Re: [CentOS] leap second and Centos
On Fri, Mar 6, 2015 at 4:04 PM, Gordon Messmer gordon.mess...@gmail.com wrote: On 03/06/2015 01:41 PM, Les Mikesell wrote: I just want the package revisions for at least the kernel and tzdata* files and anything else where previously-found bugs related to the leap second have been fixed. https://access.redhat.com/articles/15145 https://rhn.redhat.com/errata/RHSA-2013-0496.html Helpful, but not exactly concise... And I don't understand the concept of /usr/share/zoneinfo/right/*. Are those supposed to print the right time if your clock is left wrong? Contrary to your previous assertion, in 2012, it was not the kernel that consumed CPU cycles. That problem was seen in user space. But it is just as much the kernel's fault if it returns from nanosleep()/usleep() instantly without counting any time down so you spin in user space as if stayed in the kernel. Nothing in user space could have fixed it. The problem was fixed by changing the kernel's implementation of leap second handling, but the reason that you are being told that testing your applications is the only way to verify that there is not a problem is that these problems aren't confined to the kernel and tzdata packages. Unknown problems can happen anywhere/any time. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
Once upon a time, Les Mikesell lesmikes...@gmail.com said: Helpful, but not exactly concise... And I don't understand the concept of /usr/share/zoneinfo/right/*. Are those supposed to print the right time if your clock is left wrong? Basically, POSIX time doesn't really handle leap seconds. In theory, the timeinfo struct can count to 60 (even 61) seconds in a minute. However, the base time_t is specified as days of exactly 86,400 seconds. The Linux kernel (and IIRC most other Unix systems) just tick the same second twice; this June, the time() function will return 1435708799 for two seconds on the wall clock, and gettimeofday() will count tv_usec from 0 to 999, then back to 0, without changing tv_sec. So, there's a hack for things that really want to know leap seconds. It is done in the timezone data files; they know the offset from POSIX to UTC (based on all the leap seconds inserted since the start of the POSIX epoch, 1970-01-01) and report time that way. If your kernel never handled leap seconds, and was set to UTC seconds since 1970-01-01 instead of POSIX seconds, then you could use the right timezone files to see the current time. However, you'd be out of step with all the rest of the Internet for anything that uses POSIX seconds (fileservers for example), and always think the clock was slow (plus you'd have to run a custom copy of NTP to not try to fix the clock). -- Chris Adams li...@cmadams.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking troubles on CentOS 7
On 6 March 2015 at 02:15, Kashyap Bhatt thekashy...@yahoo.co.in wrote: Are you sure the vmware NIC is configured as bridged, not NAT on the host side? Not really. Does it help if I say I'm using the same Network Adapter configuration with which another VM in same subnet works fine? I've added a screen shot if that helps, though I think it shows the guest config and not host which you questioned.PicPaste - Untitled3-cJQlcohB.png | | | | | | | | | | | PicPaste - Untitled3-cJQlcohB.png PicPaste is a login free service for uploading pictures | | | | View on picpaste.com | Preview by Yahoo | | | | | Firewall1. ssh was kind of an example to show that I'm unable to see this machine from outside. Same is true for ping or host.2. I don't know how to specifically add rule to allow ssh/22 through my firewall so before spending more time on that, I just shut firewall down (systemctl stop firewalld). Same result, ssh/ping time out. Would it make sense to start the firewalld and add rule to allow ssh through it? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Since you are not able to communicate to the CentOS 7 vm from the host are you at least able to ping the gateway from the from the guest, which is in this case the CentOS 7 VM? -- Kind Regards Earl Ramirez ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS7 buggy freeradius
On 03/02/2015 05:32 AM, Jean-Luc OMS wrote: Bonjour, It seems that freeradius 3.0.1-6.el7 of centOS 7 don't work. When doing very simple authentification (PAP control of ssh login on a switch), I get a segmentation fault when the first accounting packet arrives on the server. Does anyone test succesfully this version of freeradius ? Thanks PS: no error with the compilation of the last source version of freeradius (3.0.7) Note: when we finish 7.1, it will have freeradius-3.0.4-6.el7.x86_64.rpm signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: CentOS7 buggy freeradius
Le 06/03/2015 12:41, Jean-Luc OMS a écrit : anyone using freeradius around ?? I am using freeradius, but with Ubuntu server 14.04. This is version 2.1.12. Freeradius 3.0 is the new version of freeradius, and the first versions had indeed bugs. See for exemple : http://lists.freeradius.org/pipermail/freeradius-users/2014-May/072066.html Alain -- Administrateur Système/Réseau Laboratoire de Photonique et Nanostructures (LPN/CNRS - UPR20) Centre de Recherche Alcatel Data IV - Marcoussis route de Nozay - 91460 Marcoussis Tel : 01-69-63-61-34 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LVM encryption and new volume group
I will have a look at the anaconda log. Thanks for the first help. I will have to buy a new Ultrabay case. Am 6. März 2015 07:10:31 MEZ, schrieb Chris Murphy li...@colorremedies.com: On Thu, Mar 5, 2015 at 10:25 PM, Tim li...@kiuni.de wrote: Hi Chris, thanks for your answer. It is the first time I decided to encrypt my lvm. I choosed to encrypt the volume group, not every logical volume itself, because in case of doing lvm snapshots in that group they will be encrypted too? Yes, anything that's COW'd is also encrypted in this case. And how do I create a new encrypted volume group? Strictly speaking the VG isn't the target of the encryption, the underlying PV is. Also, it's not absolutely necessary to partition the drive at all if you have no need for unencrypted space on this new drive. Since I use drives on multiple platforms, I always partition so that other OS's recognize the drive space is spoken for instead of appearing unpartitioned and hence blank. Linux via libblkid always looks at disk contents whether partitioned or not so if this is a Linux only drive you don't have to partition it. 1. Use cryptsetup to create a LUKS volume on the whole disk or a partition thereof. For the exact command, you can cheat by doing 'grep cryptsetup /var/log/anaconda/program.log' which will show you the command Anaconda used when setting up your first drive. PLEASE make sure you don't use that command directly or it'll wipe the LUKS header on your current drive. You have to change the /dev/sdX designation to point to the new drive or partition. 2 cryptsetup luksOpen /dev/sdX newdrive 3. pvcreate /dev/mapper/newdrive 4. vgcreate newvg /dev/mapper/newdrive 5. lvcreate -L 300G -n morestuff newvg 6. mkfs.xfs /dev/mapper/newvg-morestuff Adapt as needed. Don't forget crypttab is used to point to the LUKS volume, once it's unlocked the PV is revealed and lvm will activate the VG and the LVs on it, and then in your fstab you'll have the UUID for the XFS volume and mount this whereever you want it mounted. -- Chris Murphy ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grsync for centos 7
On Thu, Mar 05, 2015 at 04:30:15PM -0600, Francis Gerund wrote: 5) If Grsync was in centos before, why was it removed? Because it's not in RHEL. Okay, but why not? I can't find any evidence it was ever in RHEL or CentOS. It looks like it's in the Nux Desktop repo and the Repoforge repo for EL5 and 6 and Nux for EL7. 6) While I do really appreciate CLI stuff, more and more I have come to appreciate GUI stuff. Someday, I think you too will understand. I really doubt that. Someday, maybe, you'll understand why some people prefer the command line interface. 7) Again, hasn't anyone installed Grsync in centos 7 from source? I hate to being the lab rat. The Fedora packages rebuild fine for epel7 (I just tested it), so I would assume that'd be the best place to start if you wanted to build your own packages. Or you could just use the Nux Desktop repo. See: http://wiki.centos.org/AdditionalResources/Repositories -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 6 - disabling IPv6 addressing
I have just moved a host from a network that supports static IPv4 and IPv6. The IPv4 addr is set in ifcfg-eth0, and the IPv6 via RA (I set the MAC so I get an IPv6 addr that I like). I just moved the host to a network that supports static IPv4, but only dymanic IPv6, so at this time (until I get static IPv6), I need to disable the global IPv6 addressing. So in the ifcfg-eth0 file I set: IPV6INIT=no But I am still getting a global IPv6 (and of course local scope). What else do I need to do to disable the listening for RA announcements and setting an IPv6 global address? I do not want to reboot the box. I can restart the network as needed. I seem to recall, once upon atime an option in /etc/sysconfig/network thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - disabling IPv6 addressing
On 03/06/2015 11:00 AM, Robert Moskowitz wrote: On 03/06/2015 10:55 AM, Barry Brimer wrote: IPV6INIT=no But I am still getting a global IPv6 (and of course local scope). What else do I need to do to disable the listening for RA announcements and setting an IPv6 global address? I do not want to reboot the box. There are other modules, most notably bonding that rely on the ipv6 module being loaded. What I do is place options ipv6 disable=1 in /etc/modprobe.d/ipv6.conf. That does require a reboot, which I know you are looking to avoid, so you may want to try other methods to remove your address in the running configuration. 'All' I need is for the system not to have a global IPv6 address. Then it will not try to connect to other global IPv6 systems which will reject the connection, as the IPv6 rDNS cannot be set, given it is a dynamic IPv6 assigned address from the ISP. I tried: # cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=z9m9z.htt-consult.com NETWORKING_IPV6=no IPV6INIT=no and 'service network restart' but still showing IPv6 addressing. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - disabling IPv6 addressing
IPV6INIT=no But I am still getting a global IPv6 (and of course local scope). What else do I need to do to disable the listening for RA announcements and setting an IPv6 global address? I do not want to reboot the box. There are other modules, most notably bonding that rely on the ipv6 module being loaded. What I do is place options ipv6 disable=1 in /etc/modprobe.d/ipv6.conf. That does require a reboot, which I know you are looking to avoid, so you may want to try other methods to remove your address in the running configuration. Barry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - disabling IPv6 addressing
On 03/06/2015 10:40 AM, Robert Moskowitz wrote: I have just moved a host from a network that supports static IPv4 and IPv6. The IPv4 addr is set in ifcfg-eth0, and the IPv6 via RA (I set the MAC so I get an IPv6 addr that I like). I just moved the host to a network that supports static IPv4, but only dymanic IPv6, so at this time (until I get static IPv6), I need to disable the global IPv6 addressing. So in the ifcfg-eth0 file I set: IPV6INIT=no But I am still getting a global IPv6 (and of course local scope). What else do I need to do to disable the listening for RA announcements and setting an IPv6 global address? I do not want to reboot the box. I can restart the network as needed. I seem to recall, once upon atime an option in /etc/sysconfig/network thanks AFAIK/recall none of the ipv6 disabling in the /etc/sysconfig files has ever quite worked the way it was advertised, I ended up writing a small shell script to be executed on startup to handle the issue. something like: echo disable ipv6 on physical interfaces for i in /proc/sys/net/ipv6/conf/eth* do echo 1 $i/disable_ipv6 done but you may have better luck. -- public gpg key id: AE60F64C ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6 - disabling IPv6 addressing
On 03/06/2015 10:55 AM, Barry Brimer wrote: IPV6INIT=no But I am still getting a global IPv6 (and of course local scope). What else do I need to do to disable the listening for RA announcements and setting an IPv6 global address? I do not want to reboot the box. There are other modules, most notably bonding that rely on the ipv6 module being loaded. What I do is place options ipv6 disable=1 in /etc/modprobe.d/ipv6.conf. That does require a reboot, which I know you are looking to avoid, so you may want to try other methods to remove your address in the running configuration. 'All' I need is for the system not to have a global IPv6 address. Then it will not try to connect to other global IPv6 systems which will reject the connection, as the IPv6 rDNS cannot be set, given it is a dynamic IPv6 assigned address from the ISP. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Networking troubles on CentOS 7
Are you sure the vmware NIC is configured as bridged, not NAT on the host side? Not really. Does it help if I say I'm using the same Network Adapter configuration with which another VM in same subnet works fine? I've added a screen shot if that helps, though I think it shows the guest config and not host which you questioned.PicPaste - Untitled3-cJQlcohB.png Firewall1. ssh was kind of an example to show that I'm unable to see this machine from outside. Same is true for ping or host.2. I don't know how to specifically add rule to allow ssh/22 through my firewall so before spending more time on that, I just shut firewall down (systemctl stop firewalld). Same result, ssh/ping time out. Would it make sense to start the firewalld and add rule to allow ssh through it? Since you are not able to communicate to the CentOS 7 vm from the host are you at least able to ping the gateway from the from the guest, which is in this case the CentOS 7 VM? So it was a stupid mistake, I had selected the wrong VLAN while creating the VM. Compared the network config with a VM on same ESXi host that was working. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 121, Issue 2
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. Release for CentOS Linux 7 Rolling media Feb 2015 (Karanbir Singh) -- Message: 1 Date: Thu, 05 Mar 2015 12:36:14 + From: Karanbir Singh kbsi...@centos.org To: CentOS Announcements List centos-annou...@centos.org Subject: [CentOS-announce] Release for CentOS Linux 7 Rolling media Feb 2015 Message-ID: 54f84dbe.7000...@centos.org Content-Type: text/plain; charset=utf-8 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am pleased to announce general availability of the Feb 2015 snapshot for CentOS Linux. Todays release includes CentOS Linux 7 iso based install media, Generic Cloud images, Atomic Host and Docker containers. CentOS Linux rolling builds are point in time snapshot media rebuild from original release time, to include all updates pushed to mirror.centos.org's repositories. This includes all security, bugfix, enhancement and general updates for CentOS Linux. Machines installed from this media will have all these updates pre-included and will look no different when compared with machines installed with older media that have been yum updated to the same point in time. All rpm/yum repos remain on mirror.centos.org with no changes in either layout or content. Files marked as 20150228_01 indicate that it includes all content released to mirror.centos.org upto ( and including ) the 28th of Feb 2015. Since there is a need to test these images, the release will always lag few days behind the datestamp ( and therefore content included ) in the release. My aim is to automate as much of this as possible going forward to reduce this time lag as much as possible, however we might not be able to remove the lag completely. Other content formats like containers and vendor specific images will aim to start with the same cycle as the main CentOS Linux media, but might move to a more frequent build and release cycle if needed. Special Interest Groups ( http://wiki.centos.org/SpecialInterestGroup) wanting to do media and installer releases should also consider using the rolling timelines to sync with. - --- CentOS Linux distro installer media: File: CentOS-7-x86_64-DVD-20150228_01.iso Sha256sum: 8e1195b922def89f4d5846726f3bb1eaecd8bbfcb7a6e415d54a1ed6260ac21d File: CentOS-7-x86_64-Everything-20150228_01.iso Sha256sum: 09f76128a9d613ebc2ec0c6ad1313e78f0ce349dc669b2714e4e9f694c5c569b File: CentOS-7-x86_64-Minimal-20150228_01.iso Sha256sum: c4da447eba9806d50d8a6369f44d5f847f0da4fd49144e5900227e0ca66ae3b2 Symlinks are provided that will always map to the latest released builds, as follows ( including their current mapping ) http://buildlogs.centos.org/rolling/7/isos/x86_64/CentOS-7-x86_64-DVD.iso - - CentOS-7-x86_64-DVD-20150228_01.iso http://buildlogs.centos.org/rolling/7/isos/x86_64/CentOS-7-x86_64-Everything.iso - - CentOS-7-x86_64-Everything-20150228_01.iso http://buildlogs.centos.org/rolling/7/isos/x86_64/CentOS-7-x86_64-Minimal.iso - - CentOS-7-x86_64-Minimal-20150228_01.iso These symlinks are updated to point at the latest tested and released media and make for a good target in automation that requires CentOS Linux media. - -- For more information and comments please join us on the centos-devel mailing list ( http://lists.centos.org/ ) Enjoy! - -- Karanbir Singh, Project Lead, The CentOS Project -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iQEcBAEBAgAGBQJU+E2+AAoJEI3Oi2Mx7xbthVgH/21II7Wu00wLUJzU5uZn7xl6 olnu3CtTC0Nq7fm7MiP59PoaLTk1GKe4SaQFJQIuNJYdooH06XvarwiIo34SgOWq MV/7KFRhWER0ZLpvJQIa0+r5WjL7OXuOHZ18FomC3/PqIZZaVwhXSXtFnCGgnirD O6C3Ku6ErlTh4tF5gImw8s0FUkTBOOjfl5lL2jcqoSyXJkggs7CqBoH9LzfK/ddw HeLqCenosk72bIXPMhZsM2JiGK8dujjBftcJ3GtvXOvXoWs3+Rl8fTsaSlHUa37/ brPfSDDaVWcp3sVMPmw7XCgT1s3RSxVKVZM1lHvvwZFNMnEj67mCeQN/XMlMdQU= =5Dnk -END PGP SIGNATURE- -- ___ CentOS-announce mailing list centos-annou...@centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 121, Issue 2 *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fwd: CentOS7 buggy freeradius
Hi, anyone using freeradius around ?? Regards, Jean-Luc Oms ---BeginMessage--- Bonjour, It seems that freeradius 3.0.1-6.el7 of centOS 7 don't work. When doing very simple authentification (PAP control of ssh login on a switch), I get a segmentation fault when the first accounting packet arrives on the server. Does anyone test succesfully this version of freeradius ? Thanks PS: no error with the compilation of the last source version of freeradius (3.0.7) -- __ Jean-Luc Oms STI-RéseauX - LIRMM - CNRS/UM2 161 rue Ada - CC 477 34095 Montpellier cedex 5 Tel +33 4 67 41 85 93 Urg +33 6 32 01 04 17 __ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ---End Message--- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
On Tue, Jan 20, 2015 at 3:27 PM, Michael Hennebry henne...@web.cs.ndsu.nodak.edu wrote: Unix and ntp handle leap seconds a bit differently. Unix time increases during the leap second and drops back a second after. Ntp freezes time during the leap second. OS kernels may do either or neither. Does anyone have a succinct summary of how to prove to management-types that a given linux box won't have a problem with the leap second? Like kernel some_version, tzdata some_version, tzdata-java some_version? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Squid on CentOS 7: few questions
Hi, I recently migrated my office's server from Slackware64 14.1 to CentOS 7. Right now I'm in the process of configuring the Squid web proxy. I edited the default /etc/squid/squid.conf, and here's what I have so far: --8-- # /etc/squid/squid.conf # Nom d'hôte du serveur Squid visible_hostname amandine.microlinux.lan # Définitions acl localnet src 192.168.2.0/24 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Règles d'accès http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet # Port du proxy http_port 3128 # Taille du cache dans la RAM cache_mem 256 MB # Vidage système coredump_dir /var/spool/squid # Durée de vie des fichiers sans date d'expiration refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 --8-- The proxy is working as expected. I have a few questions for fine-tuning though. 1. Squid's main logs are stored in /var/log/squid/access.log. I'd like to setup logfile rotation for that, since it can become quite big. How do you handle this? With Squid's intern 'logfile_rotate' directive or with logrotate? What I'd like to do is rotate this logfile about once a week. 2. Which user is Squid supposed to run as under CentOS? On my Slackware server I had the following: cache_effective_user nobody cache_effective_group nobody What's an orthodox setting for CentOS? 3. The access rules are a bit minimal. Do they seem OK to you for a LAN? Any suggestions? Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
Once upon a time, Les Mikesell lesmikes...@gmail.com said: Does anyone have a succinct summary of how to prove to management-types that a given linux box won't have a problem with the leap second? Like kernel some_version, tzdata some_version, tzdata-java some_version? Only way to prove it is to set up a test and try it. AFAIK there are no known issues with an up-to-date system, but that was also true at the last couple of leap seconds (the issues that happened were previously unknown). There are a couple of ways to test: - If you don't need to prove NTP goodness, you can set up a free-running system with no NTP client, set the time to just before the leap second, and then use the adjtimex command (looks like this isn't in RHEL/CentOS/EPEL so you would need to build it, like from the Fedora package) to set the leap flag. Then just watch your system through the leap second. - If you also need to prove NTP, you'll have to set up a second system to be your NTP server. Set it to local mode with no outside servers, add the current leapseconds file, and set it's clock to a little before the leap second. Sync your test server to that clock, then wait for the leap second. The issue (from IIRC 2009?) I ran into with a leap second only happened when the kernel was under load (race condition on console lock when printing the leap second added message). The most recent leap second issue had to do with timers not triggering in the expected way (can't remember if that was kernel, or just applications/libraries not handling a kernel change). -- Chris Adams li...@cmadams.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Playback of MIDI files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/03/15 23:21, Nicolas Thierry-Mieg wrote: On 03/06/2015 12:09 AM, J Martin Rushton wrote: I've been given a MIDI file and would like to play it back on my CentOS 7 machine. Amarok and Brasero both indicate that I need a pluging, but I can't find anything on the CentOS, EPEL or ELrepo repositories. I'm sure I'm just looking in the wrong place or for the wrong name, can anyone point me in the right direction please. please don't hijack threads, create your own. Check out the nux-dextop repo, it's great and has lots of multimedia stuff. I wasn't aware that I had hijacked a thread! Anyway, thanks for the pointer, I've downloaded timidity++ and can now play my son's A-level music composition. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJU+gBfAAoJEAF3yXsqtyBlEdEP/Rpl8lzqM38eZlyGQJe/ERsP JtAxhmqDkyIElx2X7ouNTtCGZbfDX8O7oPWV/+aQ980Pd5obHqprI6PPK8ZCmq6P okdv/YelJHhZLDswcWZoBNSX4eff5I08P4DvdmRwuSTa211OpH4RGlcUEKV/+UMT 5zrgXj384ZiD1c5nzNXp06AThBfFvVqo1qlLWKWch69oZOua2x190wRw/y5vNX7R gziBvqZLHGoyNsdTKg7S0A38RmxVxFbkv7A+ChjWk9+HWGFv5ziEb94lduF3yi5M yQCXY3+s3w/i9xjifiFUAz2uBwjCRAOOMt/utC4JPRUQVES3o9mEgwsgS86yjwuR tDH0uOm0EEk9WcOMAd81hr2VT/9q4RacumE+pa235xlbxHPsFGpT6niHigKyuD6E NJ9ThgLiDj1Jv9eWaaAmyNSMmurSG5PL0NvI46Qsaywa/fJW8ADDKZRmxEAGsmgx Yxo3daAO/WbEwoljg55DHnBFXAlVJfjcPBdSWf2D/gJlwOGZ5a3tHTomTcDw/COA Hb8OvvpKyNNJKwAup2OF2godd98m45OsJVPs6iu9ZTl3CiSQqBZjETkb2VenBDw9 IAkKtzAxAn2E6xlWj8RYE1YA6b+H8Lsgcrupuz4fvl8L3LYqQHNqm+Cqgb+fl1QS A1gPXtGuieu0kURJ4/jJ =a04J -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Squid on CentOS 7: few questions
2015-03-06 12:29 GMT-06:00 Niki Kovacs i...@microlinux.fr: I recently migrated my office's server from Slackware64 14.1 to CentOS 7. Right now I'm in the process of configuring the Squid web proxy. I edited the default /etc/squid/squid.conf, and here's what I have so far: --8-- # /etc/squid/squid.conf # Nom d'hôte du serveur Squid visible_hostname amandine.microlinux.lan # Définitions acl localnet src 192.168.2.0/24 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Règles d'accès http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet # Port du proxy http_port 3128 # Taille du cache dans la RAM cache_mem 256 MB # Vidage système coredump_dir /var/spool/squid # Durée de vie des fichiers sans date d'expiration refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 --8-- The proxy is working as expected. I have a few questions for fine-tuning though. 1. Squid's main logs are stored in /var/log/squid/access.log. I'd like to setup logfile rotation for that, since it can become quite big. How do you handle this? With Squid's intern 'logfile_rotate' directive or with logrotate? What I'd like to do is rotate this logfile about once a week. The rpm should have configured logrotate: rpm -q --list squid |grep logrotate will show where the config file lands. 2. Which user is Squid supposed to run as under CentOS? On my Slackware server I had the following: cache_effective_user nobody cache_effective_group nobody What's an orthodox setting for CentOS? The rpm should have created the squid user and group: rpm -q --scripts squid will show what it ran to do that. 3. The access rules are a bit minimal. Do they seem OK to you for a LAN? Any suggestions? Unless you want to restrict outbound access, the main thing is the acl to permit access from your local network source addresses (and no others). I'd recommend an external firewall or at least iptables blocking inbound internet access to port 3128 also. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 7 confusion about Chinese input methods
I just tried my first Centos 7 install. I want to install input methods for Chinese. In the good old days, all I had to do was yum install a blob and I was done. Does anyone have a link or some hints that will help me? I did a search, but the hits just confuse me. thanks, Dave ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
On Fri, Mar 6, 2015 at 12:52 PM, Chris Adams li...@cmadams.net wrote: Once upon a time, Les Mikesell lesmikes...@gmail.com said: Does anyone have a succinct summary of how to prove to management-types that a given linux box won't have a problem with the leap second? Like kernel some_version, tzdata some_version, tzdata-java some_version? Only way to prove it is to set up a test and try it. I don't think I need to 'prove' that computer programs do repeatable things. I just want to know the version numbers that need to be installed - something relatively easy to check. AFAIK there are no known issues with an up-to-date system, Yeah, but you probably would have said that before the 2012 instance too... And what I really want to know is how 'out-of-date' a system can be. but that was also true at the last couple of leap seconds (the issues that happened were previously unknown). Now we know the issues, and hopefully someone had done the simulation tests. I just want to know the specific kernel and package versions that have the fixes. But none of the links I've found discussing the issues boil it down to something a non-geek would want to see. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
Les Mikesell wrote: On Fri, Mar 6, 2015 at 12:52 PM, Chris Adams li...@cmadams.net wrote: Once upon a time, Les Mikesell lesmikes...@gmail.com said: Does anyone have a succinct summary of how to prove to management-types that a given linux box won't have a problem with the leap second? Like kernel some_version, tzdata some_version, tzdata-java some_version? Only way to prove it is to set up a test and try it. I don't think I need to 'prove' that computer programs do repeatable things. I just want to know the version numbers that need to be installed - something relatively easy to check. snip Two other thoughts: first, that it worked perfectly fine the last leap second, and second, that ntpd, according to the manpage, can and will adjust for seconds of difference with no problem at all, since that's it's job. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
On Fri, Mar 6, 2015 at 1:50 PM, m.r...@5-cent.us wrote: I don't think I need to 'prove' that computer programs do repeatable things. I just want to know the version numbers that need to be installed - something relatively easy to check. snip Two other thoughts: first, that it worked perfectly fine the last leap second, and second, that ntpd, according to the manpage, can and will adjust for seconds of difference with no problem at all, since that's it's job. Errr, no. It did _not_ work fine in the last leap second. If you run threaded applications (including, but not exclusively, java) or applications that called usleep the kernel would spin with 100% CPU use until you reset the date with some means other than ntp. How could you have missed that: http://www.wired.com/2012/07/leap-second-bug-wreaks-havoc-with-java-linux/. Every other sysadmin in the world got calls in the middle of the night to fix their servers. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
Once upon a time, Les Mikesell lesmikes...@gmail.com said: Now we know the issues, and hopefully someone had done the simulation tests. No, we know the issue that broke last time (2012), and a different issue that broke the time before that (2008) (they were different problems). We don't know any issues that may happen this time, unless you think no bugs have been introduced since the last leap second (obviously hindsight tells us there were between 2008 and 2012). Before the 2012 leap second, I ran tests to make sure the 2008 issue had been fixed, and it had. However, apparently nobody else ran their current setups through tests (maybe also hoping somebody else had done it), so there was a new issue. I haven't actually checked to see that the 2008 issue has remained fixed (it should have, since the code had been changed to move away from that lock all together). My setup wasn't hit by the 2012 issue, so I don't have a simple test for that. So again, if you want to make sure there's no new issue, you'll have to set up a test yourself. I doubt the 2008 or 2012 issues will happen again, but there's plenty of room for new issues. -- Chris Adams li...@cmadams.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Sieve Filter: All email not from friendly name?
I'm using Dovecot and Sieve under postfix on CentOS 6. Sieve filters are working great for a number of addresses. I'm trying to set up a sieve filter that catches all email NOT from Cron Daemon. Nearly all Admin messages come from Cron Daemon username@servername so I want a Sieve Filter that will catch all addresses NOT from this address and stick it into a folder under INBOX/ProbablySpam but while other filters seem to work fine, this one does not. My best guess so far: if anyof (not address :all :contains [From] Cron Daemon) { fileinto INBOX.ProbablySpam; } ... It passes validation checking in KMail, but seems to catch all inbound messages. What am I missing? Thanks, Ben ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
Once upon a time, Les Mikesell lesmikes...@gmail.com said: On Fri, Mar 6, 2015 at 2:45 PM, Chris Adams li...@cmadams.net wrote: So again, if you want to make sure there's no new issue, you'll have to set up a test yourself. I doubt the 2008 or 2012 issues will happen again, but there's plenty of room for new issues. So are you saying that you think no one upstream has done any testing yet? Or that I should have better resources for testing than they do? I was hoping things weren't really that bad and that I just hadn't found the simple summary of results yet. Like I said, probably someone that had an issue in 2012 has tested for the 2012 issue, so that probably won't re-occur. But that doesn't mean that someone has tested every piece of software in every combination in use. Again, using the 2012 leap second as an example, I (and I expect others) had experienced an issue in 2008, so I ran tests for that issue. I didn't even think about thread scheduling being a problem (and my servers weren't hit by that anyway), so I didn't test for that, nor did I do a full up test like I described initially. So, it is possible that everything will be fine (there's been more attention to leap second cases after the 2012 issue had wider impact than the 2008 issue). It is also possible that some _new_ type of issue has been introduced in the last 2.5 years that won't appear until this leap second, but if nobody tests for it, we won't know until the clock ticks 2015-06-30 23:59:60. Short answer: last time it was threaded stuff like Java, the time before it was systems under heavy kernel loads. Who knows, this time Postfix could hang, or MySQL could corrupt databases, or something else. Probably nothing will happen, but if you want a cover your ass report, I don't think anybody has done that. -- Chris Adams li...@cmadams.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
On Fri, Mar 6, 2015 at 2:26 PM, m.r...@5-cent.us wrote: Every other sysadmin in the world got calls in the middle of the night to fix their servers. Ah, the system was fine, it was java that failed. And we've got a few tomcat apps... but IIRC, we fixed them the next day - we're tier 3, and so not critical, and could do that. No, it was _not_ java that failed. The kernel was spinning instead of scheduling threads. Any threaded application would have triggered the kernel bug - or a usleep() call from a non-threaded application. By the time I got the call I was able to google the fix about resetting the date, but the guys who manage some SuSE systems started earlier and ended up rebooting some of them - and they don't run java applications. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
On Fri, Mar 6, 2015 at 2:45 PM, Chris Adams li...@cmadams.net wrote: So again, if you want to make sure there's no new issue, you'll have to set up a test yourself. I doubt the 2008 or 2012 issues will happen again, but there's plenty of room for new issues. So are you saying that you think no one upstream has done any testing yet? Or that I should have better resources for testing than they do? I was hoping things weren't really that bad and that I just hadn't found the simple summary of results yet. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
On Fri, Mar 6, 2015 at 3:15 PM, Chris Adams li...@cmadams.net wrote: Short answer: last time it was threaded stuff like Java, the time before it was systems under heavy kernel loads. Who knows, this time Postfix could hang, or MySQL could corrupt databases, or something else. Probably nothing will happen, but if you want a cover your ass report, I don't think anybody has done that. I'm not looking for a research project on how to prove that the last bug has been found or not. And I'm not particularly concerned about application-level bugs. Every time a second rolls over we take a chance of hitting a new previously unknown bug. We're all taking that chance. I just want the package revisions for at least the kernel and tzdata* files and anything else where previously-found bugs related to the leap second have been fixed.What I want to know (and be able to describe concisely to a non-geek person) is that on a particular machine either that the known/expected bugs have been fixed, or that they haven't and we need to schedule a reboot. And it seems like something everyone else using a distribution would want to know as well, at least for machines where scheduling a reboot is no-trivial. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
Les Mikesell wrote: On Fri, Mar 6, 2015 at 1:50 PM, m.r...@5-cent.us wrote: I don't think I need to 'prove' that computer programs do repeatable things. I just want to know the version numbers that need to be installed - something relatively easy to check. snip Two other thoughts: first, that it worked perfectly fine the last leap second, and second, that ntpd, according to the manpage, can and will adjust for seconds of difference with no problem at all, since that's it's job. Errr, no. It did _not_ work fine in the last leap second. If you run threaded applications (including, but not exclusively, java) or applications that called usleep the kernel would spin with 100% CPU use until you reset the date with some means other than ntp. How could you have missed that: http://www.wired.com/2012/07/leap-second-bug-wreaks-havoc-with-java-linux/. Every other sysadmin in the world got calls in the middle of the night to fix their servers. Ah, the system was fine, it was java that failed. And we've got a few tomcat apps... but IIRC, we fixed them the next day - we're tier 3, and so not critical, and could do that. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] leap second and Centos
On 03/06/2015 01:41 PM, Les Mikesell wrote: I just want the package revisions for at least the kernel and tzdata* files and anything else where previously-found bugs related to the leap second have been fixed. https://access.redhat.com/articles/15145 https://rhn.redhat.com/errata/RHSA-2013-0496.html Contrary to your previous assertion, in 2012, it was not the kernel that consumed CPU cycles. That problem was seen in user space. The problem was fixed by changing the kernel's implementation of leap second handling, but the reason that you are being told that testing your applications is the only way to verify that there is not a problem is that these problems aren't confined to the kernel and tzdata packages. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Squid on CentOS 7: few questions
Le 06/03/2015 21:08, Les Mikesell a écrit : The rpm should have configured logrotate: rpm -q --list squid |grep logrotate will show where the config file lands. OK The rpm should have created the squid user and group: rpm -q --scripts squid will show what it ran to do that. OK Unless you want to restrict outbound access, the main thing is the acl to permit access from your local network source addresses (and no others). I'd recommend an external firewall or at least iptables blocking inbound internet access to port 3128 also. The LAN server here already has Iptables configured to redirect HTTP traffic to 3128 transparently. Thanks for your detailed answer. That was very helpful! Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Something like apt-cacher for CentOS/RHEL?
Hi, For some time I've fiddled with Debian and Ubuntu LTS. There's one really nice feature for local networks: apt-cacher, a package proxy for APT. My company is in the remote South French countryside, and more often than not, schools and public libraries only have some very limited Internet access with relatively low bandwidth, which can make the updating process very tedious. A package cache comes in very handy in such situation. Do you know if something like this exists for RPM-based distributions? Cheers, Niki -- Microlinux - Solutions informatiques 100% Linux et logiciels libres 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos