Re: [CentOS] Custom ISO based on kickstart
On Tue, Apr 14, 2015 at 8:14 AM, Kahlil Hodgson kahlil.hodg...@dealmax.com.au wrote: The fedora spins SIG https://fedoraproject.org/wiki/Spins_SIG?rd=SIGs/Spins created/assembled a whole bunch of tools for doing just that. I used such machinery to do pretty much the same as what you are a number of years ago. I think there was even graphical tool called 'revisor'. Thank you very much. I will give it a try. Already tried revisor and unfortunately failed. Bye, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Custom ISO based on kickstart
Hello! I would like to shrink my installation media restricted only to necessary packages based on my kickstart file. So I am looking for an application/script which select rpms and those dependencies based on a kickstart file. If just display them that is ok does not need to copy/download anything else. Is there any such utility? I've found a site which helps to select rpms based on my comps.xml (mandatory, default) but I do not want to change my comps.xml but want to create a kickstart file and create a media based on that. Thanks, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos livecd for latest centos 5-release?
Not the latest but livecd anyway. https://projects.centos.org/trac/livecd/ There is some instruction on how to generate yourself. Have not tried myself though. Bye, a 2014.06.07. 21:40 ezt írta (Eero Volotinen eero.voloti...@iki.fi): Hi, Is this kind of available? so, where I can download it? -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] kickstart bonding
Hello! I would like to use the new bonding feature of kickstart in release 6.4. My setup is one bonding interface (bond0) with two (eth0, eth1) ethernet cards. I am using two VLANs on bonding interface so I have no IP for bond0 but have IPs for bond0.1 and bond0.2. If I create config by hand it works. Now I would like to convert my kickstart file using the new bonding feature. The kickstart file has: network --onboot=yes --noipv6 --device=eth0 --bootproto=static network --onboot=yes --noipv6 --device=eth1 --bootproto=static network --onboot=yes --noipv6 --device=bond0 --bootproto=static --bondslaves=eth0,eth1 --bondopts=... Kickstart gives an error to the bond0 line saying The provided network interface bond0 does not exist. Why? Then I put a 'modprobe bonding' line to my %pre section. Now same error in the following line: network --onboot=yes --noipv6 --device=bond0 --vlanid=1 --bootproto=static --ip=192.168.1.1 --netmask=255.255.255.0 It is clear as I do not have bond0.1 but why should I have at setup time. I do not want to use at setup time only in my final installation. I am lost that point so I turned to the list. I do not really understand why kickstart use interface bond0 and others at the setup time. Is it just parameters for making config file to my installation. Any idea what is the problem or a good tutorial on this new feature? Thanks, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP server problem behind firewall
On Mon, Sep 3, 2012 at 4:32 PM, Giles Coochey gi...@coochey.net wrote: On 03/09/2012 15:18, Artifex Maximus wrote: On Mon, Sep 3, 2012 at 11:15 AM, Leonard den Ottolander leon...@den.ottolander.nl wrote: On Sun, 2012-09-02 at 07:46 +, Artifex Maximus wrote: Any idea what is wrong? The iptables rules you specify only allow clients from your local network access to your proxy ntp server. However, you do not specify any rules for eth1 to allow that ntp server to synchronise with the remote servers it is using. So unless you are using a local time source that might be your problem. Btw, when specifying rules for the external ntp servers you might want to specify IPs as well to restrict access. Thanks. You are right ntp proxy is absolutely what I want. Mine description was not clean probably. So this is the setup: GPSNTP(10.0.1.99/24) - eth1 myserver eth0 - clients(10.0.0.0/24) Because GPSNTP is on a physically separated network I need this proxy for my clients. My server is able to synchronize with GPSNTP so rules are fine for that (because my output chain is ACCEPT per default). My clients whom are cannot synchronize with my server even if I allow NTP port which I do not understand. So at this stage, doing a tcpdump -i eth0 -s 0 -w capture.cap and getting one of your clients to try to sync time with your server and then repeating this with the firewall turned off (when it purportedly works) ought to give you enough information to be able to view the packet capture and see what is going wrong. Thanks for the answer. I did tcpdump with turned on firewall but not exactly what you suggest. The command was: tcpdump -i eth0 -c 50 -nn -N -s 0 -vv port 123 and the result is: tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:39:13.653674 IP (tos 0x0, ttl 128, id 23478, offset 0, flags [none], proto UDP (17), length 76) 10.0.1.178.123 10.0.0.99.123: [udp sum ok] NTPv3, length 48 symmetric active, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 4s, precision -6 Root Delay: 0.000610, Root dispersion: 9.049407, Reference-ID: (unspec) Reference Timestamp: 3555678802.057624999 (2012/09/03 16:33:22) Originator Timestamp: 0.0 Receive Timestamp:0.0 Transmit Timestamp: 3555679152.63075 (2012/09/03 16:39:12) Originator - Receive Timestamp: 0.0 Originator - Transmit Timestamp: 3555679152.63075 (2012/09/03 16:39:12) 16:39:43.145984 IP (tos 0x0, ttl 128, id 24616, offset 0, flags [none], proto UDP (17), length 76) 10.0.0.150.123 10.0.0.99.123: [udp sum ok] NTPv3, length 48 symmetric active, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 4s, precision -6 Root Delay: 0.000610, Root dispersion: 9.049407, Reference-ID: (unspec) Reference Timestamp: 3555678802.057624999 (2012/09/03 16:33:22) Originator Timestamp: 0.0 Receive Timestamp:0.0 Transmit Timestamp: 3555679182.13075 (2012/09/03 16:39:42) Originator - Receive Timestamp: 0.0 Originator - Transmit Timestamp: 3555679182.13075 (2012/09/03 16:39:42) 16:39:43.145991 IP (tos 0x0, ttl 128, id 24617, offset 0, flags [none], proto UDP (17), length 76) 10.0.1.178.123 10.0.0.99.123: [udp sum ok] NTPv3, length 48 symmetric active, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 4s, precision -6 Root Delay: 0.000610, Root dispersion: 9.049407, Reference-ID: (unspec) Reference Timestamp: 3555678802.057624999 (2012/09/03 16:33:22) Originator Timestamp: 0.0 Receive Timestamp:0.0 Transmit Timestamp: 3555679182.13075 (2012/09/03 16:39:42) Originator - Receive Timestamp: 0.0 Originator - Transmit Timestamp: 3555679182.13075 (2012/09/03 16:39:42) 16:39:43.146020 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 76) 10.0.0.99.123 10.0.0.150.123: [bad udp cksum 9133!] NTPv3, length 48 symmetric active, Leap indicator: (0), Stratum 2 (secondary reference), poll 4s, precision -23 Root Delay: 0.000625, Root dispersion: 0.043029, Reference-ID: 10.0.1.99 Reference Timestamp: 3555677676.775420963 (2012/09/03 16:14:36) Originator Timestamp: 3555679182.13075 (2012/09/03 16:39:42) Receive Timestamp:3555679183.145983964 (2012/09/03 16:39:43) Transmit Timestamp: 3555679183.146011888 (2012/09/03 16:39:43) Originator - Receive Timestamp: +1.015233964 Originator - Transmit Timestamp: +1.015261886 The first time (16:39:13.653674) client cannot sync to the server but second time (16:39:43.145984) that was successful even if there is a 'bad udp cksum'. BTW, is it normal
Re: [CentOS] NTP server problem behind firewall
On Tue, Sep 4, 2012 at 10:36 AM, Giles Coochey gi...@coochey.net wrote: On 04/09/2012 07:31, Artifex Maximus wrote: The first time (16:39:13.653674) client cannot sync to the server but second time (16:39:43.145984) that was successful even if there is a 'bad udp cksum'. BTW, is it normal? Tcpdump says there was traffic and sync happened later so rule is OK I think. When tried later sync needs three tries for success. Other time needs only one. Might depend on Moon phase. It looks like I have some network equipment related problem as well. Therefore I have to talk with some Cisco expert. At the moment I have problem with rsyslogd because there is no log of denied packets but that is another story. :-) Thanks for all of your help! Without seeing the full timeline of events, you should bear in mind that there will be a gap between the time that an NTP server is started before other clocks are allowed to sync to it. This makes sense as you wouldn't want to sync time to a source that itself isn't reliable. Once the NTP server fulfils some criteria and believes it's clock to be reliable, it will allow other systems to sync to it. I know and respect that. I tried only after my NTP was synchronized and declared as reliable. Otherwise I get some stratum error on client which is normal I think. Bye, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP server problem behind firewall
On Mon, Sep 3, 2012 at 11:15 AM, Leonard den Ottolander leon...@den.ottolander.nl wrote: On Sun, 2012-09-02 at 07:46 +, Artifex Maximus wrote: Any idea what is wrong? The iptables rules you specify only allow clients from your local network access to your proxy ntp server. However, you do not specify any rules for eth1 to allow that ntp server to synchronise with the remote servers it is using. So unless you are using a local time source that might be your problem. Btw, when specifying rules for the external ntp servers you might want to specify IPs as well to restrict access. Thanks. You are right ntp proxy is absolutely what I want. Mine description was not clean probably. So this is the setup: GPSNTP(10.0.1.99/24) - eth1 myserver eth0 - clients(10.0.0.0/24) Because GPSNTP is on a physically separated network I need this proxy for my clients. My server is able to synchronize with GPSNTP so rules are fine for that (because my output chain is ACCEPT per default). My clients whom are cannot synchronize with my server even if I allow NTP port which I do not understand. Bye, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NTP server problem behind firewall
Hello! I would like to setup an NTP server for my Windows network using CentOS 6.3 with firewall turned on. As I learned the NTP protocol uses port 123 UDP. I have two NIC cards. One for internal network and one for access internet. Both cards in private address range. The problem is when I am using firewall described below the client cannot access the server. No idea why. Without firewall everything works flawless. So the problem is not in the NTP configuration. No idea why but with disabled firewall the first query gives error but all other query is work. I am using arpwatch to see what is happen on network (new machines and so). Not know is that related to the problem or not. First I had used the system-config-firewall generated firewall (standard firewall with port 123:udp added). No success, client cannot connect. Next I made a script for myself and saved with 'service iptables save' command. The configuration is: eth0 10.0.0.99/24 eth1 10.0.1.10/24 The script for making firewall rules: iptables -P INPUT ACCEPT iptables -F iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p udp --dport 123 -j ACCEPT iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p tcp --dport 123 -j ACCEPT iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix iptables denied: --log-level 7 iptables -A INPUT -j DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT Windows client time server is set to 10.0.0.99. Just for sure I enabled 123 TCP as well even I think that was unnecessary. The rule which related to NTP (123 UDP) increments its packet and byte count with 'iptables -L -n -v' so some connection was made. But no success on sync. Any idea what is wrong? Bye, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP server problem behind firewall
On Sun, Sep 2, 2012 at 8:37 AM, Earl Ramirez earlarami...@gmail.com wrote: On Sun, 2012-09-02 at 07:46 +, Artifex Maximus wrote: Hello! I would like to setup an NTP server for my Windows network using CentOS 6.3 with firewall turned on. As I learned the NTP protocol uses port 123 UDP. I have two NIC cards. One for internal network and one for access internet. Both cards in private address range. The problem is when I am using firewall described below the client cannot access the server. No idea why. Without firewall everything works flawless. So the problem is not in the NTP configuration. No idea why but with disabled firewall the first query gives error but all other query is work. I am using arpwatch to see what is happen on network (new machines and so). Not know is that related to the problem or not. First I had used the system-config-firewall generated firewall (standard firewall with port 123:udp added). No success, client cannot connect. Next I made a script for myself and saved with 'service iptables save' command. The configuration is: eth0 10.0.0.99/24 eth1 10.0.1.10/24 The script for making firewall rules: iptables -P INPUT ACCEPT iptables -F iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p udp --dport 123 -j ACCEPT iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p tcp --dport 123 -j ACCEPT iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix iptables denied: --log-level 7 iptables -A INPUT -j DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT I might be wrong but I think you need to add the IP Address of the NTP server Why? I am using a more general form of INPUT rule. you can also use tcpdump to capture the traffic between the clients and the ntp server to see what is being blocked. Thanks for your answer. Good idea and I'll do it. # iptables -A OUTPUT -o eth0 -p udp -s client IPs --sport 123 -d NTP Server IP --dport 123 -m state --state NEW -j ACCEPT. I am using iptables -P OUTPUT ACCEPT which allows all OUTPUT traffic on all interface as default rule. So I do not think that I need any more specific rule. Bye, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP server problem behind firewall
On Sun, Sep 2, 2012 at 2:33 PM, Markus Falb markus.f...@fasel.at wrote: On 2.9.2012 09:46, Artifex Maximus wrote: Hello! I would like to setup an NTP server for my Windows network using CentOS 6.3 with firewall turned on. As I learned the NTP protocol uses port 123 UDP. I have two NIC cards. One for internal network and one for access internet. Both cards in private address range. The problem is when I am using firewall described below the client cannot access the server. No idea why. Without firewall everything works flawless. So the problem is not in the NTP configuration. No idea why but with disabled firewall the first query gives error but all other query is work. I am using arpwatch to see what is happen on network (new machines and so). Not know is that related to the problem or not. First I had used the system-config-firewall generated firewall (standard firewall with port 123:udp added). No success, client cannot connect. Next I made a script for myself and saved with 'service iptables save' command. The configuration is: eth0 10.0.0.99/24 eth1 10.0.1.10/24 The script for making firewall rules: iptables -P INPUT ACCEPT iptables -F iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p udp --dport 123 -j ACCEPT iptables -A INPUT -i eth0 -s 10.0.0.0/24 -p tcp --dport 123 -j ACCEPT iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix iptables denied: --log-level 7 iptables -A INPUT -j DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT you must ACCEPT ntp in the FORWARD chain. http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO-6.html Thanks. Why? If it's destined for this box, the packet passes downwards in the diagram, to the INPUT chain. If it passes this, any processes waiting for that packet will receive it. The packet destination is my server because NTP server is there so it passes to input box where 123 UDP is enabled. If I read the how-to correctly. Bye, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 6.1 .iso size?
On Sun, Dec 4, 2011 at 7:21 PM, Phil Dobbin phildob...@gmail.com wrote: On 4/12/11 17:24, RILINDO FOSTER rili...@me.com wrote: http://www.gtlib.gatech.edu/pub/centos/6.0/isos/i386/CentOS-6.0-i386-LiveDVD.i so http://www.gtlib.gatech.edu/pub/centos/6.0/isos/i386/CentOS-6.0-i386-netinstal l.iso Thanks for that but I'm actually looking for a Live CD of i386 CentOS 5.7. CentOS 6 won't run on my machine whereas 5.7 will. I don't found 5.7 but there is 5.6 LiveCD for example here: http://ftp.riken.jp/Linux/centos/5.6/isos/i386/ and here http://mirror.chpc.utah.edu/pub/centos/5.6/isos/i386/ Search for CentOS-5.6-i386-LiveCD.iso in google for other mirrors. Bye, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update to CentOS 6.0 without CD/DVD reader
Hello, On Tue, Aug 30, 2011 at 1:22 PM, John Doe jd...@yahoo.com wrote: From: Timothy Murphy gayle...@eircom.net I really think it would be easier to make a USB key/disk... But, I tried the following yearsss ago... so did not test if it is still working... Copy DVD files to HD (if netinstall, you don't need to copy isos): cp /mnt/cdrom/syslinux/vmlinuz /boot/vmlinuz-c6 cp /mnt/cdrom/syslinux/initrd.img /boot/initrd-c6.img mkdir -p /path/to/c6/images cp /mnt/cdrom/images/install.img /path/to/c6/images/ cp *.iso /path/to/c6/ Add the entry to your grub (change the root to match your setup): title CentOS 6 Install root (hd0,0) kernel vmlinuz-c6 initrd initrd-c6.img You could maybe also directly specify where the images/isos are: repo=hd:sd??:/path/to/c6 And be sure that /path/to/c6 is not formated as you install... Again, not tested at all... This is working with Centos 5 but does not working with Centos 6 for me. Instead I copy the *content* of DVD to the specified directory not the ISO file itself. Looks like Centos 6 does not recognize ISO file as installation medium and use the specified folder as a real folder. Take a look on this: http://wiki.centos.org/HowTos/InstallFromUSBkey Bye, a ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos