Re: [CentOS] OpenSwan Drop Out Issue
As I said though, there's no lost ICMP packets, even when the IPSec tunnel drops out. I do notice a lot of these errors in the secure log though, would this be any indication of a problem? (I'm grepping for this specific error, they're not the only messages in there). Feb 11 14:18:10 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x01f90e1d) not found (maybe expired) Feb 11 14:18:14 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xb3681486) not found (maybe expired) Feb 11 14:18:14 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x6ad588f5) not found (maybe expired) Feb 11 14:19:07 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xe05ced4d) not found (maybe expired) Feb 11 14:19:08 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x7cd46e9e) not found (maybe expired) Feb 11 14:19:38 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x07164936) not found (maybe expired) Feb 11 14:19:55 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x9e68c142) not found (maybe expired) Feb 11 14:19:58 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcbb10063) not found (maybe expired) Feb 11 14:20:16 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x7a160d48) not found (maybe expired) Feb 11 14:20:26 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x18a63776) not found (maybe expired) Feb 11 14:21:11 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x09eb87c4) not found (maybe expired) Feb 11 14:21:11 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xb2438c9b) not found (maybe expired) Feb 11 14:21:15 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x04236e6a) not found (maybe expired) Feb 11 14:21:52 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x456f7468) not found (maybe expired) Feb 11 14:21:57 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x8ee90acd) not found (maybe expired) Feb 11 14:22:04 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc6676973) not found (maybe expired) Feb 11 14:22:04 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc3b43142) not found (maybe expired) Feb 11 14:22:30 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x37111e62) not found (maybe expired) Feb 11 14:22:35 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xb6e63098) not found (maybe expired) Feb 11 14:23:24 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xbd94fd66) not found (maybe expired) Feb 11 14:24:05 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x36f47642) not found (maybe expired) Feb 11 14:24:18 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xababea68) not found (maybe expired) Feb 11 14:24:33 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x9088954e) not found (maybe expired) Feb 11 14:24:46 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x5f1ba8d3) not found (maybe expired) On 10 February 2016 at 17:48, Eero Volotinen wrote: > Well. Centos 5 is really near of it's end of life. There is not much > updates to kernel or openswan. You should at least try latest openswan > version. > > Your issue looks like a bit network problem. > > -- > Eero > > 2016-02-10 8:34 GMT+02:00 John Cenile : > > > So lowering the keylife / ikelifetime didn't solve the problem. I've > > enabled debugging and I'll see what it says. > > > > Unfortunately we can't (easily) upgrade CentOS, do you believe that would > > make a huge difference though? Are the newer versions of OpenSwan *that > > *much > > more reliable? > > > > On 10 February 2016 at 04:58, Eero Volotinen > > wrote: > > > > > Centos 5 is also a bit old os. Is it possible to use newer version? > (like > > > centos 7 or centos 6?) > > > > > > Eero > > > > > > 2016-02-09 19:52 GMT+02:00 Gordon Messmer : > > > > > > > On 02/09/2016 07:04 AM, John Cenile wrote: > > > > > > > >> does anyone have any suggestions on what the problem might be? > > > >> > > > > > > > > Not off the top of my head, but if I were you, I'd enable debugging > of > > > > "control" and "dpd". See man ipsec.conf (/plutodebug) and man > > > ipsec_pluto. > > > > > > > > ___ > > > > CentOS mailing list > > > > CentOS@centos.org > > > > https://lis
Re: [CentOS] Measuring memory bandwidth utilization
On Tue, Feb 2, 2016 at 7:34 PM, Gordon Messmer wrote: > On 02/02/2016 05:34 PM, Benjamin Smith wrote: >> >> We've ruled out IOPs for the disks (~ 20%) > > > How did you measure that? What filesystem are you using? What is the disk > / array configuration? > Which database? > > If you run "iostat -x 2" what does a representative summary look like? > >> and raw CPU load (top shows perhaps >> 1/2 of cores busy, but the system slows to a crawl. > > > Define "busy"? Yeah. It'd nice to see the output from top so we can see what is consuming most of the cpu or anything consuming less than it should because it's waiting for something else that's slower. It might be useful to see 'perf top' if perf is installed, and if not install it, reproduce the problem and let perf top run for a minute, then post it on fpaste or pastebin so the formatting stays semisane. -- Chris Murphy ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest version of kate editor
On 02/10/2016 08:49 PM, Frank Cox wrote: On Wed, 10 Feb 2016 20:27:36 +0100 H wrote: By the way, does geany allow you to edit files over an ssh connection (fish protocol I believe)? Or would I need to first mount the remote server using sshfs? http://www.geany.org/Documentation/FAQ#QQuestions10 Thank you. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest version of kate editor
On Wed, 10 Feb 2016 20:27:36 +0100 H wrote: > By the way, does geany allow you to edit files over an ssh connection > (fish protocol I believe)? Or would I need to first mount the remote > server using sshfs? http://www.geany.org/Documentation/FAQ#QQuestions10 -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest version of kate editor
On 02/09/2016 09:50 PM, Frank Cox wrote: On Tue, 9 Feb 2016 21:43:50 +0100 H wrote: You can find pre-compiled rpms for the latest version of geany for Centos 6 and 7 on my website if you want them. (The Centos 6 i386 rpm is two versions behind but the x86_64 version is up to date. I don't have easy access to an i386 Centos 6 machine any more to build an i386 rpm, but you can easily do it yourself by compiling the src rpm that's there if you need it.) Thank you, I will look at geany. I did download the markdown plugin for gedit and used that editor for now. I have now updated the Centos 6 i686 geany rpm on my website to the latest version. Thank you, I will download it. EPEL has version 1.24 of geany while the latest version is 1.26. By the way, does geany allow you to edit files over an ssh connection (fish protocol I believe)? Or would I need to first mount the remote server using sshfs? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Measuring memory bandwidth utilization
Hello, Try to install collectd and check the metrics for ram. Best regards, El dia 03/02/2016 2:51 a. m., "John R Pierce" va escriure: > On 2/2/2016 5:34 PM, Benjamin Smith wrote: > >> I'd like to know what the cause of a particular DB server's slowdown >> might be. >> We've ruled out IOPs for the disks (~ 20%) and raw CPU load (top shows >> perhaps >> 1/2 of cores busy, but the system slows to a crawl. >> >> We're suspecting that we're simply running out of memory bandwidth but >> have no >> way to confirm this suspicion. Is there a way to test for this? Think: >> iostat >> but for memory bandwidth instead of disk IO. >> > > memory bandwidth would show up as CPU busy, there's no distinction. > > 50% of your cores 100% busy, how many cores and how many waiting database > tasks are there? typically with most database servers, one user connection > == one core at a time. so if you have 16 cores, and only 8 busy/active > database connections, that will tie up those 8 cores and leave the other 8 > free.now the 8 processes will probably get bounced around between the > cores, so it could end up looking like all 16 cores are 50% busy averaged > over some sample rate, but thats the same net difference.. > > > > -- > john r pierce, recycling bits in santa cruz > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Utility to zero unused blocks on disk
On Tue, February 9, 2016 16:05, Chris Murphy wrote: > On Mon, Feb 8, 2016 at 11:18 PM, John R Pierce > wrote: >> On 2/8/2016 9:54 PM, Chris Murphy wrote: >>> >>> Secure erase is really the only thing to use on SSDs. >>> Writing a pile of zeros just increases wear (minor negative) >>> but also doesn't actually set the cells to the state required >>> to accept a new write, Secure erase of an SSD, or any solid state device, is problematic. See: http://www.techrepublic.com/article/erasing-ssds-security-is-an-issue/ The CSE requires physical destruction of these devices through pulverisation or incineration. See: https://cse-cst.gc.ca/en/system/files/pdf_documents/itsg06-eng.pdf The USDOD leaves disposal protocols to the individual commands. Essentially, due to the way data is stored on SSDs, it is impossible to access every memory cell during a software driven wipe; no matter how many passes are made. The possibility of significant fragments of residual data remaining is always greater than zero. However, if you entirely encrypt an SSD, BEFORE adding any confidential material, then secure destruction is assured by 'forgetting' the key. But encrypting an SSD after the material is put on it is not sufficient. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Measuring memory bandwidth utilization
Benjamin Smith writes: > So far, searching has found intel-cmt-cat-master which isn't supported on our > CPU and oprofile which *sounds* like it does what I want from their website but > I can't seem to get output that, in any way, tells me what the bandwidth usage > is. > > Any idea? > Perhaps Intel Performance Counter Monitor tool can help here: https://software.intel.com/en-us/articles/intel-performance-counter- monitor Quick CPU model check on ark.intel.com will indicate maximum CPU memory bandwidth. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C7 AD server
I personally prefer to use sssd-ad instead of winbind. Works like a charm also in addition to sudo configuration. Regards Tim Am 7. Februar 2016 18:55:24 MEZ, schrieb Alessandro Baggi : >Il 07/02/2016 18:33, Nizar Armansyah ha scritto: >> This tutorial uses Sernet Samba: >> http://www.server-world.info/en/note?os=CentOS_7&p=samba&f=4 >> >> This one done by compiling Samba yourself: >> >https://imanudin.net/2014/11/16/how-to-install-samba4-active-directory-on-centos-7-part-1/ >> >https://imanudin.net/2014/11/17/how-to-install-samba4-active-directory-on-centos-7-part-2/ >> >> On Sun, Feb 7, 2016 at 11:34 PM, Alessandro Baggi >> wrote: >>> Il 07/02/2016 17:18, Ben Archuleta ha scritto: I use these instructions to create a domain controller on CentOS >for a Windows 10 lab I have: >http://www.unixmen.com/setting-samba-primary-domain-controller-centos-7/ Regards, Ben >>> >>> Thanks Ben, but this is for PDC NT not for AD DC. With C7 to perform >this, I >>> must install sernet samba version or change distro. >>> >>> >>> >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> >Thanks for the links. >I found the problem. After some tries, I have added winbind on >nsswitch.conf. Running getent passwd Domain user was not printed after >local user and with this I've tried to find a solution without try the >share. >After several operation ecc..I've runned id "created domain user" and >user exists. Tried also to chown domuser:domgr file and works but from >getent I can't get user domain. > >This is a bug on centos or it is related due to sernet package >(winbind)?? >___ >CentOS mailing list >CentOS@centos.org >https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 132, Issue 3
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEEA-2016:0154 CentOS 5 tzdata Enhancement Update (Johnny Hughes) 2. CEEA-2016:0154 CentOS 7 tzdata Enhancement Update (Johnny Hughes) 3. CEBA-2016:0138 CentOS 6 sg3_utils BugFix Update (Johnny Hughes) 4. CEBA-2016:0147 CentOS 6 389-ds-base BugFix Update (Johnny Hughes) 5. CEBA-2016:0153 CentOS 6 sssd BugFix Update (Johnny Hughes) 6. CEBA-2016:0144 CentOS 6 chkconfig BugFix Update (Johnny Hughes) 7. CEBA-2016:0146 CentOS 6 libgovirt BugFix Update (Johnny Hughes) 8. CEBA-2016:0148 CentOS 6 poppler BugFix Update (Johnny Hughes) 9. CEBA-2016:0141 CentOS 6 php BugFix Update (Johnny Hughes) 10. CEBA-2016:0143 CentOS 6 kdelibs BugFix Update (Johnny Hughes) 11. CEBA-2016:0139 CentOS 6 cluster BugFix Update (Johnny Hughes) 12. CEBA-2016:0149 CentOS 6 dnsmasq BugFix Update (Johnny Hughes) 13. CEBA-2016:0145 CentOS 6 kexec-tools BugFix Update (Johnny Hughes) 14. CEBA-2016:0142 CentOS 6 librdmacm BugFix Update (Johnny Hughes) 15. CEBA-2016:0151 CentOS 6 pki-core BugFix Update (Johnny Hughes) 16. CEBA-2016:0137 CentOS 6 virt-manager BugFix Update (Johnny Hughes) 17. CEEA-2016:0154 CentOS 6 tzdata Enhancement Update (Johnny Hughes) -- Message: 1 Date: Tue, 9 Feb 2016 15:17:22 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CEEA-2016:0154 CentOS 5 tzdata Enhancement Update Message-ID: <20160209151722.ga30...@chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Enhancement Advisory 2016:0154 Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0154.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 2206affe6dc8666f47f16d807c791a6cb3c8813e6e20ba8030de444b7aac7ee5 tzdata-2016a-1.el5.i386.rpm 5de6eaee71ec32756feafdcccec1259c04affe07123e1cbf80a6a7cb700d127d tzdata-java-2016a-1.el5.i386.rpm x86_64: 5cfb394e27141600abdcb251ca4ced68dd967142566c3f1a2eadc2314c2c35c2 tzdata-2016a-1.el5.x86_64.rpm ea0155a50f5ef2d5e72a9887d701c8222a8560981b12d536e4c78cd9b4b348e9 tzdata-java-2016a-1.el5.x86_64.rpm Source: f8ae6b5e0e231633d8d8b729bc94e8e005c3f1268050b65a70633364066ac849 tzdata-2016a-1.el5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: JohnnyCentOS -- Message: 2 Date: Tue, 9 Feb 2016 15:42:57 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CEEA-2016:0154 CentOS 7 tzdata Enhancement Update Message-ID: <20160209154257.ga21...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Enhancement Advisory 2016:0154 Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-0154.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 9be72634325e48e3f199d6cfac392184b2c2566392e5e82d7cd1b355e9855b9f tzdata-2016a-1.el7.noarch.rpm b7e70dc8cf2d006cfaf101e14d3b4f7e6d9a4b7978c99b0f58f3702d7f337ad6 tzdata-java-2016a-1.el7.noarch.rpm Source: 2abe0db0ffb110c3c05f719ea9c4d2197d5c97672f089121bae9e95142278568 tzdata-2016a-1.el7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS -- Message: 3 Date: Tue, 9 Feb 2016 15:47:03 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2016:0138 CentOS 6 sg3_utils BugFix Update Message-ID: <20160209154703.ga22...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2016:0138 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0138.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1919a5451c5e0650d3a5ecb70b878a3ee6c6eb4c4ba87873e78e72804910cb52 sg3_utils-1.28-9.el6_7.i686.rpm df286a7c80a557bb941f4f71a0a097ac3c366a188f169c6c6ccbb03403385fbe sg3_utils-devel-1.28-9.el6_7.i686.rpm d62626c4cc2be45fbfa5c52b1d61584f67a58527fcf228f758a15a7070010155 sg3_utils-libs-1.28-9.el6_7.i686.rpm x86_64: 3b077835d799331a88b77749a08df28373d68a1cda9055c3632540c50756f846 sg3_utils-1.28-9.el6_7.x86_64.rpm df286a7c80a557bb941f4f71a0a097ac3c366a188f169c6c6ccbb03403385fbe