Re: [CentOS] RADIUS

[Stephen John Smoogen]

On 1 March 2018 at 12:26, hw <h...@gc-24.de> wrote:
> Stephen John Smoogen wrote:
>>
>> On 1 March 2018 at 08:42, hw <h...@gc-24.de> wrote:
>>
>>>
>>> I didn´t say I want that, and I don´t know yet what I want.  A captive
>>> portal may
>>> be nice, but I haven´t found a way to set one up yet, and I don´t have an
>>> access
>>> point controller which would provide one, so I can´t tell if that´s the
>>> right
>>> solution.
>>>
>>
>> This is the problem with this entire thread in a nutshell. You don't
>> know what you want but what you have articulated at various points is
>> that you do know what you want. You then state something that won't
>> work because of some factor or another. People then correct you on
>> that, and you then get hostile because you were just thinking out loud
>> but no one knew that. Thinking out loud works ok in real life because
>> we give special queues like looking abstractly or being able to say
>> "Oh no I am just thinking out loud" right away. Instead in email none
>> of that happens and people get more and more hostile and angry
>> thinking the other side is trying to make them do completely opposite.
>>
>> Let us try starting over. You may have answered these in other places,
>> but people need to see them in one place at one time versus trying to
>> look through cache of other emails.
>>
>> What do you want?
>
>
> I was asking for documentation telling me how RADIUS can be used, not only
> that it can be used.
>
>> What are your constraints? [AKA what have you been told to do.]
>
>
> The task is to provide wireless coverage for employees and customers on
> company premises.  It is desirable to be able to keep track of customers,
> as in knowing where exactly on the premises they currently are (within
> like 3--5 feet, which is apparently tough), and simpler things like knowing
> how long they stay and if they have been on the premises before.  To avoid
> legal issues, it is probably advisable that customers need to agree to
> some sort of terms of usage.
>

Oh yeah. Who ever gave you those marching orders needs to talk with
all kinds of lawyers... even researching for it might be problematic
in some countries due to a multitude of laws. You are walking out of
setting up a wireless environment into full-scale surveillance.

That said, what you are looking for is not going to be accomplished
with simple radius without a large amount of development. It is also
going to need a lot of wireless sensors running at different
frequencies through out the building. Most of that is done usually
with special commercial hardware/software and falls outside of scope
of this list by a mile.

RADIUS may be something that is done with all of this but only far way
back in the chain of tools needed. It might be something that the
specialized hardware, scanners, sensors, etc might tie into if they
don't have their own specialized tool. Worrying about it before those
are researched, etc is to use an English idiom: putting the cart
before the horse.

> It is desirable to be able to know where employees currently are, though
> it doesn´t neeed to be as precise.
>
>> When do you need it?
>
>
> There´s no given time frame; it´s as soon as possible and preferably
> this year.
>
> It is necessary to (re-)do the entire network infrastructure before wireless
> coverage can be achieved, one of the reasons being that it is currently
> impossible to use VLANs all over the place.
>
>> What is the environment that it is to run in?
>
>
> a shopping area
>
> Some of the wireless access points may need to take part in what is
> apparently called a mesh to be able to supply remote parts of the premises.
>
>> What research have you done (with references)?
>
>
> I searched for documenation about how to actually use RADIUS and didn´t
> find any.  I´ve asked for pointers to such documentation here.
> I´ve read the RADUIS admin guide.  I´ve done a test setup by installing
> RADIUS and configuring a switch to use it to authenticate users logging
> into the switch via ssh and found it works fine.  I have set up a couple
> access points in a test setup which currently provide wireless access for
> employees and wireless internet access for customers around some points
> of the premises.  I found out what a captive portal is.
>
>> Then people will have a better ability to answer:
>> What have others done to meet those needs?
>> How have they implemented it?
>>
>> Then ask
>> What other things do you need for me to help?
>>
>> People can then ask questions about things you didn't fully explai

Re: [CentOS] RADIUS

[Stephen John Smoogen]

On 1 March 2018 at 08:42, hw  wrote:

>
> I didn´t say I want that, and I don´t know yet what I want.  A captive
> portal may
> be nice, but I haven´t found a way to set one up yet, and I don´t have an
> access
> point controller which would provide one, so I can´t tell if that´s the
> right
> solution.
>

This is the problem with this entire thread in a nutshell. You don't
know what you want but what you have articulated at various points is
that you do know what you want. You then state something that won't
work because of some factor or another. People then correct you on
that, and you then get hostile because you were just thinking out loud
but no one knew that. Thinking out loud works ok in real life because
we give special queues like looking abstractly or being able to say
"Oh no I am just thinking out loud" right away. Instead in email none
of that happens and people get more and more hostile and angry
thinking the other side is trying to make them do completely opposite.

Let us try starting over. You may have answered these in other places,
but people need to see them in one place at one time versus trying to
look through cache of other emails.

What do you want?
What are your constraints? [AKA what have you been told to do.]
When do you need it?
What is the environment that it is to run in?
What research have you done (with references)?

Then people will have a better ability to answer:
What have others done to meet those needs?
How have they implemented it?

Then ask
What other things do you need for me to help?

People can then ask questions about things you didn't fully explain.
This is helpful because going from the previous emails your phrasing
made it sound like you needed unknown people to not be able to get
onto the network until they were authenticated, but authentication
requires them to be on a network, but you can't allow them to be on
any network until they are authenticated. That may not be what you
mean (on the other hand, I have had that conundrum given to me at a
job and we had to spend 3 months convincing the boss(es) that was
impossible with the tools we had (and probably impossible without)).


> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RADIUS

[John Hodrien]

This is really nothing to do with CentOS anymore, if it ever was.

On Thu, 1 Mar 2018, hw wrote:


If PXE boot is not possible because it would require to allow network access
to unauthorized devices, or if it is not reasonably feasible because
switching the device to a different VLAN after allowing unauthorized access
for booting and then providing credentials to authenticate the device (or
the user) will result in the device freezing and thus being useless, then
that just is so, and I have to deal with it.


Why would that *have* to result in the device freezing?  You can PXE boot to a
kernel and initrd that after it's downloaded runs just fine without any
network access at all.

There's no requirement for a PXE client to have network access to anything
other than a VLAN with a boot server that provides it with a boot image.  You
can obviously add on frippery that only recognises approved MACs for even this
if you feel the need.


Right, but what about keeping track of customers?  Apparently RADIUS has
some accounting features, and it might be an advantage to use those.


I really don't get why you want WPA2 Enterprise for this setup.  There's a
reason why almost everyone uses captive portals for providing access to lots
of external users.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] custom Xen on custom kernel on CentOS 7

[John Vetter]

Yes, the binaries were correctly installed in /boot, but grub2-mkconfig wasn't 
creating an entry in grub.cfg for the particular combination of linux kernel 
and xen that I was looking for. Manually editing the grub.cfg appeared to work 
okay, but it was a pain because it gets over-written everytime grub2-mkconfig 
gets run.

Thanks George,
John
 
 

Sent: Wednesday, February 28, 2018 at 7:05 AM
From: "George Dunlap" <dunl...@umich.edu>
To: "Discussion about the virtualization on CentOS" <centos-virt@centos.org>
Subject: Re: [CentOS-virt] custom Xen on custom kernel on CentOS 7


On systems with grub2, grub-bootxen.sh is tweaking the global grub2
config -- making sure Xen runs first, and adding some default
configuration. Even without that, grub2-mkconfig should be creating
entries if the binaries exist.

Are you sure:
1. That your new kernel & hypervisor have installed binaries in /boot?
2. That grub2-mkconfig is writing the config to the proper directory?
(i.e., that, you're using the correct '-o' argument?)

-George
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] custom Xen on custom kernel on CentOS 7

[John Vetter]

Thanks Sarah. Your suggestions 2) and 3) appear to have solved my problem.

John
 
 

Sent: Tuesday, February 27, 2018 at 12:48 PM
From: "Sarah Newman" <s...@prgmr.com>
To: "John Vetter" <john.vet...@mail.com>
Cc: "Discussion about the virtualization on CentOS" <centos-virt@centos.org>
Subject: Re: [CentOS-virt] custom Xen on custom kernel on CentOS 7
On 02/27/2018 07:50 AM, John Vetter wrote:
> Hi,
> I'm trying to run an arbitrary Xen version (4.7.x) on a recent kernel (say,
> 4.13.x) on CentOS 7.
> What is the recommended way for doing this? (I am new to Xen and 
> virtualization).
> I tried the following:
> 1. installed xen4centos.
> 2. built linux kernel 4.13.x and installed it (using make install)
> 3. built xen 4.7.x and installed it (using make install).
> grub2-mkconfig and grub-bootxen.sh don't seem to be picking up the combination
> of new kernel and new xen and making an entry in the grub.cfg file.
> It did make an entry for the new Xen with the kernel installed with 
> xen4centos.
> I looked at the grub-bootxen.sh script but was unable to figure a way out. How
> do I get the installation scripts to make an entry for my new kernel and new 
> Xen?

I would suggest one of
1. Run the scripts with -x to figure out where they're quitting early
2. Make an rpm for the kernel you're building, or
3. Manually edit the grub files and run dracut. It's not hard to do what those 
scripts do by hand.

--Sarah
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Any alternatives for the horrible reposync

[Stephen John Smoogen]

On 28 February 2018 at 08:07, Dennis Jacobfeuerborn
<denni...@conversis.de> wrote:
> On 27.02.2018 16:45, Stephen John Smoogen wrote:
>> On 27 February 2018 at 06:11, Dennis Jacobfeuerborn
>> <denni...@conversis.de> wrote:

> What I mean by inexplicable is that it would make more sense to make
> reposync a generic tool for syncing yum repos and then simply provide
> the option to use /etc/yum.conf rather then to hard-code (as is
> apparently the case) these system specific behaviors.
>

I think that people have been wanting to do that for 12? years now,
but no one seems to have actually done so. I don't know if the code is
impossible to fix or that everyone keeps assuming someone else will do
it for them someday, or a combination of the two.. [developer starts
looking to fix the code, and then just decides that it would be better
if someone else fixed it for them someday].

> For now what seems to work is using a unique repo name in the config
> file to make it impossible for reposync to find a matching file in
> /var/cache/yum but that's more of a hack than a fix for the issue.
>

.. you know I think that is what I do but just didn't think about why
I do it. I apologize for not pointing out that hack-fix so you had to
rediscover it.


> Regards,
>   Dennis



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] custom Xen on custom kernel on CentOS 7

[John Vetter]

Sorry reseding in text format.
 

Hi,
 
I'm trying to run an arbitrary Xen version (4.7.x) on a recent kernel (say, 
4.13.x) on CentOS 7.
 
What is the recommended way for doing this? (I am new to Xen and 
virtualization).
 
I tried the following:
1. installed xen4centos.
2. built linux kernel 4.13.x and installed it (using make install)
3. built xen 4.7.x and installed it (using make install).
 
grub2-mkconfig and grub-bootxen.sh don't seem to be picking up the combination 
of new kernel and new xen and making an entry in the grub.cfg file.
 
It did make an entry for the new Xen with the kernel installed with xen4centos.
 
I looked at the grub-bootxen.sh script but was unable to figure a way out. How 
do I get the installation scripts to make an entry for my new kernel and new 
Xen?
 
Thanks,
John
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS-virt] custom Xen on custom kernel on CentOS 7

[John Vetter]

Hi,

 

I'm trying to run an arbitrary Xen version (4.7.x) on a recent kernel (say, 4.13.x) on CentOS 7.

 

What is the recommended way for doing this? (I am new to Xen and virtualization).

 

I tried the following:

1. installed xen4centos.

2. built linux kernel 4.13.x and installed it (using make install)

3. built xen 4.7.x and installed it (using make install).

 

grub2-mkconfig and grub-bootxen.sh don't seem to be picking up the combination of new kernel and new xen and making an entry in the grub.cfg file.

 

It did make an entry for the new Xen with the kernel installed with xen4centos.

 

I looked at the grub-bootxen.sh script but was unable to figure a way out. How do I get the installation scripts to make an entry for my new kernel and new Xen?

 

Thanks,

John
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] Any alternatives for the horrible reposync

[Stephen John Smoogen]

On 27 February 2018 at 06:11, Dennis Jacobfeuerborn
<denni...@conversis.de> wrote:
> Hi,
> I'm currently trying to mirror a couple of yum repositories and the only
> tool that seems to be available for this is reposync.
> Unfortunately reposync for some inexplicable reason seems to use the yum
> config of the local system as a basis for its work which makes no sense
> and creates all kinds of problems where cache directories and metadata
> gets mixed up.
> Are there any alternatives? Some repos support rsync but not all of them
> so I'm looking for something that works for all repos.
>

It is not 'inexplicable'. reposync was primarily built for a user to
sync down the repositories they are using to be local.. so using
yum.conf makes sense. The fact that it can be used for a lot of other
things is built into various configs which the man page covers. As
John Hodrien mentioned, you can use the -C flag to point it to a
different config file. This is the way to use it if you are wanting to
download other files and data. Tools like cobbler wrap the reposync in
this fashion.




> Regards,
>   Dennis
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Any alternatives for the horrible reposync

[John Hodrien]

On Tue, 27 Feb 2018, Dennis Jacobfeuerborn wrote:


Hi,
I'm currently trying to mirror a couple of yum repositories and the only
tool that seems to be available for this is reposync.
Unfortunately reposync for some inexplicable reason seems to use the yum
config of the local system as a basis for its work which makes no sense
and creates all kinds of problems where cache directories and metadata
gets mixed up.
Are there any alternatives? Some repos support rsync but not all of them
so I'm looking for something that works for all repos.


reposync uses whatever config file you point it at with "-c", only using
/etc/yum.conf if you don't bother.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RADIUS

[John Hodrien]

On Fri, 23 Feb 2018, hw wrote:


There are devices that are using PXE-boot and require access to the company
LAN.  If I was to allow PXE-boot for unauthenticated devices, the whole
thing would be pointless because it would defeat any security advantage that
could be gained by requiring all devices and users to be authenticated:
Anyone could bring a device capable of PXE-booting and get network access.


I'd hope that you could involve TPM in this game.  PXE to unauthenticated
VLAN, boot an OS that could then use TPM to pull out a credential to
authenticate to the network and switch to another VLAN.


As a customer visting a store, would you go to the lengths of configuring
your cell phone (or other wireless device) to authenticate with a RADIUS
server in order to gain internet access through the wirless network of the
store?


No, I'd never offer wireless network access this way.  Typically, you either
offer it unauthenticated, or you provide it via a captive web portal.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RADIUS

[John Hodrien]

On Fri, 23 Feb 2018, hw wrote:


That would be a problem because clients using PXE-boot require network
access, and it wouldn´t contribute to security if unauthorized clients were
allwed to PXE-boot.


What problem are you actually trying to solve?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-docs] wiki content management via automation

[John R. Dennison]

On Thu, Feb 22, 2018 at 10:30:30PM +0100, Fabian Arrotin wrote:
> 
> When I tried their irc channels for the migration issue, I was told that
> it wasn't really supported, and on their website
> (https://moinmo.in/Support) it seems to be more about "consultancy services"

Well... it _does_ sound like a consulting gig to me.  You're playing in
the bigs now, I'm sure you have access to a flush fund / petty cash /
Evolution to sign a check? :)





    John
-- 
The nuclear arms race is like two sworn enemies standing waist deep in
gasoline, one with three matches, the other with five.

-- Carl Sagan (1934-1996), astronomer and writer, debate transcript with
   William F. Buckley, aired after the first showing of the ABC TV movie
   "The Day After", November 20, 1983


signature.asc
Description: PGP signature
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS-docs] wiki content management via automation

[John R. Dennison]

On Thu, Feb 22, 2018 at 01:11:20PM +, Karanbir Singh wrote:
> On 21/02/18 22:30, Fabian Arrotin wrote:
> > That's a good question, as we'll also have to migration for moinmoin if
> > we can't find a support path to migrate to supported version anyway.
> > So first question (already asked on the list) : is there a way to get in
> > touch with moin people willing to help/assist us ? (as their upgrade
> > tool wasn't working to test migration from 1.6 to 1.7)
> 
> it would be good if someone on the docs team ( or docs focused could
> take this up, I am far too removed from implementation at this point to
> drive that conversation productively ).
> 
> Other than that, +1 to engage moin upstream

+1 on getting moin updated to current.  It's going to be much less work
in the long run than converting everything over to mediawiki or similar.

> > And then too : is there a way to consume a kind of API for moin that
> > would then meet the "content management via automation" requirement. Or
> > do we have to also investigate directly another solution (like
> > mediawiki) and so migration ?
> 
> does media-wiki have an api ?

Yes, but unnecessary to resort to API for this.  moin-1.6 and newer all
have functionality via 'macros' (plugins, mostly) to pull in remote
content and have it rendered by the moin rendering engine and then
displayed in-line.  Your work-flow could produce an artifact that is
raw wiki-formatted text and then wiki.c.o could consume that content
automatically.  Keeping that content up-to-date would then be the
responsibility of the work-flow pipeline itself.






John
-- 
We may have democracy, or we may have wealth concentrated in the hands of a
few, but we can't have both.

-- Louis Brandeis (1856-1941), U.S. Supreme Court Justice, quoted by Raymond
   Lonergan in Mr.  Justice Brandeis, Great American (1941), p. 42.


signature.asc
Description: PGP signature
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] RADIUS

[John Hodrien]

On Thu, 22 Feb 2018, hw wrote:


That seems neither useful, nor feasible for customers wanting to use the
wireless network we would set up for them with their cell phones.  Are cell
phones even capable of this kind of authentication?


Yes, entirely capable.  WPA2-Enterprise isn't some freakish and unusual
solution.

https://www.eduroam.org/

I configure wireless once on my device (phone/tablet/laptop) and then can
travel to institutions all round the world and use their networks seamlessly.
How useless and infeasible indeed.


Anyway, there are some clients that can probably authenticate, which leaves
the ones that use PXE boot.  I tried things out with a switch, and it would
basically work.  If it makes sense to go any further with this and how now
needs to be determined ...


A client that can't authenticate gets the network it's provided with by being
unauthenticated.  If an unauthenticated client can't have any network access,
that's what they get.  Presumably you could drop an unauthenticated machine
into a different VLAN.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Mirror Problem

[Stephen John Smoogen]

On 16 February 2018 at 08:36, Günther J. Niederwimmer  wrote:
> Hello,
> I have thousands of this messages on my servers ??
>
> Is this a Problem on my site or is the infrastructure broken??
> /etc/cron.hourly/0yum-hourly.cron:
>
> Could not get metalink https://mirrors.fedoraproject.org/metalink?
> repo=epel-7=x86_64 error was
> 14: HTTPS Error 503 - Service Unavailable
>
> Thanks for a answer,
>

Hello, from the Fedora side of Infrastructure. We have been trying to
get the 503 error rate down in the last six months and thought we had
licked it with recent changes. We had moved down the error rate to
80,000 bad requests per day out of 13.5 million total ones which
actually is a creep up from what we had last month. Most of the
requests every day happen in the time frame of XX:00 -> XX:15 of every
hour. Every proxy seems to give about 100 per day but 2 proxies seem
to have had docker problems and have been each contributing 32,000 to
38,000 503's.

We did find an error in the docker restart script which hopefully will
drop this further. We are still evaluating why just those 2 proxies
have so many more and will let you know what is found.

Thank you for your patience.


-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install CentOS 7 on MBR hard disk

[Stephen John Smoogen]

On 15 February 2018 at 21:48, Yves Bellefeuille  wrote:
> Stephen J Smoogen wrote:
>
>>  OK wild guess on install options as sometimes they will do this but
>>  not say they did it. Try adding inst.gpt=false to the boot line.
>
> Sorry, that didn't work. Nor did installing CentOS 7 without a boot
> loader, chroot-ing into it, and trying to install grub2 manually:
>
> grub2-install /dev/sda --target=i386-pc
> grub2-mkconfig -o /boot/grub2/grub.cfg
>

Hmmm if that didn't work then there is something in the bootup which
keeps telling grub/kernel you are an EFI only system. EL6 would have
installed because EFI support at that point was mainly a "eh oh yeah
we need to cover that?" type thing. EL7 should be clearer on this but
it might have gone the other way.

Can you try to see if Fedora 27 has the same problem? If it has then
this is a problem that upstream needs to fix on EL releases. If it
isn't then I would lean more towards the motherboard/bios combo saying
something which says "my legacy support is iffy.. use EFI".

After that it is usually what is the motherboard/bios level and is it
updated type fixes then.

>>  Thank you for your patience on this.
>
> I didn't realize you were the culprit, so that's OK. ;-)
>

Well I am not the culprit.. it is just most of my ideas have been
completely useless.

> --
> Yves Bellefeuille
> 
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install CentOS 7 on MBR hard disk

[Stephen John Smoogen]

On 15 February 2018 at 18:45, Yves Bellefeuille <y...@storm.ca> wrote:
> Stephen John Smoogen <smo...@gmail.com> wrote:
>
>> I am guessing because my drives were blank and smaller than 2 TB that
>> it defaulted to MBR even when the system had a UEFI BIOS (as long as
>> the firmware is in legacy mode).
>
> Right, the problem seems to arise if you already have partitions on
> your MBR disk. Perhaps Fred Smith can confirm this.
>
>> What is the partition table of the drive you are trying to install
>> to?
>
> MBR, 240 GB (an SSD), with CentOS 6 already installed on a partition.
> (There are also other partitions.)
>

OK wild guess on install options as sometimes they will do this but
not say they did it. Try adding inst.gpt=false to the boot line.

Thank you for your patience on this.

> --
> Yves Bellefeuille
> <y...@storm.ca>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install CentOS 7 on MBR hard disk

[Stephen John Smoogen]

On 15 February 2018 at 18:29, Yves Bellefeuille <y...@storm.ca> wrote:
> Stephen John Smoogen <smo...@gmail.com> wrote:
>
>>  OK I am going with documentation not being right and/or I have been
>>  very lucky with my installs.
>
> If you read
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-disk-partitioning-setup-x86#sect-bootloader-mbr-gpt-x86
> carefully, it seems to say that if you have UEFI and an MBR hard disk
> that already has partitions, you must reformat it to GPT.
>
> The documentation seems to say that Anaconda will use MBR only if the
> disk is the right size (fewer than 2^32 sectors) *and* has no
> partition.
>

 I am guessing because my drives were blank and smaller than 2 TB that
it defaulted to MBR even when the system had a UEFI BIOS (as long as
the firmware is in legacy mode).

What is the partition table of the drive you are trying to install to?


> --
> Yves Bellefeuille
> <y...@storm.ca>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install CentOS 7 on MBR hard disk

[Stephen John Smoogen]

On 15 February 2018 at 18:05, Fred Smith <fre...@fcshome.stoneham.ma.us> wrote:
> On Thu, Feb 15, 2018 at 05:31:42PM -0500, Stephen John Smoogen wrote:
>> On 15 February 2018 at 17:19, Yves Bellefeuille <y...@storm.ca> wrote:
>> > I have a UEFI system, but I want to install CentOS on a MBR (not GPT)
>> > hard disk.
>> >
>> > The installation program keeps telling me that I must create an "EFI
>> > system partition on a GPT disk mounted at /boot/efi".
>> >
>> > I can't find a way to work around this. Is there a solution?
>> >
>>
>> If the installer is doing that then it usually means that the UEFI
>> firmware is either
>> a) not in BIOS compatibility mode
>> b) does not respond in a way that Linux detects or
>> c) the disk is larger than what BIOS compatibility mode will allow.
>>
>> Otherwise anaconda should default to MBR unless it finds the hardware
>> does not know how to deal with MBR.
>>
>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-anaconda-boot-options
>>
>
> I had the same issue back when I installed 7.x on this box. I couldn't
> find a way around it, so I finally just went with the flow.
>
> I definitely DID have it in legacy mode, or at least the firmware's
> GUI said I did.

OK I am going with documentation not being right and/or I have been
very lucky with my installs.

The only other thing I can think of is that the disk was already
formatted to GPT. In that case it has to be EFI. [I had a disk which
was GPT partitioned and removing that was quite a challenge as I had
done a 'dd if=/dev/zero of=/dev/sda bs=512 count=10' and it still kept
coming up as GPT. I believe I had to run a different disk command to
really clean it.]


>
> --
>  Fred Smith -- fre...@fcshome.stoneham.ma.us -
>   "And he will be called Wonderful Counselor, Mighty God, Everlasting Father,
>   Prince of Peace. Of the increase of his government there will be no end. He
>  will reign on David's throne and over his kingdom, establishing and upholding
>   it with justice and righteousness from that time on and forever."
> --- Isaiah 9:7 (niv) 
> --
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install CentOS 7 on MBR hard disk

[Stephen John Smoogen]

On 15 February 2018 at 17:19, Yves Bellefeuille  wrote:
> I have a UEFI system, but I want to install CentOS on a MBR (not GPT)
> hard disk.
>
> The installation program keeps telling me that I must create an "EFI
> system partition on a GPT disk mounted at /boot/efi".
>
> I can't find a way to work around this. Is there a solution?
>

If the installer is doing that then it usually means that the UEFI
firmware is either
a) not in BIOS compatibility mode
b) does not respond in a way that Linux detects or
c) the disk is larger than what BIOS compatibility mode will allow.

Otherwise anaconda should default to MBR unless it finds the hardware
does not know how to deal with MBR.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/chap-anaconda-boot-options



> --
> Yves Bellefeuille
> 
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux policy with rsyslog and tls/certs

[John Ratliff]

On 2/13/2018 4:48 PM, John Ratliff wrote:
I've setup my rsyslog server to forward traffic to another rsyslog 
server on my network. It's using gTLS to encrypt the messages in transit.


selinux is not allowing rsyslogd to read the certificates. They are 
world readable, so I don't think that is the problem. When I turn 
selinux mode to permissive, it works fine.


What context should the ssl certificates be in for rsyslog to be able to 
read them?




It worked when I set it to syslog_conf_t. Not sure if that's correct, 
but it functions.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] selinux policy with rsyslog and tls/certs

[John Ratliff]

I've setup my rsyslog server to forward traffic to another rsyslog 
server on my network. It's using gTLS to encrypt the messages in transit.


selinux is not allowing rsyslogd to read the certificates. They are 
world readable, so I don't think that is the problem. When I turn 
selinux mode to permissive, it works fine.


What context should the ssl certificates be in for rsyslog to be able to 
read them?


thanks.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problem with ssh disconnecting

[Stephen John Smoogen]

On Mon, Feb 12, 2018 at 6:25 PM H  wrote:

> Running CentOS 7 on workstation and having a problem with ssh disconnects.
> My ssh_config contains:
>
> Host *
> TCPKeepAlive yes
> ServerAliveInterval 30
> ServerAliveCountMax 300
>
> and sshd_config on the server contains:
>
> TCPKeepAlive yes
> ClientAliveInterval 60
> ClientAliveCountMax 300
>
> Have I missed any setting needed to prevent these random disconnects? I
> don't think there is anything wrong with the network card, the driver, or
> the cable, since if I am on a VPN connection via another server, the VPN
> and any ssh connection stay up indefinitely.
>
> Thanks.



There are usually 2 different reasons for this:
1. The VPN is UDP and times out/drops keeps alives so that they no longer
function properly. [The UDP connection will make it look like you have a
new SSH connection which of course the system will drop because that would
allow for security problems.]

2. A firewall in the chain of things (system you are on, the system you are
going to, or somewhere in between) has session flushing issues. If you have
the firewall set up to only accept NEW port 22 connections and then just
looks to see if the ESTABLISHED, RELATED tables are accepted elsewhere then
if the session somehow ages out or is flushed due to usage, the ssh
connection can get dropped.

The solution to one is to see if a TCP VPN fixes the problem. The second
one is to either make the iptables kernel tables larger or to have all port
22 accepted even if it is not ESTABLISHED.

These aren’t the only ways the problem you see can occur but they are some
of the most common I have run into.



>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Issues with NVidia video driver and CentOS

[John Hodrien]

On Thu, 8 Feb 2018, Felipe Westfields wrote:


I'm on a network that is disconnected from the internet; makes things kind
of awkward sometimes. We have some internal repositories that are supposed
to mirror centos, and EPEL - don't have one (that I'm aware of) that
mirrors elrepo.
But it looks like it's looking for just that one package; if that's all I
need to get these installed, then hopefully this can be wrapped up.


Thing is, what you've posted makes no sense to me.


that first one appears to have a dependency on "NVidia-x11-drv-304xx = 304.135" 
and I can't find that package anywhere - I've checked CentOS


In short, you're saying that
nvidia-x11-drv-304xx-304.135-1.el6.elrepo.x86_64.rpm requires 
NVidia-x11-drv-304xx = 304.135

I find this hard to believe, given you're really saying it requires itself.

How about you don't summarise what you've done, but download again the files
you think you need, and paste actual output when you get errors.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Issues with NVidia video driver and CentOS

[John Hodrien]

On Wed, 7 Feb 2018, Felipe Westfields wrote:


I'm trying to reinstall the elrepo drivers.
Removed the existing elrepo drivers
Downloaded the following elrepo drivers:

nvidia-x11-drv-304xx-304.135-1.el6.elrepo.x86_64.rpm
kmod-nvidia-304xx-304.135-1.el6.elrepo.x86_64.rpm
nvidia-x11-drv-304xx-32bit-304.135-1.el6.elrepo.x86_64.rpm

that first one appears to have a dependency on "NVidia-x11-drv-304xx =
304.135" and I can't find that package anywhere - I've checked CentOS base,
the EPEL repositories, and the elrepo repositories, RPMfind.

Do you know where I can find it?


Do you have something against yum?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Xen hypervisor on CentOS 7.4 with modern UEFI server not booting from grub

[John Naggets]

Hi Chris,

For completeness just wanted to mention that it is the first time I
see in newer servers that it is not possible to PXE boot from the
network using legacy mode (BIOS). It seems like the NICs are missing
the required piece of code for that as all 4 NICs of that server fail
to boot legacy PXE with the following message:

!PXE structure was not found in UNDI driver code segment.

Best,
J.

On Wed, Jan 31, 2018 at 9:06 PM, Chris Adams <li...@cmadams.net> wrote:
> Once upon a time, John Naggets <hostingnugg...@gmail.com> said:
>> Jonathan brings it exactly to the point: we have to face UEFI because
>> legacy mode is fading out, if I enable legacy mode I can't even boot
>> anymore through the network (PXE) as these newer network cards can
>> only boot PXE with UEFI.
>
> UEFI PXE is different than BIOS PXE and needs to download different
> software from the TFTP server.  I use syslinux for BIOS PXE, but it
> doesn't seem to work with UEFI PXE so I use grub2 (I use the secure boot
> shim from Fedora to support as many setups as practical).  You can have
> both available at the same time (takes a DHCP tweak).
>
> Just like the early days of BIOS PXE however, UEFI PXE clients don't
> always seem to do the right thing.  I have an Intel NUC (7th gen), and
> it always fails with UEFI PXE.
>
> --
> Chris Adams <li...@cmadams.net>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Xen hypervisor on CentOS 7.4 with modern UEFI server not booting from grub

[John Naggets]

I checked and secure boot is turned off.

Jonathan brings it exactly to the point: we have to face UEFI because
legacy mode is fading out, if I enable legacy mode I can't even boot
anymore through the network (PXE) as these newer network cards can
only boot PXE with UEFI.

In the mean time I have installed Ubuntu 17.10 with Xen and I was
lucky to see that this combination works with UEFI even Xen.


On Wed, Jan 31, 2018 at 2:12 PM, Johnny Hughes <joh...@centos.org> wrote:
> On 01/30/2018 04:23 PM, John Naggets wrote:
>> Hi,
>>
>> I installed CentOS 7.4 on a modern Lenovo ThinkSystem SR630 server
>> which uses UEFI. So far so good CentOS 7.4 works fine so then I went
>> on to install the Xen hypervisor by following the instructions from
>> the wiki (https://wiki.centos.org/HowTos/Xen/Xen4QuickStart).
>>
>> Unfortunately when I reboot after having installed the xen package the
>> system does not boot into "CentOS Linux, with Xen hypervisor" from the
>> grub menu prompt. I get the following error:
>>
>> Loading Xen 4.6.6-8.el7 ...
>> error: can't find command `multiboot'.
>> Loading Linux 4.9.75-29.el7.x86_64 ...
>> error: can't find command `module'.
>> Loading initial ramdisk ...
>> error: can't find command `module'.
>>
>> Press any key to continue...
>>
>> The problem which I encounter here is exactly the same issue as
>> described for Fedora in the RedHat bugs:
>> https://bugzilla.redhat.com/show_bug.cgi?id=1286317 with the exception
>> that for me it's CentOS 7.4 and that the workarounds as described in
>> that bug do not work.
>>
>> Does anyone know how I can make my CentOS boot with the Xen hypervisor
>> using UEFI?
>>
>> Thank you very much for your help.
>>
>
> Usually not an issue with UEFI .. but with Secure Boot
>
> You need to make sure Secure Boot is off.  It is sometimes called Legacy
> Booting turned on, etc.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Xen hypervisor on CentOS 7.4 with modern UEFI server not booting from grub

[John Naggets]

Hi,

I installed CentOS 7.4 on a modern Lenovo ThinkSystem SR630 server
which uses UEFI. So far so good CentOS 7.4 works fine so then I went
on to install the Xen hypervisor by following the instructions from
the wiki (https://wiki.centos.org/HowTos/Xen/Xen4QuickStart).

Unfortunately when I reboot after having installed the xen package the
system does not boot into "CentOS Linux, with Xen hypervisor" from the
grub menu prompt. I get the following error:

Loading Xen 4.6.6-8.el7 ...
error: can't find command `multiboot'.
Loading Linux 4.9.75-29.el7.x86_64 ...
error: can't find command `module'.
Loading initial ramdisk ...
error: can't find command `module'.

Press any key to continue...

The problem which I encounter here is exactly the same issue as
described for Fedora in the RedHat bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1286317 with the exception
that for me it's CentOS 7.4 and that the workarounds as described in
that bug do not work.

Does anyone know how I can make my CentOS boot with the Xen hypervisor
using UEFI?

Thank you very much for your help.

Best regards,
John
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] logging in

[Stephen John Smoogen]

On 30 January 2018 at 13:40, Jon Pruente  wrote:

> On Tue, Jan 30, 2018 at 12:26 PM,  wrote:
>
> > This is odd.
> >
> > We're seeing a *lot* of
> > sshd[8400]: Timeout, client not responding.
> > So I'm trying to find out whose client is having issues. Trying to figure
> > that, after processes are gone, I tried looking in lastlog, which is
> where
> > it gets odd. lastlog shows root coming in, and it shows a security
> account
> > coming in... years ago.
> >
> > I see one of our users logging in a goodly number of times... but lastlog
> > doesn't show him. I just logged in as myself, no password, using keys...
> > and lastlog doesn't show me, or my manager, or anyone else.
> >
> > Does anyone have any idea why lastlog's not recording *all* logins?
> >
>
> You can look at /var/log/audit/audit.log to see more detail than what last
> shows. A nice tip is to pipe the output through another tool to convert the
> timestamps to human readable date and time.
>
> tail -f /var/log/audit/audit.log | ausearch -i
> or
> tail -f /var/log/audit/audit.log | perl -pe 's/(\d+)/localtime($1)/e'
>
>
Also check that /var/log/wtmp is set up correctly

[smooge@smoogen-laptop ~]$ ls -lZ /var/log/wtmp
-rw-rw-r--. root utmp system_u:object_r:wtmp_t:s0  /var/log/wtmp
[smooge@smoogen-laptop ~]$ ls -l /var/log/wtmp
-rw-rw-r--. 1 root utmp 116352 2018-01-30 13:55 /var/log/wtmp

Sometimes wtmp gets rotated at the beginning of the year so there is
usually another file like
/var/log/wtmp-20180117 or something.


> via
> https://serverfault.com/questions/327846/convert-
> selinux-log-date-format-from-epoch-to-normal
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Xen 4.4 Immediate EOL

[John Haxby]

On 19/01/18 17:58, Kevin Stange wrote:
> On 01/19/2018 06:17 AM, Pasi Kärkkäinen wrote:
>> On Thu, Jan 18, 2018 at 11:48:35AM -0600, Kevin Stange wrote:
>>> Hi,
>>>
>>
>> Hi,
>>  
>>> I am very sorry to do this on short notice, but obviously Meltdown and
>>> Spectre are a lot more than anyone was really expecting to come down the
>>> pipeline.  Xen 4.4 has been EOL upstream for about a year now and I have
>>> personally been reviewing and backporting patches based on the 4.5
>>> versions made available upstream.
>>>
>>> Given that 4.5 is now also reaching EOL, backporting to 4.4 will become
>>> harder and I've already taken steps to vacate 4.4 in my own environment
>>> ASAP.  Spectre and Meltdown patches most likely will only officially
>>> reach 4.6 and are very complicated.  Ultimately, I don't think this is a
>>> constructive use of my time.  Therefore, I will NOT be continuing to
>>> provide updated Xen 4.4 builds any longer through CentOS Virt SIG.  If
>>> someone else would like to take on the job, you're welcome to try.  Pop
>>> by #centos-virt on Freenode to talk to us there if you're interested.
>>>
>>> For short term mitigation of the Meltdown issue on 4.4 with PV domains,
>>> your best bet is probably to use the "Vixen" shim solution, which George
>>> has put into the xen-44 package repository per his email from two days
>>> ago. Vixen allows you to run PV domains inside HVM guest containers.  It
>>> does not protect the guest from itself, but protects the domains from
>>> each other.  Long term, your best bet is to try to get up to a new
>>> version of Xen that is under upstream security support, probably 4.8.
>>
>> Oracle VM 3.4 product is based on Xen 4.4, and they seem to have backported 
>> the fixes already.. 
>>
>> It looks like those src.rpms have {CVE-2017-5753} {CVE-2017-5715} 
>> {CVE-2017-5754} fixes included.
>>
>> https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/thread.html
>> https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000816.html
>> https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000817.html
>>
>> http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-155.0.12.el6.src.rpm
>> http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-105.0.30.el6.src.rpm
> 
> That's impressive but dubious as Xen has not released any fixes for
> CVE-2017-5753 or CVE-2017-5715 even for 4.10 yet.
> 

It's not that dubious since its mainly Konrad Wilk and Boris Ostrovsky
that have been doing most of that :)

OracleVM also has a grub2 backport although I haven't really looked at that.

jch
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] lshw in centos 7

[Stephen John Smoogen]

On 11 January 2018 at 20:23, david  wrote:
> Folks
>
> I've been running lshw for years in both Centos 6 and Centos 7, yet just
> recently it started hanging.  Neither a Control^C nor a "kill" of the
> process cured the hang; only a reboot.
>

Is this just one system or a range of boxes? I just ran it on 2
different ones running CentOS 7 and it worked fine there. If it is
just one particular hardware then look through the lshw man page and
try the versions of something like

lshw -disable usb

to see if it still happens. [It might require other tests also.]


> When I run it by hand from the command line, it displays stuff on the next
> line overwriting it with things like PCI, USB.  And USB is the last thing I
> see.  A Control-C does not unlock it.
>
> I am running lshw-B.02.18-7.el7.x86_64.  The CPU is an Intel I7-3770K,
> running CentOS 7.4.1708
>
> Is there any idea? Is there some alternate program that could list the
> hardware?
>
> Thanks
>
> David
>
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel Flaw

[Stephen John Smoogen]

On 5 January 2018 at 12:53, Chris Olson  wrote:
> How does the latest Intel flaw relate to CentOS 6.x systems
> that run under VirtualBox hosted on Windows 7 computers? Given
> the virtual machine degree of separation from the hardware, can

Supposedly a virtual machine can detect and leak out in various ways.
Both Xen and qemu are working through patches to deal with this. Other
virtual software vendors are probably working on this also. I am not
sure why the patches to the operating system do not stop this but it
seems to do with how the modern CPU does virtualization which makes
the Windows 7 patches not applicable.

> this issue actually be detected and exploited in the operating
> systems that run virtually?  If there is a slow down associated
> with the fix, how much might it impact the virtual systems?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] possible issue with nvidia and new patches?

[John Hodrien]

On Thu, 4 Jan 2018, Zube wrote:


Twitter user stintel, in this thread:

https://twitter.com/stintel/status/948499157282623488

mentions a possible problem with the new patches and the
nvidia driver:

"As if the @Intel bug isn't bad enough, #KPTI renders @nvidia driver
incompatible due to GPL-only symbol 'cpu_tlbstate'. #epicfail"

Also:

https://twitter.com/tomasz_gwozdz/status/948590364679655429

https://twitter.com/BitsAndChipsEng/status/948578609761054721


I've seen no obvious problems with kernel-3.10.0-693.11.6.el7.x86_64 and
nvidia-x11-drv-384.98-2.el7.elrepo.x86_64.

This includes running under KVM with vfio passthrough.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] An rpmbuild spec question

[Stephen John Smoogen]

On Wed, Dec 27, 2017 at 3:41 PM  wrote:

> I'm trying to build a package to create a directory and install some
> files. My rpmbuild keeps failing, unable to cd into the directory, "no
> such". Now, in the tmpfile, I *see* it cd'ing into BUILD/opt, and the
> source was unzipped and untared into BUILD/opt/smipmicfg-1.27.0. In the
> spec file, I've even added a cd $RPM_BUILD_ROOT/opt, and I see it cd to
> there... and then it says it fails cd'ing into the directory under it.
>
> I've been doing a lot of googling, but nothing seems to fix this. Anyone
> got a clue?
>


Can you post any of the rpm spec file OR the tmp file? Without that it is
very hard to know what you are trying to do and what it is actually doing
instead.



>  mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] GUI/X11 login and shells other than bash?

[Stephen John Smoogen]

On 15 December 2017 at 17:39, Valeri Galtsev  wrote:


>> 4. I logged in as ssmoogen. I got a GNOME desktop
>> 5. I opened a terminal and my shell was tcsh.
>>
>> That took me 10 minutes. Due to this I am going to say that there is
>> something wrong with other parts of the start up environment from what
>> the shell is listed as in /etc/passwd, if the user has specific
>> startup scripts .xsession items or some similar problem based on
>> 'shell cruft'. People who work on many different systems have to
>> regularly add exceptions and special cases or unadd them when they
>> find stuff breaks.
>
> Thanks a lot! I will go thoroughly through user in question ~/.cshrc.
> Indeed, freshly created user with tcsh as default shell does successfully
> log in and X11 does not crash on him. One pilot error: I didn't check that
> before bugging everybody...
>
>> I would also check to see if there is a post
>> configuration setup which changed /etc/shells on the system. Another
>> common problem is that the shell or startsups are looking for
>> /usr/local/bin/tcsh which doesn't exist.
>
> Quick test with creating user with shell /bin/tcsh makes user successfully
> shown on GUI login. However, changing that user's shell to /usr/bin/tcsh
> makes user disappear from GUI login. And the second (/usr/bin/tcsh) in
> actual location of tcsh binary, whereas /bin/tcsh involves symlink /bin
> --> /usr/bin ... My other playing around with making different default
> user shells didn't always yield reproducible results... so I'll postpone
> anything conclusive till later. But looking into /etc/shells (Thanks
> again!!) shows that only bash gets unique privileged treatment, namely
>
>

I think that is mainly from /usr/bin/bash showing up in scripts which
check to see if they are allowed to be run by checking /etc/shells but
I am not 100% sure on that. None of the users I see created by the
built in tools give /usr/bin/bash as default shell but there are mods
for apache and other tools which use /etc/shell the see if user
scripts can run as such. Because most scripts are written in sh versus
csh this is a more likely scenario to run into. [I am not sure even
BSD systems write many scripts in csh.. I have only seen one major
script since 1992 that was in csh.] However in academia.. tcsh is
still used quite a lot from professors and their students who learned
on old BSD so it may be more common to have /usr/bin/csh

I wonder if adding /usr/bin/tcsh fixes the gnome account problem for you.



>
>>
>> Red Hat has a lot of different developers using pretty much every
>> shell that is shipped in RHEL and some which aren't even in Fedora.
>> The developers also use all kinds of different desktops and software..
>> while this doesn't mean bugs won't happen.. it does mean that if 'Red
>> Hat' was out to eradicate other shells, there would be posts on every
>> hacker site from Red Hat employees who wouldn't put up with it.
>>
>>
>>
>>> Thanks in advance for all your answers.
>>>
>>> Valeri
>>>
>>> 
>>> Valeri Galtsev
>>> Sr System Administrator
>>> Department of Astronomy and Astrophysics
>>> Kavli Institute for Cosmological Physics
>>> University of Chicago
>>> Phone: 773-702-4247
>>> 
>>> ___
>>> CentOS mailing list
>>> CentOS@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>
>>
>>
>> --
>> Stephen J Smoogen.
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
>
> 
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] GUI/X11 login and shells other than bash?

[Stephen John Smoogen]

On 15 December 2017 at 13:24, Valeri Galtsev  wrote:
> Dear Experts,
>
> After one of updates that was released some time ago (a Month ago or maybe
> even earlier) I have noticed the following. On the machines with default
> runlevel 5 (sorry about old terminology, the new one is still confusing
> for me ;-) GUI/X11 login (display manager) lists only users whose default
> shell is bash. Or, at least users whose default shell is tcsh are not
> listed at all, and if they attempt to log in just by giving their UNIX
> username, their X11 session "crashes", meaning that after attempting to
> start, it just trows one back to GUI/X11 login screen.
>
> I really do not want to start this shell vs that shell flame war
> (especially that I myself prefer not tcsh but sh and/or bash for
> scripting...). But I respect my user's freedom of choosing default shell,
> so this is really big issue IMHO.
>
> I just wonder: does RedHat (CentOS's upstream vendor) dislike and is
> willing to eradicate all shells except for bash, or what I see is just my
> own pilot's error?
>

Just for future advise.. for someone who says they don't want to start
a flamewar.. you worded that pretty much like you wanted to start a
flame war.

This was simple to test.

1. I installed RHEL-7 in a virtual machine.
2. I created an account with its shell /bin/tcsh [useradd ssmoogen -s
/bin/tcsh ]
3. I went to the login screen. There was an ssmoogen there
4. I logged in as ssmoogen. I got a GNOME desktop
5. I opened a terminal and my shell was tcsh.

That took me 10 minutes. Due to this I am going to say that there is
something wrong with other parts of the start up environment from what
the shell is listed as in /etc/passwd, if the user has specific
startup scripts .xsession items or some similar problem based on
'shell cruft'. People who work on many different systems have to
regularly add exceptions and special cases or unadd them when they
find stuff breaks. I would also check to see if there is a post
configuration setup which changed /etc/shells on the system. Another
common problem is that the shell or startsups are looking for
/usr/local/bin/tcsh which doesn't exist.

Red Hat has a lot of different developers using pretty much every
shell that is shipped in RHEL and some which aren't even in Fedora.
The developers also use all kinds of different desktops and software..
while this doesn't mean bugs won't happen.. it does mean that if 'Red
Hat' was out to eradicate other shells, there would be posts on every
hacker site from Red Hat employees who wouldn't put up with it.



> Thanks in advance for all your answers.
>
> Valeri
>
> 
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with dnscrypt's package from EPEL

[Stephen John Smoogen]

Can you give more information on the unbound setup? We use unbound in
Fedora Infrastructure on RHEL-7 servers. I know there is an selinux
dance we have to do to start it properly without a special policy...
but I don't know exactly the details on why.

On 11 December 2017 at 03:56, C. L. Martinez <carlopm...@gmail.com> wrote:
> Sorry Stephen. I have enabled another dnscrypt process in port 6355 to
> test ... But no luck.
>
> On the other side, I am not sure if dnscrypt the problem. I have
> replaced unbound by dnsmasq and voila! ... All it is working very fast
> (and dnsmasq only spends 75 MiB of RAM, when unbound spends 400 MiB).
> And no more SERVFAIL errors ... But I don't understand where is the
> problem with unbound.conf's file then. Using same config for dnscrypt
> and unbound in a FreeBSD vm, all works ok.
>
> On Sun, Dec 10, 2017 at 8:10 PM, Stephen John Smoogen <smo...@gmail.com> 
> wrote:
>> Not sure if this is a factor yet, but your forwardzone is looking for
>> 3 ports but only 2 ports are configured in the systemd startup.. so
>> are 1/3 of all lookups going to fail? Or is the 6355 a 'given' (aka it
>> will be set up whether 6353 and 6354 are setup?)
>>
>> On 9 December 2017 at 16:45, C. L. Martinez <carlopm...@gmail.com> wrote:
>>> On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote:
>>>> On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:
>>>> > On 9 December 2017 at 14:04, C. L. Martinez <carlopm...@gmail.com> wrote:
>>>> > > Hi all,
>>>> > >
>>>> > >  I have installed dnscrypt's rpm package from EPEL repo under a CentOS 
>>>> > > 7.4 and using unbound as a resolver. But, I see constant timeouts and 
>>>> > > responses are very slow ... Using same config in a Debian 9 virtual 
>>>> > > machine, all works ok.
>>>> > >
>>>> > >  I think the problem is with dnscrypt's rpm package provided by EPEL. 
>>>> > > Anyone have seen similar problems?
>>>> > >
>>>> >
>>>> > Can you give some more information on what you are seeing and how you
>>>> > have it set up? I can try to duplicate it in EPEL and/or put in bugs
>>>> > on the package.
>>>> >
>>>> >
>>>>
>>>> Of course and thanks in advance Stephen. My dnscrypt startup scripts use 
>>>> the following options:
>>>>
>>>> [Service]
>>>> Type=forking
>>>> PIDFile=/var/run/dnscrypt-cs.pid
>>>> ExecStart=/usr/sbin/dnscrypt-proxy \
>>>>   --daemonize \
>>>>   --user=nobody \
>>>>   --pidfile=/var/run/dnscrypt-cs.pid \
>>>>   --ephemeral-keys \
>>>>   --resolver-name=cs-fi \
>>>>   --logfile=/tmp/cs.log \
>>>>   --local-address=127.0.0.1:6354
>>>> Restart=on-abort
>>>>
>>>> [Service]
>>>> Type=forking
>>>> PIDFile=/var/run/dnscrypt-ipredator.pid
>>>> ExecStart=/usr/sbin/dnscrypt-proxy \
>>>>   --daemonize \
>>>>   --user=nobody \
>>>>   --pidfile=/var/run/dnscrypt-ipredator.pid \
>>>>   --ephemeral-keys \
>>>>   --resolver-name=ipredator \
>>>>   --logfile=/tmp/ipredator.log \
>>>>   --local-address=127.0.0.1:6353
>>>> Restart=on-abort
>>>>
>>>> And unbound.conf is:
>>>>
>>>> server:
>>>>   interface: 127.0.0.1
>>>>   interface: 172.22.54.4
>>>>   interface: ::1
>>>>   port: 53
>>>>   do-ip6: no
>>>>   do-udp: yes
>>>>   do-tcp: yes
>>>>   num-threads: 1
>>>>
>>>>   access-control: 0.0.0.0/0 refuse
>>>>   access-control: 127.0.0.0/8 allow
>>>>   access-control: ::0/0 refuse
>>>>   access-control: ::1 allow
>>>>   access-control: 172.22.54.0/29 allow
>>>>   access-control: 172.22.55.1 allow
>>>>
>>>>   hide-identity: yes
>>>>   hide-version: yes
>>>>
>>>>   do-not-query-localhost: no
>>>>   val-permissive-mode: yes
>>>>   val-clean-additional: yes
>>>>   module-config: "validator iterator"
>>>
>>> Oops .. sorry. There are more options in unbound.conf's file:
>>>
>>> remote-control:
>>> control-enable: yes
>>> control-use-cert: yes
>>> control-interface: 127.0.0.1
>>>
>>> forward-zone:
>>> name: "."
>>> forward-addr: 127.0.0.1@6353
>>> forward-addr: 127.0.0.1@6354
>>> forward-addr: 127.0.0.1@6355
>>>
>>> Sorry.
>>>
>>> --
>>> Greetings,
>>> C. L. Martinez
>>> ___
>>> CentOS mailing list
>>> CentOS@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>>
>>
>>
>> --
>> Stephen J Smoogen.
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LUKS question

[John Hodrien]

On Wed, 13 Dec 2017, Kern, Thomas (CONTR) wrote:


If your requirement is for the entire system to be encrypted then I think
the only is a system rebuild, but if you can convince management that a good
compromise is encrypting only the applications and their data, you should be
able to add encrypted storage, copy the sensitive files and wipe the old
allocations. I have done this for a test system encrypting a MySQL database
instance and a web server instance, in anticipation of an "encrypted at
rest" directive coming down from management.


How about:

Add temporary storage, encrypted, set as a PV, add to VG.  Rebuild initramfs,
and reboot, confirming that it properly unlocks the storage as expected.
pvmove, delete internal PV and replace with encrypted PV, pvmove back?

You'd hope that'd be quite tolerant of being interrupted in the middle.

If you're happy that works, the same recipe should work without a reboot.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] LUKS question

[John R Pierce]

On 12/12/2017 3:42 PM, Robert Nichols wrote:

On 12/12/2017 08:41 AM, Wells, Roger K. wrote:

I have existing systems with un-encrypted disks.
I have tried unsuccessfully to encrypt them using LUKS.
Has anyone out there been able to encrypt an existing system (after 
the fact, so to speak)?


You can do that with cryptsetup-reencrypt, but it needs to be able to 
make space for the ~2MB LUKS header ahead of the filesystem in the 
partition. That's a fairly risky operation -- shrinking the filesystem 
slightly and shifting it over.



the whole reencrypt process is subject to complete failure if the system 
reboots partly through as there's no way to deal with partially 
encrypted and partially cleartext.



An alternative is LUKS with a detached header, but maintaining that 
relationship is an administrative headache with a severe penalty for 
error. 



I'd say disk encryption in general is an admin headache with severe 
penalty for error.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with dnscrypt's package from EPEL

[Stephen John Smoogen]

Not sure if this is a factor yet, but your forwardzone is looking for
3 ports but only 2 ports are configured in the systemd startup.. so
are 1/3 of all lookups going to fail? Or is the 6355 a 'given' (aka it
will be set up whether 6353 and 6354 are setup?)

On 9 December 2017 at 16:45, C. L. Martinez <carlopm...@gmail.com> wrote:
> On Sat, Dec 09, 2017 at 10:25:41PM +0100, C. L. Martinez wrote:
>> On Sat, Dec 09, 2017 at 03:03:52PM -0500, Stephen John Smoogen wrote:
>> > On 9 December 2017 at 14:04, C. L. Martinez <carlopm...@gmail.com> wrote:
>> > > Hi all,
>> > >
>> > >  I have installed dnscrypt's rpm package from EPEL repo under a CentOS 
>> > > 7.4 and using unbound as a resolver. But, I see constant timeouts and 
>> > > responses are very slow ... Using same config in a Debian 9 virtual 
>> > > machine, all works ok.
>> > >
>> > >  I think the problem is with dnscrypt's rpm package provided by EPEL. 
>> > > Anyone have seen similar problems?
>> > >
>> >
>> > Can you give some more information on what you are seeing and how you
>> > have it set up? I can try to duplicate it in EPEL and/or put in bugs
>> > on the package.
>> >
>> >
>>
>> Of course and thanks in advance Stephen. My dnscrypt startup scripts use the 
>> following options:
>>
>> [Service]
>> Type=forking
>> PIDFile=/var/run/dnscrypt-cs.pid
>> ExecStart=/usr/sbin/dnscrypt-proxy \
>>   --daemonize \
>>   --user=nobody \
>>   --pidfile=/var/run/dnscrypt-cs.pid \
>>   --ephemeral-keys \
>>   --resolver-name=cs-fi \
>>   --logfile=/tmp/cs.log \
>>   --local-address=127.0.0.1:6354
>> Restart=on-abort
>>
>> [Service]
>> Type=forking
>> PIDFile=/var/run/dnscrypt-ipredator.pid
>> ExecStart=/usr/sbin/dnscrypt-proxy \
>>   --daemonize \
>>   --user=nobody \
>>   --pidfile=/var/run/dnscrypt-ipredator.pid \
>>   --ephemeral-keys \
>>   --resolver-name=ipredator \
>>   --logfile=/tmp/ipredator.log \
>>   --local-address=127.0.0.1:6353
>> Restart=on-abort
>>
>> And unbound.conf is:
>>
>> server:
>>   interface: 127.0.0.1
>>   interface: 172.22.54.4
>>   interface: ::1
>>   port: 53
>>   do-ip6: no
>>   do-udp: yes
>>   do-tcp: yes
>>   num-threads: 1
>>
>>   access-control: 0.0.0.0/0 refuse
>>   access-control: 127.0.0.0/8 allow
>>   access-control: ::0/0 refuse
>>   access-control: ::1 allow
>>   access-control: 172.22.54.0/29 allow
>>   access-control: 172.22.55.1 allow
>>
>>   hide-identity: yes
>>   hide-version: yes
>>
>>   do-not-query-localhost: no
>>   val-permissive-mode: yes
>>   val-clean-additional: yes
>>   module-config: "validator iterator"
>
> Oops .. sorry. There are more options in unbound.conf's file:
>
> remote-control:
> control-enable: yes
> control-use-cert: yes
> control-interface: 127.0.0.1
>
> forward-zone:
> name: "."
> forward-addr: 127.0.0.1@6353
> forward-addr: 127.0.0.1@6354
> forward-addr: 127.0.0.1@6355
>
> Sorry.
>
> --
> Greetings,
> C. L. Martinez
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with dnscrypt's package from EPEL

[Stephen John Smoogen]

On 9 December 2017 at 14:04, C. L. Martinez  wrote:
> Hi all,
>
>  I have installed dnscrypt's rpm package from EPEL repo under a CentOS 7.4 
> and using unbound as a resolver. But, I see constant timeouts and responses 
> are very slow ... Using same config in a Debian 9 virtual machine, all works 
> ok.
>
>  I think the problem is with dnscrypt's rpm package provided by EPEL. Anyone 
> have seen similar problems?
>

Can you give some more information on what you are seeing and how you
have it set up? I can try to duplicate it in EPEL and/or put in bugs
on the package.


> Thanks.
>
> --
> Greetings,
> C. L. Martinez
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Broadcom BCM4360

[John R Pierce]

On 12/4/2017 4:19 PM, Gregory P. Ennis wrote:

I would replace that if possible (Intel would be great candidate), or
use USB adapters others suggest.


yeah, Intel wifi cards are generally excellent and well supported.

I don't like USB wifi at all.   the antennas are tiny and have very poor 
gain or efficiency.   you want to get an internal mPCI-E card or 
whatever it is your laptop expects, as that will connect to the built in 
antenna which runs along the top of the screen on most laptops and will 
give you FAR better signal gain resulting in better range, and faster 
transfers



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Broadcom BCM4360

[John R Pierce]

On 12/3/2017 11:10 PM, Phil Perry wrote:
Correct, elrepo isn't able to freely redistribute the drivers due 
Broadcom's licensing, but does provide instructions and a SRPM (minus 
tarball) for you to build yourself.


Alternatively, for $8 you can purchase an adaptor that is natively 
supported and will work out of the box:


https://www.amazon.com/Edimax-EW-7811Un-150Mbps-Raspberry-Supports/dp/B003MTTJOY/ref=sr_1_1?ie=UTF8=1512370979=8-1=edimax+n150 



https://www.newegg.com/Product/Product.aspx?Item=N82E16833315091_re=edimax_n150-_-33-315-091-_-Product 



The above adaptor is based on the Realtek RTL8188CUS chipset and uses 
the rtl8192cu kernel driver. 



those are only 11N adapters, the OP asked about a 11AC card.

--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Broadcom BCM4360

[John R Pierce]

On 12/3/2017 4:22 PM, Gregory P. Ennis wrote:

I have not been able to get it to work Centos 7.4 machine.  Some of the
  centos user posts had indicated the nux repsitory had a Centos 7 kmod-
wl, but it is not present when I tried to search or or install it at
this time.


this looks potentionally helpful

http://elrepo.org/tiki/wl-kmod

it appears those are closed source drivers with funky licenses, so they 
can't just be redistributed without assumption of liability.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] time foo

[John R Pierce]

On 12/1/2017 11:32 AM, hw wrote:
So this would mean that the database (running on a different server) 
takes
almost two times as much as foo --- which I would consider kinda 
excruciatingly
long because it´s merely inserting rows into two different tables 
after they were

prepared by foo and then processes some queries to convert the data.

The queries after importing may take like 3 or 5 minutes.  About 4.5 
million rows
are being imported. 


so you're missing about 25 minutes, and maybe 5 minutes is spent post 
processing, so thats 20 minutes spent in the data insertion?


inserting one row at a time?  or in batches?    remeber a database 
server is going to do commits after each transaction, which forces the 
data to be flushed to disk.   4.5 million seperate row transactions, 
yeah, I could see that taking some time, plus add that many network 
round trips, etcetc.   if the db server just has a single SATA disk, 
you're doing 9 million committed writes combined to the two tables?    
20 minutes for 9 million inserts, thats 7500 per second.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] time foo

[Stephen John Smoogen]

On 1 December 2017 at 14:32, hw  wrote:
> Gordon Messmer wrote:
>>
>> On 12/01/2017 08:49 AM, hw wrote:
>>>
>>> # time foo
>>> real43m39.841s
>>> user15m31.109s
>>> sys 0m44.136s
>>>
>>>
>>> Almost 30 minutes have disappeared, but it actually took about that long,
>>> so what happened?
>>
>>
>>
>> I may misunderstand your question, but
>>
>> "time" is provided by the bash shell.  It may be provided by a command if
>> you are using a different shell.  When the command following the "time"
>> keyword completes, bash will print the amount of elapsed time (the amount of
>> time that passed between the command's start and its exit), the amount of
>> time the command was using the CPU and not in a sleep state, and the amount
>> of time the kernel was using the CPU to service requests from the command.
>>
>> So your "foo" application was in a sleep state for around 30 minutes of
>> the 44 minutes that passed between when you started it and when it finished.
>
>
> Hm.  Foo is a program that imports data into a database from two CVS files,
> using a connection for each file and forking to import both files at once.
>
> So this would mean that the database (running on a different server) takes
> almost two times as much as foo --- which I would consider kinda
> excruciatingly
> long because it´s merely inserting rows into two different tables after they
> were
> prepared by foo and then processes some queries to convert the data.
>
> The queries after importing may take like 3 or 5 minutes.  About 4.5 million
> rows
> are being imported.
>
> Would you consider about 20 minutes for importing as long?

That depends on a lot of things.. from drive speed to drive layout to
database to network congestion to... without that information the
question is not answerable.


>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] time foo

[Stephen John Smoogen]

On 1 December 2017 at 11:49, hw  wrote:
>
> Hi,
>
> isn´t this weird:
>
>
> # time foo
> real43m39.841s
> user15m31.109s
> sys 0m44.136s
>

This is counting the CPU time that a process used. If something is not
in 'CPU' but waiting on input etc it might not get counted in user or
sys. There is also the fact that the builtin bash time command you
used calculates things differently from the /usr/bin/time command.

From the /usr/bin/time man page
Note: some shells (e.g., bash(1)) have a  built-in  time  command  that
   provides less functionality than the command described here.  To access
   the real command, you may need to specify its pathname (something  like
   /usr/bin/time).

From the bash man page
   When the shell is in posix mode, time may be followed by a newline.  In
   this case, the shell displays the total user and system  time  consumed
   by  the shell and its children.  The TIMEFORMAT variable may be used to
   specify the format of the time information.

The built in time is actually meant to be used with measuring pipeline
information but can be used by itself


>
> Almost 30 minutes have disappeared, but it actually took about that long,
> so what happened?
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] semi-OT:apcupsd

[John R Pierce]

On 11/17/2017 7:16 AM, m.r...@5-cent.us wrote:

I can't seem to find apcupsd for C 6. Just went to epel's website, and not
visible. Anyone have a clue?



suggestion, use NUT instead, the Network UPS Tools  works for all 
sorts of UPS's, not just APC, and supports a master/slave sort of 
network control of power management.

here's the project site for an overview... http://networkupstools.org/

nut is in EPEL

--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP laptops with CentOS 7?

[John R Pierce]

On 11/16/2017 10:34 PM, Sorin Srbu wrote:

It is, thank you!
Real life experiences are worth a lot to me, thanks again.


the problem is, a couple year old model is probably core gen 5... a new 
one will be core gen 7, Kaby Lake, and thats where there are more likely 
problems.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Issues with Virtualbox

[John R Pierce]

On 11/16/2017 7:46 AM, Abhinay Khanna wrote:

I am getting an error in intializing VirtualBox . It's giving me an error

"Failed to acquire the VirtualBox COM object".
Result Code : NS_ERROR_FAILURE

The application is keep getting terminated.


and how does this Oracle product relate to CentOS Linux ?

--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Samba help

[John R Pierce]

On 11/14/2017 6:41 PM, Albert McCann wrote:

See if adding these under [global] helps in smb.conf:

server max protocol = SMB3
client signing = required
max protocol = SMB2
server signing = auto
client use spnego = no
client ntlmv2 auth = no
client ipc max protocol = NT1
client ipc signing = auto
idmap config * : backend = tdb

These are what I added when upgrading from C5's Samba 3 to C7's Samba 4.



if you're coming from C6, I do believe I'd add these one at a time, as 
C5 was *way* older.


in particular, I suspect 'max protocol = SMB2' isn't going to play well 
with win10.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intermittently unresponsive mouse

[John R Pierce]

On 11/7/2017 3:47 PM, H wrote:

I think you were right. I moved the computer a little bit closer and no longer 
have the problem. It is a Bluetooth mouse, I did not know that they were that 
sensitive to the distance...



Bluetooth in absence of other 2.4Ghz  interference (cough, wifi) can 
work reasonably well at like 20-30 feet.    if there's active nearby 
wifi on 2.4Ghz, forget it, much closer.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Nvidia error

[John Hodrien]

On Mon, 6 Nov 2017, Jerry Geis wrote:


I have uninstalled the above and reinstalled. Same issue.


But did you reboot (or at least unload/load the nvidia kernel module)?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Maria 10 breaks unixodbc mysql connector

[John Harragin]

So here is what happened. The Mariadb-server 10 installation does replace a
file that the mysql-connector-odbc driver depends upon.

However, I used the red hat enterprise driver at:
https://downloads.mariadb.org/connector-odbc/
copied it to /usr/lib64/libmaodbc.so


...added the following text to: /etc/odbcinst.ini
[maodbc]
Driver = /usr/lib64/libmaodbc.so
Description = MariaDB ODBC Connector

...redirected dns connection to the new driver.

Now mariadb-server 10 can be added without causing any troubles.  I used
the repository at mariadb.org, but I am sure that using the SIG repository
would also be fine.

At the moment, I did not find the driver packaged specifically for centos.

On Fri, Nov 3, 2017 at 11:01 AM, John Harragin <jharr...@mw.k12.ny.us>
wrote:

> I think the solution may exist.
>
> The compatibility of mysql-connector-odbc with maria may just means the
> driver can access the mariadb - but my experience suggests not live on the
> same host.
>
> maria has its own connector:
> https://downloads.mariadb.org/connector-odbc/
>
> it does not look like this is in the sig, so I'll have to turn to the
> maria repo.
>
> I'll try replacing the driver first, then install the server - and I may
> be good to go.
>
> On Fri, Nov 3, 2017 at 10:23 AM, John Harragin <jharr...@mw.k12.ny.us>
> wrote:
>
>> What I have found is that the only new shared objects between the
>> different versions of the running isqls is:
>>
>> < lrwxrwxrwx. 1 root root 24 Oct 31 21:25 
>> /usr/lib64/mysql/libmysqlclient.so.18
>> -> libmysqlclient.so.18.0.0
>> > lrwxrwxrwx. 1 root root 24 Nov  2 12:13 
>> > /usr/lib64/mysql/libmysqlclient.so.18
>> -> libmysqlclient.so.18.0.0
>>
>> ... also this is the only shared object with a different node-ID between
>> the 2 instances.
>>
>>
>> From the journal:
>>
>> Nov 02 12:17:23 ec-ast kernel: isql[39065]: segfault at 10070 ip
>> 7ff0998b3f7e sp 7ffc9693bb90 error 4 in
>> libmyodbc5w.so[7ff09988d000+47000]
>>
>> # yum search odbc | grep -E "my|mar"
>> mysql-connector-odbc.x86_64 : ODBC driver for MySQL
>>
>> [root@ec-ast unixodbcproblem]# yum info mysql-connector-odbc.x86_64
>> Loaded plugins: fastestmirror
>> Loading mirror speeds from cached hostfile
>>  * base: mirrors.lga7.us.voxel.net
>>  * epel: epel.mirror.constant.com
>>  * extras: mirror.atlanticmetro.net
>>  * updates: mirror.atlanticmetro.net
>> Installed Packages
>> Name: mysql-connector-odbc
>> Arch: x86_64
>> Version : 5.2.5
>> Release : 6.el7
>> Size: 427 k
>> Repo: installed
>> From repo   : base
>> Summary : ODBC driver for MySQL
>> URL : http://dev.mysql.com/downloads/connector/odbc/
>> License : GPLv2 with exceptions
>> Description : An ODBC (rev 3) driver for MySQL, for use with unixODBC.
>>
>> yum whatprovides '*libmyodbc5w.so'
>> ...indicates that this is the only source (for my Repo list) for this
>> package which contains the segfaulting file.
>>
>> ...
>>
>> On Thu, Nov 2, 2017 at 1:38 PM, John Harragin <jharr...@mw.k12.ny.us>
>> wrote:
>>
>>> OK, I tried again. I ran the following series of commands (some output
>>> in attached file):
>>>
>>> On a separate session, the first sqli process 29669 worked continually.
>>> On a separate session (after mariadb-server 10.1 is installed), isql
>>> opens (proc 39065), but SegFaults upon running a query.
>>>
>>>
>>> mkdir /tmp/unixodbcproblem
>>> ps -A | grep isql
>>> PROCESS=29669
>>> lsof | grep ${PROCESS} > /tmp/unixodbcproblem/lsof.${PROCESS}
>>> for f in $(pldd ${PROCESS}); do ls -l $f; done >
>>> /tmp/unixodbcproblem/pldd.${PROCESS}
>>> yum install mariadb-server
>>> ps -A | grep isql
>>> PROCESS=39065
>>> lsof | grep ${PROCESS} > /tmp/unixodbcproblem/lsof.${PROCESS}
>>> for f in $(pldd ${PROCESS}); do ls -l $f; done >
>>> /tmp/unixodbcproblem/pldd.${PROCESS}
>>> setenforce 0# Ran isql again. Still segmentation
>>> fault. Just to make sure this not the problem
>>> sestatus
>>> yum history list# This reported the most recent
>>> mariadb-server install as: 53
>>> yum history undo 53
>>> exit
>>>
>>> # ls /tmp/unixodbcproblem/
>>> lsof.29669  lsof.39065  pldd.29669  pldd.39065
>>>
>>&g

Re: [CentOS] HP laptops with CentOS 7?

[John R Pierce]

On 11/5/2017 10:45 PM, Sorin Srbu wrote:

What would you consider be a tested and proven working, newish chipset?



its really the CPU now that matters, rather than the 'chipset', as most 
all the base IO devices are in the CPU (ethernet, sata, video).


I think Kaby Lake support is still a sketchy, thats Core gen 7. (i-7xxx).

I'm not sure what the state of Skylake is (gen 6)

Broadwell should be very solid at this point (5th gen), that was new in 
early 2015.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

On 11/4/2017 11:39 AM, Valeri Galtsev wrote:

How does spending between 300 and 800 for an Areca 8 port pay out when you
can get a P410 for less than 100?  Are they 3--8 times faster, 3--8 times
easier to replace, 3--8 times more reliable, 3--8 times easier to use,
3--8 times more durable, 3--8 times more energy efficient?  What is it
that
makes them worthwhile?

HP P410 controller is by no means close and by no means comparable with
any of Areca RAID controllers. If I'm reading the description correctly,
P410 supports: RAID 0, RAID 1, RAID 10



you need the optional cache module and the feature option for the p410 
to support raid 5/6.   I always ordered my HPs with the larger cache and 
the 'flash backed writeback cache' option rather than battery backed 
(flash backed uses supercaps which last approximately forever, while 
raid battery backup tends to fail in 3-4 years).


p410 is already quite obsolete, the gen8 servers I ordered a couple 
years ago came with P420, I don't doubt thats been replaced in gen9 stuff.


my personal preference is to get rid of the raid cards entirely and use 
plain SAS HBA's with OS native raid support, for everything but 
dedicated windows servers.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

On 11/4/2017 1:54 AM, hw wrote:
I bought a used HP DL180g6 a couple years ago, 12 x 3.5" on the front 
panel, and 2 more in back, came with all 14 HP trays, dual X5650.   
its a personal/charity server sitting at a coloc here in town.   I 
have several of the same model server at work with 25 x 2.5" drives 
(and x5660 and more ram), they are workhorses.


A couple years ago, yes.  Now, not anymore. 



https://www.ebay.com/i/253122917302?chn=ps=1


--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

On 11/3/2017 1:31 AM, hw wrote:
2.5" SAS drives spinning at 10k and 15k RPM are the performance 
solution for online storage, like databases and so forth.   also make 
more sense for large arrays of SSDs, as they don't even come in 
3.5".    With 2.5" you can pack more disks per U (24-25 2.5" per 2U 
face, vs 12 3.5" max per 2U)... more disks == more IOPS.


That´s not for storage because it´s so expensive that you can only use it
for the limited amounts of data that actually benefit from, or require,
the advantage in performance.  For this application, it makes perfectly
sense.



online high performance storage, vs nearline/archival storage. the first 
needs high IOPS and high concurrency.    the 2nd needs high capacity, 
fast sequential speeds but little or no random access..    two 
completely different requirements.  both are 'storage'.


3.5" SATA drives spinning at 5400 and 7200 rpm are the choice for 
large capacity bulk 'nearline' storage which is typically 
sequentially written once


Why would you write them only once?  Where are you storing your data 
when you
do that? 


I meant to say write occasionally.    on a nearline bulk system, files 
tend to get written sequentially, and stored for a long time.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

On 11/3/2017 1:25 AM, hw wrote:
That only goes when you buy new.  Look at what you can get used, and 
you´ll
see that there´s basically nothing that fits 3.5" drives. 



I bought a used HP DL180g6 a couple years ago, 12 x 3.5" on the front 
panel, and 2 more in back, came with all 14 HP trays, dual X5650.   its 
a personal/charity server sitting at a coloc here in town.   I have 
several of the same model server at work with 25 x 2.5" drives (and 
x5660 and more ram), they are workhorses.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

On 11/3/2017 1:19 AM, hw wrote:

Y'know, I just had a thought: are there folks here who, when they say
"server", are *not* thinking of rackmount servers?


Does it matter?  19" cases are very well thought out, easy to work on
and fit nicely into the racks.  You can always use something else and
enjoy the disadvantages, but why would you. 



rack servers tend to be rather noisy, if they are being used in a SMB or 
SOHO environment you're probably looking at a tower server.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Maria 10 breaks unixodbc mysql connector

[John Harragin]

I think the solution may exist.

The compatibility of mysql-connector-odbc with maria may just means the
driver can access the mariadb - but my experience suggests not live on the
same host.

maria has its own connector:
https://downloads.mariadb.org/connector-odbc/

it does not look like this is in the sig, so I'll have to turn to the maria
repo.

I'll try replacing the driver first, then install the server - and I may be
good to go.

On Fri, Nov 3, 2017 at 10:23 AM, John Harragin <jharr...@mw.k12.ny.us>
wrote:

> What I have found is that the only new shared objects between the
> different versions of the running isqls is:
>
> < lrwxrwxrwx. 1 root root 24 Oct 31 21:25 
> /usr/lib64/mysql/libmysqlclient.so.18
> -> libmysqlclient.so.18.0.0
> > lrwxrwxrwx. 1 root root 24 Nov  2 12:13 
> > /usr/lib64/mysql/libmysqlclient.so.18
> -> libmysqlclient.so.18.0.0
>
> ... also this is the only shared object with a different node-ID between
> the 2 instances.
>
>
> From the journal:
>
> Nov 02 12:17:23 ec-ast kernel: isql[39065]: segfault at 10070 ip
> 7ff0998b3f7e sp 7ffc9693bb90 error 4 in libmyodbc5w.so[7ff09988d000+
> 47000]
>
> # yum search odbc | grep -E "my|mar"
> mysql-connector-odbc.x86_64 : ODBC driver for MySQL
>
> [root@ec-ast unixodbcproblem]# yum info mysql-connector-odbc.x86_64
> Loaded plugins: fastestmirror
> Loading mirror speeds from cached hostfile
>  * base: mirrors.lga7.us.voxel.net
>  * epel: epel.mirror.constant.com
>  * extras: mirror.atlanticmetro.net
>  * updates: mirror.atlanticmetro.net
> Installed Packages
> Name: mysql-connector-odbc
> Arch: x86_64
> Version : 5.2.5
> Release : 6.el7
> Size: 427 k
> Repo: installed
> From repo   : base
> Summary : ODBC driver for MySQL
> URL : http://dev.mysql.com/downloads/connector/odbc/
> License : GPLv2 with exceptions
> Description : An ODBC (rev 3) driver for MySQL, for use with unixODBC.
>
> yum whatprovides '*libmyodbc5w.so'
> ...indicates that this is the only source (for my Repo list) for this
> package which contains the segfaulting file.
>
> ...
>
> On Thu, Nov 2, 2017 at 1:38 PM, John Harragin <jharr...@mw.k12.ny.us>
> wrote:
>
>> OK, I tried again. I ran the following series of commands (some output in
>> attached file):
>>
>> On a separate session, the first sqli process 29669 worked continually.
>> On a separate session (after mariadb-server 10.1 is installed), isql
>> opens (proc 39065), but SegFaults upon running a query.
>>
>>
>> mkdir /tmp/unixodbcproblem
>> ps -A | grep isql
>> PROCESS=29669
>> lsof | grep ${PROCESS} > /tmp/unixodbcproblem/lsof.${PROCESS}
>> for f in $(pldd ${PROCESS}); do ls -l $f; done >
>> /tmp/unixodbcproblem/pldd.${PROCESS}
>> yum install mariadb-server
>> ps -A | grep isql
>> PROCESS=39065
>> lsof | grep ${PROCESS} > /tmp/unixodbcproblem/lsof.${PROCESS}
>> for f in $(pldd ${PROCESS}); do ls -l $f; done >
>> /tmp/unixodbcproblem/pldd.${PROCESS}
>> setenforce 0# Ran isql again. Still segmentation
>> fault. Just to make sure this not the problem
>> sestatus
>> yum history list# This reported the most recent
>> mariadb-server install as: 53
>> yum history undo 53
>> exit
>>
>> # ls /tmp/unixodbcproblem/
>> lsof.29669  lsof.39065  pldd.29669  pldd.39065
>>
>>
>>
>> This is what I get when mariadb-server 10.1 is installed:
>>
>> # isql -vv mccmysql ec-ast ec
>> +---+
>> | Connected!|
>> |   |
>> | sql-statement |
>> | help [tablename]  |
>> | quit  |
>> |   |
>> +---+
>> SQL> SELECT e_extnum FROM ext LIMIT 5;
>> Segmentation fault
>>
>>
>> This is what I get when mariadb-server is not installed:
>>
>> # isql -vv mccmysql ec-ast ec
>> +---+
>> | Connected!|
>> |   |
>> | sql-statement     |
>> | help [tablename]  |
>> | quit  |
>> |   |
>> +---+
>> SQL> SELECT e_extnum FROM ext LIMIT 1;
>> +-+
>> | e_extnum|
>> +-+
>> | 6011|
>> +-+
>> SQLRowCount returns 1
>> 1 rows fetched
>> SQL> quit
>>
>>
>> I going to sed & diff... these files to see what I find. If anyone has
>> any suggestions of tools for this type of investigation, I would love to
>> hear about it.
>>
>> John
>>
>
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Maria 10 breaks unixodbc mysql connector

[John Harragin]

What I have found is that the only new shared objects between the different
versions of the running isqls is:

< lrwxrwxrwx. 1 root root 24 Oct 31 21:25
/usr/lib64/mysql/libmysqlclient.so.18 -> libmysqlclient.so.18.0.0
> lrwxrwxrwx. 1 root root 24 Nov  2 12:13
/usr/lib64/mysql/libmysqlclient.so.18 -> libmysqlclient.so.18.0.0

... also this is the only shared object with a different node-ID between
the 2 instances.


>From the journal:

Nov 02 12:17:23 ec-ast kernel: isql[39065]: segfault at 10070 ip
7ff0998b3f7e sp 7ffc9693bb90 error 4 in
libmyodbc5w.so[7ff09988d000+47000]

# yum search odbc | grep -E "my|mar"
mysql-connector-odbc.x86_64 : ODBC driver for MySQL

[root@ec-ast unixodbcproblem]# yum info mysql-connector-odbc.x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.lga7.us.voxel.net
 * epel: epel.mirror.constant.com
 * extras: mirror.atlanticmetro.net
 * updates: mirror.atlanticmetro.net
Installed Packages
Name: mysql-connector-odbc
Arch: x86_64
Version : 5.2.5
Release : 6.el7
Size: 427 k
Repo: installed
>From repo   : base
Summary : ODBC driver for MySQL
URL : http://dev.mysql.com/downloads/connector/odbc/
License : GPLv2 with exceptions
Description : An ODBC (rev 3) driver for MySQL, for use with unixODBC.

yum whatprovides '*libmyodbc5w.so'
...indicates that this is the only source (for my Repo list) for this
package which contains the segfaulting file.

...

On Thu, Nov 2, 2017 at 1:38 PM, John Harragin <jharr...@mw.k12.ny.us> wrote:

> OK, I tried again. I ran the following series of commands (some output in
> attached file):
>
> On a separate session, the first sqli process 29669 worked continually.
> On a separate session (after mariadb-server 10.1 is installed), isql opens
> (proc 39065), but SegFaults upon running a query.
>
>
> mkdir /tmp/unixodbcproblem
> ps -A | grep isql
> PROCESS=29669
> lsof | grep ${PROCESS} > /tmp/unixodbcproblem/lsof.${PROCESS}
> for f in $(pldd ${PROCESS}); do ls -l $f; done >
> /tmp/unixodbcproblem/pldd.${PROCESS}
> yum install mariadb-server
> ps -A | grep isql
> PROCESS=39065
> lsof | grep ${PROCESS} > /tmp/unixodbcproblem/lsof.${PROCESS}
> for f in $(pldd ${PROCESS}); do ls -l $f; done >
> /tmp/unixodbcproblem/pldd.${PROCESS}
> setenforce 0# Ran isql again. Still segmentation
> fault. Just to make sure this not the problem
> sestatus
> yum history list# This reported the most recent
> mariadb-server install as: 53
> yum history undo 53
> exit
>
> # ls /tmp/unixodbcproblem/
> lsof.29669  lsof.39065  pldd.29669  pldd.39065
>
>
>
> This is what I get when mariadb-server 10.1 is installed:
>
> # isql -vv mccmysql ec-ast ec
> +---+
> | Connected!|
> |   |
> | sql-statement |
> | help [tablename]  |
> | quit  |
> |   |
> +---+
> SQL> SELECT e_extnum FROM ext LIMIT 5;
> Segmentation fault
>
>
> This is what I get when mariadb-server is not installed:
>
> # isql -vv mccmysql ec-ast ec
> +---+
> | Connected!|
> |   |
> | sql-statement |
> | help [tablename]  |
> | quit  |
> |   |
> +---+
> SQL> SELECT e_extnum FROM ext LIMIT 1;
> +-+
> | e_extnum|
> +-+
> | 6011    |
> +-+
> SQLRowCount returns 1
> 1 rows fetched
> SQL> quit
>
>
> I going to sed & diff... these files to see what I find. If anyone has any
> suggestions of tools for this type of investigation, I would love to hear
> about it.
>
> John
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

On 11/2/2017 2:35 PM, m.r...@5-cent.us wrote:

John R Pierce wrote:

On 11/2/2017 2:18 PM,m.r...@5-cent.us  wrote:

We have a fair number of SAS 3.5" drives, and yes, 10k or 15k speeds.

those are internally 2.5" disks in a 3.5" frame.   you can't spin a 3.5"
disk much faster than 7200 rpm without it coming apart.


Sorry, that's incorrect. I have, sitting here in front of me, a
Dell-branded Seagate Cheetah, 600GB (it's a few years old) 15k 3.5" drive.



if you take one of those apart, you will find ~63mm (2.5") disk platters 
inside, and an identical mechanism to the 2.5" 600GB 15000 rpm drive of 
the same generation, just sitting in a larger frame.








--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

nProgress'
    # print 'controller number'+str(controllernumber)
    while controllerid < controllernumber:
        arrayid = 0
        cmd = '/opt/MegaRAID/MegaCli/MegaCli64 ldinfo lall 
a'+str(controllerid)+' nolog'

        output = getOutput(cmd)
        arraynumber = returnArrayNumber(output)
#       print 'array number'+str(arraynumber)
        while arrayid < arraynumber:
            cmd = '/opt/MegaRAID/MegaCli/MegaCli64 ldinfo 
l'+str(arrayid)+' a'+str(controllerid)+' nolog'

#           print 'DEBUG: running '+str(cmd)
            output = getOutput(cmd)
#           print 'DEBUG: output '+str(output)
            arrayinfo = returnArrayInfo(output,controllerid,arrayid)
            print 'volume '+arrayinfo[0]+' | '+arrayinfo[1]+' | 
'+arrayinfo[2]+' | '+arrayinfo[3]+' | '+arrayinfo[4]

            if not arrayinfo[3] == 'Optimal':
                bad = True
            arrayid += 1
        controllerid += 1
    print ''
print '-- Disks --'
print '-- Encl:Slot | vol-span-unit | Model | Status'
controllerid = 0
while controllerid < controllernumber:
    arrayid = 0
    cmd = '/opt/MegaRAID/MegaCli/MegaCli64 ldinfo lall 
a'+str(controllerid)+' nolog'

    output = getOutput(cmd)
    arraynumber = returnArrayNumber(output)
    while arrayid<arraynumber:         #grab disk arrayId info
        cmd = '/opt/MegaRAID/MegaCli/MegaCli64 pdlist 
a'+str(controllerid)+' nolog'

        #print 'debug: running '+str(cmd)
        output = getOutput(cmd)
        arraydisk = returnDiskInfo(output,controllerid,arrayid)
        for array in arraydisk:
            print 'disk '+array[0]+' | '+array[1]+' | '+array[2]+' | 
'+array[3]

            arrayid += 1
    controllerid += 1
if bad:
    print '\nThere is at least one disk/array in a NOT OPTIMAL state.'
    sys.exit(1)



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

On 11/2/2017 2:18 PM, m.r...@5-cent.us wrote:

We have a fair number of SAS 3.5" drives, and yes, 10k or 15k speeds.


those are internally 2.5" disks in a 3.5" frame.   you can't spin a 3.5" 
disk much faster than 7200 rpm without it coming apart.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[John R Pierce]

On 11/2/2017 9:21 AM, hw wrote:

Richard Zimmerman wrote:

hw wrote:
Next question: you want RAID, how much storage do you need? Will 4 
or 8 3.5" drives be enough (DO NOT GET crappy 2.5" drives - they're 
*much* more expensive than the 3.5" drives, and >smaller disk space. 
For the price of a 1TB 2.5", I can get at least a 4TB WD Red.


I will second Marks comments here. Yes, 2.5" drive enterprise drives 
have been an issue. +1 for the WD Red drives, so far 3.5" w/ 2tb and 
4tb drives, ZERO issues. I've had good luck with HGST NAS drives too. 
Unfortunately, that will come to an end soon (With WD owning HGST).


Most servers can fit only 2.5" disks these days.  I keep wondering what
everyone is doing about storage. 



2.5" SAS drives spinning at 10k and 15k RPM are the performance solution 
for online storage, like databases and so forth.   also make more sense 
for large arrays of SSDs, as they don't even come in 3.5".    With 2.5" 
you can pack more disks per U (24-25 2.5" per 2U face, vs 12 3.5" max 
per 2U)... more disks == more IOPS.


3.5" SATA drives spinning at 5400 and 7200 rpm are the choice for large 
capacity bulk 'nearline' storage which is typically sequentially written 
once




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HP laptops with CentOS 7?

[John R Pierce]

On 11/2/2017 8:35 AM, Ian Pilcher wrote:

I'm very happy with my Dell Precision 5520 "developer edition".  It
shipped with Ubuntu and runs Fedora pretty much flawlessly.  I haven't
tried CentOS, but Dell claims that RHEL support on their spec sheet, so
I would expect it to work well.

Dell also have the XPS 13 "developer edition" for those looking for a
smaller footprint. 



i forget the distro offhand, but someone has a latest-and-greatest 
kernel for CentOS 6 & 7 which greatly helps with modern hardware support.


--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] low end file server with h/w RAID - recommendations

[Stephen John Smoogen]

On 2 November 2017 at 12:21, hw  wrote:
> Richard Zimmerman wrote:
>>
>> hw wrote:
>>>
>>> Next question: you want RAID, how much storage do you need? Will 4 or 8
>>> 3.5" drives be enough (DO NOT GET crappy 2.5" drives - they're *much* more
>>> expensive than the 3.5" drives, and >smaller disk space. For the price of a
>>> 1TB 2.5", I can get at least a 4TB WD Red.
>>
>>
>> I will second Marks comments here. Yes, 2.5" drive enterprise drives have
>> been an issue. +1 for the WD Red drives, so far 3.5" w/ 2tb and 4tb drives,
>> ZERO issues. I've had good luck with HGST NAS drives too. Unfortunately,
>> that will come to an end soon (With WD owning HGST).
>
>
> Most servers can fit only 2.5" disks these days.  I keep wondering what
> everyone is doing about storage.
>

The 2.5 inch drives have a pretty good lifetime these days and seem to
be all you can get for various storage systems. It is like back when
we all wanted and loved 5.25 drives and all you could get was the
crappy 3.5 inch ones. And I expect in 3-5 years the 2.5 inch ones will
be replaced with only able to get the in card SIMM like drives.

> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Maria 10 breaks unixodbc mysql connector

[John Harragin]

Thanks.

I just installed mariadb-server 10.1 and tried a series of things and could
not get it to work. So once again I yum undo-ed to uninstall

So if I am understanding correctly, tomorrow I can reinstall
mariadb-server, my already running process will continue to run (as it
does), and by opening isql a new instance of unixodbc, mysql-connector...
the whole linkage chain. should be established so I can hopefully figure
out what is happening?

I'll also look around in yum's history  to see if the is some old component
of mysql or mariaclient not getting removed...

What is the likelihood of yum not identifying a prerequisite?

Quitting for now. That is enough of my time given to work for one night!

John

On Tue, Oct 31, 2017 at 3:57 PM, Gordon Messmer <gordon.mess...@gmail.com>
wrote:

> On 10/31/2017 12:23 PM, John Harragin wrote:
>
>> However my asterisk server is still running and it still has that file
>> open. I don't know if this keeps new processes referencing the .so file
>> that is open in ram.
>>
>
> No.  New processes will use the .so that they find in their library path,
> in the filesystem.
>
> I'm not sure how the package manager addresses such
>> issues.
>>
>
> It doesn't.
>
> Does it run ldconfig as part of the installation and defer
>> resolving issues till the involved files are closed?
>>
>
>
> Packages may specifically run "ldconfig" in their post install script (rpm
> -q --scripts), but rpm won't otherwise.
>
> If you remove a package that provides an .so file, the files are deleted
> from the filesystem by rpm.  If those files are open by an active process,
> the inode and data blocks will not be freed by the kernel at that time,
> because there is still an in-memory reference to those.  When those
> processes exit, the reference count is decreased.  When the reference count
> reaches zero, and nothing refers to that inode any longer, the kernel will
> clear the inode and free the data blocks it is using.
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Maria 10 breaks unixodbc mysql connector

[John Harragin]

Thanks for each of your inputs.

It was not a configuration issue as odbcinst.ini does not reference the
mysql subdirectory.

Rather than use Alexander's url, I ran:
yum -y install centos-release-openstack-ocata
yum -y install mariadb-server
...the cloud repository provides the properly pathed file.

# repoquery -l mariadb-server mariadb-libs | grep lib64 | grep
libmysqlclient
/usr/lib64/mysql/libmysqlclient.so.18
/usr/lib64/mysql/libmysqlclient.so.18.0.0

I installed this and isql was crashing. But (unlike the mariadb.com
repository,) is did install:
/usr/lib64/mysql/libmysqlclient.so
...in the appropriate subdirectory.

However my asterisk server is still running and it still has that file
open. I don't know if this keeps new processes referencing the .so file
that is open in ram. I'm not sure how the package manager addresses such
issues. Does it run ldconfig as part of the installation and defer
resolving issues till the involved files are closed?

For the moment I have again undoed the installation

I was waiting to post this till things were slow enough to restart
processes, run ldconfig, etc... Perhaps I need to do the install when no
odbc|maria|mysql files are open.

But this is the current state of things, and I will post the outcome later.

John

On Tue, Oct 31, 2017 at 2:52 PM, Gordon Messmer <gordon.mess...@gmail.com>
wrote:

> On 10/30/2017 12:22 PM, John Harragin wrote:
>
>> [root@ec-ast yum.repos.d]# ldd /usr/lib64/libmyodbc5w.so | grep -iE
>> "my|maria"
>>  libmysqlclient.so.18 => /usr/lib64/mysql/libmysqlclient.so.18
>> (0x7f3dfb34c000)
>> [root@ec-ast yum.repos.d]# repoquery -l MariaDB-server MariaDB-client
>> MariaDB-commo MariaDB-shared galera boost-program-options jemalloc rsync
>> lsof | grep lib64 | grep libmysqlclient
>> /usr/lib64/libmysqlclient.so.18
>>
>
> If the MariaDB packages provide the library in /usr/lib64, what provides
> the lib in /usr/lib64/mysql?  (It looks like you have a library conflict)
>
> rpm -qf /usr/lib64/mysql/*
>
> More than likely, you can resolve the problem by removing the package that
> provides the files in /usr/lib64/mysql/.  However, as Alexander pointed
> out, this isn't a problem with the CentOS packages, and you're more likely
> to get useful information if you address this question to the vendor of the
> broken package.
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] RH software collections

[Stephen John Smoogen]

On 31 October 2017 at 11:27, Fred Smith  wrote:
> Off topic, since it is a RH question, but I'm hoping someone here can
> point me to the right place to pursue this:
>
> We need an official RH build of nginx that contains the lua module(s),
> but the nginx builds in the rh scl repository do not.
>

If you need an official lua build then you already have an official
Red Hat subscription of some sort. Going through that would be the
best avenue as trying through the general CentOS mailing list would
not be useful. Also bringing it up on the software collections mailing
lists might be a better avenue. Adding support in packages is never
'free' in the sense that it adds more qa tests, more code paths and
possibly problems with existing functionality. This means that it
takes time and will be a while. If you need it sooner you are better
at doing it yourself.


> So, I'm looking for how to make an appropriate contact to inquire if
> RH could add lua to their current nginx build for the software collections
>
> I haven't a clue how to approach this, so any guidance would be great!
>
> thanks in advance!
>
> --
>  Fred Smith -- fre...@fcshome.stoneham.ma.us -
> "Not everyone who says to me, 'Lord, Lord,' will enter the kingdom of
>  heaven, but only he who does the will of my Father who is in heaven."
> -- Matthew 7:21 (niv) 
> -
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Maria 10 breaks unixodbc mysql connector

[John Harragin]

Thanks for your input.

It occurred to me that it might just be my config file that needs to be
changed along with a package installation. It was weird that it worked for
days and I was under considerable pressure to get it going quickly (while I
was on vacation) so I am returning to this a while later (with the
problematic package no longer installed). I'll look at this tomorrow and
see if this is a non-issue or not. For now, ignore it...

John

On Mon, Oct 30, 2017 at 4:19 PM, Alexander Dalloz <ad+li...@uni-x.org>
wrote:

> Am 30.10.2017 um 20:22 schrieb John Harragin:
>
>> I recently installed mariadb-server 10.1 by adding the following
>> repository:
>>
>> baseurl = http://yum.mariadb.org/10.1/centos7-amd64
>>
>
> [ ... ]
>
> I could reinstall mariadb-server, add a symlink and it would probably work,
>> but I thought it would be better to post and hopefully the maintainer of
>> whichever package (unixodbc, maria, mysql-connector...) should be
>> addressed, could be alerted to this issue in the event that it could (or
>> should) be fixed on a package level.
>>
>> John
>>
>
> CentOS cannot fix packages from yum.mariadb.org.
>
> But the cloud SIG has build newer mariadb packges:
>
> https://cbs.centos.org/koji/packageinfo?packageID=434
>
> You can install them via yum too by the cloud repo.
>
> http://mirror.centos.org/centos-7/7/cloud/x86_64/openstack-ocata/common/
>
> Alexander
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Maria 10 breaks unixodbc mysql connector

[John Harragin]

I recently installed mariadb-server 10.1 by adding the following repository:

baseurl = http://yum.mariadb.org/10.1/centos7-amd64

...all was well until we had a power failure and upon rebooting unixodbc
was segfaulting. Once I did a yum undo, the mysql odbc driver was
functional.

I traced it to the following:

[root@ec-ast yum.repos.d]# ldd /usr/lib64/libmyodbc5w.so | grep -iE
"my|maria"
libmysqlclient.so.18 => /usr/lib64/mysql/libmysqlclient.so.18
(0x7f3dfb34c000)
You have new mail in /var/spool/mail/root
[root@ec-ast yum.repos.d]# repoquery -l MariaDB-server MariaDB-client
MariaDB-commo MariaDB-shared galera boost-program-options jemalloc rsync
lsof | grep lib64 | grep libmysqlclient
/usr/lib64/libmysqlclient.so
/usr/lib64/libmysqlclient.so.18
/usr/lib64/libmysqlclient.so.18.0.0
/usr/lib64/libmysqlclient_r.so
/usr/lib64/libmysqlclient_r.so.18
/usr/lib64/libmysqlclient_r.so.18.0.0

...notice the change in the path (/usr/lib64/mysql/).

I could reinstall mariadb-server, add a symlink and it would probably work,
but I thought it would be better to post and hopefully the maintainer of
whichever package (unixodbc, maria, mysql-connector...) should be
addressed, could be alerted to this issue in the event that it could (or
should) be fixed on a package level.

John
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Gulliver

[Stephen John Smoogen]

On 30 October 2017 at 13:07, Chris Olson  wrote:
> We have been fortunate to hang onto one of our summer interns
> for part time work on weekends during the current school year.
> One of the intern's jobs is to load documents and data which
> are then processed.  The documents are .txt, .docx, and .pdf
> files. The data files are raw sensor outputs usually captured
> using ADCs mostly with eight bit precision.  All files are
> loaded or moved from one machine to another with sftp.
>
> The intern noticed right a way that the documents will transfer
> perfectly from our PPC and SPARC machines to our Intel/CentOS
> platforms.  The raw data files, not so much.  There is always
> an Endian (Thanks Gulliver) issue, which we assume is due to
> the bytes of data being formatted into 32 bit words somewhere
> in the Big Endian systems.  It is not totally clear why the
> document files do not have this issue.  If there is a known
> principle behind these observations, we would appreciate very
> much any information that can shared.
>
>

Text files which are ascii are generally 7->8 bit so don't tend to
have bit endian problems in 8+ bit architectures. [I expect a 4 bit
architecture would have problems].  Now 8+ bit UTF can have some
problems with endianess but it is usually not following some standard
and assuming that writing data works the same as it did with ascii
(mainly because few people dealt with 4 bit computers).

docx and pdf is written for a fixed endian format so even if
built/written on a big endian system the data itself is formatted to
be little endian. Raw data files are usually endian if they are 'raw'
memory dumps or similar. Some 'data' formats which are mostly raw are
actually written to a standard which will work because both the little
endian and big endian expects the data to be written in 'big' or
'little' endian and read in as such.



> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Problems with kernel-3.10.0-693.5.2.el7.x86_64

[John R Pierce]

On 10/28/2017 11:30 AM, Gregory P. Ennis wrote:

On each of these units I am using the video from the mother board which
is :

Base Board Information
 Manufacturer: ASUSTeK COMPUTER INC.
 Product Name: B150M-A/M.2



what CPU are you using?  any onboard video with the B150 chipset is 
coming from the CPU itself.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] home on nfs

[John Hodrien]

On Fri, 27 Oct 2017, hw wrote:


Hi,

I have the home directory of a user on an nfs server and mount it on a
client.  When the user logs in, they end up in the root directory rather
than in their actual home directory and need to cd into it.

The user can read and write to their home directory, so it kinda works
fine --- but only kinda.  When the user starts emacs, some of the
settings in ~/.emacs are not applied, but the saved desktop is being
loaded.

Both machines are running Centos 7.4.  What could be wrong with the nfs
mount?


I'd guess the user was incorrectly defined.  Does $HOME really point to the
right path?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-docs] ManualInstall page update review request

[John Soros]

Hello everyone,
I'm more or less finished with updating the ManualInstall wiki page (
https://wiki.centos.org/HowTos/ManualInstall ). Any feedback would be
appreciated.
I would be very grateful also if someone found a way of predicting the
"predictable" network interface names, since I haven't been able to find a
consistent method that works across different types of machines (I've tried
virtual machines and physical machines, and the method I tried with udevadm
yields different results for each) and different boot methods (BIOS boot
vs. UEFI boot).
Regards,
John Soros
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] Not Able to Configure Nagios Server 4.3.4 in Centos 7

[Stephen John Smoogen]

On 24 October 2017 at 08:57, Abhinay Khanna  wrote:
> Hi Team,
>
>
> I was trying to install the Nagios server in Centos 7.
> I had downloaded and unzipped the Nagios server and it's plugins file.
>

I am the maintainer of the Nagios package in EPEL so I may be able to help here.

I am guessing you are downloading the nagioscore zip file from the github?

> As per the installation instructions I ran the commands in the concerned 
> folders of ./configure , make , make install for both the core and the Nagios 
> plugins.
>
> I am not able to figure out the issue behind that it is not working

The default nagios configure will put things in many 'strange' places
which may work on some sort of BSD but do not work with most of the
Linux. There are a lot of configure options one needs to pass which
are in the src.rpm spec file which you can see at
https://src.fedoraproject.org/rpms/nagios/tree/master

I hate to say this but a make install may have pushed files and
permissions all over this system so you are going to need to either
spend some time cleaning or redeploy.

If you want to make an updated rpm because I am not caught up:

yum install epel-releast
yum install fedpkg
fedpkg clone --anonymous nagios
cd nagios
fedpkg switch-branch epel7
fedpkg srpm
[This will make a src.rpm of the latest code.]
download the source code you want.
edit the spec file to point to the new src code.
check to see if a patch- is turned on in the spec file. If it is
comment it out as it will contain a src diff to the maintenance
upstream branch
fedpkg mockbuild
start debugging what might have not worked or you will have fixed rpms
in results/


> It did got installed using yum which was a previous 4.3.2 that that had it's 
> own errors and wanted me to update with no update of it available in the epel 
> repository.
>

There is an update in epel-testing. I am looking for people to test it
so I can push it to stable.

> Can anyone help with this ?
>
> TIA
> Abhinay
>
> Get Outlook for Android
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [OT]: scp setup jailed chroot on Centos7

[John R Pierce]

On 10/24/2017 7:40 AM, Valeri Galtsev wrote:

[Sorry about "top posting": my OT question arises from the subject..]

Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD
jails, and as I run CentOS and some other Linuxes for quite some time I
was under impression that there is no such thing as jail under Linux [at
least those flavors I run]. Under Linux I did use in variety of places
chrooted environment, but that only separates stuff on the filesystem
level (and other things such as devices and others accessed via
filesystem). There is no other resource separation (which I'm used to have
control over in case of FreeBSD jail).

Am I wrong, and what am I wrong about?



while I've never used them, my understanding is, lxcontainers are at the 
level of a jail, network isolation as well as file system.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-docs] HowTos/ManualInstall documentation update

[John Soros]

awesome! thank you. I'll get to it once I've tested a little more, in a
couple of days.
John

On Wed, Oct 18, 2017 at 8:05 PM, Akemi Yagi <amy...@gmail.com> wrote:

> On Wed, Oct 18, 2017 at 10:59 AM, John Soros <sor...@gmail.com> wrote:
>
>> JohnSoros
>> John
>>
>> On Wed, Oct 18, 2017 at 7:55 PM, Akemi Yagi <amy...@gmail.com> wrote:
>>
>>> On Tue, Oct 17, 2017 at 8:21 AM, John Soros <sor...@gmail.com> wrote:
>>>
>>>> Hello,
>>>> This is my first post on this list so please don't be too harsh.
>>>> After following a bunch of different guides and looking for
>>>> documentation all around I've managed to install centos on my server from a
>>>> chroot (from a debian-based host system). I would like to update the
>>>> https://wiki.centos.org/HowTos/ManualInstall wiki page with this new
>>>> information as the information on there is pretty outdated. Here are my
>>>> documentation steps attached as simple text for now. Of course, I propose
>>>> to format it correctly if I am given access to the page.
>>>> If anyone has comments and/or suggestions to the steps I took, I would
>>>> be very interested to hear them!
>>>> Regards,
>>>> John Soros
>>>> ​
>>>>
>>>
>>> ​What is your wiki name?
>>>
>>> Akemi​
>>>
>>
> ​You should be able to edit the page now.
>
> Akemi​
>
>
> ___
> CentOS-docs mailing list
> CentOS-docs@centos.org
> https://lists.centos.org/mailman/listinfo/centos-docs
>
>
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS-docs] HowTos/ManualInstall documentation update

[John Soros]

JohnSoros
John

On Wed, Oct 18, 2017 at 7:55 PM, Akemi Yagi <amy...@gmail.com> wrote:

> On Tue, Oct 17, 2017 at 8:21 AM, John Soros <sor...@gmail.com> wrote:
>
>> Hello,
>> This is my first post on this list so please don't be too harsh.
>> After following a bunch of different guides and looking for documentation
>> all around I've managed to install centos on my server from a chroot (from
>> a debian-based host system). I would like to update the
>> https://wiki.centos.org/HowTos/ManualInstall wiki page with this new
>> information as the information on there is pretty outdated. Here are my
>> documentation steps attached as simple text for now. Of course, I propose
>> to format it correctly if I am given access to the page.
>> If anyone has comments and/or suggestions to the steps I took, I would be
>> very interested to hear them!
>> Regards,
>> John Soros
>> ​
>>
>
> ​What is your wiki name?
>
> Akemi​
>
>
> ___
> CentOS-docs mailing list
> CentOS-docs@centos.org
> https://lists.centos.org/mailman/listinfo/centos-docs
>
>
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] Null deference panic in CentOS-6.5

[Stephen John Smoogen]

On 18 October 2017 at 04:50, wuzhouhui  wrote:
> I googled this issue and found so many people have encountered, but most of
> them just said "the newer kernel doesn't have this problem, so upgrade
> kernel". We can't upgrade kernel easily, so we need to *really* solve this
> problem.
>
>

If you can't update the kernel then how can anyone fix the problem?
The kernel needs to be changed out in some way. [Yes there are ways to
binary patch a running kernel but it is a) frought with danger b)
experts only area. People who do that do not offer their services for
free for a reason.]

--
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Null deference panic in CentOS-6.5

[John Hodrien]

On Wed, 18 Oct 2017, wuzhouhui wrote:


Does anyone have encountered same problem or advice?


Expect minimal help when running custom kernel modules on painfully old CentOS
kernels?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-docs] HowTos/ManualInstall documentation update

[John Soros]

Hello,
This is my first post on this list so please don't be too harsh.
After following a bunch of different guides and looking for documentation
all around I've managed to install centos on my server from a chroot (from
a debian-based host system). I would like to update the
https://wiki.centos.org/HowTos/ManualInstall wiki page with this new
information as the information on there is pretty outdated. Here are my
documentation steps attached as simple text for now. Of course, I propose
to format it correctly if I am given access to the page.
If anyone has comments and/or suggestions to the steps I took, I would be
very interested to hear them!
Regards,
John Soros


ManualInstall
Description: Binary data
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] systemctl reboot -- server not accessible after reboot

[John R Pierce]

On 10/14/2017 10:54 AM, Mike wrote:

When I try systemctl reboot directly on the server.
Same problem --- does not start to login prompt.


so where does it stop?   does it never finish BIOS short self-test after 
the shutdown?   does it hang somewhere in the Linux loading sequence?   
if it goes to the graphic screen with the blue startup bar or whatever, 
I believe you can hit ESC to get the console messages.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [External] /boot partition too small

[John Hodrien]

On Thu, 12 Oct 2017, Mauricio Tavares wrote:


Stupid question: can't you do

rpm -qa | grep ^kernel

and then

rpm -e 


With 100Mbyte /boot on a non-EFI system, I wouldn't have enough room for two
kernels, so updates would be tricky.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] yum-cron hourly errors

[John Ratliff]

I receive messages like this from cron often. Not every hour, and not 
consistently between the servers running CentOS, but at least two per 
day. Is this normal?


/etc/cron.hourly/0yum-hourly.cron:

Could not retrieve mirrorlist 
http://mirrorlist.centos.org/?release=7=x86_64=os=stock 
error was


14: HTTP Error 403 - Forbidden

Could not retrieve mirrorlist 
http://mirrorlist.centos.org/?release=7=x86_64=extras=stock 
error was


14: HTTP Error 403 - Forbidden

Could not retrieve mirrorlist 
http://mirrorlist.centos.org/?release=7=x86_64=updates=stock 
error was


14: HTTP Error 403 - Forbidden

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [External] /boot partition too small

[John R Pierce]

On 10/11/2017 12:04 AM, Toralf Lund wrote:

On 10/10/17 15:55, KM wrote:
First off - let me say I am not an administrator.   I need to know if 
there is an easy way to increase my /boot partition.  When I 
installed CentOS 6 after running 5, it was my oversight not to 
increase the /boot size.  it's too small and I can't do yum updates.
if it's not easy to actually increase it, is it safe to take a chunk 
in my root filesystem (like /new.boot or something) and just mount it 
as /boot from now on so it uses the space or is that not a good 
idea?  I am sure I could easily copy the rpms/kernel stuff over to it 
and then unmounts the real /boot and mount this new area as /boot.
Can you administrators let me know what you think of all this? Thanks 
in advance.

Hi,

Since a lot of people seem to say none of the above can be done, I'm 
starting to feel slightly unsure, but I though gparted could extend, 
shrink and move partitions while preserving data. You'd have to use 
the "live" version when operating on system partitions. See 
https://gparted.org



I would prefer boot up in single, and partition a new boot device, with 
the larger /dev/sda1, and whatever else lvm stuff, then copy the file 
systems across with dump or xfsdump or whatever, swap the devices and 
boot.   this way the old disk is a safe backup.   heck, /boot can be a 
SD card or USB stick :-p





--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /boot partition too small

[John R Pierce]

On 10/10/2017 6:50 PM, John R Pierce wrote:
Your root filesystem is in an LVM volume. CentOS 6 is still using 
GRUB legacy, which does not support /boot in LVM. 



says up there, /boot is /dev/sda1, this is almost exactly the config 
of my C6 servers. 



never mind, I realized after I sent this, you were talking about him 
MOVING his /boot to /



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /boot partition too small

[John R Pierce]

On 10/10/2017 6:20 PM, Robert Nichols wrote:

Filesystem Size  Used Avail Use% Mounted on
/dev/mapper/vg_bldsrv-lv_root
    50G   26G   22G  55% /
tmpfs 9.0G  156K  9.0G   1% /dev/shm
/dev/sda1  96M   33M   59M  36% /boot
/dev/mapper/vg_bldsrv-lv_home
   861G  371G  447G  46% /home


Your root filesystem is in an LVM volume. CentOS 6 is still using GRUB 
legacy, which does not support /boot in LVM. 



says up there, /boot is /dev/sda1, this is almost exactly the config of 
my C6 servers.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /boot partition too small

[Stephen John Smoogen]

On 10 October 2017 at 09:55, KM  wrote:
> First off - let me say I am not an administrator.   I need to know if there 
> is an easy way to increase my /boot partition.  When I installed CentOS 6 
> after running 5, it was my oversight not to increase the /boot size.  it's 
> too small and I can't do yum updates.
> if it's not easy to actually increase it, is it safe to take a chunk in my 
> root filesystem (like /new.boot or something) and just mount it as /boot from 
> now on so it uses the space or is that not a good idea?  I am sure I could 
> easily copy the rpms/kernel stuff over to it and then unmounts the real /boot 
> and mount this new area as /boot.
> Can you administrators let me know what you think of all this?   Thanks in 
> advance.
> KM

There is no easy way to increase the /boot partition. One can try to
build another /boot partition and use that but that isn't simple
either and prone to problems if the /boot is outside of where that
particular BIOS can intepret (aka embedded in an LVM) or jump to.

I have found the simpler method is usually: dump the disks to backup,
reinstall the system with 500 to 1000 MB /boot and restore from
backups.



> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /boot partition too small

[John Hodrien]

On Tue, 10 Oct 2017, Pete Biggs wrote:


No, you can't do that. /boot is special and needs to be a separate
partition.


Needs is a bit strong, as grub2 does support LVM.  It's not a supported
configuration for Redhat.

I'm not a sure there's a lot to it beyond having the lvm module loaded in
grub, but I've honestly not tried.

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] /boot partition too small

[John Hodrien]

On Tue, 10 Oct 2017, KM wrote:


Thanks for the idea.  I've already restricted it to one kernel.   so this 
will not help me.


And did you also delete the rescue kernel/image from /boot?

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CUDA tools?

[John Hodrien]

On Fri, 6 Oct 2017, Pete Biggs wrote:


I suppose the epel kmod-nvidia might count - it will allow CUDA apps to
run but you can't develop with it.


The ELRepo drivers are just the drivers, not the SDK.  That said, my
experience is they're packaged much better than the ones nVidia releases as
part of the CUDA repo.

The approach I've gone with is to use ELRepo for the drivers, and then use
environment modules to provide the CUDA SDK to users.  That for me offers
little downsides.  You easily get to provide multiple releases of the SDK for
users, and you get to use the best packaged drivers.

jh

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel turbo mode

[Stephen John Smoogen]

On 3 October 2017 at 13:01, hw <h...@adminart.net> wrote:
> Stephen John Smoogen <smo...@gmail.com> writes:
>
>> On 1 October 2017 at 11:34, hw <h...@adminart.net> wrote:
>>> Hi,
>>>
>>> is there a way in Centos to find out if the Intel turbo mode will be
>>> used?
>>>
>>> Using the 'stress' utility and checking the frequency with cpupower
>>> tells me that a CPU is running at it´s maximum frequency as reported by
>>> cpupower --- and this frequency is less than the frequency it would run
>>> at if it used the turbo mode.  All the other CPUs are at their minimum
>>> frequency.  I have verified that turbo mode is enabled in the BIOS.
>>>
>>> Is cpupower unable to report frequencies used in turbo mode despite it
>>> always says it gets its information from the hardware?
>>>
>>
>> It would seem that there are multiple ways to get the information you
>> are looking for. I expect you have seen this already
>>
>> https://haypo.github.io/intel-cpus.html
>>
>> but I figured I would pass it on for others. They found that cpupower
>> is less reliable in how it reports the data because of the values it
>> gets them from.
>
> Thanks, I didn´t see that one yet.  At least I noticed that cpupower
> says that turbo mode is available, and turbostat seems to indicate that
> CPUs sometimes run at higher frequencies like they would when in turbo
> mode.
>
> It´s strange that there is no tool to definitely figure this out,
> especially since RH seems to have done a lot of research into improving
> performance.
>

My limited understanding is that it isn't very reliable to show it and
the Windows ones distort reality a lot (aka say you are in it when you
aren't actually in it) because they do a moving average to show what
is going on so it doesn't look as jagged as it really is. It is also
not all that useful for general software needs. The CPU is going to be
waiting a lot longer now for memory and io to catch up for most
transactions.

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum java-devel not listed installed

[John Hodrien]

On Mon, 2 Oct 2017, david wrote:

Is there some simple explanation?  It works for all the other packages I've 
installed.


yum provides java-devel

jh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sendmail

[Stephen John Smoogen]

On 2 October 2017 at 18:03, Larry Martell <larry.mart...@gmail.com> wrote:
> On Mon, Oct 2, 2017 at 5:29 PM, Stephen John Smoogen <smo...@gmail.com> wrote:
>> On 2 October 2017 at 17:21, Larry Martell <larry.mart...@gmail.com> wrote:
>>> I an running CentOS7 in a docker container. I need to send email from
>>> that container so I installed sendmail and then I run:
>>>
>>> m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf` and when I try and
>>> send mail it fails with:
>>>
>>> larry.mar...@gmail.com... Connecting to [127.0.0.1] via relay...
>>> larry.mar...@gmail.com... Deferred: Connection refused by [127.0.0.1]
>>>
>>> Anyone know how I can configure sendmail so that I can send mail?
>>
>> Does this help any?
>>
>> https://stackoverflow.com/questions/26215021/configure-sendmail-inside-a-docker-container
>
> That post is a bit overwhelming. It has 20+ answers and all are different.
>
> I have another container running debian buster and in there I do"
>
> yes yes | sendmailconfig
>
> and then I can send mail. But I don't see sendmailconfig in CentOS7.
> Is there an equivalent?

Sendmail is not the standard email server for EL7 so I am a bit rusty
here.  The item that caught my attention was the following:

--
I figured out a way myself, although not the most elegant solution. I
configured the sendmail inside my docker so as to Relay the request
via host's ip. Add the following line to the file "/etc/mail/access

Connect:  RELAY
Also, in the host as well as docker, comment out the following line in
the file "/etc/mail/sendmail.mc" by prefixing it with "dnl #" and
suffixing with "dnl".

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
I passed the host ip as an environment variable to the docker
container, so that it is configurable. Now the docker's sendmail will
relay it's sendmail's smtp request via host machine.

---

Beyond that I am not going to be much help as I have not had much
experience with docker.

-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sendmail

[Stephen John Smoogen]

On 2 October 2017 at 17:21, Larry Martell  wrote:
> I an running CentOS7 in a docker container. I need to send email from
> that container so I installed sendmail and then I run:
>
> m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf` and when I try and
> send mail it fails with:
>
> larry.mar...@gmail.com... Connecting to [127.0.0.1] via relay...
> larry.mar...@gmail.com... Deferred: Connection refused by [127.0.0.1]
>
> Anyone know how I can configure sendmail so that I can send mail?

Does this help any?

https://stackoverflow.com/questions/26215021/configure-sendmail-inside-a-docker-container


> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Intel turbo mode

[Stephen John Smoogen]

On 1 October 2017 at 11:34, hw  wrote:
> Hi,
>
> is there a way in Centos to find out if the Intel turbo mode will be
> used?
>
> Using the 'stress' utility and checking the frequency with cpupower
> tells me that a CPU is running at it´s maximum frequency as reported by
> cpupower --- and this frequency is less than the frequency it would run
> at if it used the turbo mode.  All the other CPUs are at their minimum
> frequency.  I have verified that turbo mode is enabled in the BIOS.
>
> Is cpupower unable to report frequencies used in turbo mode despite it
> always says it gets its information from the hardware?
>

It would seem that there are multiple ways to get the information you
are looking for. I expect you have seen this already

https://haypo.github.io/intel-cpus.html

but I figured I would pass it on for others. They found that cpupower
is less reliable in how it reports the data because of the values it
gets them from.

>
> --
> "Didn't work" is an error.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos



-- 
Stephen J Smoogen.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos