[CentOS-docs] Permissions For Editing Centos Wiki Pages
Hi, I want to update some wiki pages such as http://wiki.centos.org/AdditionalResources/Repositories/RPMForge for help to developt Centos project. Can any one help to the permissions. Best Regards ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS-virt] Test new xen, centos-release-xen and kernel for auto grub update on kernel install
Hey Johnny! I tested your most recent implementation of the grub-update script, and it now seems to work whether I use the CentOS xen packages or a self-built one. Thanks for your work. :-) One more thing though: it seems that the grub update is triggered on the *kernel* install or upgrade; but not in the *xen* install or remove. So if someone installs both the CentOS Xen packages and the dom0 kernel, and then for some reason removes the Xen packages without removing the kernel, then the default grub entry will be pointing to a non-existent xen binary; or, if you were to install the dom0 kernel first, and then later install the xen packages, you wouldn't have an entry for xen. I'm not familiar with the rpm spec system, but would it be possible to have the xen-hypervisor package kick the grub-update script on install and remove? Also, is it possible to run the grub-update script manually? We could then document that for users who want to roll their own Xen. -George On Mon, Oct 20, 2014 at 11:09 AM, George Dunlap dunl...@umich.edu wrote: On Thu, Oct 16, 2014 at 5:52 PM, Johnny Hughes joh...@centos.org wrote: On 10/16/2014 11:25 AM, George Dunlap wrote: On Fri, Oct 10, 2014 at 2:41 AM, Johnny Hughes joh...@centos.org wrote: The new process for auto updates of grub upon kernel install is in the xen4centos testing repo. In order to test these as updates to an existing system, you can do this: 1. download the test repo file: http://dev.centos.org/centos/6/xen-c6-RC1/xen-c6-RC1.repo 2. Put it in /etc/yum.repos.d/ 3. Issue this command: yum --disablerepo=Xen4CentOS upgrade xen\* centos-release-xen (that should install all the new files required to make the kernel update work automatically) 4. Review the new file /etc/sysconfig/xen-kernel ... if there is any other items you want on the 'kernel /xen.gz' line, you would edit the file. For example, I like to add 'com1=115200,8n1 console=com1' to the end of that line so I can use consoles in virsh. So I would change the line: Hmm -- so I take it that /etc/sysconfig/xen-kernel is now a part of the xen package...? One issue with this is that during normal Xen development I often make an RPM directly from the upstream repo, so while I have the xen4centos kernel libvirt installed, I don't have a xen4centos xen installed. The nice thing about the current script in centos-release-xen is that it works with non-x4c xen packages. Sorry I hadn't thought about that side-effect when you mentioned this before. :-/ Any thoughts? Would it be possible to have the script in centos-release-xen and check for the existence of /boot/xen.gz, for instance? I don't think that is a good idea .. people might have the xen.repo installed so that they can get the kernel. But not xen installed (ie, they are on a domU). They want the kernel and have centos-release-xen installed .. BUT they don't want the grub mods as they want to boot a normal kernel. I'm a bit confused. I suggested that the script only install xen if /boot/xen.gz exists. If they don't have the hypervisor package installed, then /boot/xen.gz won't exist, and so it should fall back to the default behavior. If they have the hypervisor package installed in the domU for some reason, then it will put /boot/xen.gz first unless they edit /etc/sysconfig/xen-kernel -- which is the same thing that would happen if they installed the hypervisor packages you have here, right? Hmm, maybe it wasn't clear that I was actually suggesting moving /etc/sysconfig/xen-kernel to centos-release-xen; I wasn't suggesting getting rid of it and just always loading the xen kernel if it exists. The easier thing would be for you (as a one off installer situation) to create your own /etc/sysconfig/xen-kernel manually if you want grub updated. It only has 2 variables. That's not too hard. :-) But it does mean a bit of extra overhead for anyone installing a non-CentOS build of Xen (a local build, a snapshot of release candidate, c). This solution was for C6 only, right -- C7 uses grub2, right? If it was going to be something CentOS would be using going forward we might be able to make the argument for including it in the upstream Xen install. But if it's just a patch to get C6 to work, I don't think upstream will be so keen. I want to make it easy to get things right in the major use cases .. which I think this solution does in the way it is split up. Right, so in your suggestion: - centos-release-xen installed, CentOS hypervisor installed: Automatically defaults to xen - centos-release-xen instlaled, CentOS hypervisor installed, xen-kernel edited: Whatever is configured - centos-release-xen installed, no hypervisor installed: Defaults to bare metal Linux - centos-release-xen installed, alternate Xen installed: Defaults to bare metal Linux (needs grub.conf editing every kernel update). Which means using the CentOS hypervisor packages are a little bit
Re: [CentOS-virt] Test new xen, centos-release-xen and kernel for auto grub update on kernel install
CentOS – Roll Your Own Xen On Oct 22, 2014, at 5:52 AM, George Dunlap dunl...@umich.edu wrote: Also, is it possible to run the grub-update script manually? We could then document that for users who want to roll their own Xen. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS-es] Duda Crontab
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/21/2014 11:45 PM, Diego Sanchez wrote: Crontab -e hace verificación de sintaxis y es la correcta. El resto no se. crontab -e efectivamente revisa la sintaxis, y además edita el cron del usuario conque estamos. vi /etc/crontab (o cualquier otra variante y editor) edita digamos así el cron general del sistema, normalmente en él no nos debemos meter saludos epe -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJUR5o7AAoJEI8SQ0eoZD/XINMQAIvLVTTYBriV4J04sfQSR1OW Z8jR4fg5S3PYujgdAa0jcItwfoopobFPWlkSgnp1FDaY8T87+LTxLMzmoLzNm9fj YbYTRZ5vNy5J1neTc6+bRos7CB5XvAXNSWLgf5N8Tlxy/RnL9odyNVWc9iUssiWv wUz8Dqj7sEVb6UMqecbAPBoOLDmBaCWfQupSDRsY++JHAul7J/XLOgLkebyjzFsZ h8iC38hdsLp8ODqcBLA7Ab/36DDCu86aGIBHkyRkxj9mKBU6vznMIkv+LW/PAUQt goYkLBgkYd1J9p6e48DbM0z8/dkz/fYOd+pk4O4jc007vZTfTpzzL6SWPMYQzxJN 4Zjlg7Ont71DfV6d43yZNQ5HTN/vko3LFXCRX7GT7P9qVKgrbnH64Be8HkzsGMlU OdEov+hmh3jv26JnpRaQiSlAiwKt8c2ksCEz3NKw0kU1ectthFoJWZFUkr6tPRKI L9hFczt2iaXz/PyrAt13Hjnbo8kEjYmXeTffrCPxQY3Q3rdakHSh3/R9lLW5WeoQ TftW4lyFVQ61yJv7HoTWQ9hDcCK4MNo87a6asCoeAihpNzz1xIXNWcceb+rQ3D89 2OOql63RpdoR5q1SJ15mcRCRiehOLqOQuLfWIPggrHz5vhKvcYLst3y3cS3nEk2D x/cJpC4ivIqN3+SnR2bL =XqOE -END PGP SIGNATURE- Email secured by Check Point ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Duda Crontab
Si haces un crontab -e, en realidad lo que haces es editar el fichero /var/spool/cron/usuario, que es donde esta los crontab guardados y el fichero /etc/crontab es un fichero propio de configuracion de crontab, que normalmente no se toca. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Update Webmin en Produccion
Saludos estimados listeros, Mi consulta va para aquellos expertos, tengo un webmin en producción ver 1.530 en CentOS Linux 5.5, q es un servidor de correo. puedo actualizar a la ultima version del Webmin sin afectar configuraciones? en este momento ne da un error: Warning - Your system is actually running CentOS Linux version 5.11.y Fix error Bad arg length for Socket::pack_sockaddr_in in Remote Ping monitor Gracias por su observaciones -- *Rhamyro Alcoser A.* *ITIL Systems Development* *¿Qué, pues, diremos a esto? Si Dios es por nosotros, ¿quién contra nosotros?, Rm 8:31* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Update Webmin en Produccion
Lo primero que debes hacer es actualizar tu sistema a CentOS 5.11 yum update Luego podrás poner la ultima versión de Webmin sin problemas. Saludos, David El día 22 de octubre de 2014, 14:29, Rhamyro Alcoser, Ing. rhamyr...@gmail.com escribió: Saludos estimados listeros, Mi consulta va para aquellos expertos, tengo un webmin en producción ver 1.530 en CentOS Linux 5.5, q es un servidor de correo. puedo actualizar a la ultima version del Webmin sin afectar configuraciones? en este momento ne da un error: Warning - Your system is actually running CentOS Linux version 5.11.y Fix error Bad arg length for Socket::pack_sockaddr_in in Remote Ping monitor Gracias por su observaciones -- *Rhamyro Alcoser A.* *ITIL Systems Development* *¿Qué, pues, diremos a esto? Si Dios es por nosotros, ¿quién contra nosotros?, Rm 8:31* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Update Webmin en Produccion
Muchas gracias David. y solo con ese comando: yum update Se actualiza sin alterar las configuraciones todo el servidor? Gracias señor muy importante su ayuda. El 22 de octubre de 2014, 13:06, David González Romero dgrved...@gmail.com escribió: Lo primero que debes hacer es actualizar tu sistema a CentOS 5.11 yum update Luego podrás poner la ultima versión de Webmin sin problemas. Saludos, David El día 22 de octubre de 2014, 14:29, Rhamyro Alcoser, Ing. rhamyr...@gmail.com escribió: Saludos estimados listeros, Mi consulta va para aquellos expertos, tengo un webmin en producción ver 1.530 en CentOS Linux 5.5, q es un servidor de correo. puedo actualizar a la ultima version del Webmin sin afectar configuraciones? en este momento ne da un error: Warning - Your system is actually running CentOS Linux version 5.11.y Fix error Bad arg length for Socket::pack_sockaddr_in in Remote Ping monitor Gracias por su observaciones -- *Rhamyro Alcoser A.* *ITIL Systems Development* *¿Qué, pues, diremos a esto? Si Dios es por nosotros, ¿quién contra nosotros?, Rm 8:31* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- *Rhamyro Alcoser A.* *ITIL Systems Development* *Mailto1:* rhamyr...@gmail.com *Mailto2:* rhamyr...@icloud.com rhamyr...@gmail.com *Skype: *rhamyr...@outlook.com ramiro...@hotmail.com *Quito - Ecuador * *¿Qué, pues, diremos a esto? Si Dios es por nosotros, ¿quién contra nosotros?, Rm 8:31* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Update Webmin en Produccion
Muchas gracias David. y solo con ese comando: yum update Se actualiza sin alterar las configuraciones todo el servidor? Gracias señor muy importante su ayuda. #yum update es para actualizar el sistema y poder actualizar el webmin, hace años que no lo uso, pero el objetivo del webmin es facilitarle la vida al administrador de redes, el lo que hace es escribir los archivos de configuración del propio sistema no crear unos independientes, por lo tanto puedes actualizar e incluso desinstalar el webmin que en teoría no debe afectarte las configuraciones del servidor. Saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Update Webmin en Produccion
Muchas gracias, Ya lo voy a actualizar primero el sistema Centos con ese comando y luego actualizo el Webmin. Mi insistencia en preguntar que no afecte en nada las configuraciones del servidor es porque esta en producción y otro porque alguna vez tenia un servidor en producción con centos 6 y zymbra 8, el sistema me pidió que actualice lo hice y se daño el servidor perdió algunas propiedades. En este momento mi server esta con centos 5.5 y sendmail esta perfecto. Un dato adicional lo puedo actualizar desde el mismo webmail sin usar ese comando, pq ahi presenta un boton para actualizar el sistema y el webmail? muchas gracias. es mi ultima pregunta, por favor me disculpan que mi fuerte no es el linux pero a veces me toca dar esas soluciones. El 22 de octubre de 2014, 16:07, ylarg...@cimex.com.cu escribió: Muchas gracias David. y solo con ese comando: yum update Se actualiza sin alterar las configuraciones todo el servidor? Gracias señor muy importante su ayuda. #yum update es para actualizar el sistema y poder actualizar el webmin, hace años que no lo uso, pero el objetivo del webmin es facilitarle la vida al administrador de redes, el lo que hace es escribir los archivos de configuración del propio sistema no crear unos independientes, por lo tanto puedes actualizar e incluso desinstalar el webmin que en teoría no debe afectarte las configuraciones del servidor. Saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- *Rhamyro Alcoser A.* *ITIL Systems Development* *Mailto1:* rhamyr...@gmail.com *Mailto2:* rhamyr...@icloud.com rhamyr...@gmail.com *Skype: *rhamyr...@outlook.com ramiro...@hotmail.com *Quito - Ecuador * *¿Qué, pues, diremos a esto? Si Dios es por nosotros, ¿quién contra nosotros?, Rm 8:31* ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Update Webmin en Produccion
Si instalaste webmin desde el repo puedes actualizar solo webmin así yum update webmin acá te explica como instalar webmin desde el repo http://www.webmin.com/rpm.html -- Saludos Cordiales |César Martínez | Ingeniero de Sistemas | SERVICOM |Tel: (593-2)554-271 2221-386 | Ext 4501 |Celular: 0999374317 |Skype servicomecuador |Web www.servicomecuador.com Síguenos en: |Twitter: @servicomecuador |Facebook: servicomec |Zona Clientes: www.servicomecuador.com/billing |Blog: http://servicomecuador.com/blog |Dir. Av. 10 de Agosto N29-140 Entre |Acuña y Cuero y Caicedo |Quito - Ecuador - Sudamérica On 22/10/14 15:47, Rhamyro Alcoser, Ing. wrote: Muchas gracias, Ya lo voy a actualizar primero el sistema Centos con ese comando y luego actualizo el Webmin. Mi insistencia en preguntar que no afecte en nada las configuraciones del servidor es porque esta en producción y otro porque alguna vez tenia un servidor en producción con centos 6 y zymbra 8, el sistema me pidió que actualice lo hice y se daño el servidor perdió algunas propiedades. En este momento mi server esta con centos 5.5 y sendmail esta perfecto. Un dato adicional lo puedo actualizar desde el mismo webmail sin usar ese comando, pq ahi presenta un boton para actualizar el sistema y el webmail? muchas gracias. es mi ultima pregunta, por favor me disculpan que mi fuerte no es el linux pero a veces me toca dar esas soluciones. El 22 de octubre de 2014, 16:07, ylarg...@cimex.com.cu escribió: Muchas gracias David. y solo con ese comando: yum update Se actualiza sin alterar las configuraciones todo el servidor? Gracias señor muy importante su ayuda. #yum update es para actualizar el sistema y poder actualizar el webmin, hace años que no lo uso, pero el objetivo del webmin es facilitarle la vida al administrador de redes, el lo que hace es escribir los archivos de configuración del propio sistema no crear unos independientes, por lo tanto puedes actualizar e incluso desinstalar el webmin que en teoría no debe afectarte las configuraciones del servidor. Saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] concurrencia de usuarios en carpeta compartida en samba4
Buenas noches!! Tengo una interrogante, existe un parámetro interno en algún archivo de configuración de Samba4, donde diga cual es el tope de usuarios concurrentes a una carpeta compartida y si se puede cambiar ese parámetro?? José Fermín Francisco Ferreras Registered User #579535 (LinuxCounter.net) ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS] CentOS-announce Digest, Vol 116, Issue 12
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2014:1671 Moderate CentOS 5 rsyslog5 Security Update (Johnny Hughes) 2. CESA-2014:1669 Low CentOS 7 qemu-kvm Security Update (Johnny Hughes) 3. CESA-2014:1655 Moderate CentOS 7 libxml2 Security Update (Johnny Hughes) 4. CESA-2014:1676 Moderate CentOS 7 wiresharkSecurity Update (Johnny Hughes) 5. CESA-2014:1677 Moderate CentOS 5 wiresharkSecurity Update (Johnny Hughes) -- Message: 1 Date: Tue, 21 Oct 2014 16:39:04 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2014:1671 Moderate CentOS 5 rsyslog5 Security Update Message-ID: 20141021163904.ga7...@chakra.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2014:1671 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1671.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: dc2949c2525c1a78b1869cd2f532e935ce8660072216b291d7b412e3124c80ab rsyslog5-5.8.12-5.el5_11.i386.rpm 7d02145ccd645aff9dbb04dec8e0f493922f58ba6cb8f01b9e15c60acf9fc6df rsyslog5-gnutls-5.8.12-5.el5_11.i386.rpm 7a13dfee4c8e7fd4353e0b52be3a431ec8fdc59a1c883330538cac72dd743420 rsyslog5-gssapi-5.8.12-5.el5_11.i386.rpm 81563a2162db486b9de155424dd63ae28d42ecfe20cf99533aab17a674e21fb2 rsyslog5-mysql-5.8.12-5.el5_11.i386.rpm 3e8c7182485370bd260746b85fd258622b22dde2d9f8b91a7b0300b87728b6e9 rsyslog5-pgsql-5.8.12-5.el5_11.i386.rpm 7ed3b710754ee85623605be96cd7b60d8c311ef4b8f7a95f38c7f0ad95cce9fe rsyslog5-snmp-5.8.12-5.el5_11.i386.rpm x86_64: 8b0241bca0769484a6692ea68ddbf43f354ef0cff3469d87d5823f02a0282c0d rsyslog5-5.8.12-5.el5_11.x86_64.rpm 4863b240e157bbf930d31af230e7ba49f89c38e6aef2ccd1bdda9ada5f1ea5a0 rsyslog5-gnutls-5.8.12-5.el5_11.x86_64.rpm ad86eb44f4ffb02ea307cb2e5c5ea2eba924622cb0c975c6f4a6d5d22045 rsyslog5-gssapi-5.8.12-5.el5_11.x86_64.rpm e0be6a0b2cb21dc7a9a92aa52d9061e0a7c7a685b1cf2193046549c9d8426422 rsyslog5-mysql-5.8.12-5.el5_11.x86_64.rpm c268b872920776a75a738d10bc8a71976cb6de501460b740e80b67bd21288e7d rsyslog5-pgsql-5.8.12-5.el5_11.x86_64.rpm 41ce2b483017cfc030c60caa0d5e2ad72997d2882aab789f81ee4ec729f6cd91 rsyslog5-snmp-5.8.12-5.el5_11.x86_64.rpm Source: aea9eb2bdad66c7385e88b973ee5d51bc86a10ed462be58d8e32690cbfae6f99 rsyslog5-5.8.12-5.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net -- Message: 2 Date: Tue, 21 Oct 2014 17:21:12 + From: Johnny Hughes joh...@centos.org To: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2014:1669 Low CentOS 7 qemu-kvm SecurityUpdate Message-ID: 20141021172112.ga19...@n04.lon1.karan.org Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2014:1669 Low Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1669.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: fb80d3eed43c292045f789a7975233d8370f81ab44ed7533c89e9285cdaaf76b libcacard-1.5.3-60.el7_0.10.i686.rpm 8a596137622c6ed6113f60a09264fea4af9163939d481faacc0446b69d7e4ccf libcacard-1.5.3-60.el7_0.10.x86_64.rpm 3652b540146a2346ddfa29b44020b35e73cf07eb7dbc34d263b3cbb0fd6d67a4 libcacard-devel-1.5.3-60.el7_0.10.i686.rpm 62812d12eaf3446b88f9d4fc28fd030794de0a4cc374ba0280ff2166ac8638f7 libcacard-devel-1.5.3-60.el7_0.10.x86_64.rpm 2ec8eafc99d8f2ec49e16ecfb2962992f215a0def44faa91438cb42045957f17 libcacard-tools-1.5.3-60.el7_0.10.x86_64.rpm a0c730b45988fa40b5757164d3a9db73a5a1b258501d400b1110ee7d2d859be0 qemu-guest-agent-1.5.3-60.el7_0.10.x86_64.rpm fdc3370f8f691de28013d749c99e500a72db65708e867016824dde55e63597d7 qemu-img-1.5.3-60.el7_0.10.x86_64.rpm ca55fa4cf9cdf4d5d45ab30afeedc4378161c9ada913f3b8d7da189a8eca7f86 qemu-kvm-1.5.3-60.el7_0.10.x86_64.rpm 7e1f62cdac4f199e8f31751ee937ace975d025556cdb3c654ea53c02e0f387d2 qemu-kvm-common-1.5.3-60.el7_0.10.x86_64.rpm e4082072fd75bb8166d954062928ab0c16439dd491535e0c8e329da6c6b7f1c9 qemu-kvm-tools-1.5.3-60.el7_0.10.x86_64.rpm Source: 6821bb25b385c0ad5e25cf715cba8244836e8ab3b969c431f0aa2f1245d74461 qemu-kvm-1.5.3-60.el7_0.10.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr,
Re: [CentOS] Loss of Ethernet adaptor
On Tue, October 21, 2014 14:02, Marcelo Ricardo Leitner wrote: On 16-10-2014 13:47, Akemi Yagi wrote: On Wed, Oct 15, 2014 at 8:41 AM, James B. Byrne byrn...@harte-lyne.ca wrote: This is a return to an issue I first raised back in June. We had a similar occurrence in September while I was away and so I am revisiting the entire matter. Steve Clark on 6 Jun 16:02 2014 wrote: Hi, We ran into this problem also - the interface would disappear. There is newer e1000e driver that fixes it or you could add pcie_aspm=off to your kernel command line. HTH, Steve I have run into other reports of similar occurrences and some of these refer to this bug report: https://bugzilla.redhat.com/show_bug.cgi?id=632650 I'm the one who did the submission. Some of my comments (which I thought were helpful) have been hidden by Red Hat. However, that report is closed as being a duplicate of: https://bugzilla.redhat.com/show_bug.cgi?id=562273 Which is not available to viewing by the great unwashed. I don't have access, either. The host is running CentOS-6.5 with all updates applied to date. My question is: Has this issue been addressed in the official e1000e module or not? if not then does the recommendation to add pcie_aspm=off to your kernel command line hold? My suggestion for you is to give ELRepo's kmod-e1000e a try. It has the latest version from Intel (3.1.0.2) as opposed to the version in the EL kernels (2.3.2-k). There are known cases in which a later version resolved issues. Both BZs above are RHEL 5 specific, being 562273 a driver update one. Did you report this against any RHEL6 too? Marcelo No, I did not. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing dark SSL sites
On Tuesday, October 21, 2014 07:28:13 PM Stephen Harris wrote: On Tue, Oct 21, 2014 at 04:17:25PM -0700, li...@benjamindsmith.com wrote: I've already confirmed for example, that using openssl s_client as you mention above doesn't actually check the certs, just lists them. Actually it does check them as well. e.g. openssl s_client -connect localhost:443 /dev/null /dev/null depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/ CN=a.example.com/emailAddress=r...@a.example.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/ CN=a.example.com/emailAddress=r...@a.example.com verify error:num=10:certificate has expired notAfter=Aug 9 23:55:39 2014 GMT verify return:1 depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/ CN=a.example.com/emailAddress=r...@a.example.com notAfter=Aug 9 23:55:39 2014 GMT verify return:1 DONE Notice the verify error lines; it's both self-signed _and_ expired. In chained certs it'll check each of the chains. e.g. openssl s_client -connect www.google.com:443 /dev/null /dev/null CONNECTED(0003) depth=3 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority verify return:1 depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA verify return:1 depth=1 /C=US/O=Google Inc/CN=Google Internet Authority G2 verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority You can do a _LOT_ with the openssl command line (e.g. show all the intermediate certs in detail with -showcerts). 'man s_client' If you have a server with a broken intermediate chain then run the command and see what it returns. I ended up discovering that curl recently added the option --resolve that allows me to do what I need. I had to download a statically compiled version and install in /usr/local to get it working on EL6. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Q. LUKS or ecryptfs-utils ?
I am now investigating encrypting our IMAP user spool files. Does anyone have experience with handling encrypted data stores using either or both of the subject methods and would care tio share their observations? Which is the preferred method (I know: it depends, but on what?)? What administrative pain does each cause? Our IMAP host is a KVM guest so spinning up a duplicate and simply copying the data to an encrypted device or filesystem is not a very big deal. We can live with manually mounting the file system and providing a pass-phrase at boot. we are also looking into a semi-auto USB based solution to that issue. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Q. LUKS or ecryptfs-utils ?
On 22/10/14 03:32 PM, James B. Byrne wrote: I am now investigating encrypting our IMAP user spool files. Does anyone have experience with handling encrypted data stores using either or both of the subject methods and would care tio share their observations? Which is the preferred method (I know: it depends, but on what?)? What administrative pain does each cause? Our IMAP host is a KVM guest so spinning up a duplicate and simply copying the data to an encrypted device or filesystem is not a very big deal. We can live with manually mounting the file system and providing a pass-phrase at boot. we are also looking into a semi-auto USB based solution to that issue. Our mail server has used LUKS encryption for the swap and / partitions for a while without issue. I use: /dev/sda1 - /boot (normal ext4 partition) /dev/sda2 - LVM PV - VG: lv_swap - luks - swap lv_root - luks - ext4 - / Running on CentOS 6.x, postfix/dovecot. Authentication DB is another server with similar LUKS config. Both are KVM VMs. As you mentioned, I do need to enter the passphrase on boot. I have an alert system that warns me if a VM reboots unexpectedly. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Testing dark SSL sites
Am 22.10.2014 um 20:14 schrieb Benjamin Smith li...@benjamindsmith.com: On Tuesday, October 21, 2014 07:28:13 PM Stephen Harris wrote: On Tue, Oct 21, 2014 at 04:17:25PM -0700, li...@benjamindsmith.com wrote: I've already confirmed for example, that using openssl s_client as you mention above doesn't actually check the certs, just lists them. Actually it does check them as well. e.g. openssl s_client -connect localhost:443 /dev/null /dev/null depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/ CN=a.example.com/emailAddress=r...@a.example.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/ CN=a.example.com/emailAddress=r...@a.example.com verify error:num=10:certificate has expired notAfter=Aug 9 23:55:39 2014 GMT verify return:1 depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/ CN=a.example.com/emailAddress=r...@a.example.com notAfter=Aug 9 23:55:39 2014 GMT verify return:1 DONE Notice the verify error lines; it's both self-signed _and_ expired. In chained certs it'll check each of the chains. e.g. openssl s_client -connect www.google.com:443 /dev/null /dev/null CONNECTED(0003) depth=3 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority verify return:1 depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA verify return:1 depth=1 /C=US/O=Google Inc/CN=Google Internet Authority G2 verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority You can do a _LOT_ with the openssl command line (e.g. show all the intermediate certs in detail with -showcerts). 'man s_client' If you have a server with a broken intermediate chain then run the command and see what it returns. I ended up discovering that curl recently added the option --resolve that allows me to do what I need. I had to download a statically compiled version and install in /usr/local to get it working on EL6. just add your host into /etc/hosts -- LF ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] And now for something completely different. Win7 on KVM
As you can probably guess by now I am working my way down through my outstanding issue list trying to get as many deferred items closed out as I can before the next security storm hits. We have a Win7pro KVM guest that has been giving us networking issues since it was created. The last problem was that it was picking up its network address from the virtio DHCP service, with predicable results. This turned out to be an issue with how the virtual nic was configured (it was using NAT instead of the br0 bridge. We have adjusted the settings on the guest so the the nic is configured as a shared device / br0 / Device Model=virtio. Now after it boots the thing says that it does not have a driver for Ethernet adaptor at all. Is there a different setting for the model that I should be using? I have to point out that this thing was originally installed from cd-rom and then updated from the internet. So at some point it must have had a working network connection. Any ideas as to how to get it to find the network interface again? -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] upgrade dhcpd failover set from centos 5.x -7.x
Is there a less drastic way to upgrade a pair of dhcpd servers on Centos 5.x than forklifting the old boxes out and hoping the replacements work?. The failover protocol seems to be incompatible so I just upgrade one at a time Has anyone been through this with a clever solution - like compiling a new dhcpd on the old boxes for an easy rollback? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Q. LUKS or ecryptfs-utils ?
On Wed, Oct 22, 2014 at 9:32 PM, James B. Byrne byrnejb wrote: I am now investigating encrypting our IMAP user spool files. Does anyone have experience with handling encrypted data stores using either or both of the subject methods and would care tio share their observations? Which is the preferred method (I know: it depends, but on what?)? What administrative pain does each cause? I guess you first need to decide what/who are you protecting your email from. If we are speaking about somebody entering into the datacenter and stealing/cloning a disk containing your users' emails, the luks solution described by Digimer should work fine. If you want to protect sensitive users of your organization (HR director, CFO, etc) from your own IT admins, things get complicated easy :-) . ecryptfs can do a per-user file-based encryption but it doesn't really handle multi-user environments. If your /home/user1 is mounted from a ecrypfs filesystem, nothing prevents root / sudo'd processes from picking files from a certain user. For the latter I'd suggest using PGP -- although instructing users to handle the complexity of client-based encryption is another huge task. My 0.02€ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Q. LUKS or ecryptfs-utils ?
Hello James, As you already said, the decision on which method use depends on what you want to accomplish so lets take a brief look at how these encryption methods works: - dm-crypt with LUKS: the encryption works at partition-level so the only way to use it is to first create a partition, then encrypt it and only then mount it and install your system or start filling with stuff. - eCryptFS: this method creates an encrypted file wherever you want in your system so you can transparently mount it and start using it as if it were just any other directory. Cons: dm-crypt/LUKS: a) if your root directory is encrypted you will need to enter the decryption passwd every time you boot the system. b) You can't just encrypt files or directories, as I explain above you need to first create an encrypted partition and then mount it. c) Depending the filesystem setup you chose you might not be able to resize your LUKS partition once it is created (mostly this applies to Btrfs) so be sure about what you are doing; using an LVM+pick_your_preferred_FS setup should be okay though. eCryptFS: a) Access times are AWFUL but this is absolutely understandable because the way this encryption works: whenever you put stuff on this 'directory' (or remove stuff from it) it is written to/from a single file... most problems arises when dealing with lot of I/O operations or copying big files into it, which is plain painful; however I yet have to see how it performs on newer SSD drives, so far I only tested eCryptFS on traditional mechanical disks. b) If you decide to remove the eCrypt file but you don't carefully follow developers' instructions it will be HELL -- believe me, I was there, my own fault of course. Pros: dm-crypt/LUKS: a) The encryption/decryption is much, much, MUCH faster than with eCryptFS and uses fewer resources, both CPU cycles and disk I/O operations -- it's likely you won't notice the impact at all. b) While you will need to enter a passphrase to decrypt your root partition every time you boot - should you decide to encrypt it - that isn't true for the rest of your dm-crypt/LUKS volumes: you can use a password file to automatically decrypt your media thru /etc/crypttab, which is parsed before /etc/fstab: crypttab first decrypt all the volumes as instructed and then handles the mounting operation to fstab. b) Because of the above, you could easily create a new encrypted partition and mount it automatically. eCryptFS: a) Creating new encrypted storages is as trivial as counting 1, 2, 3. I'm sure more experienced admins can help you better understand these encryptions methods, I just wanted to give you an overview of them. HTH! -Martin On Wed, Oct 22, 2014 at 4:32 PM, James B. Byrne byrn...@harte-lyne.ca wrote: I am now investigating encrypting our IMAP user spool files. Does anyone have experience with handling encrypted data stores using either or both of the subject methods and would care tio share their observations? Which is the preferred method (I know: it depends, but on what?)? What administrative pain does each cause? Our IMAP host is a KVM guest so spinning up a duplicate and simply copying the data to an encrypted device or filesystem is not a very big deal. We can live with manually mounting the file system and providing a pass-phrase at boot. we are also looking into a semi-auto USB based solution to that issue. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- -Martin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Q. LUKS or ecryptfs-utils ?
Do you also run the hypervisor? Because if you are not, then the host can dump your guest's memory and retrieve the luks passphrase from there AFAIK. Who are you hiding from? -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro - Original Message - From: James B. Byrne byrn...@harte-lyne.ca To: centos@centos.org Sent: Wednesday, 22 October, 2014 20:32:32 Subject: [CentOS] Q. LUKS or ecryptfs-utils ? I am now investigating encrypting our IMAP user spool files. Does anyone have experience with handling encrypted data stores using either or both of the subject methods and would care tio share their observations? Which is the preferred method (I know: it depends, but on what?)? What administrative pain does each cause? Our IMAP host is a KVM guest so spinning up a duplicate and simply copying the data to an encrypted device or filesystem is not a very big deal. We can live with manually mounting the file system and providing a pass-phrase at boot. we are also looking into a semi-auto USB based solution to that issue. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Lenovo RD-340 E2420
I'm trying an installation of Centos-7 on a Lenovo RD340 E2420 with a raid 10 and a key for raid 5 controller The installation stop at this line found on the debug 18:56:36,657 WARNING kernel:[111:138491] device mapper: ioct: error adding target to table Is the any experience over this kind of problem -- Michel Donais ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lenovo RD-340 E2420
On 10/22/2014 06:44 PM, donais wrote: I'm trying an installation of Centos-7 on a Lenovo RD340 E2420 with a raid 10 and a key for raid 5 controller The installation stop at this line found on the debug 18:56:36,657 WARNING kernel:[111:138491] device mapper: ioct: error adding target to table Is the any experience over this kind of problem Please don't hijack existing threads with new questions. Start a brand new thread so it's easier to find in the archives. It's also more polite to the original poster. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Q. LUKS or ecryptfs-utils ?
On Wed, Oct 22, 2014 at 7:52 PM, Nux! n...@li.nux.ro wrote: Do you also run the hypervisor? Because if you are not, then the host can dump your guest's memory and retrieve the luks passphrase from there AFAIK. Who are you hiding from? Beautiful, thanks for pointing that. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS-CR-announce] CEBA-2014:1678 CentOS 6 watchdog BugFix Update
CentOS Errata and Bugfix Advisory 2014:1678 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1678.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 5834ec34e910f86808dddebb86d1df9a84fa2ec99c113eb0bf88b4d52e955844 watchdog-5.6-4.el6_6.i686.rpm x86_64: 51f9b2ab32ac44736f3ed719dc29ec1ab6b8ea38660477797a9a4d794b00fc43 watchdog-5.6-4.el6_6.x86_64.rpm Source: df08b3a36dd2566d4da17886adc8715b66d50072f1e899fd99492f6ddb111580 watchdog-5.6-4.el6_6.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net ___ CentOS-CR-announce mailing list CentOS-CR-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-cr-announce