.qt.io/download-open-source/
chmod +x qt-unified-linux-x64-2.0.2-2-online.run
sudo ./qt-unified-linux-x64-2.0.2-2-online.run

after install qt above, edit your .bashrc file and add:

export PATH=/opt/Qt/5.5/gcc_64/bin:$PATH

then run

. ~/.bashrc

sudo yum install python-devel -y

wget http://sourceforge.net/projects/pyqt/files/sip/sip-4.17/sip-4.17.tar.gz
tar -zxf sip-4.17.tar.gz
cd sip-4.17
python configure.py
make
sudo make install

cd ..

sudo yum install python-pip -y
sudo pip install mechanize
sudo yum install ImageMagick-devel -y
sudo yum install libxslt-devel libxml2-devel -y

wget 
http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
sudo rpm -Uvh nux-dextop-release-0-5.el7.nux.noarch.rpm
sudo yum install python-cssutils -y

sudo yum install podofo -y
sudo yum install libwmf -y
sudo yum install libmtp-devel -y
sudo yum install python-netifaces -y
sudo yum install python-psutil -y
sudo yum install python-apsw -y
sudo yum install python-dbus -y
sudo yum install python-pygments -y
sudo yum install optipng -y


wget 
http://sourceforge.net/projects/pyqt/files/PyQt5/PyQt-5.5.1/PyQt-gpl-5.5.1.tar.gz
tar -zxf PyQt-gpl-5.5.1.tar.gz
cd PyQt-gpl-5.5.1
python configure.py --disable QtPositioning
make
sudo make install

cd ..

sudo yum install python-imaging -y
sudo yum install sqlite-devel -y
sudo yum install chmlib-devel -y
sudo yum install podofo-devel -y
sudo yum install libusbx-devel -y
sudo yum install qt5-qtbase-static -y
sudo yum install libudev-devel -y
sudo yum install openssl-devel -y
sudo yum install libicu-devel -y
sudo yum install libXrender-devel -y


curl -L http://code.calibre-ebook.com/dist/src | tar xvJ
cd calibre-2.47.0

sudo python setup.py install

then type in the program name at the terminal prompt and press enter:

calibre

——

-wes
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


[CentOS] Solved - Re: C7 apache file access

2015-12-23 Thread Robert Moskowitz



On 12/23/2015 04:36 PM, Александр Кириллов wrote:

Robert Moskowitz писал 2015-12-23 23:56:

On 12/23/2015 03:26 PM, John R Pierce wrote:

On 12/23/2015 12:05 PM, Robert Moskowitz wrote:

If SELinux is working, then do

  setsebool -P httpd_enable_homedirs on


Did not help.

in messages I see:

Dec 23 14:54:04 medon dbus-daemon: dbus[444]: avc:  received 
policyload notice (seqno=3)
Dec 23 14:54:04 medon dbus[444]: avc:  received policyload notice 
(seqno=3)
Dec 23 14:54:04 medon dbus-daemon: dbus[444]: [system] Reloaded 
configuration

Dec 23 14:54:04 medon dbus[444]: [system] Reloaded configuration
Dec 23 14:54:11 medon setsebool: The httpd_enable_homedirs policy 
boolean was changed to on by root


BUt still get the access error:

[Wed Dec 23 14:55:26.579402 2015] [negotiation:error] [pid 3212] 
(13)Permission denied: [client 192.168.160.20:38836] AH00686: 
cannot read directory for multi: /home/rgm/public_html/biby/


i should say that this system is build with the Centos7-arm build 
that we are testing out.  So this could be a problem with the 
selinux build for armv7.  But I thought this was a general 
C7/apache issue...


did you verify it /is/ selinux by running with `setenforce 
permissive` ?


Thank you for that reminder.  I did that and the directory was 
displayed.


switch back to enforcing and get the permissions error.

So what do I try next.  My current server is also an ARMv7 that is
running the Centos6 port of Redsleeve6.  This port does not support
selinux which is one of the many reasons I want to move all my ARMv7
servers over to C7-arm as soon as I can.  Thus I suspect I am going to
be learning (relearning in some cases) a lot about selinux...


Have you tried restorecon -Rv /home ?



No, as I did not know this command existed and what it might be used for.

I can now access the files.  Thanks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


[CentOS] Recovering LVM after crash

2015-12-23 Thread Emmanuel Noobadmin
I've been trying to cover data from a disk that appeared to had been
corrupted after a power outage. The original setup was lvm on md raid
1 which appears to be what is complicating the issue. Apart from
/boot, everything was on LVM partitions so I don't have any backup lvm
information.

Following various guides online, I've recreated duplicated the raid
partition with dd onto a new disk, recreated the raid 1 array with
missing device, but the pv cannot be found.

I've tried to find the lvm uuid using this guide
https://www.howtoforge.com/recover_data_from_raid_lvm_partitions but
despite dumping twice the data to file, there are no plain text
configuration information. The drives are not encrypted so that isn't
likely to be the problem.

I also used testdisk to try to recover the partitions but it says they
cannot be recovered. During analysis, it was able to detect the lvm
partitions, extracted output:
Linux LVM  1069 146 38 60799 228 29 959567608
Linux  1069 179  7 57740  22 10  910409728
Linux  790  66 45 59780 237 33  947685112
Linux  1069 179  7 57740  22 10  910409728
Linux  29283 103  5 85953 201  8  910409728
Linux  29292 181 10 85963  24 13  910409728

The numbers are start CHS, end CHS and size in sectors. There seems to
be way more possible partitions than there should be, possibly results
of previous LV resizing.

With only such data left, is there any possible way to reconstruct the
PV/VG/LV without the uuid and recover data?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] C7 apache file access

2015-12-23 Thread Robert Moskowitz



On 12/23/2015 03:26 PM, John R Pierce wrote:

On 12/23/2015 12:05 PM, Robert Moskowitz wrote:

If SELinux is working, then do

  setsebool -P httpd_enable_homedirs on


Did not help.

in messages I see:

Dec 23 14:54:04 medon dbus-daemon: dbus[444]: avc:  received 
policyload notice (seqno=3)
Dec 23 14:54:04 medon dbus[444]: avc:  received policyload notice 
(seqno=3)
Dec 23 14:54:04 medon dbus-daemon: dbus[444]: [system] Reloaded 
configuration

Dec 23 14:54:04 medon dbus[444]: [system] Reloaded configuration
Dec 23 14:54:11 medon setsebool: The httpd_enable_homedirs policy 
boolean was changed to on by root


BUt still get the access error:

[Wed Dec 23 14:55:26.579402 2015] [negotiation:error] [pid 3212] 
(13)Permission denied: [client 192.168.160.20:38836] AH00686: cannot 
read directory for multi: /home/rgm/public_html/biby/


i should say that this system is build with the Centos7-arm build 
that we are testing out.  So this could be a problem with the selinux 
build for armv7.  But I thought this was a general C7/apache issue... 


did you verify it /is/ selinux by running with `setenforce permissive` ?


Thank you for that reminder.  I did that and the directory was displayed.

switch back to enforcing and get the permissions error.

So what do I try next.  My current server is also an ARMv7 that is 
running the Centos6 port of Redsleeve6.  This port does not support 
selinux which is one of the many reasons I want to move all my ARMv7 
servers over to C7-arm as soon as I can.  Thus I suspect I am going to 
be learning (relearning in some cases) a lot about selinux...


thanks


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] C7 apache file access

2015-12-23 Thread John R Pierce

On 12/23/2015 12:05 PM, Robert Moskowitz wrote:

If SELinux is working, then do

  setsebool -P httpd_enable_homedirs on


Did not help.

in messages I see:

Dec 23 14:54:04 medon dbus-daemon: dbus[444]: avc:  received 
policyload notice (seqno=3)
Dec 23 14:54:04 medon dbus[444]: avc:  received policyload notice 
(seqno=3)
Dec 23 14:54:04 medon dbus-daemon: dbus[444]: [system] Reloaded 
configuration

Dec 23 14:54:04 medon dbus[444]: [system] Reloaded configuration
Dec 23 14:54:11 medon setsebool: The httpd_enable_homedirs policy 
boolean was changed to on by root


BUt still get the access error:

[Wed Dec 23 14:55:26.579402 2015] [negotiation:error] [pid 3212] 
(13)Permission denied: [client 192.168.160.20:38836] AH00686: cannot 
read directory for multi: /home/rgm/public_html/biby/


i should say that this system is build with the Centos7-arm build that 
we are testing out.  So this could be a problem with the selinux build 
for armv7.  But I thought this was a general C7/apache issue... 


did you verify it /is/ selinux by running with `setenforce permissive` ?




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] C7 apache file access

2015-12-23 Thread Robert Moskowitz



On 12/23/2015 02:36 PM, Paul Heinlein wrote:

On Wed, 23 Dec 2015, Robert Moskowitz wrote:

Pulling out what little hair I have here, but stumbled onto a 
possible problem.


I have a server running C6 apache that is set up with personal 
directories and no problem showing the files.


You can see it at: medon.htt-consult.com/~rgm/pogo

So I have a C7 apache server I am building.  Files I create on the 
new server are listing fine.  Files I have copied (with cp -avr ...) 
get permission error e.g.:


[Wed Dec 23 12:32:49.359323 2015] [negotiation:error] [pid 3208] 
(13)Permission denied: [client 192.168.160.20:38708] AH00686: cannot 
read directory for multi: /home/rgm/public_html/biby/


If SELinux is working, then do

  setsebool -P httpd_enable_homedirs on


Did not help.

in messages I see:

Dec 23 14:54:04 medon dbus-daemon: dbus[444]: avc:  received policyload 
notice (seqno=3)

Dec 23 14:54:04 medon dbus[444]: avc:  received policyload notice (seqno=3)
Dec 23 14:54:04 medon dbus-daemon: dbus[444]: [system] Reloaded 
configuration

Dec 23 14:54:04 medon dbus[444]: [system] Reloaded configuration
Dec 23 14:54:11 medon setsebool: The httpd_enable_homedirs policy 
boolean was changed to on by root


BUt still get the access error:

[Wed Dec 23 14:55:26.579402 2015] [negotiation:error] [pid 3212] 
(13)Permission denied: [client 192.168.160.20:38836] AH00686: cannot 
read directory for multi: /home/rgm/public_html/biby/


i should say that this system is build with the Centos7-arm build that 
we are testing out.  So this could be a problem with the selinux build 
for armv7.  But I thought this was a general C7/apache issue...



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


[CentOS] CentOS 7.2 installer missing virt-what

2015-12-23 Thread Chris Adams
In previous CentOS releases, virt-what was included in the install
image.  This made it easy for me to spin a custom ISO with my package
set and a kickstart that would add open-vm-tools or ovirt-guest-agent as
appropriate (when installing the respective guest environments).

I updated my ISO to 7.2, and virt-what is nowhere to be found.  I assume
this is copied from RHEL; anybody know any explanation?

For now, I'm falling back to matching strings in
/sys/class/dmi/id/product_name.  Is there some better way to determine
what (if any) virtual environment the installer is running under?

-- 
Chris Adams 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread John R Pierce

On 12/23/2015 11:10 AM, Wes James wrote:

I finally got it compiled and when I run it in virtualbox 5.0.12, I get this:

Could not initialize GLX

Maybe it would work on a real box??



VBox has virtual GLX  support, it has to be enabled and configured, and 
of course, the guest would need GL installed, etc.


--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] C7 apache file access

2015-12-23 Thread Paul Heinlein

On Wed, 23 Dec 2015, Robert Moskowitz wrote:

Pulling out what little hair I have here, but stumbled onto a possible 
problem.


I have a server running C6 apache that is set up with personal directories 
and no problem showing the files.


You can see it at: medon.htt-consult.com/~rgm/pogo

So I have a C7 apache server I am building.  Files I create on the new server 
are listing fine.  Files I have copied (with cp -avr ...) get permission 
error e.g.:


[Wed Dec 23 12:32:49.359323 2015] [negotiation:error] [pid 3208] 
(13)Permission denied: [client 192.168.160.20:38708] AH00686: cannot read 
directory for multi: /home/rgm/public_html/biby/


If SELinux is working, then do

  setsebool -P httpd_enable_homedirs on

--
Paul Heinlein
heinl...@madboa.com
45°38' N, 122°6' W___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


[CentOS] C7 apache file access

2015-12-23 Thread Robert Moskowitz
Pulling out what little hair I have here, but stumbled onto a possible 
problem.


I have a server running C6 apache that is set up with personal 
directories and no problem showing the files.


You can see it at: medon.htt-consult.com/~rgm/pogo

So I have a C7 apache server I am building.  Files I create on the new 
server are listing fine.  Files I have copied (with cp -avr ...) get 
permission error e.g.:


[Wed Dec 23 12:32:49.359323 2015] [negotiation:error] [pid 3208] 
(13)Permission denied: [client 192.168.160.20:38708] AH00686: cannot 
read directory for multi: /home/rgm/public_html/biby/


File permissions are the same.  So in frustation I try using stat and it 
shows a different picture:


$ stat test/testit
  File: ‘test/testit’
  Size: 6 Blocks: 8  IO Block: 4096 regular file
Device: 803h/2051dInode: 524296  Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/ rgm)   Gid: ( 1000/ rgm)
Context: unconfined_u:object_r:httpd_user_content_t:s0
Access: 2015-12-23 13:53:04.212993088 -0500
Modify: 2015-12-23 13:53:06.313000584 -0500
Change: 2015-12-23 13:53:06.313000584 -0500
 Birth: -


$ stat biby/MishnahBerurah-2015-12-18.amr
  File: ‘biby/MishnahBerurah-2015-12-18.amr’
  Size: 2290374   Blocks: 4480   IO Block: 4096 regular file
Device: 803h/2051dInode: 136295  Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/ rgm)   Gid: ( 1000/ rgm)
Context: system_u:object_r:unlabeled_t:s0
Access: 2015-12-18 06:54:01.0 -0500
Modify: 2015-12-18 06:54:01.0 -0500
Change: 2015-12-23 13:56:57.273824913 -0500
 Birth: -


Notice the difference with Context.  Wiaht is this 
httpd_user_content_t?  Why on files I create on this system and not 
those I cp from a USB drive?  And is this the problem or something else?



thanks


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread Wes James

> On Dec 22, 2015, at 9:13 PM, Fred Smith  wrote:
> 
> On Tue, Dec 22, 2015 at 09:03:28PM -0700, Wes James wrote:
>> 
>>> On Dec 22, 2015, at 8:06 PM, Fred Smith  
>>> wrote:
>>> 
>>> Attempting to install latest Calibre on Centos-7, getting:
>>> 
>> 
>> typed in "calibre ssl install error” to google
>> 
>> first hit:
>> 
>> http://stackoverflow.com/questions/26615914/calibre-fails-to-install 
>> 
>> 
>> not sure if it helps (the no check cert option??)
> 
> Nope. makes no difference.


I finally got it compiled and when I run it in virtualbox 5.0.12, I get this:

Could not initialize GLX

Maybe it would work on a real box??

-wes

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network configuration issue with second public ip on CentOS 6

2015-12-23 Thread Patrick Bervoets


> Op 23 dec. 2015 om 18:31 heeft Valeri Galtsev  het 
> volgende geschreven:
> 
> 
>> 
> 
> If I understand IP networking correctly, you only can have "aliases" of
> the interface appear on the _same_ network segment (I'm tempted to say
> same class C network) as the main IP of interface, say you have:
> 
> DEVICE=eth0
> IPADDR=x.y.z.w
> NETMASK=255.255.255.0
> GATEWAY=x.y.z.254
> 
> Then with the restriction I mentioned you can have alias:
> 
> DEVICE=eth0:0
> IPADDR=x.y.z.a
> NETMASK=255.255.255.255
> 
> Note that "x.y.z." part is the same in both IPs.
> 
> Somebody may correct me if I'm wrong.
> 
> Valeri
> 
>> 
>> 
I have used an 10. Alias on a 192. Interface so it is possible
Patrick
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network configuration issue with second public ip on CentOS 6

2015-12-23 Thread Valeri Galtsev

On Wed, December 23, 2015 8:06 am, Meikel wrote:
> Hi folks,
>
> I have a server at Soyoustart.com (which is a brand of OVH). I run
> CentOS 6.7 and have problems with network configuration.
>
> I want to add a second public ip (failover ip) to the server and did
> follow the instructions in the CentOS-section of
> http://hilfe.ovh.de/AdministrationIpAliasHinzufuegen
>
> After executing the required steps I'm not able to reach the host via
> the second ip from an external host. I tried it with ping and with ssh
> commands.
>
> Here the content of the config files (I anonymized the server ip with
> xx.xx.xx.xx and the failover ip with yy.yy.yy.yy):
>
> $ cat /etc/sysconfig/network
> NETWORKING=yes
> HOSTNAME=
> NOZEROCONF=true
> GATEWAY=xx.xx.xx.254
>
> $ cat /etc/sysconfig/network-scripts/ifcfg-eth0
> DEVICE=eth0
> BOOTPROTO=static
> IPADDR=xx.xx.xx.xx
> NETMASK=255.255.255.0
> ONBOOT=yes
> GATEWAY=xx.xx.xx.254
>
> $ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
> DEVICE=eth0:0
> BOOTPROTO=static
> IPADDR=yy.yy.yy.yy
> NETMASK=255.255.255.255
> ONBOOT=yes

If I understand IP networking correctly, you only can have "aliases" of
the interface appear on the _same_ network segment (I'm tempted to say
same class C network) as the main IP of interface, say you have:

DEVICE=eth0
IPADDR=x.y.z.w
NETMASK=255.255.255.0
GATEWAY=x.y.z.254

Then with the restriction I mentioned you can have alias:

DEVICE=eth0:0
IPADDR=x.y.z.a
NETMASK=255.255.255.255

Note that "x.y.z." part is the same in both IPs.

Somebody may correct me if I'm wrong.

Valeri

>
> When I restart the network I get a message (two times) saying "RTNETLINK
> answers: Operation not supported".
>
> $ service network restart
> Schnittstelle eth0 beenden:[  OK  ]
> Loopback-Schnittstelle beenden:[  OK  ]
> Loopback-Schnittstelle hochfahren: [  OK  ]
> Schnittstelle eth0 hochfahren:  Determining if ip address xx.xx.xx.xx is
> already in use for device eth0...
> RTNETLINK answers: Operation not supported
> RTNETLINK answers: Operation not supported
> [  OK  ]
>
> I can see two interfaces eth0 and eth0:0
>
> $ LANG="" ifconfig
> eth0  Link encap:Ethernet  HWaddr ..:..:..:..:..:..
>inet addr:xx.xx.xx.xx  Bcast:xx.xx.xx.255 Mask:255.255.255.0
>UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>RX packets:11122 errors:0 dropped:0 overruns:0 frame:0
>TX packets:14371 errors:0 dropped:0 overruns:0 carrier:0
>collisions:0 txqueuelen:1000
>RX bytes:1362900 (1.2 MiB)  TX bytes:3462327 (3.3 MiB)
>Interrupt:20 Memory:fe50-fe52
>
> eth0:0Link encap:Ethernet  HWaddr ..:..:..:..:..:..
>inet addr:yy.yy.yy.yy  Bcast:yy.yy.yy.yy Mask:255.255.255.255
>UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>Interrupt:20 Memory:fe50-fe52
>
> loLink encap:Local Loopback
>inet addr:127.0.0.1  Mask:255.0.0.0
>UP LOOPBACK RUNNING  MTU:65536  Metric:1
>RX packets:3096 errors:0 dropped:0 overruns:0 frame:0
>TX packets:3096 errors:0 dropped:0 overruns:0 carrier:0
>collisions:0 txqueuelen:0
>RX bytes:274948 (268.5 KiB)  TX bytes:274948 (268.5 KiB)
>
>
> I'm able to reach the host from another host (outside OVH network) via
> xx.xx.xx.xx (I use ping and ssh), but not via yy.yy.yy.yy.
>
> Just to be sure that there isn't an issue with the firewall I did
> "service iptables stop" and ran the "ping" and "ssh" commands again with
> the same result. For ip xx.xx.xx.xx it works, but not for yy.yy.yy.yy.
>
> Not sure if this is important, just in case it matters, some additional
> information:
>
> IPv6 is disabled by kernel parameter "ipv6.disable=1" in /etc/grub.conf
>
> The two mac addresses I see for eth0 and eth0:0 with the "ifconfig"
> command are the same. In the OVH/Soyoustart.com GUI I created a virtual
> mac for the failover ip, I'm not sure if that virtual mac should come
> into play somewhere?
>
> $ uname -a
> Linux  2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15
> 21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>
> $ LANG="" route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> xx.xx.xx.0  *   255.255.255.0   U 0 00 eth0
> default vss-gw-6k.fr.eu 0.0.0.0 UG0 00 eth0
>
> Why is yy.yy.yy.yy not reachable from outside? What am I doing wrong or
> what can I do to narrow down the problem?
>
> Regards,
>
> Meikel
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics

Re: [CentOS] Network services start before network is up since migrating to 7.2

2015-12-23 Thread Sylvain CANOINE

- Mail original -
> De: "Sylvain CANOINE" 
> À: "centos" 
> Envoyé: Mercredi 23 Décembre 2015 12:26:39
> Objet: Re: [CentOS] Network services start before network is up since 
> migrating to 7.2

> > # systemctl status network.target
> ● network.target - Network
>   Loaded: loaded (/usr/lib/systemd/system/network.target; static; vendor 
> preset:
>   disabled)
>   Active: inactive (dead)
> Docs: man:systemd.special(7)
>   http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
> 
> Dead ? Hmmm...
Ok, I found the difference between the failing servers (I updated one more this 
morning, and the same symptom came) : the failing ones don't need to mount NFS 
shares.
So I didn't install nfs-utils, so there's not a rpc-statd-notify.service, which 
unit file contain "Requires=network.target"... And so there's no service 
"requiring" network.target at all !

Then I'm wondering :
1/ why "After=foo" does not imply "Requires=foo" for systemd. That's obvious, 
yet,
2/ why "After=foo" does not imply "Requires=foo" for systemd 219, while it 
appeared to be in systemd 208. Either it's a regression, or the behaviour of 
208, although logical, is buggy.

Anyway, for the NetworkManager-opponents, it may be opportune to add a 
"Requires=network.target" on an usual network service's unit, such as sshd ou 
ntpd... Or, better, on network-online.target's unit.

I chose another solution : I made a symlink to 
/usr/lib/systemd/system/network/target in 
/etc/systemd/system/multi-user.target.wants/ directory ("systemctl enable 
network.target" sent me to hell). And voilà.

Sylvain.

Pensez ENVIRONNEMENT : n'imprimer que si ncessaire

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread Wes James

> On Dec 22, 2015, at 9:13 PM, Fred Smith  wrote:
> 
> On Tue, Dec 22, 2015 at 09:03:28PM -0700, Wes James wrote:
>> 
>>> On Dec 22, 2015, at 8:06 PM, Fred Smith  
>>> wrote:
>>> 
>>> Attempting to install latest Calibre on Centos-7, getting:
>>> 
>> 
>> typed in "calibre ssl install error” to google
>> 
>> first hit:
>> 
>> http://stackoverflow.com/questions/26615914/calibre-fails-to-install 
>> 
>> 
>> not sure if it helps (the no check cert option??)
> 
> Nope. makes no difference.


I tried making sure all the packages were installed on the bottom of the page:

http://calibre-ebook.com/download_linux 


but then qmake wasn’t available, so I found I needed qt3 installed.  Installed 
that and tried installing again:

python setup.py install
Traceback (most recent call last):
  File "setup.py", line 13, in 
import setup.commands as commands
  File "/home/xulu/Downloads/calibre/calibre-2.47.0/setup/commands.py", line 
28, in 
from setup.translations import POT, GetTranslations, Translations, ISO639, 
ISO3166
  File "/home/xulu/Downloads/calibre/calibre-2.47.0/setup/translations.py", 
line 14, in 
from setup.parallel_build import parallel_check_output
  File "/home/xulu/Downloads/calibre/calibre-2.47.0/setup/parallel_build.py", 
line 14, in 
from setup.build_environment import cpu_count
  File 
"/home/xulu/Downloads/calibre/calibre-2.47.0/setup/build_environment.py", line 
98, in 
from PyQt5.QtCore import PYQT_CONFIGURATION
ImportError: No module named PyQt5.QtCore

Hmm.  So I tried:

sudo pip install python-qt5
Collecting python-qt5
  Using cached python-qt5-0.1.10.zip
No files/directories in /tmp/pip-build-5OToGt/python-qt5/pip-egg-info (from 
PKG-INFO)

and get the error above.  So I’m stuck there.  But I don’t see a 
/tmp/pip-build…. either??

-wes
 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Starting stunnel on boot with CentOS7

2015-12-23 Thread Leroy Tennison
Hmmm, you obviously know a lot more about systemd than I do, I'm going to have 
to look at what you posted more carefully.  Thanks.

- Original Message -
From: "James Hogarth" 
To: "CentOS mailing list" 
Sent: Wednesday, December 23, 2015 4:08:31 AM
Subject: Re: [CentOS] Starting stunnel on boot with CentOS7

On 23 December 2015 at 05:38, Kahlil Hodgson 
wrote:

> On my CenOS7 system with stunnel from base
>
> stunnel-4.56-4.el7.x86_64
>
> there's a systemd service file
>
> /etc/systemd/system/stunnel.service
>
> try
>
> sudo systemctl enable stunnel.service
>
>
>
Packaged unit files are in /usr/lib/systemd/system ... someone put that
there as a local configuration (rpm -qf /path/to/file to it to verify)

Of course this is what the OP should do too ...  a very simple unit file
that matches his needs...

cat > /etc/systemd/system/stunnel.service < /etc/systemd/stunnel@.service <

Re: [CentOS] Starting stunnel on boot with CentOS7

2015-12-23 Thread Leroy Tennison
Thank you for your reply.  I must be "the king of weird":

rpm -qa | grep stunnel returns stunnel-4.56-4.el7.x86_64

rpm -ql stunnel returns (nothing in /etc/ststemd, of course, it could be a 
script)

/etc/stunnel
/usr/bin/stunnel
/usr/lib64/stunnel
/usr/lib64/stunnel/libstunnel.so
/usr/share/doc/stunnel-4.56
/usr/share/doc/stunnel-4.56/AUTHORS
/usr/share/doc/stunnel-4.56/BUGS
/usr/share/doc/stunnel-4.56/COPYING
/usr/share/doc/stunnel-4.56/COPYRIGHT.GPL
/usr/share/doc/stunnel-4.56/CREDITS
/usr/share/doc/stunnel-4.56/Certificate-Creation
/usr/share/doc/stunnel-4.56/ChangeLog
/usr/share/doc/stunnel-4.56/PORTS
/usr/share/doc/stunnel-4.56/README
/usr/share/doc/stunnel-4.56/TODO
/usr/share/doc/stunnel-4.56/VNC_StunnelHOWTO.html
/usr/share/doc/stunnel-4.56/faq.stunnel-2.html
/usr/share/doc/stunnel-4.56/pop3-redirect.xinetd
/usr/share/doc/stunnel-4.56/sfinger.xinetd
/usr/share/doc/stunnel-4.56/stunnel-pop3s-client.conf
/usr/share/doc/stunnel-4.56/stunnel-sfinger.conf
/usr/share/doc/stunnel-4.56/stunnel.conf-sample
/usr/share/doc/stunnel-4.56/tworzenie_certyfikatow.html
/usr/share/man/fr/man8/stunnel.8.gz
/usr/share/man/man8/stunnel.8.gz
/usr/share/man/pl/man8/stunnel.8.gz

rpm -q --scripts stunnel returns nothing, I haven't ever used this before so I 
may have done it wrong.

Anyway, there is no /etc/systemd/system/stunnel.service on the system.

This isn't the first time I've encountered anomalous behavior so I guess I'm 
just "lucky".  I have no idea which repo I pulled it from but I'm not using 
exotic ones.

- Original Message -
From: "Kahlil Hodgson" 
To: "CentOS mailing list" 
Sent: Tuesday, December 22, 2015 11:38:46 PM
Subject: Re: [CentOS] Starting stunnel on boot with CentOS7

On my CenOS7 system with stunnel from base

stunnel-4.56-4.el7.x86_64

there's a systemd service file

/etc/systemd/system/stunnel.service

try

sudo systemctl enable stunnel.service

Hope this helps,

K
​al​
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Confidentiality Notice | This email and any included attachments may be 
privileged, confidential and/or otherwise protected from disclosure.  Access to 
this email by anyone other than the intended recipient is unauthorized.  If you 
believe you have received this email in error, please contact the sender 
immediately and delete all copies.  If you are not the intended recipient, you 
are notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread Jonathan Billings
On Wed, Dec 23, 2015 at 10:15:51AM -0500, Fred Smith wrote:
> I'm wondering, is this a Python (packaging??) bug that needs to be put
> in Centos and/or RH bug databases?

It's an API change in Python 2.7, if I understand the documentation. 

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread Fred Smith
On Wed, Dec 23, 2015 at 09:53:38AM -0500, James B. Byrne wrote:
> 
> On Wed, December 23, 2015 00:33, John R Pierce wrote:
> 
> >
> > prefixing this with, I have no idea what Calibre is...
> >
> 
> Calibre is an open source e-reader that handles mobi files along with
> many other e-reader formats.  See: http://calibre-ebook.com/
> 
> The last version supported on CentOS6 is v1.48. The latest version is
> v2.47.0.
> 
> 
> On Tue, December 22, 2015 22:06, Fred Smith wrote:
> > Attempting to install latest Calibre on Centos-7, getting:
> . . .
> >   File "/usr/lib64/python2.7/httplib.py", line 1182, in __init__
> > context.load_cert_chain(cert_file, key_file)
> > ssl.SSLError: [SSL] PEM lib (_ssl.c:2757)
> >
> >
> > Can anybody advise me what this tells me? (other than SOMETHING wrong
> > with some certificate...)
> 
> 
> The error you are reporting may be due to some misconfiguration of the
> certificate chain in the Python libraries.  Likely the case if you
> recently updated to 7.2 as others have reported the same thing.  You
> can try to perform a manual download and install, thus bypassing the
> whole SSL mess, and see if that works. Quoting from the Calibre
> website:
> 
> http://calibre-ebook.com/download_linux
> 
> Manual binary install or reverting to a previous version
> 
> If you wish to revert to an earlier calibre release or download a
> calibre upgrade manually, download the tarball of that release from
> here (choose the 32-bit or 64-bit version, as appropriate). Assuming
> you want calibre in /opt/calibre, run the following command, changing
> the path to calibre-tarball.txz below as appropriate:
> 
> sudo mkdir -p /opt/calibre && sudo rm -rf /opt/calibre/* && sudo
> tar xvf /path/to/downloaded/calibre-tarball.txz -C /opt/calibre &&
> sudo /opt/calibre/calibre_postinstall
> 
> HTH.

James:

Thanks for the detailed post.

On the Calibre forum, Kovid Goyal (Calibre maintainer) said basically
the same thing, so I did the manual install. 

I'm wondering, is this a Python (packaging??) bug that needs to be put
in Centos and/or RH bug databases?

thanks again!

Fred

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
The Lord is like a strong tower. 
 Those who do what is right can run to him for safety.
--- Proverbs 18:10 (niv) -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread Jonathan Billings
On Wed, Dec 23, 2015 at 09:37:37AM -0500, Fred Smith wrote:
> wget -nv -O- 
> https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py
>  | python -c "import sys; main=lambda x,y:sys.stderr.write('Download 
> failed\n'); exec(sys.stdin.read()); main('~/calibre-bin', True)"
> 2015-12-22 07:44:40 
> URL:https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py
>  [25887/25887] -> "-" [1]
> Installing to /home/fredex/calibre-bin/calibre
> Downloading tarball signature securely...
> Traceback (most recent call last):
>   File "", line 1, in 
>   File "", line 670, in main
>   File "", line 655, in run_installer
>   File "", line 627, in download_and_extract
>   File "", line 619, in get_tarball_info
>   File "", line 578, in get_https_resource_securely
>   File "", line 487, in __init__
>   File "/usr/lib64/python2.7/httplib.py", line 1182, in __init__
> context.load_cert_chain(cert_file, key_file)
> ssl.SSLError: [SSL] PEM lib (_ssl.c:2757)
> 

I skimmed that python script, and it seems to be making an SSL
connection to https://code.calibre-ebook.com/ which appears to have a
self-signed certificate.  It looks like it includes the cert file, but
python 2.7 doesn't appear to like you just using
httplib.HTTPSConnection without a key file too, which isn't included.
(see
https://docs.python.org/2/library/httplib.html#httplib.HTTPSConnection
)

I suspect this must be a bug in the upstream code.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread James B. Byrne

On Wed, December 23, 2015 00:33, John R Pierce wrote:

>
> prefixing this with, I have no idea what Calibre is...
>

Calibre is an open source e-reader that handles mobi files along with
many other e-reader formats.  See: http://calibre-ebook.com/

The last version supported on CentOS6 is v1.48. The latest version is
v2.47.0.


On Tue, December 22, 2015 22:06, Fred Smith wrote:
> Attempting to install latest Calibre on Centos-7, getting:
. . .
>   File "/usr/lib64/python2.7/httplib.py", line 1182, in __init__
> context.load_cert_chain(cert_file, key_file)
> ssl.SSLError: [SSL] PEM lib (_ssl.c:2757)
>
>
> Can anybody advise me what this tells me? (other than SOMETHING wrong
> with some certificate...)


The error you are reporting may be due to some misconfiguration of the
certificate chain in the Python libraries.  Likely the case if you
recently updated to 7.2 as others have reported the same thing.  You
can try to perform a manual download and install, thus bypassing the
whole SSL mess, and see if that works. Quoting from the Calibre
website:

http://calibre-ebook.com/download_linux

Manual binary install or reverting to a previous version

If you wish to revert to an earlier calibre release or download a
calibre upgrade manually, download the tarball of that release from
here (choose the 32-bit or 64-bit version, as appropriate). Assuming
you want calibre in /opt/calibre, run the following command, changing
the path to calibre-tarball.txz below as appropriate:

sudo mkdir -p /opt/calibre && sudo rm -rf /opt/calibre/* && sudo
tar xvf /path/to/downloaded/calibre-tarball.txz -C /opt/calibre &&
sudo /opt/calibre/calibre_postinstall

HTH.

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network configuration issue with second public ip on CentOS 6

2015-12-23 Thread Ulf Volmer

On 12/23/2015 03:06 PM, Meikel wrote:


$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=xx.xx.xx.254

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
IPADDR=yy.yy.yy.yy
NETMASK=255.255.255.255


this looks weak. Try to use the same netmask as you use for eth0.

best regards
Ulf

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Centos-7.2 LiveKDE does not work properly

2015-12-23 Thread Johnny Hughes
On 12/22/2015 08:28 AM, Timothy Murphy wrote:
> CentOS-7-x86_64-LiveKDE-1511.iso installed on a USB stick
> does not work properly - it takes over 6 minutes to boot.
> Who can I report this to?
> 

We will have another available as a rolling build, likely around January
7th (to 10th).  It is possible that the issue is specific to your hardware.

I verified all the Live ISOs actually work and boot .. I did not
specifically look at time, but I'll try to verify this specific ISO
again.  I am not near my testing network until after the new year
though, so I might not be able to download the ISO and test from where I
am now.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Calibre installation fails on C7

2015-12-23 Thread Fred Smith
On Tue, Dec 22, 2015 at 09:33:17PM -0800, John R Pierce wrote:
> On 12/22/2015 7:06 PM, Fred Smith wrote:
> >Attempting to install latest Calibre on Centos-7, getting:
> >
> >2015-12-22 21:32:38 
> >URL:https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py
> >  [25887/25887] -> "-" [1]
> >Installing to /home/fredex/calibre-bin/calibre
> 
> prefixing this with, I have no idea what Calibre is...

Calibre is a powerful e-book management program (take a look at
calibre-ebook.com), written in Python. 

> 
> 
> What commands did you run to trigger this error?

the recommended way to install it on Linux systems is:

sudo -v && wget -nv -O- 
https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py
 | sudo python -c "import sys; main=lambda:sys.stderr.write('Download 
failed\n'); exec(sys.stdin.read()); main()"

there are a couple of alternatives but they're all very much like that.

here's what I actually ran the last time I attempted this:

wget -nv -O- 
https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py
 | python -c "import sys; main=lambda x,y:sys.stderr.write('Download 
failed\n'); exec(sys.stdin.read()); main('~/calibre-bin', True)"
2015-12-22 07:44:40 
URL:https://raw.githubusercontent.com/kovidgoyal/calibre/master/setup/linux-installer.py
 [25887/25887] -> "-" [1]
Installing to /home/fredex/calibre-bin/calibre
Downloading tarball signature securely...
Traceback (most recent call last):
  File "", line 1, in 
  File "", line 670, in main
  File "", line 655, in run_installer
  File "", line 627, in download_and_extract
  File "", line 619, in get_tarball_info
  File "", line 578, in get_https_resource_securely
  File "", line 487, in __init__
  File "/usr/lib64/python2.7/httplib.py", line 1182, in __init__
context.load_cert_chain(cert_file, key_file)
ssl.SSLError: [SSL] PEM lib (_ssl.c:2757)

googling for that doesn't turn up much help for Calibre, though similar
(but different) sets of errors turn up in a lot of places. So far I've
not found any of them helpful.

One of them said something about the installed Python packages being
broken in some way, and that if he rebuilt it from source and installed
his that the problem went away. But I'm not yet ready to go that
effort, still holding out for a simpler solution.

I also posted on the Calibre fora (forums for the Latinly-challenged)
and am waiting for advice there.

Fred

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
 God made him who had no sin
  to be sin for us, so that in him
 we might become the righteousness of God."
--- Corinthians 5:21 -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


[CentOS] Network configuration issue with second public ip on CentOS 6

2015-12-23 Thread Meikel

Hi folks,

I have a server at Soyoustart.com (which is a brand of OVH). I run 
CentOS 6.7 and have problems with network configuration.


I want to add a second public ip (failover ip) to the server and did 
follow the instructions in the CentOS-section of 
http://hilfe.ovh.de/AdministrationIpAliasHinzufuegen


After executing the required steps I'm not able to reach the host via 
the second ip from an external host. I tried it with ping and with ssh 
commands.


Here the content of the config files (I anonymized the server ip with 
xx.xx.xx.xx and the failover ip with yy.yy.yy.yy):


$ cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=
NOZEROCONF=true
GATEWAY=xx.xx.xx.254

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=xx.xx.xx.254

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0:0
DEVICE=eth0:0
BOOTPROTO=static
IPADDR=yy.yy.yy.yy
NETMASK=255.255.255.255
ONBOOT=yes

When I restart the network I get a message (two times) saying "RTNETLINK 
answers: Operation not supported".


$ service network restart
Schnittstelle eth0 beenden:[  OK  ]
Loopback-Schnittstelle beenden:[  OK  ]
Loopback-Schnittstelle hochfahren: [  OK  ]
Schnittstelle eth0 hochfahren:  Determining if ip address xx.xx.xx.xx is 
already in use for device eth0...

RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
   [  OK  ]

I can see two interfaces eth0 and eth0:0

$ LANG="" ifconfig
eth0  Link encap:Ethernet  HWaddr ..:..:..:..:..:..
  inet addr:xx.xx.xx.xx  Bcast:xx.xx.xx.255 Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:11122 errors:0 dropped:0 overruns:0 frame:0
  TX packets:14371 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:1362900 (1.2 MiB)  TX bytes:3462327 (3.3 MiB)
  Interrupt:20 Memory:fe50-fe52

eth0:0Link encap:Ethernet  HWaddr ..:..:..:..:..:..
  inet addr:yy.yy.yy.yy  Bcast:yy.yy.yy.yy Mask:255.255.255.255
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  Interrupt:20 Memory:fe50-fe52

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  UP LOOPBACK RUNNING  MTU:65536  Metric:1
  RX packets:3096 errors:0 dropped:0 overruns:0 frame:0
  TX packets:3096 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:274948 (268.5 KiB)  TX bytes:274948 (268.5 KiB)


I'm able to reach the host from another host (outside OVH network) via 
xx.xx.xx.xx (I use ping and ssh), but not via yy.yy.yy.yy.


Just to be sure that there isn't an issue with the firewall I did 
"service iptables stop" and ran the "ping" and "ssh" commands again with 
the same result. For ip xx.xx.xx.xx it works, but not for yy.yy.yy.yy.


Not sure if this is important, just in case it matters, some additional 
information:


IPv6 is disabled by kernel parameter "ipv6.disable=1" in /etc/grub.conf

The two mac addresses I see for eth0 and eth0:0 with the "ifconfig" 
command are the same. In the OVH/Soyoustart.com GUI I created a virtual 
mac for the failover ip, I'm not sure if that virtual mac should come 
into play somewhere?


$ uname -a
Linux  2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 
21:19:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux


$ LANG="" route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xx.xx.xx.0  *   255.255.255.0   U 0 00 eth0
default vss-gw-6k.fr.eu 0.0.0.0 UG0 00 eth0

Why is yy.yy.yy.yy not reachable from outside? What am I doing wrong or 
what can I do to narrow down the problem?


Regards,

Meikel

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] systemd-sysctl not running on boot

2015-12-23 Thread Ofer Hasson
You are correct, I'll refine my problem,

By running "systemctl status systemd-sysctl" I also receive the same
output, but a simple "cat /proc/sys/vm/swappiness" returns the default
value, and not the one set by my conf file.
But, if I run "/usr/lib/systemd/systemd-sysctl" the "cat
/proc/sys/vm/swappiness" does return the correct value.

Any idea ?
Does this happen to anyone else ?

On Wed, Dec 23, 2015 at 11:12 AM, Gordon Messmer 
wrote:

> On 12/22/2015 06:56 AM, Ofer Hasson wrote:
>
>> After upgrading to CentOS 7.2, non of my servers run systemd-sysctl on
>> boot.
>>
>
> Works here...
> # systemctl status systemd-sysctl
> ● systemd-sysctl.service - Apply Kernel Variables
>Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; static;
> vendor preset: disabled)
>Active: active (exited) since Wed 2015-12-16 20:19:10 PST; 6 days ago
>  Docs: man:systemd-sysctl.service(8)
>man:sysctl.d(5)
>   Process: 652 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited,
> status=0/SUCCESS)
>  Main PID: 652 (code=exited, status=0/SUCCESS)
>CGroup: /system.slice/systemd-sysctl.service
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


[CentOS] CentOS 7 pcp-pmda-nvidia-gpu SELinux problems

2015-12-23 Thread David O'Shea
Hi all,

I installed Performance Co-Pilot 3 days ago, and installed the nVidia PMDA 
according to the instructions at 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/ch03s03s02.html
 and was able to view metrics about my video card using pmchart.  I then played 
around a little with the lmsensors PMDA (but it doesn't look too useful to me - 
it doesn't support my sensors, and I think it's for a 2.x kernel).

After not looking at PCP at all for a few days, today I tried using pmchart to 
look at the nVidia metrics again but they were unavailable, and after checking 
/var/log/messages I found SELinux complaints.  After a few iterations of the 
suggested 'grep pmdanvidia /var/log/audit/audit.log | audit2allow -M [...]', 
'semodule -i [...].pp', restarting the PCP service, getting new SELinux errors, 
going back to step 1, I ended up with this content in the .te file:

"""
module doshea-selinux-pcp-pmda-nvidia-gpu 1.0;

require {
type xserver_misc_device_t;
type pcp_pmcd_t;
class capability sys_admin;
class chr_file { read write ioctl open };
}

#= pcp_pmcd_t ==
allow pcp_pmcd_t self:capability sys_admin;

# This avc is allowed in the current policy
allow pcp_pmcd_t xserver_misc_device_t:chr_file { read write ioctl open };
"""

I don't get why this worked 3 days ago and not today.  I haven't installed many 
packages in the meantime.

Should I file a bug somewhere about this?

I don't know much about SELinux - I have a slight ability to edit those .te 
files and I think I remember what to do with them afterwards - but it seems 
like the sys_admin capability is pretty significant to be granting.  Is there 
any way to work out why that's needed?

Thanks in advance,
David
  
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network services start before network is up since migrating to 7.2

2015-12-23 Thread Marcelo Ricardo Leitner

Em 22-12-2015 08:33, Sylvain CANOINE escreveu:


- Mail original -

De: "Marcelo Ricardo Leitner" 
À: "centos" 
Envoyé: Lundi 21 Décembre 2015 21:46:10
Objet: Re: [CentOS] Network services start before network is up since migrating 
to 7.2



Agreed. Sylvain, if possible, please elaborate on their reasoning for
this, because it just seems like a case of "we fear what we don't know",
so they are recommending to stick to old habits instead.

Or have they identified real attack vectors in NM? If yes, we would love
to hear that so it can be fixed.

In short, "you don't need it, so don't use it".
They said NM is more a desktop-oriented tool, already had privilege escalation 
issues in the past (I didn't search if they're right), has too many 
dependencies (such as wpa_supplicant and avahi, which are, of course, also 
forbidden), needs extra mechanisms (PAM ? Polkit ?) to avoid users changing its 
settings, needs D-bus just to work, so it is too much complex just to set 
static IP addresses on network interfaces. They said multiples administrator 
actions, and potentially human errors, to set it up, may be a security risk...


Gotta say, this policy is very subjective. These reasons, they fit 
pretty much everything else too. If memory serves, sudo also had 
privilege escalation issues in the past, but it's needed. NM is just a 
newborn and soon will be required. They are free to wait for it to 
mature more, yes, but just keep in mind that at least for now, that's a 
certain future, NM is getting more and more mainstream.


NM already can be used only during startup, with no daemon running after 
that. That helps a lot already with the reasoning they presented.


Thanks for sharing that.

  Marcelo

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


[CentOS] CentOS-announce Digest, Vol 130, Issue 11

2015-12-23 Thread centos-announce-request
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. Announcing release for Apache HTTP Server 2.4 on CentOS Linux
  6 x86_64 SCL (Honza Horak)
   2. Announcing release for Apache HTTP Server 2.4 on CentOS Linux
  7 x86_64 SCL (Honza Horak)
   3. Announcing release for Varnish Cache 4 on CentOS  Linux 7
  x86_64 SCL (Honza Horak)
   4. Announcing release for Varnish Cache 4 on CentOS  Linux 6
  x86_64 SCL (Honza Horak)
   5. Announcing release for Phusion Passenger 4.0 on CentOS Linux
  7 x86_64 SCL (Honza Horak)
   6. Announcing release for Phusion Passenger 4.0 on CentOS Linux
  6 x86_64 SCL (Honza Horak)
   7. Announcing release for nginx 1.6 and 1.8 on   CentOS Linux 6
  x86_64 SCL (Honza Horak)
   8. Announcing release for nginx 1.6 and 1.8 on   CentOS Linux 7
  x86_64 SCL (Honza Horak)
   9. Announcing release for PHP 5.4, 5.5 and 5.6 on CentOS Linux 6
  x86_64 SCL (Honza Horak)
  10. Announcing release for PHP 5.4, 5.5 and 5.6 on CentOS Linux 7
  x86_64 SCL (Honza Horak)
  11. Announcing release for Perl 5.16 and 5.20 on CentOS Linux 7
  x86_64 SCL (Honza Horak)
  12. Announcing release for Perl 5.16 and 5.20 on CentOS Linux 6
  x86_64 SCL (Honza Horak)
  13. CESA-2015:2694 Important CentOS 6 qemu-kvmSecurity Update
  (Johnny Hughes)


--

Message: 1
Date: Tue, 22 Dec 2015 12:52:23 +0100
From: Honza Horak 
To: centos-annou...@centos.org
Subject: [CentOS-announce] Announcing release for Apache HTTP Server
2.4 on CentOS Linux 6 x86_64 SCL
Message-ID: <56793977.1060...@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed

I am pleased to announce the immediate availability of version 2.4 of 
the Apache HTTP Server on CentOS Linux 6 x86_64, delivered via a 
Software Collection (SCL) built by the SCLo Special Interest Group 
(https://wiki.centos.org/SpecialInterestGroup/SCLo).

QuickStart
--
You can get started in three easy steps:
   $ sudo yum install centos-release-scl
   $ sudo yum install httpd24-httpd
   $ scl enable httpd24 bash

At this point you should be able to use httpd just as a normal 
application. An examples of commands run might be:
   $ service httpd24-httpd start
   $ httpd -h

In order to view the individual components included in this collection, 
including additional subpackages, you can run:
   $ sudo yum list httpd24\*

About Software Collections
--
Software Collections give you the power to build, install, and use 
multiple versions of software on the same system, without affecting 
system-wide installed packages. Each collection is delivered as a group 
of RPMs, with the grouping being done using the name of the collection 
as a prefix of all packages that are part of the software collection.

The collection httpd24 delivers version 2.4 of the Apache HTTP server 
(with a daemon called httpd24-httpd) and related server modules, like 
mode_ldap, mod_ssl, mod_auth_kerb and others.

For more on the Apatch HTTP, see https://httpd.apache.org.

The SCLo SIG in CentOS
--
The Software Collections SIG group is an open community group 
co-ordinating the development of the SCL technology, and helping curate 
a reference set of collections. In addition to the Apache HTTP Server 
collection being released here, we also build and deliver other 
databases, web servers, and language stacks including multiple versions 
of PostgreSQL, MariaDB, NodeJS, Ruby, Python and others.

Software Collections SIG release was announced at 
https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html

You can learn more about Software Collections concepts at: 
http://softwarecollections.org
You can find information on the SIG at 
https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto 
get involved and help with the effort.

We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: 
https://www.centos.org/community/calendar), for an informal open forum 
open to anyone who might have comments, concerns or wants to get started 
with SCL's in CentOS.

Enjoy!

Honza
SCLo SIG member


--

Message: 2
Date: Tue, 22 Dec 2015 12:52:33 +0100
From: Honza Horak 
To: centos-annou...@centos.org
Subject: [CentOS-announce] Announcing release for Apache HTTP Server
2.4 on CentOS Linux 7 x86_64 SCL
Message-ID: <56793981.9010...@redhat.com>
Content-Type: text/plain; c

Re: [CentOS] Network services start before network is up since migrating to 7.2

2015-12-23 Thread Marcelo Ricardo Leitner

Em 22-12-2015 13:53, m.r...@5-cent.us escreveu:


c) wpa-supplicant - again, why? If it's hardwired, and behind switches and
firewalls, why PNAC if every server is running firewalls?

 mark "let's *please* NOT talk about NAC via Cisco,
 and people who allegedly know and have planned
 rolling it out"


It's the same reason you think that adding one layer of management (dbus 
& cia) adds more risk than not adding it. It's another wall to be 
crossed, if anything happens. Some thing firewalls are enough, some not.




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network services start before network is up since migrating to 7.2

2015-12-23 Thread Sylvain CANOINE

- Mail original -
> De: "Gordon Messmer" 
> À: "centos" 
> Envoyé: Mercredi 23 Décembre 2015 10:11:05
> Objet: Re: [CentOS] Network services start before network is up since 
> migrating to 7.2

> I'm a little confused, too.  But, it might be more informative to query
> the system for "network.target" than "network.service" since the former
> is the one missing.

# rpm -V systemd
S.5T.  c /etc/rc.d/rc.local

Ok, normal...


# ll /usr/lib/systemd/system/network.target
-rw-r--r--. 1 root root 480 20 nov.  05:49 
/usr/lib/systemd/system/network.target
# cat /usr/lib/systemd/system/network.target
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Network
Documentation=man:systemd.special(7)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
After=network-pre.target
RefuseManualStart=yes
# systemctl status network.target
● network.target - Network
   Loaded: loaded (/usr/lib/systemd/system/network.target; static; vendor 
preset: disabled)
   Active: inactive (dead)
 Docs: man:systemd.special(7)
   http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget

Dead ? Hmmm...

Sylvain.
Pensez ENVIRONNEMENT : n'imprimer que si ncessaire

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Starting stunnel on boot with CentOS7

2015-12-23 Thread James Hogarth
On 23 December 2015 at 05:38, Kahlil Hodgson 
wrote:

> On my CenOS7 system with stunnel from base
>
> stunnel-4.56-4.el7.x86_64
>
> there's a systemd service file
>
> /etc/systemd/system/stunnel.service
>
> try
>
> sudo systemctl enable stunnel.service
>
>
>
Packaged unit files are in /usr/lib/systemd/system ... someone put that
there as a local configuration (rpm -qf /path/to/file to it to verify)

Of course this is what the OP should do too ...  a very simple unit file
that matches his needs...

cat > /etc/systemd/system/stunnel.service < /etc/systemd/stunnel@.service <

Re: [CentOS] systemd-sysctl not running on boot

2015-12-23 Thread Gordon Messmer

On 12/22/2015 06:56 AM, Ofer Hasson wrote:

After upgrading to CentOS 7.2, non of my servers run systemd-sysctl on boot.


Works here...
# systemctl status systemd-sysctl
● systemd-sysctl.service - Apply Kernel Variables
   Loaded: loaded (/usr/lib/systemd/system/systemd-sysctl.service; 
static; vendor preset: disabled)

   Active: active (exited) since Wed 2015-12-16 20:19:10 PST; 6 days ago
 Docs: man:systemd-sysctl.service(8)
   man:sysctl.d(5)
  Process: 652 ExecStart=/usr/lib/systemd/systemd-sysctl (code=exited, 
status=0/SUCCESS)

 Main PID: 652 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/systemd-sysctl.service


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Network services start before network is up since migrating to 7.2

2015-12-23 Thread Gordon Messmer

On 12/22/2015 09:45 AM, Sylvain CANOINE wrote:

I'm confused. I updated two more servers this afternoon, and... all is working 
well. The services start in correct order. Even after three reboots.
So only one of the (now) five updated servers doesn't start properly.

Then what is the difference ? All I see for now is the network.target unit 
seems not active on the failing server.

...

(failing) # systemctl status network
● network.service - LSB: Bring up/down networking



I'm a little confused, too.  But, it might be more informative to query 
the system for "network.target" than "network.service" since the former 
is the one missing.


# rpm -V systemd
# locate network.target
/usr/lib/systemd/system/network.target
# systemctl status network.target
● network.target - Network
   Loaded: loaded (/usr/lib/systemd/system/network.target; static; 
vendor preset: disabled)

   Active: active since Wed 2015-12-16 20:19:26 PST; 6 days ago
 Docs: man:systemd.special(7)
http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget

Dec 16 20:19:26 x systemd[1]: Reached target Network.
Dec 16 20:19:26 x systemd[1]: Starting Network.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos