Re: [CentOS] [OT] VOIP
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of TE Dukes > Sent: Thursday, January 19, 2017 2:03 PM > To: 'CentOS mailing list' > Subject: Re: [CentOS] [OT] VOIP > > > > -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of John R > Pierce > Sent: Thursday, January 19, 2017 1:01 PM > To: centos@centos.org > Subject: Re: [CentOS] [OT] VOIP > > On 1/19/2017 4:41 AM, TE Dukes wrote: > > I lost > > the ability to use the DSL as a FAX line. > > Analog traditional FAX may not work very well over VOIP.Just sayin'. > > > So, I bought an OOMA. Turns out it uses a number of ports, three of > > which are reserved, 53 TCP/UDP, 110 TCP and 443 TCP. These ports have > > already been port forwarded from my cable modem/router to my server. > > those ports, per > http://support.ooma.com/home/advanced-connections-and-service-ports > are OUTBOUND not inbound, they don't need forwarding. ditto the other > ports Albert listed. > > > Thanks!! > > I didn't have this info last night. The lady on the phone just read me a list. She > didn't say whether they were inbound or outbound. > > I did open the other ports, UDP 123, UDP 514, UDP 1194,UDP 3386, UDP 3480, > UDP 1-3, but it didn't work. > > Should have worked. Something else must be wrong. Geeez!! I had to install Google/NSA Chrome to access the interface to get ooma working. Hope I can uninstall Google/NSA Chrome before my system is breeched!! ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] amanda and selinux
Anyone familiar with the selinux policy for the amanda backup software package? I'm getting lots of data not being backed up. For example, under /home there are 2 directory trees owned by root. Those get backed up, user home dirs do not. No AVC denials nor messages in /var/log/messages or journalctl log. But if I turn off selinux enforcing, or set amanda_t type to permissive, complete backups are made. I expected the selinux policy would have allowed amanda to be able to read all files. Else, how does one make backups? I'm seeing this on CentOS 7.2, Fedora 24 & 25. Amanda packages from the respective distro repos. As far as I can tell, the selinux policies are the same in all three. But then, I know little selinux speak. Jon -- Jon H. LaBadie j...@jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux upgrade
Well, got hit by this too. Ironically, I don't use docker, I think I had it installed being pulled in for something else. So, tried the yum remove docker* but no go. When I do semanage port -a -t ssh_port_t -p tcp I get an error Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 which is something that doesn't exist. Tried installing container-selinux, but so far, the only way to get SSH to work on a default port is to setenforce 0. This isn't a really important machine, but it is certainly annoying. -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Restricting mirrors off a repo
On 1/19/2017 1:57 PM, Mauricio Tavares wrote: What is the best way to specify which mirrors off a repository you want to use? Have a host with rather restricted egress rules and want to allow it to reach a couple of mirrors for each repo it needs. And, yes, I am not ready to mirror them locally. specify a mirror directly in the /etc/yum.repos.d/CentOS-*.repo files, using baseurl= instead of mirrorlist= or, to be trickier [1] you could have mirrorlist.centos.org in your local DNS point to a local http server which has entries like... http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os containing (for example) http://centos.mirror.lstn.net/6/os/x86_64/ http://mirror.n5tech.com/CentOS/6/os/x86_64/ http://mirrors.xmission.com/centos/6/os/x86_64/ http://www.gtlib.gatech.edu/pub/centos/6/os/x86_64/ http://mirrors.rit.edu/centos/6/os/x86_64/ http://repos.lax.quadranet.com/centos/6/os/x86_64/ http://ftpmirror.your.org/pub/centos/6/os/x86_64/ http://repo1.ash.innoscale.net/centos/6/os/x86_64/ http://mirrors.maine.edu/CentOS/6/os/x86_64/ http://mirror.fileplanet.com/centos/6/os/x86_64/ -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Restricting mirrors off a repo
What is the best way to specify which mirrors off a repository you want to use? Have a host with rather restricted egress rules and want to allow it to reach a couple of mirrors for each repo it needs. And, yes, I am not ready to mirror them locally. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] VOIP
-Original Message- From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of John R Pierce Sent: Thursday, January 19, 2017 1:01 PM To: centos@centos.org Subject: Re: [CentOS] [OT] VOIP On 1/19/2017 4:41 AM, TE Dukes wrote: > I lost > the ability to use the DSL as a FAX line. Analog traditional FAX may not work very well over VOIP.Just sayin'. > So, I bought an OOMA. Turns out it uses a number of ports, three of > which are reserved, 53 TCP/UDP, 110 TCP and 443 TCP. These ports have > already been port forwarded from my cable modem/router to my server. those ports, per http://support.ooma.com/home/advanced-connections-and-service-ports are OUTBOUND not inbound, they don't need forwarding. ditto the other ports Albert listed. Thanks!! I didn't have this info last night. The lady on the phone just read me a list. She didn't say whether they were inbound or outbound. I did open the other ports, UDP 123, UDP 514, UDP 1194,UDP 3386, UDP 3480, UDP 1-3, but it didn't work. Should have worked. Something else must be wrong. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] VOIP
On 1/19/2017 4:41 AM, TE Dukes wrote: I lost the ability to use the DSL as a FAX line. Analog traditional FAX may not work very well over VOIP.Just sayin'. So, I bought an OOMA. Turns out it uses a number of ports, three of which are reserved, 53 TCP/UDP, 110 TCP and 443 TCP. These ports have already been port forwarded from my cable modem/router to my server. those ports, per http://support.ooma.com/home/advanced-connections-and-service-ports are OUTBOUND not inbound, they don't need forwarding. ditto the other ports Albert listed. -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
Hello m, Thursday, January 19, 2017, 5:17:48 PM, you wrote: >>> In the mean time, if you have not disabled it, you should find some >>> collected statistics from sysstat/sar. >>> Look at the sarXX files under /var/log/sa. They should be kept for 30 >>> day >>> by default in CentOS 7. >> >> Unfortunately, on that host such statistics is disabled. > > That's surprising. That's such an old, low-level daemon/reporting tool > Was it disabled deliberately? And why? Heritage from the old admin to me. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
Hello Gordon, Thursday, January 19, 2017, 4:57:48 PM, you wrote: > On 01/19/2017 06:29 AM, Subscriber wrote: >>> and what kind of IO patterns do those VMs >>> have? >> Do not quite understand. What do you mean? >> > What at the VMs doing? Its gateway from local network to Internet > Are they entirely idle? At work time - No. Another time in most - Yes > Are they doing light > work, mostly reading from disks? If they're not generating disk IO, > then that's not related. Well no. They are not loaded the disc(s). No heavy for write operations. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
On 01/19/2017 08:57 AM, Marcin Trendota wrote: > W dniu 19.01.2017 o 14:54, Johnny Hughes pisze: > >>> So, it looks like something with docker-selinux and container-selinux... >> Right, I wanted to mention that docker-selinux was replaced with >> container-selinux in the lasest version. > Shouldn't be docker-selinux automatically removed then? > container-selinux should disable docker policy and then install its own. container-selinux-1.12.5-14 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
Subscriber wrote: > Hello Gianluca, > > Wednesday, January 18, 2017, 3:54:15 PM, you wrote: > >> In the mean time, if you have not disabled it, you should find some >> collected statistics from sysstat/sar. >> Look at the sarXX files under /var/log/sa. They should be kept for 30 >> day >> by default in CentOS 7. > > Unfortunately, on that host such statistics is disabled. That's surprising. That's such an old, low-level daemon/reporting tool Was it disabled deliberately? And why? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
Hello Gordon, Thursday, January 19, 2017, 5:09:29 PM, you wrote: > On 01/19/2017 06:54 AM, Subscriber wrote: >> But I collect such statistics in Zabbix. And the numbers and graphs >> indicate an increase in the load on the CPU (ie System time). > "load" has another meaning in the context of POSIX system performance > counters. I'm pretty sure you're talking about CPU utilization and not > "load", right? Definitely. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
On 01/19/2017 06:54 AM, Subscriber wrote: But I collect such statistics in Zabbix. And the numbers and graphs indicate an increase in the load on the CPU (ie System time). "load" has another meaning in the context of POSIX system performance counters. I'm pretty sure you're talking about CPU utilization and not "load", right? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
Hello Subscriber, Thursday, January 19, 2017, 4:44:04 PM, you wrote: > Hello Gianluca, > Wednesday, January 18, 2017, 3:54:15 PM, you wrote: >> In the mean time, if you have not disabled it, you should find some >> collected statistics from sysstat/sar. >> Look at the sarXX files under /var/log/sa. They should be kept for 30 day >> by default in CentOS 7. > Unfortunately, on that host such statistics is disabled. But I collect such statistics in Zabbix. And the numbers and graphs indicate an increase in the load on the CPU (ie System time). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
On 01/19/2017 06:29 AM, Subscriber wrote: and what kind of IO patterns do those VMs have? Do not quite understand. What do you mean? What at the VMs doing? Are they entirely idle? Are they doing light work, mostly reading from disks? If they're not generating disk IO, then that's not related. However, during a recent set of benchmarks, I found that disk reads were slower under 7.3 than under 7.2. That might be specific to the system I tested, or it might be related to the change you're seeing. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
On 01/19/2017 12:43 AM, Marcin Trendota wrote: After recent system upgrade (this night) i lost access to two servers through SSH, because of change in SELinux policy - i have ssh there on different port and now it's gone. Which release? I also run ssh on an alternate port on one host, and that host didn't break following yesterday's updates. Can you get the AVCs from /var/log/audit/audit.log? What is currently the content of /etc/selinux/targeted/modules/active/ports.local? Does it describe the same ports as the output of "semanage port -l -C"? Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to ensure persistency? It should be. You should see that port labeled in the file above. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
Hello Gianluca, Wednesday, January 18, 2017, 3:54:15 PM, you wrote: > In the mean time, if you have not disabled it, you should find some > collected statistics from sysstat/sar. > Look at the sarXX files under /var/log/sa. They should be kept for 30 day > by default in CentOS 7. Unfortunately, on that host such statistics is disabled. > So you can compare cpu, mem, I/O profiles before and after the upgrade. > If you have access to Red Hat documents you can look also here: > https://access.redhat.com/articles/325783 > or in general some articles like this: > https://www.blackmoreops.com/2014/06/18/sysstat-sar-examples-usage/ > and to create pdf graphics with kSar > https://www.thomas-krenn.com/en/wiki/Linux_Performance_Analysis_using_kSar > HIH, > Gianluca > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Best regards, Subscribermailto:ml-li...@agoris.net.ua ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reliable way of having both LAN and WIFI on headless box
On Wednesday 18 January 2017 15:09:49 Valeri Galtsev wrote: > On Wed, January 18, 2017 4:24 am, Eliezer Croitoru wrote: > > You could say the same thing about computers in general: > > I hate them, they automated many tasks in life and took many jobs out of > > the > > market!. > > And they suck. All systems suck. And thanks to that I got my job. > > Valeri > Plumbers mend broken pipes. Programmers mend broken.. oh yeah, pipes :-) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Increase CPU usage on HV after upgrade (7.2 -> 7.3)
Hello Gordon, Wednesday, January 18, 2017, 11:52:35 PM, you wrote: > On 01/18/2017 05:34 AM, Subscriber wrote: >> Someone noticed something similar? > How is your storage arranged, It is software RAID1 + LVM > and what kind of IO patterns do those VMs > have? Do not quite understand. What do you mean? > During recent testing, I found that the read performance of software > RAID volumes was worse under 7.3 than it was under 7.2. Most other IO > had improved significantly: > https://plus.google.com/+GordonMessmer/posts/eSe6iNmk1Fs?sfc=false ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
W dniu 19.01.2017 o 14:54, Johnny Hughes pisze: >> So, it looks like something with docker-selinux and container-selinux... > Right, I wanted to mention that docker-selinux was replaced with > container-selinux in the lasest version. Shouldn't be docker-selinux automatically removed then? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
On 01/19/2017 04:47 AM, Marcin Trendota wrote: > W dniu 19.01.2017 o 10:17, Hal Wigoda pisze: >> I have experienced this myself. It is very upsetting. > > > It happened on servers with docker installed. I got error message there: > # semanage port -a -t ssh_port_t -p tcp > Re-declaration of type docker_t > Failed to create node > Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 > OSError: Error > > After uninstalling: > # yum remove docker* > Wczytane wtyczki: fastestmirror, langpacks, priorities, versionlock > Rozwiązywanie zależności > --> Wykonywanie sprawdzania transakcji > ---> Pakiet docker.x86_64 2:1.10.3-59.el7.centos zostanie usunięty > ---> Pakiet docker-common.x86_64 2:1.10.3-59.el7.centos zostanie usunięty > ---> Pakiet docker-forward-journald.x86_64 0:1.10.3-44.el7.centos > zostanie usunięty > ---> Pakiet docker-registry.x86_64 0:0.9.1-7.el7 zostanie usunięty > ---> Pakiet docker-selinux.x86_64 0:1.10.3-46.el7.centos.14 zostanie > usunięty > --> Ukończono rozwiązywanie zależności > [...] > > And then: > # semanage port -a -t ssh_port_t -p tcp > Re-declaration of type docker_t > Failed to create node > Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 > OSError: Error > > > # yum remove docker-selinux > Wczytane wtyczki: fastestmirror, langpacks, priorities, versionlock > Rozwiązywanie zależności > --> Wykonywanie sprawdzania transakcji > ---> Pakiet container-selinux.x86_64 2:1.10.3-59.el7.centos zostanie > usunięty > --> Ukończono rozwiązywanie zależności > [...] > > # semanage port -a -t ssh_port_t -p tcp > ValueError: Port tcp/ został już określony > # semanage port -l | grep ssh > ssh_port_t tcp , 22 > > > So, it looks like something with docker-selinux and container-selinux... > Right, I wanted to mention that docker-selinux was replaced with container-selinux in the lasest version. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT] VOIP
> -Original Message- > From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of TE Dukes > Sent: Thursday, January 19, 2017 7:41 AM > To: 'CentOS mailing list' > Subject: [CentOS] [OT] VOIP > > So, I bought an OOMA. Turns out it uses a number of ports, three of which > are reserved, 53 TCP/UDP, 110 TCP and 443 TCP. These ports have already > been port forwarded from my cable modem/router to my server. > I'm thinking this isn't going to work unless I change some ports on my > server, which I'm not willing to do. > > I spent over 30 minutes with their support people last night. It appears > the ports cannot be changed on the OOMA device. Try connecting it up behind your existing router, and see if it connects and works. I used to have a Vonage device, and it did the same exact nonsense, yet it still worked fine when behind the NAT in the main router. The web server and rest of the networked devices all still remained connected to the original router. You may need to forward some UDP ports, such as these from the OOMA website, UDP 1194,UDP 3386, UDP 3480, UDP 1-3. http://support.ooma.com/home/advanced-connections-and-service-ports Whenever I needed to configure the Vonage, I had to connect a notebook to the Vonage Ethernet ports to gain access to the web server port. Al -- Come join me in the Church of Appliantology! Elron Hoover ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] [OT] VOIP
Hello, I changed ISPs a few weeks ago and now I'm on cable. In doing so, I lost the ability to use the DSL as a FAX line. So, I bought an OOMA. Turns out it uses a number of ports, three of which are reserved, 53 TCP/UDP, 110 TCP and 443 TCP. These ports have already been port forwarded from my cable modem/router to my server. I'm thinking this isn't going to work unless I change some ports on my server, which I'm not willing to do. I spent over 30 minutes with their support people last night. It appears the ports cannot be changed on the OOMA device. Are there any work arounds? TIA ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
W dniu 19.01.2017 o 10:17, Hal Wigoda pisze: > I have experienced this myself. It is very upsetting. It happened on servers with docker installed. I got error message there: # semanage port -a -t ssh_port_t -p tcp Re-declaration of type docker_t Failed to create node Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 OSError: Error After uninstalling: # yum remove docker* Wczytane wtyczki: fastestmirror, langpacks, priorities, versionlock Rozwiązywanie zależności --> Wykonywanie sprawdzania transakcji ---> Pakiet docker.x86_64 2:1.10.3-59.el7.centos zostanie usunięty ---> Pakiet docker-common.x86_64 2:1.10.3-59.el7.centos zostanie usunięty ---> Pakiet docker-forward-journald.x86_64 0:1.10.3-44.el7.centos zostanie usunięty ---> Pakiet docker-registry.x86_64 0:0.9.1-7.el7 zostanie usunięty ---> Pakiet docker-selinux.x86_64 0:1.10.3-46.el7.centos.14 zostanie usunięty --> Ukończono rozwiązywanie zależności [...] And then: # semanage port -a -t ssh_port_t -p tcp Re-declaration of type docker_t Failed to create node Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 OSError: Error # yum remove docker-selinux Wczytane wtyczki: fastestmirror, langpacks, priorities, versionlock Rozwiązywanie zależności --> Wykonywanie sprawdzania transakcji ---> Pakiet container-selinux.x86_64 2:1.10.3-59.el7.centos zostanie usunięty --> Ukończono rozwiązywanie zależności [...] # semanage port -a -t ssh_port_t -p tcp ValueError: Port tcp/ został już określony # semanage port -l | grep ssh ssh_port_t tcp , 22 So, it looks like something with docker-selinux and container-selinux... -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
I have experienced this myself. It is very upsetting. (Sent from iPhone, so please accept my apologies in advance for any spelling or grammatical errors.) > On Jan 19, 2017, at 2:57 AM, Fabian Arrotin wrote: > > log ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
On 19/01/17 09:43, Marcin Trendota wrote: > Hello All > > After recent system upgrade (this night) i lost access to two servers > through SSH, because of change in SELinux policy - i have ssh there on > different port and now it's gone. > > Thanks to puppet i was able to change SSH port back to default and log > in, but is this expected behavior? I thought minor upgrade shouldn't > break up things? > > Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to > ensure persistency? > It's normally enough, there is no need to do it again, except if it lost all custom settings and booleans. Something to try on a VM (setup CentOS 7.3.1611, modify it without updating it, verify that it works, and then update it) If problem can be reproduced, I'd say open a bug on bugs.centos.org *and* upstream bugzilla.redhat.com and link the two together -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux upgrade
Hello All After recent system upgrade (this night) i lost access to two servers through SSH, because of change in SELinux policy - i have ssh there on different port and now it's gone. Thanks to puppet i was able to change SSH port back to default and log in, but is this expected behavior? I thought minor upgrade shouldn't break up things? Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to ensure persistency? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
