Re: [CentOS] rsync backup to fileserver - mystery
On 05/01/2015 12:10 PM, Frank Cox wrote: I have an Intel SS4000E fileserver that I've been using for several years to backup my home directory to. I have a daily cron job that runs the following command: rsync -av --delete /home/frankcox/ /mnt/fileserver/backup I have a directory named misc/sheet-music/classical. About a week ago I created a new subdirectory there, /home/frankcox/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ Notice the spaces in the subdirectory name; I don't know if that's relevant or not. I store a number of bzip-ed pdf files in that subdirectory, like this: BARTOKA.pdf.bz2, BARTOKB.pdf.bz2 and so on. Now for the mystery. The rsync command above gets me a report in my email from cron telling me what files were changed or deleted since the last backup run. And ever since I created that misc/sheet-music-classical/Russian\ and\ Eastern\ European subdirectory, it appears that the files in that subdirectory are getting copied to the fileserver again every day, since they are all listed in the email report that I receive. diff -r --brief /home/frankcox/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ /mnt/fileserver/backup/misc/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ That command gives me no output, so the contents of that subdirectory appear to match on both machines. So why is that subdirectory getting copied again every day when it hasn't changed? Add the -i (--itemize-changes) option to the rsync command to see what rsync believes has changed. -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync backup to fileserver - mystery
On Fri, 1 May 2015 11:10:26 -0600 Frank Cox wrote: I have a daily cron job that runs the following command: rsync -av --delete /home/frankcox/ /mnt/fileserver/backup Hi Frank, I've seen this when using the -a flag where it turns out there are discrepancies in ownerships (user:group, UID:GID) between the local source and a remote target. The -a flag intends to preserve user:group and timestamps, and despite the explicit 'archive mode' flag, it is possible between different implementations of rsync and differences between operating systems as well as differences between filesystems, that some of those attributes aren't being fully respected and preserved as the files are actually being written at the target. This can happen silently, so the sender receives no indication that there's a problem. In these cases, the next time rsync runs, it simply notes that there are differences and copies what it perceives to be the changed files again. Is there a specific rationale for using '-a' as opposed to the less stringent '-r' (recursive)? regards, Carl ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync backup to fileserver - mystery
On Fri, 1 May 2015 19:44:58 -0400 Carl E. Hartung wrote: I've seen this when using the -a flag where it turns out there are discrepancies in ownerships (user:group, UID:GID) between the local source and a remote target. The -a flag intends to preserve user:group and timestamps, and despite the explicit 'archive mode' flag, it is possible between different implementations of rsync and differences between operating systems as well as differences between filesystems, that some of those attributes aren't being fully respected and preserved as the files are actually being written at the target. This can happen silently, so the sender receives no indication that there's a problem. In these cases, the next time rsync runs, it simply notes that there are differences and copies what it perceives to be the changed files again. You have put me on the right track here. I looked at those files and discovered that they are all dated Dec 27, 1903 on my computer, and Feb 7, 2040 on the fileserver. Interesting. I guess the source archive that I copied those pdf's from must have had something funky going on with the file dates. I just used the touch command to set the dates to something sane, and I suspect that will solve the problem. It appears that rsync have been looking at 1903 vs 2040 and saw that the dates differ, but couldn't set them to match for whatever reason. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VPN connection before login
I imagine something like Cisco AnyConnect on Windows, where you can connect before login to the machine. So afterwards user specific network shares are available and can be connect via scripts. I have an openvpn server running. Regards Tim Am 1. Mai 2015 13:34:48 MESZ, schrieb Jim Perrin jper...@centos.org: On 04/30/2015 03:42 PM, Tim wrote: Hi all, is there a possibility to connect to a VPN manually before login on CentOS desktop (Gnome). I know of a similar functionality in Windows. This is reasonably vpn specific as to the type, and configuration allowed. Can you be more specific? -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
Hi NRPE: Error receiving data from daemon Seems as this is not a SSL Problem. Do you have a nagios user account? Cat /etc/passwd Am 01.05.2015 18:45 schrieb Tim Dunphy bluethu...@gmail.com: Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host This is what I see about ssl if I just run nrpe on the client without any flags: [root@ops:~] #nrpe| head -8 NRPE - Nagios Remote Plugin Executor Copyright (c) 1999-2008 Ethan Galstad (nag...@nagios.org) Version: 2.15 Last Modified: 09-06-2013 License: GPL v2 with exemptions (-l for more info) SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required TCP Wrappers Available And if I go back to the monitoring host and try to run nrpe with the -n flag, this is what I get: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -n -H ops.jokefire.com *CHECK_NRPE: Error receiving data from daemon.* And still getting the SSL error without the -n flag: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com *CHECK_NRPE: Error - Could not complete SSL handshake.* Running nmap from the monitor host I can see that the nrpe port is open: [root@monitor1:~] #nmap -p 5666 ops.jokefire.com Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-01 12:38 EDT Nmap scan report for ops.jokefire.com (54.225.218.125) Host is up (0.011s latency). rDNS record for 54.225.218.125: ec2-54-225-218-125.compute-1.amazonaws.com PORT STATE SERVICE *5666/tcp open nrpe* Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds Yet if I try telnetting to it, it connects, then closes the connection immediately: [root@monitor1:~] #telnet ops.jokefire.com 5666 Trying 54.225.218.125... *Connected to ops.jokefire.com http://ops.jokefire.com.* Escape character is '^]'. *Connection closed by foreign host.* Going back to the ops host that I want to monitor, I can verify that the port is listening: [root@ops:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xinetd 1434 root5u IPv4 4063 TCP *:nrpe (LISTEN) And I can verify that the nrpe conf is owned by the nagios user and group: [root@ops:~] #ls -l /usr/local/nagios/etc/nrpe.cfg -rw-r--r-- 1 nagios nagios 7988 May 1 00:37 /usr/local/nagios/etc/nrpe.cfg I think that covers all your suggestions. Except for Eero's suggestion to try running nrpe without xinetd. I can try to get to that later, but I may not have time for that suggestion today. But as I demonstrate above, the problem is not that nrpe isn't listening. This remains a really odd situation. Does anyone else have any clues? Thanks, Tim On Fri, May 1, 2015 at 7:43 AM, Eric Lehmann e.lehman...@gmail.com wrote: Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host Am 01.05.2015 13:18 schrieb Eero Volotinen eero.voloti...@iki.fi: well. how about trying default setting and running nrped without xinetd. -- Eero 2015-05-01 14:14 GMT+03:00 Tim Dunphy bluethu...@gmail.com: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. I don't seem to have that command. [root@monitor1:~] #find / -name *nrpr 2 /dev/null [root@monitor1:~] # And that's on either system. And if I do an ldd on both, this is what I can tell: Server: [root@monitor1:~] #ldd /usr/local/nagios/libexec/check_nrpe linux-vdso.so.1 = (0x7fffd895d000) * libssl.so.10 = /lib64/libssl.so.10 (0x7fc61722a000)* *libcrypto.so.10 = /lib64/libcrypto.so.10 (0x7fc616e43000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x7fc616c29000) libc.so.6 = /lib64/libc.so.6 (0x7fc616868000) libgssapi_krb5.so.2 = /lib64/libgssapi_krb5.so.2 (0x7fc61661c000) libkrb5.so.3 = /lib64/libkrb5.so.3 (0x7fc616338000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x7fc616134000) libk5crypto.so.3 = /lib64/libk5crypto.so.3 (0x7fc615f02000) libdl.so.2 = /lib64/libdl.so.2 (0x7fc615cfd000) libz.so.1 = /lib64/libz.so.1 (0x7fc615ae7000) /lib64/ld-linux-x86-64.so.2 (0x7fc6174a) libkrb5support.so.0 = /lib64/libkrb5support.so.0 (0x7fc6158d8000) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x7fc6156d3000) libresolv.so.2 = /lib64/libresolv.so.2 (0x7fc6154b9000) libpthread.so.0 = /lib64/libpthread.so.0 (0x7fc61529d000) libselinux.so.1 = /lib64/libselinux.so.1 (0x7fc615077000) libpcre.so.1 = /lib64/libpcre.so.1 (0x7fc614e16000) liblzma.so.5
Re: [CentOS] rsync backup to fileserver - mystery
that diff has /misc/misc/ in the second compare argument. Not sure if thats the exact command you have been entering or if you retyped it. If that is a good path or is rsync creating new “misc” folders inside your original misc folder? -- Jeremy Thompson Sports Warehouse Inc. jer...@warehousesports.com On May 1, 2015, at 10:10 AM, Frank Cox thea...@melvilletheatre.com wrote: I have an Intel SS4000E fileserver that I've been using for several years to backup my home directory to. I have a daily cron job that runs the following command: rsync -av --delete /home/frankcox/ /mnt/fileserver/backup I have a directory named misc/sheet-music/classical. About a week ago I created a new subdirectory there, /home/frankcox/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ Notice the spaces in the subdirectory name; I don't know if that's relevant or not. I store a number of bzip-ed pdf files in that subdirectory, like this: BARTOKA.pdf.bz2, BARTOKB.pdf.bz2 and so on. Now for the mystery. The rsync command above gets me a report in my email from cron telling me what files were changed or deleted since the last backup run. And ever since I created that misc/sheet-music-classical/Russian\ and\ Eastern\ European subdirectory, it appears that the files in that subdirectory are getting copied to the fileserver again every day, since they are all listed in the email report that I receive. diff -r --brief /home/frankcox/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ /mnt/fileserver/backup/misc/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ That command gives me no output, so the contents of that subdirectory appear to match on both machines. So why is that subdirectory getting copied again every day when it hasn't changed? -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos signature.asc Description: Message signed with OpenPGP using GPGMail ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-docs] delete account
On Fri, May 1, 2015 at 10:36 AM, Carl George carl.geo...@rackspace.com wrote: I tried that before I created the CarlGeorge account. It gave me an error stating that the user already existed (again, this was before I created the CarlGeorge account). However, just creating a new account as CarlGeorge worked. Please delete the carlgeorge account. The email account tied to it is the one I want to use on the CarlGeorge account. It won't let me change it. Ah, you should have mentioned that earlier. :) I see an account name carl.george. It now has a bogus email and the account is permanently disabled. Please confirm you have no issue with the CarlGeorge account. Deleting an account can only be done by administrators of the machine. But it's probably not necessary. Akemi ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
[CentOS] Kvm + libvirt + virt-manager
Hi list, I have updated C7 to 7.1 and get some issue (I don't know if problems depend from upgrade). My first problem is on virt-manager that crash after some time. From system messages I get that virt-manager is crashed with signal sigsegv and this problem is related to python (python get sigsegv). Anyone get similar behaviour after upgrade? Another problem, I can't say if it showed before/after upgrade, is related to libvirt when I shutdown my system. On my host I have different vm runned on KVM, where only 2 have autostart enabled. When shutting down the system I get from the console an error like this: Suspending test1: Done Suspending test2: ... error: Failed to save domain $someid state error: internal error: unable to execute QEMU command 'migrate': State blocked by non-migratable device ':00:04.8/ich9_ahci' Vm test2 has a disk attached as raw device and not as image file. This message, with same error, is showed also for 2 other vm with autostart disabled and disk on qcow2 images, but only when them are online during shutdown. When system starts, all vms are running without problem. I can't figure out with this error... Why libvirt-guest.sh run migrate command when I shutdown the system? Hope in help. Thanks in advance ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rsync backup to fileserver - mystery
I have an Intel SS4000E fileserver that I've been using for several years to backup my home directory to. I have a daily cron job that runs the following command: rsync -av --delete /home/frankcox/ /mnt/fileserver/backup I have a directory named misc/sheet-music/classical. About a week ago I created a new subdirectory there, /home/frankcox/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ Notice the spaces in the subdirectory name; I don't know if that's relevant or not. I store a number of bzip-ed pdf files in that subdirectory, like this: BARTOKA.pdf.bz2, BARTOKB.pdf.bz2 and so on. Now for the mystery. The rsync command above gets me a report in my email from cron telling me what files were changed or deleted since the last backup run. And ever since I created that misc/sheet-music-classical/Russian\ and\ Eastern\ European subdirectory, it appears that the files in that subdirectory are getting copied to the fileserver again every day, since they are all listed in the email report that I receive. diff -r --brief /home/frankcox/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ /mnt/fileserver/backup/misc/misc/sheet-music-classical/Russian\ and\ Eastern\ European/ That command gives me no output, so the contents of that subdirectory appear to match on both machines. So why is that subdirectory getting copied again every day when it hasn't changed? -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
Hi Eric, NRPE: Error receiving data from daemon Seems as this is not a SSL Problem. Do you have a nagios user account? Cat /etc/passwd Yep! Both hosts have nagios user accounts. Demonstrating from the client: [root@ops:~] #id nagios uid=2002(nagios) gid=2002(nagios) groups=2002(nagios),2008(nagioscmd) And this is from the monitoring server: [root@monitor1:~] #id nagios uid=1001(nagios) gid=1001(nagios) groups=1001(nagios),1002(nagcmd) I do notice a slight difference in the user id and group id numbers. But I don't think that could be causing any issue. Does anyone else disagree? I might want to standardize user accounts at some point howver. Thanks! Tim On Fri, May 1, 2015 at 1:03 PM, Eric Lehmann e.lehman...@gmail.com wrote: Hi NRPE: Error receiving data from daemon Seems as this is not a SSL Problem. Do you have a nagios user account? Cat /etc/passwd Am 01.05.2015 18:45 schrieb Tim Dunphy bluethu...@gmail.com: Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host This is what I see about ssl if I just run nrpe on the client without any flags: [root@ops:~] #nrpe| head -8 NRPE - Nagios Remote Plugin Executor Copyright (c) 1999-2008 Ethan Galstad (nag...@nagios.org) Version: 2.15 Last Modified: 09-06-2013 License: GPL v2 with exemptions (-l for more info) SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required TCP Wrappers Available And if I go back to the monitoring host and try to run nrpe with the -n flag, this is what I get: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -n -H ops.jokefire.com *CHECK_NRPE: Error receiving data from daemon.* And still getting the SSL error without the -n flag: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com *CHECK_NRPE: Error - Could not complete SSL handshake.* Running nmap from the monitor host I can see that the nrpe port is open: [root@monitor1:~] #nmap -p 5666 ops.jokefire.com Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-01 12:38 EDT Nmap scan report for ops.jokefire.com (54.225.218.125) Host is up (0.011s latency). rDNS record for 54.225.218.125: ec2-54-225-218-125.compute-1.amazonaws.com PORT STATE SERVICE *5666/tcp open nrpe* Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds Yet if I try telnetting to it, it connects, then closes the connection immediately: [root@monitor1:~] #telnet ops.jokefire.com 5666 Trying 54.225.218.125... *Connected to ops.jokefire.com http://ops.jokefire.com.* Escape character is '^]'. *Connection closed by foreign host.* Going back to the ops host that I want to monitor, I can verify that the port is listening: [root@ops:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xinetd 1434 root5u IPv4 4063 TCP *:nrpe (LISTEN) And I can verify that the nrpe conf is owned by the nagios user and group: [root@ops:~] #ls -l /usr/local/nagios/etc/nrpe.cfg -rw-r--r-- 1 nagios nagios 7988 May 1 00:37 /usr/local/nagios/etc/nrpe.cfg I think that covers all your suggestions. Except for Eero's suggestion to try running nrpe without xinetd. I can try to get to that later, but I may not have time for that suggestion today. But as I demonstrate above, the problem is not that nrpe isn't listening. This remains a really odd situation. Does anyone else have any clues? Thanks, Tim On Fri, May 1, 2015 at 7:43 AM, Eric Lehmann e.lehman...@gmail.com wrote: Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host Am 01.05.2015 13:18 schrieb Eero Volotinen eero.voloti...@iki.fi: well. how about trying default setting and running nrped without xinetd. -- Eero 2015-05-01 14:14 GMT+03:00 Tim Dunphy bluethu...@gmail.com: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. I don't seem to have that command. [root@monitor1:~] #find / -name *nrpr 2 /dev/null [root@monitor1:~] # And that's on either system. And if I do an ldd on both, this is what I can tell: Server: [root@monitor1:~] #ldd /usr/local/nagios/libexec/check_nrpe linux-vdso.so.1 = (0x7fffd895d000) * libssl.so.10 = /lib64/libssl.so.10 (0x7fc61722a000)* *libcrypto.so.10 = /lib64/libcrypto.so.10 (0x7fc616e43000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x7fc616c29000) libc.so.6 = /lib64/libc.so.6 (0x7fc616868000) libgssapi_krb5.so.2 = /lib64/libgssapi_krb5.so.2
Re: [CentOS-docs] delete account
I tried that before I created the CarlGeorge account. It gave me an error stating that the user already existed (again, this was before I created the CarlGeorge account). However, just creating a new account as CarlGeorge worked. Please delete the carlgeorge account. The email account tied to it is the one I want to use on the CarlGeorge account. It won't let me change it. Carl George Rackspace RPM Development From: centos-docs-boun...@centos.org centos-docs-boun...@centos.org on behalf of Mike - st257 silvertip...@gmail.com Sent: Friday, May 1, 2015 12:17 PM To: Mail list for wiki articles Subject: Re: [CentOS-docs] delete account On Thu, Apr 30, 2015 at 12:31 PM, Carl George carl.geo...@rackspace.commailto:carl.geo...@rackspace.com wrote: Hello, I goofed and didn't read the contribute page before trying to create my account on the wiki. I created the first account as carlgeorge. I then created a second account in the proper format, CarlGeorge. Please delete the first account. You can change your username after the fact. Carl George Rackspace RPM Development ___ CentOS-docs mailing list CentOS-docs@centos.orgmailto:CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] Kvm + libvirt + virt-manager
On Friday, May 01, 2015 19:30:13 Alessandro Baggi wrote: Hi list, I have updated C7 to 7.1 and get some issue (I don't know if problems depend from upgrade). My first problem is on virt-manager that crash after some time. From system messages I get that virt-manager is crashed with signal sigsegv and this problem is related to python (python get sigsegv). Anyone get similar behaviour after upgrade? snip ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I also see this problem. It happened on CentOS 7.0 as well. If I leave virt- manager running, then after 1 to 3 days it will crash. The virtual machines remain running. In CentOS 7.0 I could not restart virt-manager unless I rebooted the computer. In 7.1 virt-manager will restart. The host computer is a Q9440 processor with 8 gig of RAM and a single hard drive. I use 64-bit CentOS on it. Bill Gee ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] kernel-debuginfo
On Fri, May 1, 2015 at 6:14 AM, Steve Clark scl...@netwolves.com wrote: Hi, Even though I am not running a centos.plus kernel yum wants to install the kernel-debuginfo for it. # yum install --disablerepo=\* --enablerepo=base-debuginfo kernel-debuginfo Loaded plugins: fastestmirror, refresh-packagekit Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies -- Running transaction check --- Package kernel-debuginfo.x86_64 0:2.6.32-504.8.1.el6 will be updated --- Package kernel-debuginfo.x86_64 0:2.6.32-504.16.2.el6.centos.plus will be an update -- Processing Dependency: kernel-debuginfo-common-x86_64 = 2.6.32-504.16.2.el6.centos.plus for package: kernel-debuginfo-2.6.32-504.16.2.el6.centos.plus.x86_64 -- Running transaction check --- Package kernel-debuginfo-common-x86_64.x86_64 0:2.6.32-504.8.1.el6 will be updated --- Package kernel-debuginfo-common-x86_64.x86_64 0:2.6.32-504.16.2.el6.centos.plus will be an update Because both the regular and the plus packages are in the base-debuginfo repo and the plus ones have a higher EVR, this is yum's expected behavior. You'd want to exclude the plus packages in yum's configuration file. In CentOS-7, 'kenrel' and 'kernel-plus' are separate, so this will not happen. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host This is what I see about ssl if I just run nrpe on the client without any flags: [root@ops:~] #nrpe| head -8 NRPE - Nagios Remote Plugin Executor Copyright (c) 1999-2008 Ethan Galstad (nag...@nagios.org) Version: 2.15 Last Modified: 09-06-2013 License: GPL v2 with exemptions (-l for more info) SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required TCP Wrappers Available And if I go back to the monitoring host and try to run nrpe with the -n flag, this is what I get: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -n -H ops.jokefire.com *CHECK_NRPE: Error receiving data from daemon.* And still getting the SSL error without the -n flag: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com *CHECK_NRPE: Error - Could not complete SSL handshake.* Running nmap from the monitor host I can see that the nrpe port is open: [root@monitor1:~] #nmap -p 5666 ops.jokefire.com Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-01 12:38 EDT Nmap scan report for ops.jokefire.com (54.225.218.125) Host is up (0.011s latency). rDNS record for 54.225.218.125: ec2-54-225-218-125.compute-1.amazonaws.com PORT STATE SERVICE *5666/tcp open nrpe* Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds Yet if I try telnetting to it, it connects, then closes the connection immediately: [root@monitor1:~] #telnet ops.jokefire.com 5666 Trying 54.225.218.125... *Connected to ops.jokefire.com http://ops.jokefire.com.* Escape character is '^]'. *Connection closed by foreign host.* Going back to the ops host that I want to monitor, I can verify that the port is listening: [root@ops:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xinetd 1434 root5u IPv4 4063 TCP *:nrpe (LISTEN) And I can verify that the nrpe conf is owned by the nagios user and group: [root@ops:~] #ls -l /usr/local/nagios/etc/nrpe.cfg -rw-r--r-- 1 nagios nagios 7988 May 1 00:37 /usr/local/nagios/etc/nrpe.cfg I think that covers all your suggestions. Except for Eero's suggestion to try running nrpe without xinetd. I can try to get to that later, but I may not have time for that suggestion today. But as I demonstrate above, the problem is not that nrpe isn't listening. This remains a really odd situation. Does anyone else have any clues? Thanks, Tim On Fri, May 1, 2015 at 7:43 AM, Eric Lehmann e.lehman...@gmail.com wrote: Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host Am 01.05.2015 13:18 schrieb Eero Volotinen eero.voloti...@iki.fi: well. how about trying default setting and running nrped without xinetd. -- Eero 2015-05-01 14:14 GMT+03:00 Tim Dunphy bluethu...@gmail.com: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. I don't seem to have that command. [root@monitor1:~] #find / -name *nrpr 2 /dev/null [root@monitor1:~] # And that's on either system. And if I do an ldd on both, this is what I can tell: Server: [root@monitor1:~] #ldd /usr/local/nagios/libexec/check_nrpe linux-vdso.so.1 = (0x7fffd895d000) * libssl.so.10 = /lib64/libssl.so.10 (0x7fc61722a000)* *libcrypto.so.10 = /lib64/libcrypto.so.10 (0x7fc616e43000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x7fc616c29000) libc.so.6 = /lib64/libc.so.6 (0x7fc616868000) libgssapi_krb5.so.2 = /lib64/libgssapi_krb5.so.2 (0x7fc61661c000) libkrb5.so.3 = /lib64/libkrb5.so.3 (0x7fc616338000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x7fc616134000) libk5crypto.so.3 = /lib64/libk5crypto.so.3 (0x7fc615f02000) libdl.so.2 = /lib64/libdl.so.2 (0x7fc615cfd000) libz.so.1 = /lib64/libz.so.1 (0x7fc615ae7000) /lib64/ld-linux-x86-64.so.2 (0x7fc6174a) libkrb5support.so.0 = /lib64/libkrb5support.so.0 (0x7fc6158d8000) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x7fc6156d3000) libresolv.so.2 = /lib64/libresolv.so.2 (0x7fc6154b9000) libpthread.so.0 = /lib64/libpthread.so.0 (0x7fc61529d000) libselinux.so.1 = /lib64/libselinux.so.1 (0x7fc615077000) libpcre.so.1 = /lib64/libpcre.so.1 (0x7fc614e16000) liblzma.so.5 = /lib64/liblzma.so.5 (0x7fc614bf1000) Client: [root@ops:~] #ldd /usr/local/nagios/libexec/check_nrpe * libssl.so.6 = /lib64/libssl.so.6 (0x2aaba000)* *libcrypto.so.6 = /lib64/libcrypto.so.6 (0x2ad08000)* libnsl.so.1 = /lib64/libnsl.so.1
Re: [CentOS-docs] delete account
On Thu, Apr 30, 2015 at 12:31 PM, Carl George carl.geo...@rackspace.com wrote: Hello, I goofed and didn't read the contribute page before trying to create my account on the wiki. I created the first account as carlgeorge. I then created a second account in the proper format, CarlGeorge. Please delete the first account. You can change your username after the fact. Carl George Rackspace RPM Development ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS-docs mailing list CentOS-docs@centos.org http://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] rsync backup to fileserver - mystery
On Fri, 1 May 2015 10:21:18 -0700 Jeremy Thompson wrote: that diff has /misc/misc/ in the second compare argument. Not sure if thats the exact command you have been entering or if you retyped it. If that is a good path or is rsync creating new “misc” folders inside your original misc folder? Good catch; unfortunately it's just a typo when I wrote that email and the actual diff command has only one misc/ in it. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
Is it working on localhost with nrpe check? Did you checked out logs of nrped? Eero 1.5.2015 8.31 ip. Tim Dunphy bluethu...@gmail.com kirjoitti: Hi Eric, NRPE: Error receiving data from daemon Seems as this is not a SSL Problem. Do you have a nagios user account? Cat /etc/passwd Yep! Both hosts have nagios user accounts. Demonstrating from the client: [root@ops:~] #id nagios uid=2002(nagios) gid=2002(nagios) groups=2002(nagios),2008(nagioscmd) And this is from the monitoring server: [root@monitor1:~] #id nagios uid=1001(nagios) gid=1001(nagios) groups=1001(nagios),1002(nagcmd) I do notice a slight difference in the user id and group id numbers. But I don't think that could be causing any issue. Does anyone else disagree? I might want to standardize user accounts at some point howver. Thanks! Tim On Fri, May 1, 2015 at 1:03 PM, Eric Lehmann e.lehman...@gmail.com wrote: Hi NRPE: Error receiving data from daemon Seems as this is not a SSL Problem. Do you have a nagios user account? Cat /etc/passwd Am 01.05.2015 18:45 schrieb Tim Dunphy bluethu...@gmail.com: Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host This is what I see about ssl if I just run nrpe on the client without any flags: [root@ops:~] #nrpe| head -8 NRPE - Nagios Remote Plugin Executor Copyright (c) 1999-2008 Ethan Galstad (nag...@nagios.org) Version: 2.15 Last Modified: 09-06-2013 License: GPL v2 with exemptions (-l for more info) SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required TCP Wrappers Available And if I go back to the monitoring host and try to run nrpe with the -n flag, this is what I get: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -n -H ops.jokefire.com *CHECK_NRPE: Error receiving data from daemon.* And still getting the SSL error without the -n flag: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com *CHECK_NRPE: Error - Could not complete SSL handshake.* Running nmap from the monitor host I can see that the nrpe port is open: [root@monitor1:~] #nmap -p 5666 ops.jokefire.com Starting Nmap 6.40 ( http://nmap.org ) at 2015-05-01 12:38 EDT Nmap scan report for ops.jokefire.com (54.225.218.125) Host is up (0.011s latency). rDNS record for 54.225.218.125: ec2-54-225-218-125.compute-1.amazonaws.com PORT STATE SERVICE *5666/tcp open nrpe* Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds Yet if I try telnetting to it, it connects, then closes the connection immediately: [root@monitor1:~] #telnet ops.jokefire.com 5666 Trying 54.225.218.125... *Connected to ops.jokefire.com http://ops.jokefire.com.* Escape character is '^]'. *Connection closed by foreign host.* Going back to the ops host that I want to monitor, I can verify that the port is listening: [root@ops:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xinetd 1434 root5u IPv4 4063 TCP *:nrpe (LISTEN) And I can verify that the nrpe conf is owned by the nagios user and group: [root@ops:~] #ls -l /usr/local/nagios/etc/nrpe.cfg -rw-r--r-- 1 nagios nagios 7988 May 1 00:37 /usr/local/nagios/etc/nrpe.cfg I think that covers all your suggestions. Except for Eero's suggestion to try running nrpe without xinetd. I can try to get to that later, but I may not have time for that suggestion today. But as I demonstrate above, the problem is not that nrpe isn't listening. This remains a really odd situation. Does anyone else have any clues? Thanks, Tim On Fri, May 1, 2015 at 7:43 AM, Eric Lehmann e.lehman...@gmail.com wrote: Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host Am 01.05.2015 13:18 schrieb Eero Volotinen eero.voloti...@iki.fi : well. how about trying default setting and running nrped without xinetd. -- Eero 2015-05-01 14:14 GMT+03:00 Tim Dunphy bluethu...@gmail.com: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. I don't seem to have that command. [root@monitor1:~] #find / -name *nrpr 2 /dev/null [root@monitor1:~] # And that's on either system. And if I do an ldd on both, this is what I can tell: Server: [root@monitor1:~] #ldd /usr/local/nagios/libexec/check_nrpe linux-vdso.so.1 = (0x7fffd895d000) * libssl.so.10 = /lib64/libssl.so.10
Re: [CentOS] VPN connection before login
,vpnc, command is used to connect VPN server. We can configure VPN server IP, username, password there. On 1 May 2015 21:28, Tim li...@kiuni.de wrote: I imagine something like Cisco AnyConnect on Windows, where you can connect before login to the machine. So afterwards user specific network shares are available and can be connect via scripts. I have an openvpn server running. Regards Tim Am 1. Mai 2015 13:34:48 MESZ, schrieb Jim Perrin jper...@centos.org: On 04/30/2015 03:42 PM, Tim wrote: Hi all, is there a possibility to connect to a VPN manually before login on CentOS desktop (Gnome). I know of a similar functionality in Windows. This is reasonably vpn specific as to the type, and configuration allowed. Can you be more specific? -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
Hi Brian, Does iptables -L show anything of note? I'm leaving iptables off in this host. Because it's an AWS EC2 host I'm managing the firewall ports using the AWS security groups. [root@ops:~] #service iptables status Firewall is stopped. But still, there's this... [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. Sadly :( Thanks for your input tho! On Fri, May 1, 2015 at 3:18 PM, Brian Miller cen...@fullnote.com wrote: On Fri, 2015-05-01 at 01:32 -0400, Tim Dunphy wrote: And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead. [root@ops:~] #service iptables status Firewall is stopped. Does iptables -L show anything of note? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VPN connection before login
On 05/01/2015 08:58 AM, Tim wrote: I have an openvpn server running. Probably the easiest thing to do with OpenVPN would be to use RSA authentication and configure openvpn to run on boot at the client. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 7.1
Still new to 7.1... I noticed today that when I did a cp command on the console and it asked me to overrite (as it should) the file name had a lower case a with a ^ above the a. Never ran across that before. What might I have not configured? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] VPN connection before login
So most easiest way in my eyes would be a network-manager applet at gdm login. But as of CentOS 7 there is no nm-applet.desktop anymore. There is also an unsolved bug report at fedora. Anyone an idea to get nm-applet to gdm login screen? Regards Tim Am 1. Mai 2015 19:45:55 MESZ, schrieb Jegadeesh Kumar jegasm...@gmail.com: ,vpnc, command is used to connect VPN server. We can configure VPN server IP, username, password there. On 1 May 2015 21:28, Tim li...@kiuni.de wrote: I imagine something like Cisco AnyConnect on Windows, where you can connect before login to the machine. So afterwards user specific network shares are available and can be connect via scripts. I have an openvpn server running. Regards Tim Am 1. Mai 2015 13:34:48 MESZ, schrieb Jim Perrin jper...@centos.org: On 04/30/2015 03:42 PM, Tim wrote: Hi all, is there a possibility to connect to a VPN manually before login on CentOS desktop (Gnome). I know of a similar functionality in Windows. This is reasonably vpn specific as to the type, and configuration allowed. Can you be more specific? -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
On Fri, 2015-05-01 at 01:32 -0400, Tim Dunphy wrote: And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead. [root@ops:~] #service iptables status Firewall is stopped. Does iptables -L show anything of note? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. Am 01.05.2015 07:32 schrieb Tim Dunphy bluethu...@gmail.com: Hi Eric, Thanks for your reply. I do have nrpe running under xinetd on the host I'm trying to monitor. And running the nrpe checl locally: [root@ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root@ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host. And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead. [root@ops:~] #service iptables status Firewall is stopped. It's only when checking from the monitoring host that nrpe fails: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. Really, really puzzling. This is driving me up a wall!! I hopeI can solve this soon Thanks for any and all help with this one!! Tim On Fri, May 1, 2015 at 1:02 AM, Eric Lehmann e.lehman...@gmail.com wrote: Hi Does the deamon run under xinetd? Then you have to configure the only_from in */etc/**xinetd.d**/**nrpe* to. Regards Eric Am 01.05.2015 06:46 schrieb Tim Dunphy bluethu...@gmail.com: Hello, I am trying to monitor a host in the Amazon EC2 cloud. Yet when I try to check NRPE from the monitoring host I am getting an SSL handshake error: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. And if I telnet into the host on port 5666 to see if the FW port is open, the connection closes right away: [root@monitor1:~] #telnet ops.somewhere.com 5666 Trying 54.225.218.125... Connected to ops.somewhere.com. Escape character is '^]'. Connection closed by foreign host. You can see there it connects, but then it closes immediately after the connection. I have NRPE running on the host I want to monitor: [root@ops:~] #lsof -i :5666 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME xinetd 1434 root5u IPv4 4063 TCP *:nrpe (LISTEN) And I have the IP of my nagios server listed in the xinetd conf file: [root@ops:~] #cat /etc/xinetd.d/nrpe # default: on # description: NRPE (Nagios Remote Plugin Executor) service nrpe { flags = REUSE socket_type = stream port= 5666 wait= no user= nagios group = nagios server = /usr/local/nagios/bin/nrpe server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd log_on_failure += USERID disable = no only_from = 127.0.0.1 xx.xx.xx.xx # - representing my real nagios server IP } And I have my default security group for that host open on port 5666 to the world for this experiment. I plan on locking that down again to the single IP of my monitoring host once I get this resolved. Does anyone have any suggestions on how I can get that problem solved? Thanks, Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
On Fri, 2015-05-01 at 15:28 -0400, Tim Dunphy wrote: Hi Brian, Does iptables -L show anything of note? I'm leaving iptables off in this host. Because it's an AWS EC2 host I'm managing the firewall ports using the AWS security groups. [root@ops:~] #service iptables status Firewall is stopped. But still, there's this... [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. Sadly :( Thanks for your input tho! Does 'ldd /usr/local/nagios/bin/nrpe' show any missing libs? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
Hi Brian, Does 'ldd /usr/local/nagios/bin/nrpe' show any missing libs? Well, the NRPE binary looks good both on the client and the server from what I can tell: Client: [root@ops:~] #ldd /usr/local/nagios/bin/nrpe libssl.so.6 = /lib64/libssl.so.6 (0x2aaba000) libcrypto.so.6 = /lib64/libcrypto.so.6 (0x2ad08000) libnsl.so.1 = /lib64/libnsl.so.1 (0x2b05a000) libwrap.so.0 = /lib64/libwrap.so.0 (0x2b273000) libc.so.6 = /lib64/libc.so.6 (0x2b47c000) libgssapi_krb5.so.2 = /usr/lib64/libgssapi_krb5.so.2 (0x2b7d5000) libkrb5.so.3 = /usr/lib64/libkrb5.so.3 (0x2ba04000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x2bc99000) libk5crypto.so.3 = /usr/lib64/libk5crypto.so.3 (0x2be9b000) libdl.so.2 = /lib64/libdl.so.2 (0x2c0c1000) libz.so.1 = /lib64/libz.so.1 (0x2c2c5000) /lib64/ld-linux-x86-64.so.2 (0x4000) libkrb5support.so.0 = /usr/lib64/libkrb5support.so.0 (0x2c4d9000) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x2c6e2000) libresolv.so.2 = /lib64/libresolv.so.2 (0x2c8e4000) libselinux.so.1 = /lib64/libselinux.so.1 (0x2cafa000) libsepol.so.1 = /lib64/libsepol.so.1 (0x2cd12000) And server: [root@monitor1:~] #ldd /usr/local/nagios/bin/nrpe linux-vdso.so.1 = (0x7fffd000) libssl.so.10 = /lib64/libssl.so.10 (0x7fdd5159) libcrypto.so.10 = /lib64/libcrypto.so.10 (0x7fdd511a9000) libnsl.so.1 = /lib64/libnsl.so.1 (0x7fdd50f8f000) libc.so.6 = /lib64/libc.so.6 (0x7fdd50bce000) libgssapi_krb5.so.2 = /lib64/libgssapi_krb5.so.2 (0x7fdd50982000) libkrb5.so.3 = /lib64/libkrb5.so.3 (0x7fdd5069e000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x7fdd5049a000) libk5crypto.so.3 = /lib64/libk5crypto.so.3 (0x7fdd50268000) libdl.so.2 = /lib64/libdl.so.2 (0x7fdd50063000) libz.so.1 = /lib64/libz.so.1 (0x7fdd4fe4d000) /lib64/ld-linux-x86-64.so.2 (0x7fdd51806000) libkrb5support.so.0 = /lib64/libkrb5support.so.0 (0x7fdd4fc3e000) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x7fdd4fa39000) libresolv.so.2 = /lib64/libresolv.so.2 (0x7fdd4f81f000) libpthread.so.0 = /lib64/libpthread.so.0 (0x7fdd4f603000) libselinux.so.1 = /lib64/libselinux.so.1 (0x7fdd4f3dd000) libpcre.so.1 = /lib64/libpcre.so.1 (0x7fdd4f17c000) liblzma.so.5 = /lib64/liblzma.so.5 (0x7fdd4ef57000) Both look completely fine! No missing libs. But thanks for the suggestion tho! Definitely not a bad idea to rule that out! Thanks, Tim On Fri, May 1, 2015 at 4:58 PM, Brian Miller cen...@fullnote.com wrote: On Fri, 2015-05-01 at 15:28 -0400, Tim Dunphy wrote: Hi Brian, Does iptables -L show anything of note? I'm leaving iptables off in this host. Because it's an AWS EC2 host I'm managing the firewall ports using the AWS security groups. [root@ops:~] #service iptables status Firewall is stopped. But still, there's this... [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. Sadly :( Thanks for your input tho! Does 'ldd /usr/local/nagios/bin/nrpe' show any missing libs? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] eno1 and eth0 on centos 7.1
I installed 7.1 with the command line values biosdevname=0 net.ifnames=0 thinking this would result in ifcfg-eth0 being the file to use... The system still created an ifcfg-eno1 file and that was what is being used for network config information. I remove the ifcfg-eno1 and rebooted - got no network. I then copied back the ifcfg-eth0 to ifcfg-en01 and changed the device name in the file and rebooted and back to the correct network. How can I get just the old behaviour of ifcfg-eth0 ? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] eno1 and eth0 on centos 7.1
Hi, Try removing file /etc/udev/rules.d/*persistent-net.rules (or save it somewhere) and then reboot. Thanks, Dmytro 2015-05-02 0:11 GMT+03:00 Jerry Geis ge...@pagestation.com: I installed 7.1 with the command line values biosdevname=0 net.ifnames=0 thinking this would result in ifcfg-eth0 being the file to use... The system still created an ifcfg-eno1 file and that was what is being used for network config information. I remove the ifcfg-eno1 and rebooted - got no network. I then copied back the ifcfg-eth0 to ifcfg-en01 and changed the device name in the file and rebooted and back to the correct network. How can I get just the old behaviour of ifcfg-eth0 ? Thanks, Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. I don't seem to have that command. [root@monitor1:~] #find / -name *nrpr 2 /dev/null [root@monitor1:~] # And that's on either system. And if I do an ldd on both, this is what I can tell: Server: [root@monitor1:~] #ldd /usr/local/nagios/libexec/check_nrpe linux-vdso.so.1 = (0x7fffd895d000) * libssl.so.10 = /lib64/libssl.so.10 (0x7fc61722a000)* *libcrypto.so.10 = /lib64/libcrypto.so.10 (0x7fc616e43000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x7fc616c29000) libc.so.6 = /lib64/libc.so.6 (0x7fc616868000) libgssapi_krb5.so.2 = /lib64/libgssapi_krb5.so.2 (0x7fc61661c000) libkrb5.so.3 = /lib64/libkrb5.so.3 (0x7fc616338000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x7fc616134000) libk5crypto.so.3 = /lib64/libk5crypto.so.3 (0x7fc615f02000) libdl.so.2 = /lib64/libdl.so.2 (0x7fc615cfd000) libz.so.1 = /lib64/libz.so.1 (0x7fc615ae7000) /lib64/ld-linux-x86-64.so.2 (0x7fc6174a) libkrb5support.so.0 = /lib64/libkrb5support.so.0 (0x7fc6158d8000) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x7fc6156d3000) libresolv.so.2 = /lib64/libresolv.so.2 (0x7fc6154b9000) libpthread.so.0 = /lib64/libpthread.so.0 (0x7fc61529d000) libselinux.so.1 = /lib64/libselinux.so.1 (0x7fc615077000) libpcre.so.1 = /lib64/libpcre.so.1 (0x7fc614e16000) liblzma.so.5 = /lib64/liblzma.so.5 (0x7fc614bf1000) Client: [root@ops:~] #ldd /usr/local/nagios/libexec/check_nrpe * libssl.so.6 = /lib64/libssl.so.6 (0x2aaba000)* *libcrypto.so.6 = /lib64/libcrypto.so.6 (0x2ad08000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x2b05a000) libc.so.6 = /lib64/libc.so.6 (0x2b273000) libgssapi_krb5.so.2 = /usr/lib64/libgssapi_krb5.so.2 (0x2b5cc000) libkrb5.so.3 = /usr/lib64/libkrb5.so.3 (0x2b7fa000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x2ba9) libk5crypto.so.3 = /usr/lib64/libk5crypto.so.3 (0x2bc92000) libdl.so.2 = /lib64/libdl.so.2 (0x2beb7000) libz.so.1 = /lib64/libz.so.1 (0x2c0bc000) /lib64/ld-linux-x86-64.so.2 (0x4000) libkrb5support.so.0 = /usr/lib64/libkrb5support.so.0 (0x0 0002c2d) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x2c4d8000) libresolv.so.2 = /lib64/libresolv.so.2 (0x2c6db000) libselinux.so.1 = /lib64/libselinux.so.1 (0x2c8f) libsepol.so.1 = /lib64/libsepol.so.1 (0x2cb09000) So it looks like everything is OK from the SSL end of things. Any other ideas or suggestions? Thanks Tim On Fri, May 1, 2015 at 5:46 AM, Eric Lehmann e.lehman...@gmail.com wrote: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. Am 01.05.2015 07:32 schrieb Tim Dunphy bluethu...@gmail.com: Hi Eric, Thanks for your reply. I do have nrpe running under xinetd on the host I'm trying to monitor. And running the nrpe checl locally: [root@ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root@ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host. And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead. [root@ops:~] #service iptables status Firewall is stopped. It's only when checking from the monitoring host that nrpe fails: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. Really, really puzzling. This is driving me up a wall!! I hopeI can solve this soon Thanks for any and all help with this one!! Tim On Fri, May 1, 2015 at 1:02 AM, Eric Lehmann e.lehman...@gmail.com wrote: Hi Does the deamon run under xinetd? Then you have to configure the only_from in */etc/**xinetd.d**/**nrpe* to. Regards Eric Am 01.05.2015 06:46 schrieb Tim Dunphy bluethu...@gmail.com: Hello, I am trying to monitor a host in the Amazon EC2 cloud. Yet when I try to check NRPE from the monitoring host I am getting an SSL handshake error: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. And if I telnet into the host on port 5666 to see if the FW port is open, the connection closes right away: [root@monitor1:~] #telnet ops.somewhere.com 5666 Trying
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
well. how about trying default setting and running nrped without xinetd. -- Eero 2015-05-01 14:14 GMT+03:00 Tim Dunphy bluethu...@gmail.com: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. I don't seem to have that command. [root@monitor1:~] #find / -name *nrpr 2 /dev/null [root@monitor1:~] # And that's on either system. And if I do an ldd on both, this is what I can tell: Server: [root@monitor1:~] #ldd /usr/local/nagios/libexec/check_nrpe linux-vdso.so.1 = (0x7fffd895d000) * libssl.so.10 = /lib64/libssl.so.10 (0x7fc61722a000)* *libcrypto.so.10 = /lib64/libcrypto.so.10 (0x7fc616e43000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x7fc616c29000) libc.so.6 = /lib64/libc.so.6 (0x7fc616868000) libgssapi_krb5.so.2 = /lib64/libgssapi_krb5.so.2 (0x7fc61661c000) libkrb5.so.3 = /lib64/libkrb5.so.3 (0x7fc616338000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x7fc616134000) libk5crypto.so.3 = /lib64/libk5crypto.so.3 (0x7fc615f02000) libdl.so.2 = /lib64/libdl.so.2 (0x7fc615cfd000) libz.so.1 = /lib64/libz.so.1 (0x7fc615ae7000) /lib64/ld-linux-x86-64.so.2 (0x7fc6174a) libkrb5support.so.0 = /lib64/libkrb5support.so.0 (0x7fc6158d8000) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x7fc6156d3000) libresolv.so.2 = /lib64/libresolv.so.2 (0x7fc6154b9000) libpthread.so.0 = /lib64/libpthread.so.0 (0x7fc61529d000) libselinux.so.1 = /lib64/libselinux.so.1 (0x7fc615077000) libpcre.so.1 = /lib64/libpcre.so.1 (0x7fc614e16000) liblzma.so.5 = /lib64/liblzma.so.5 (0x7fc614bf1000) Client: [root@ops:~] #ldd /usr/local/nagios/libexec/check_nrpe * libssl.so.6 = /lib64/libssl.so.6 (0x2aaba000)* *libcrypto.so.6 = /lib64/libcrypto.so.6 (0x2ad08000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x2b05a000) libc.so.6 = /lib64/libc.so.6 (0x2b273000) libgssapi_krb5.so.2 = /usr/lib64/libgssapi_krb5.so.2 (0x2b5cc000) libkrb5.so.3 = /usr/lib64/libkrb5.so.3 (0x2b7fa000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x2ba9) libk5crypto.so.3 = /usr/lib64/libk5crypto.so.3 (0x2bc92000) libdl.so.2 = /lib64/libdl.so.2 (0x2beb7000) libz.so.1 = /lib64/libz.so.1 (0x2c0bc000) /lib64/ld-linux-x86-64.so.2 (0x4000) libkrb5support.so.0 = /usr/lib64/libkrb5support.so.0 (0x0 0002c2d) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x2c4d8000) libresolv.so.2 = /lib64/libresolv.so.2 (0x2c6db000) libselinux.so.1 = /lib64/libselinux.so.1 (0x2c8f) libsepol.so.1 = /lib64/libsepol.so.1 (0x2cb09000) So it looks like everything is OK from the SSL end of things. Any other ideas or suggestions? Thanks Tim On Fri, May 1, 2015 at 5:46 AM, Eric Lehmann e.lehman...@gmail.com wrote: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. Am 01.05.2015 07:32 schrieb Tim Dunphy bluethu...@gmail.com: Hi Eric, Thanks for your reply. I do have nrpe running under xinetd on the host I'm trying to monitor. And running the nrpe checl locally: [root@ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root@ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host. And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead. [root@ops:~] #service iptables status Firewall is stopped. It's only when checking from the monitoring host that nrpe fails: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. Really, really puzzling. This is driving me up a wall!! I hopeI can solve this soon Thanks for any and all help with this one!! Tim On Fri, May 1, 2015 at 1:02 AM, Eric Lehmann e.lehman...@gmail.com wrote: Hi Does the deamon run under xinetd? Then you have to configure the only_from in */etc/**xinetd.d**/**nrpe* to. Regards Eric Am 01.05.2015 06:46 schrieb Tim Dunphy bluethu...@gmail.com: Hello, I am trying to monitor a host in the Amazon EC2 cloud. Yet when I try to check NRPE from the monitoring host I am getting an SSL handshake error: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H
Re: [CentOS] VPN connection before login
On 04/30/2015 03:42 PM, Tim wrote: Hi all, is there a possibility to connect to a VPN manually before login on CentOS desktop (Gnome). I know of a similar functionality in Windows. This is reasonably vpn specific as to the type, and configuration allowed. Can you be more specific? -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
Oh my mistake. I mean nrpe without parameters. It should say something about SSL/TLS aktiv or so. You could test nrpe without SSL. Use nrpe -n - H host Am 01.05.2015 13:18 schrieb Eero Volotinen eero.voloti...@iki.fi: well. how about trying default setting and running nrped without xinetd. -- Eero 2015-05-01 14:14 GMT+03:00 Tim Dunphy bluethu...@gmail.com: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. I don't seem to have that command. [root@monitor1:~] #find / -name *nrpr 2 /dev/null [root@monitor1:~] # And that's on either system. And if I do an ldd on both, this is what I can tell: Server: [root@monitor1:~] #ldd /usr/local/nagios/libexec/check_nrpe linux-vdso.so.1 = (0x7fffd895d000) * libssl.so.10 = /lib64/libssl.so.10 (0x7fc61722a000)* *libcrypto.so.10 = /lib64/libcrypto.so.10 (0x7fc616e43000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x7fc616c29000) libc.so.6 = /lib64/libc.so.6 (0x7fc616868000) libgssapi_krb5.so.2 = /lib64/libgssapi_krb5.so.2 (0x7fc61661c000) libkrb5.so.3 = /lib64/libkrb5.so.3 (0x7fc616338000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x7fc616134000) libk5crypto.so.3 = /lib64/libk5crypto.so.3 (0x7fc615f02000) libdl.so.2 = /lib64/libdl.so.2 (0x7fc615cfd000) libz.so.1 = /lib64/libz.so.1 (0x7fc615ae7000) /lib64/ld-linux-x86-64.so.2 (0x7fc6174a) libkrb5support.so.0 = /lib64/libkrb5support.so.0 (0x7fc6158d8000) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x7fc6156d3000) libresolv.so.2 = /lib64/libresolv.so.2 (0x7fc6154b9000) libpthread.so.0 = /lib64/libpthread.so.0 (0x7fc61529d000) libselinux.so.1 = /lib64/libselinux.so.1 (0x7fc615077000) libpcre.so.1 = /lib64/libpcre.so.1 (0x7fc614e16000) liblzma.so.5 = /lib64/liblzma.so.5 (0x7fc614bf1000) Client: [root@ops:~] #ldd /usr/local/nagios/libexec/check_nrpe * libssl.so.6 = /lib64/libssl.so.6 (0x2aaba000)* *libcrypto.so.6 = /lib64/libcrypto.so.6 (0x2ad08000)* libnsl.so.1 = /lib64/libnsl.so.1 (0x2b05a000) libc.so.6 = /lib64/libc.so.6 (0x2b273000) libgssapi_krb5.so.2 = /usr/lib64/libgssapi_krb5.so.2 (0x2b5cc000) libkrb5.so.3 = /usr/lib64/libkrb5.so.3 (0x2b7fa000) libcom_err.so.2 = /lib64/libcom_err.so.2 (0x2ba9) libk5crypto.so.3 = /usr/lib64/libk5crypto.so.3 (0x2bc92000) libdl.so.2 = /lib64/libdl.so.2 (0x2beb7000) libz.so.1 = /lib64/libz.so.1 (0x2c0bc000) /lib64/ld-linux-x86-64.so.2 (0x4000) libkrb5support.so.0 = /usr/lib64/libkrb5support.so.0 (0x0 0002c2d) libkeyutils.so.1 = /lib64/libkeyutils.so.1 (0x2c4d8000) libresolv.so.2 = /lib64/libresolv.so.2 (0x2c6db000) libselinux.so.1 = /lib64/libselinux.so.1 (0x2c8f) libsepol.so.1 = /lib64/libsepol.so.1 (0x2cb09000) So it looks like everything is OK from the SSL end of things. Any other ideas or suggestions? Thanks Tim On Fri, May 1, 2015 at 5:46 AM, Eric Lehmann e.lehman...@gmail.com wrote: This is strange... Do you have SSL aktive on both systems? Run nrpr localy without parameters (this should return some nrpe stats) and check ldd for libssl. Am 01.05.2015 07:32 schrieb Tim Dunphy bluethu...@gmail.com: Hi Eric, Thanks for your reply. I do have nrpe running under xinetd on the host I'm trying to monitor. And running the nrpe checl locally: [root@ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root@ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host. And I made sure the local firewall was stopped, because I am blocking ports with the security groups instead. [root@ops:~] #service iptables status Firewall is stopped. It's only when checking from the monitoring host that nrpe fails: [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. Really, really puzzling. This is driving me up a wall!! I hopeI can solve this soon Thanks for any and all help with this one!! Tim On Fri, May 1, 2015 at 1:02 AM, Eric Lehmann e.lehman...@gmail.com wrote: Hi Does the deamon run under xinetd? Then you have to configure the only_from in */etc/**xinetd.d**/**nrpe* to.
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
On Fri, 2015-05-01 at 00:46 -0400, Tim Dunphy wrote: [root@ops:~] #cat /etc/xinetd.d/nrpe # default: on # description: NRPE (Nagios Remote Plugin Executor) service nrpe { flags = REUSE socket_type = stream port= 5666 wait= no user= nagios group = nagios server = /usr/local/nagios/bin/nrpe server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd log_on_failure += USERID disable = no only_from = 127.0.0.1 xx.xx.xx.xx # - representing my real nagios server IP } Does anyone have any suggestions on how I can get that problem solved? Thanks, Tim Does /usr/local/nagios/etc/nrpe.cfg exist and is it readable by user or group 'nagios'? Did the user:group 'nagios' get created when you did the installation? Those were my two routine stumbles before I automated rollouts. Regards, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
Yes, also it could be nagios use another configs location. Check: whereis nagios. Am 01.05.2015 13:44 schrieb Brian Miller cen...@fullnote.com: On Fri, 2015-05-01 at 00:46 -0400, Tim Dunphy wrote: [root@ops:~] #cat /etc/xinetd.d/nrpe # default: on # description: NRPE (Nagios Remote Plugin Executor) service nrpe { flags = REUSE socket_type = stream port= 5666 wait= no user= nagios group = nagios server = /usr/local/nagios/bin/nrpe server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd log_on_failure += USERID disable = no only_from = 127.0.0.1 xx.xx.xx.xx # - representing my real nagios server IP } Does anyone have any suggestions on how I can get that problem solved? Thanks, Tim Does /usr/local/nagios/etc/nrpe.cfg exist and is it readable by user or group 'nagios'? Did the user:group 'nagios' get created when you did the installation? Those were my two routine stumbles before I automated rollouts. Regards, ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
On Fri, May 01, 2015 at 01:32:28AM -0400, Tim Dunphy wrote: [root@ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root@ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host. It sounds like you've got NRPE up on your AWS system, so I think you might need to take a closer look at your security groups to make sure it is allowing the NRPE port in from the source you're checking from. You could always check with a check_nrpe from another host in the same VPC if you want to make sure its not NRPE configuration-related. -- Jonathan Billings billi...@negate.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] kernel-debuginfo
Hi, Even though I am not running a centos.plus kernel yum wants to install the kernel-debuginfo for it. # yum install --disablerepo=\* --enablerepo=base-debuginfo kernel-debuginfo Loaded plugins: fastestmirror, refresh-packagekit Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies -- Running transaction check --- Package kernel-debuginfo.x86_64 0:2.6.32-504.8.1.el6 will be updated --- Package kernel-debuginfo.x86_64 0:2.6.32-504.16.2.el6.centos.plus will be an update -- Processing Dependency: kernel-debuginfo-common-x86_64 = 2.6.32-504.16.2.el6.centos.plus for package: kernel-debuginfo-2.6.32-504.16.2.el6.centos.plus.x86_64 -- Running transaction check --- Package kernel-debuginfo-common-x86_64.x86_64 0:2.6.32-504.8.1.el6 will be updated --- Package kernel-debuginfo-common-x86_64.x86_64 0:2.6.32-504.16.2.el6.centos.plus will be an update -- Finished Dependency Resolution Dependencies Resolved === PackageArch Version Repository Size === Updating: kernel-debuginfo x86_64 2.6.32-504.16.2.el6.centos.plus base-debuginfo 268 M Updating for dependencies: kernel-debuginfo-common-x86_64 x86_64 2.6.32-504.16.2.el6.centos.plus base-debuginfo 43 M Transaction Summary === Upgrade 2 Package(s) -- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos