Re: [CentOS] Is decoupling Apache + PHP into separate nodes possible?
On Thu, Jul 26, 2018 at 2:03 PM, Rich Bowen wrote: > Thanks very much for your reply. > On 07/26/2018 04:48 PM, Arun Khan wrote: >> >> >> With PHP-FPM it is conceivable to have Apache talk to PHP-FPM running >> on a separate node (see diagram https://goo.gl/xTfbjg). >> But I have not done it myself and I am not sure if it is feasible. > > > With my Apache httpd documentation hat on ... > > Yes, and this is the recommended way to do it (ie, php-fpm vs mod_php). FPM > lets you run the Event MPM with confidence, and that's what you *should* be > running. Whereas with mod_php, we still recommend prefork, due to threading > issues, and prefork sucks. > That's what I have read and lately I've been deploying PHP-FPM (v/s the default mod_PHP) but Apache+PHP-FPM have been on the same node. >> If it is feasible then what's the best practice to distribute the >> *.html *.css and *.php files between the Apache + the PHP-FPM nodes >> and how to achieve load balance between Apache and PHP-FPM nodes. I >> have searched but not found any reference setups. > > >> Would appreciate suggestions / references from anyone who has done a 3 >> Tier Apache + PHP + MySQL deployment in production. > > > We (the httpd docs team) recommend *.php on the php node, and everything > else on the httpd node. > I was thinking in similar lines but was not sure if it would work. Your recommendation helps clarify the setup. > Configure as shown here: https://wiki.apache.org/httpd/PHP-FPM > Yes. I got started with Apache + PHP-FPM from this link and it has been a bookmark for a few months :) > This is how I run all my websites, although I only do one httpd and one fpm, > because my websites aren't exactly high traffic. > I do not anticipate heavy traffic. I could probably get by with single nodes in each tier. But I would like keep the setup scalable, so when the traffic load goes up, I am not scrambling for a fix (under pressure). > For balancing, I guess you can use mod_proxy_balancer to balance between > multiple fpm nodes: > https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html > I'll take a look at it. Thanks again for your insight. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Is decoupling Apache + PHP into separate nodes possible?
I have deployed Linux/Apache/PHP (node1) + MySQL (node2) with Security Groups (AWS) or iptables controlling who can connect to the MySQL server. In topology terms -- a 2 Tier architecture. In AWS - one can deploy several such instances behind a ELB. Each LAP instance talks to a MySQL RDS. The LAP instances are either mod_php or PHP-FPM. OS -- CentOS, Ubuntu. Debian For one of my client's end user customer, their InfoSec team is asking if Apache and the PHP application can run in separate nodes (3 Tier arch). To the best of my knowledge Apache + PHP (mod_php) have to be in the same node. With PHP-FPM it is conceivable to have Apache talk to PHP-FPM running on a separate node (see diagram https://goo.gl/xTfbjg). But I have not done it myself and I am not sure if it is feasible. If it is feasible then what's the best practice to distribute the *.html *.css and *.php files between the Apache + the PHP-FPM nodes and how to achieve load balance between Apache and PHP-FPM nodes. I have searched but not found any reference setups. Would appreciate suggestions / references from anyone who has done a 3 Tier Apache + PHP + MySQL deployment in production. Thanks in advance. -- Arun Khan "Everyone has an expiration date" ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Good linux software RAID primer advise
On Fri, Dec 1, 2017 at 7:38 AM, Miguel Medalha wrote: >>> Could someone recommend good Linux software RAID primer. It would >> be >>> good if it has good coverage of monitoring and dealing with failures. > > https://raid.wiki.kernel.org/index.php/Linux_Raid +1 and practice recovery scenarios using VMs with virtual disks. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sendmail
On Mon, Oct 2, 2017 at 3:40 PM, Larry Martell wrote: > Ok thanks I will try this. But I am not married to sendmail. I will use > anything that allows me to send mail from the container. > Try ssmtp if you are only interest is outbound emails, through some kind of SMTP relay service (mailgun/sendgrid etc.). -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Display IP addresses on the system console *before* the login prompt.
On Mon, Oct 2, 2017 at 1:31 PM, Leroy Tennison wrote: > What does 'man agetty' (or whatever you're using) on the OS in question say? > > Ubuntu 14.04 doesn't list "\4{}" as an option and it doesn't work, 16.04 > does and it does appear there (might have to press Enter to get a screen > refresh). > > If the OS doesn't support it then you'll have to get creative (send 'ip addr' > output to /etc/issue at boot or periodically) to get what you want. > You are right, Ubuntu 14.04 does not support it and that's where it does *not* work. I read the getty man page in CentOS 7/Ubuntu 16.04 and implemented in Ubuntu 14.04 duh. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Display IP addresses on the system console *before* the login prompt.
I have a bunch of VBox Linux VMs (CentOS 6/7, Debian7/8/9, Ubuntu (14.0/16.04, Alpine) that get dynamic IPs. To get their respecitive IP addresses I have to login and run 'ip addr' I would like such info to be displayed on the VM console *before* the login prompt. Ideally an ASCII log + info (see below sig line). Thus, I can get the info from the VM console without having to login. I read up on /etc/issue but adding "\4{eth0}" to the existing string does not work. TIA for solutions/pointers -- Arun Khan _ _ | |__ ___ ___| |_ _ __ __ _ _ __ ___ ___ | '_ \ / _ \/ __| __| '_ \ / _` | '_ ` _ \ / _ \ | | | | (_) \__ \ |_| | | | (_| | | | | | | __/ |_| |_|\___/|___/\__|_| |_|\__,_|_| |_| |_|\___| lo: 127.0.0.1 eth0: 10.1.1.122 kernel: 4.10.0-33-generic x86_64 login: ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos7 USB wifi recommendation
On Tue, Mar 21, 2017 at 5:39 AM, Robert Moskowitz wrote: > I am looking for one of those very small USB wifi adapters for the server I > am working on. I am tired of dealing with the 4" long TP-LINK I have and > for my purposes, one of those little 1cm ones would do. But which work with > Linux? When I was last in the store, only the TP-LINK said it was supported > on Linux... > Most of the 1cm WiFi dongles have a Realtek chip. The rtl819x supports quite a few Realtek WiFi chipset (https://wireless.wiki.kernel.org/en/users/drivers/rtl819x). I have bought a few on eBay for a couple of bucks each and they worked out fine. The device is activated when plugged into an USB port (ifconfig -a). HTH -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Off-Topic: Travel Router and Firewall
On Thu, Nov 24, 2016 at 11:57 AM, H wrote: > > I did visit both the OpenWRT lists and the TP-Link website. On the latter, I > found four travel routers: WR810N 300 Mbps, powered from an outlet and 2 > RJ-45 ports, its predecessor WR710N 150 Mbps, WR802N 300 Mbps and powered > via micro-USB port and 1 RJ-45 port, and finally WR702N 150 Mbps. If I read > correctly, only the 8xx models have at least 8 Mb of flash memory required > for OpenWRT so it's down to either WR810N or WR802N. Of note is that all > routers are apparently sold in a US version where the firmware is locked and > a European version where it is not, the latter easier to flash. I have prototyped a similar setup with RasPi. With a 4GB (or higher) SD card, flash storage is not a limiting factor compared routers like TP-Link. I did try openWRT on Raspi but the driver (Realtek 8192 IIRC) for my USB LAN was not stable. Settled on Raspbian (all config files hand edited).There is Pidora (Fedora spin) also. > > OpenWRT seems like a good solution. However, I am not an expert on this and > two questions remain: > > - Will OpenWRT allow me to using a computer, tablet or phone configure the > access when the hotel (or similar) uses a web page where one has to enter > userid and password? > I suggest NAT on the openWRT device's "WAN" interface and within it do the "captive portal" auth with the "host" network. Your devices connected on the "LAN" (wired + WiFi) should route through the openWRT device. > - When the router is connected to the WAN using an Ethernet cable, am I > correct that it is used in AP (Access Point) mode? And when the router is > connected to the WAN using WiFi and the user devices access the router it is > used in Bridge mode? > > Thank you for all the suggestions and comments so far! > Yes, you can make the WiFi interface act as an AP when the LAN interface is the "WAN" IIRC, in openWRT bridge mode of the "WAN" interface is possible. But then all devices on the "LAN" side will be visible to the "host" network. openWRT does have good documentation with practical use case setups. HTH, -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Recommendation about an usb wireless adapter to use it as HostAP
On Fri, Sep 9, 2016 at 3:40 AM, C. L. Martinez wrote: > Hi all, > > I would like to install/test CentOS 7.X as a hostap for my home. I am > thinking to use an Alfa (http://www.alfa.com.tw) usb wireless adapter or > TP-Link. >BUt there is not much information in Alfa's or TP-Link's web sites about which >of them can run as a HostAP. I would suggest use openWRT -- it is designed for WiFi and the foot print is small (around 60MB). It has a lot of additional packages (captive portal, WAN load balancing etc.) that you can install as per your needs. I have used it on a Raspberry PI with USB WiFi dongles (Realtek chip set). You can conceivably run it as a virtual appliance with USB pass through to the h/w. On Alpha's web site one of the slide show images show openWRT along with their USB WiFi adapter. I would suggest contact Alpha's Tech support to get specific model number and driver (chip set) it uses. Also visit openWRT web site and/or mailing list. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 - logwatch report not in HTML format
On Wed, Aug 31, 2016 at 8:59 AM, Alexander Farber wrote: > You should have provided more info initially. > > "goes out in text format" might mean several things. > I don't know what you mean by "several things" In the context of logwatch the only options are HTML or TEXT. Please see my OP. Thanks for your assistance. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 - logwatch report not in HTML format
On Wed, Aug 31, 2016 at 7:58 AM, Alexander Farber wrote: > logwatch is run as cronjob. Let's take cron out of the picture. Invoking logwatch from an interactive shell -- no joy. The report still goes out in text format. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 - logwatch report not in HTML format
On Mon, Aug 29, 2016 at 10:24 PM, Alexander Farber wrote: > No, I mean there is sometimes a variable for mail format too: The HTML formatting is a logwatch option, invoked through the logwatch.conf file. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 - logwatch report not in HTML format
On Sun, Aug 28, 2016 at 10:56 PM, Alexander Farber wrote: > Maybe the format is set in > > sudo crontab -l You mean in the way it is invoked from the cron entry? -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] .htaccess file
On Sun, Aug 28, 2016 at 5:23 PM, Keith Keller wrote: > On 2016-08-28, TE Dukes wrote: > >> Right now, I'm just trying to take some load off my >> home server from badbots but I am getting hit on other services as well. > > Another possibility for you to look at is sshguard. It can protect > against brute force ssh attacks (using iptables rules, which is how I > use it) but IIRC it can also protect against http attacks (I've never > used it that way, so I don't know how difficult this is). I use fail2ban, provides similar functionality like sshguard + Apache mod_evasive (for http DoS attacks). -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 - logwatch report not in HTML format
CentOS 6 (amd64) up to date with latest security / bug fixes. The logwatch reports come in plain text even though the config states HTML. mailer = "/usr/sbin/sendmail -t" TmpDir = /tmp MailFrom = logwa...@example.com MailTo = admin1 admin2 admin3 Range = yesterday Detail = Medium HostName = www.example.com Print = No Output = mail Format = html The same settings in Debian/Ubuntu servers send the reports in HTML format. In my search, I did not come across any solution for CentOS 6. Any ideas on how to get logwatch to generate HTML reports? Thanks for your help. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Reduce existing CentOS 7 installation to "Minimal install" - services?
On Wed, May 11, 2016 at 2:49 PM, Fred Smith wrote: > > not that I'm wanting to strip down my C7, I'm wondering how that > works if one has installed the Mate desktop from epel ? > You can try it with a VBox VM and share your experience just the way Nicolas has done. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Copying CentOS to new drive
On Wed, May 4, 2016 at 3:38 AM, Timothy Murphy wrote: > I recently asked about copying a running system to a new drive. > > As a postscript, I'm wondering if it would have been preferable > to run the machine under a Live OS, and simply copy the root partition > to the new drive? > Eg while running under the LiveOS, > # mkdir /mnt/old /mnt/new > # mount /dev/sda7 /mnt/old > # mount /dev/sdb6 /mnt/new > # cp -avx /mnt/old /mnt/new > or > # rsync -ax --progress /mnt/old /mnt/new As has been discussed, doing file copies from a running system is not recommended. If by "Live OS" you mean booting the system with a LiveCD, then clonezilla would all of the above. note: target (new) disk >= disk of the old system -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Inconsistancy in RAID documentation
On Tue, May 3, 2016 at 12:49 PM, wrote: > On the wiki page for creating a mirrored root drive, at > <https://wiki.centos.org/HowTos/Install_On_Partitionable_RAID1>, it first Way back in 2012, I had some problems with partition-able RAID1, when one of the disks is missing. <https://lists.centos.org/pipermail/centos/2012-June/126927.html> A client's ERP system would not boot because one of the disks had gone bad. A search "partitionable raid 1 site:lists.centos.org" also throws up other discussions on partition-able RAID1" Indeed the problem may have been fixed but I have not done any partition-able RAID1 since 2012. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Free Redhat Linux (rhel) version 7.2
On Mon, Apr 4, 2016 at 7:16 AM, Mohammed Zeeshan wrote: > > Hi, > > As things stand, you can signup for a Red Hat Developer Subscription for > free to get full access > to all Red Hat products as a developer. Yes, you cannot deploy Red Hat > products in production > with this subscription but anything you develop on it can be put into a > production system which > has a valid production grade Red Hat Subscription which has been paid for. > Reads like the MSDN program from a Redmond based company. Good to know though -- thanks. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Virtual Server in Windows 7
On Mon, Nov 23, 2015 at 9:17 PM, Siva Prasad Nath wrote: > Hi, > I am creating a virtual machine. My laptop is i686 system. How old is your hardware? I have a 6 year old Toshiba that came with a core i5 64 bit CPU. > Please advice me which Centos verson can be downloaded? If your hardware is indeed 32 bit then download the CentOS 6.7 iso for i386. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot boot
On Fri, Nov 20, 2015 at 8:03 PM, Siva Prasad Nath wrote: > Thanks. How to create a live boot disk? > The install DVD has a system rescue menu option. More details here <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/ap-rescuemode.html#Rescue_Mode-x86> HTH, -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cannot boot
On Fri, Nov 20, 2015 at 2:18 PM, Siva Prasad Nath wrote: > Hi, > My server not able to boot up. It is hanging after few times. > How to repair boot system? I am trying to use grub2-install. Is it > necessary to install grub2 on boot device? > Does the system boot with a Live USB system? -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync and differential Backups
On Wed, Nov 11, 2015 at 5:39 AM, Gordon Messmer wrote: > On 11/10/2015 03:38 PM, J Martin Rushton wrote: >> >> That's plain bad system analysis. Read the start date, record the >> current date and THEN start processing. You will get the odd extra >> file but will not loose any. > > > That's my point. "find" doesn't do that and naïve implementations of the > original suggestion are likely to do work poorly. < snip ...> A good systems analysis is a must in whatever one does. Be it system admin, software developer, accountant, lawyer etc. My suggestion about using "find" was in response to OP's question/clarification on incremental/differential backup and I assumed due diligence with respective to designing the script. how to perform a differential backup using rsync? On web there is a great confusion about diff backup concept when searched with rsync. rsync will do incremental backup as already discussed earlier in this thread. Please suggest how to achieve a differential backup with rsync (the original query). Thanks, -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync and differential Backups
On Wed, Nov 11, 2015 at 5:08 AM, J Martin Rushton wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 10/11/15 21:05, Gordon Messmer wrote: >> On 11/10/2015 12:16 PM, Warren Young wrote: >>> >>> Well, be fair, rsync can also miss files if files are changing >>> while the backup occurs. Once rsync has passed through a given >>> section of the tree, it will not see any subsequent changes. >> >> I think you miss my meaning. Consider this sequence of events: >> >> * "find" begins and processes dirA and then dirB * another >> application writes files in dirA * "find" completes * a new >> timestamp file is written >> >> Now, the new file in dirA wasn't seen by find during this run, and >> it won't be seen on the next run either. That's what I mean by >> missed. Not temporarily missed, but permanently. That file won't >> ever be backed up in this very naïve process. > > That's plain bad system analysis. Read the start date, record the > current date and THEN start processing. You will get the odd extra > file but will not loose any. > Heartily agree. I was about to post my response but saw yours. Cheers, -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync and differential Backups
On Tue, Nov 10, 2015 at 10:52 AM, Arun Khan wrote: > On Mon, Nov 9, 2015 at 9:31 PM, Alessandro Baggi > wrote: >> Hi list, >> how to perform a differential backup using rsync? >> >> On web there is a great confusion about diff backup concept when searched >> with rsync. >> >> Users says diff because it copy only differences. For me differential is >> backup from last full backup. >> > > You can use "newer" options of the find command and pass the file list > to rsync or scp to "backup" only those files that have changed since > the last run. You can keep a file like .lastbackup and timestamp it > (touch) at the start of the backup process. Next backup you compare > the current timestamp with the timestamp on this file. > Clarification -- for diffrential back ups, you should touch the file only when you do the *full* backup. -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Rsync and differential Backups
On Mon, Nov 9, 2015 at 9:31 PM, Alessandro Baggi wrote: > Hi list, > how to perform a differential backup using rsync? > > On web there is a great confusion about diff backup concept when searched > with rsync. > > Users says diff because it copy only differences. For me differential is > backup from last full backup. > You can use "newer" options of the find command and pass the file list to rsync or scp to "backup" only those files that have changed since the last run. You can keep a file like .lastbackup and timestamp it (touch) at the start of the backup process. Next backup you compare the current timestamp with the timestamp on this file. HTH, -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: closing a port on home router
On Sun, Sep 13, 2015 at 4:46 AM, Fred Smith wrote: > Hi all! > > I'm wanting to close port 22 (ssh) on my home router, and I don't see any > facilities in its GUI for doing that. > man sshd_config; this option is perhaps your solution "ListenAddress." So explicitly mention your LAN port(s). ListenAddress Specifies the local addresses sshd(8) should listen on. The following forms may be used: ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port If port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local addresses. Multiple ListenAddress options are permitted. Addition- ally, any Port options must precede this option for non-port qualified addresses. HTH -- Arun Khan ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Could not complete SSL handshake to Amazon EC2 host
On Fri, May 1, 2015 at 10:16 AM, Tim Dunphy wrote: > I am trying to monitor a host in the Amazon EC2 cloud. > > Yet when I try to check NRPE from the monitoring host I am getting an SSL > handshake error: > > [root@monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com > CHECK_NRPE: Error - Could not complete SSL handshake. > Don't if these links are of any help but worth checking (if you have not done so) <http://assets.nagios.com/downloads/nagiosxi/docs/NRPE-Troubleshooting-and-Common-Solutions.pdf> and <http://geekpeek.net/could-not-complete-ssl-handshake/> -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to stagger fsck executions
On Tue, Apr 21, 2015 at 9:38 AM, Hugh E Cruickshank wrote: > CentOS 6 > > > My first idea was to manually run fsck on each filesystem, one every > couple of weeks. That way they will not all come due at the same time > if we reboot on a regular basis. > > The second idea was to set each filesystem to a different random count > value. This would run the risk of having two or more executions at > the same time but it would probably not be very frequent. > > Does anyone have a suggestion for a better way of doing this? > Take a look at 'man tune2fs' and 'man fstab' for modifying the fsck order in your system. HTH, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 10 Gbps adapter recommendation
On Tue, Nov 11, 2014 at 2:52 PM, Nux! wrote: > Hi guys, > > I'm yet to use 10 Gbps with CentOS, hence my question. I'm looking for a > cheap (doh) adapter that won't cause me problems with CentOS. Any > recommendations? I have had good experience with Chelsio 10G cards on CentOS 5 (drivers in the default kernel). HTH, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Restricting physical login access to specific nodes using PAM / NSS / SMB4 AD/DC
On Mon, Nov 3, 2014 at 12:34 PM, Barry Brimer wrote: >> I am using SSSD to get user AUTH from a backend Samba4 AD/DC. >> >> For Linux clients sssd.conf is configured to query Samba4 AD based on >> LDAP/Kerberos i.e. the Linux clients have not done a Domain join. >> Physical console logins -- things are working fine with changes to NSS >> and PAM (tool authconfig) for domain User AUTH on Linux and Windows >> clients. >> >> However, I want to restrict access to certain machines to users of a >> specific group e.g. HR. I guess this is possible on Windows clients >> with group policies. >> Is the same possible on CentOS (Linux) workstations. > > > I am not familiar with the inner workings of SSSD, but with pam_listfile you > can specify users or groups that must be met for pam to succeed. Thanks. This link [1] has a bit more details on the implementation (I found it just after posting the query) for the files. As for PAM <> SSSD interaction, with proper NSS config, the query first goes to the Directory Server, failing which to 'local' /etc/group. [1] <http://www.cyberciti.biz/tips/howto-deny-allow-linux-user-group-login.html> -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Restricting physical login access to specific nodes using PAM / NSS / SMB4 AD/DC
I am using SSSD to get user AUTH from a backend Samba4 AD/DC. For Linux clients sssd.conf is configured to query Samba4 AD based on LDAP/Kerberos i.e. the Linux clients have not done a Domain join. Physical console logins -- things are working fine with changes to NSS and PAM (tool authconfig) for domain User AUTH on Linux and Windows clients. However, I want to restrict access to certain machines to users of a specific group e.g. HR. I guess this is possible on Windows clients with group policies. Is the same possible on CentOS (Linux) workstations. TIA, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba 4.1.6
On Sat, Oct 18, 2014 at 1:21 AM, Bowie Bailey wrote: > > Can this package coesist with the current Samba package, or do I need to > remove the CentOS Samba package first? Both packages would want to use the same ports netbios ports. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SAMBA as AD DC
On Mon, Sep 15, 2014 at 4:07 AM, Miguel Medalha wrote: >>> Why don't you use Sernet Enterprise Samba? > >> (...) they do not provide RPMs for RHEL/CentOS 7. So this seems not to be an >> option. > > As someone said before, you don't need to use "the latest and greatest" to > run a functional service... On a production environment that is even often > undesirable until things settle down... > > Anyway, Sernet also provides a source rpm. Why not build up from that base? +1 However, the init scripts from the built RPMs may not be compatible with C7 (systemd). I believe the OP is having problems with starting the daemons not building the Samba4. The Sernet Samba4 packages work like a champ on C6.5. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.5 printer weirdness...
On Sun, Aug 10, 2014 at 2:42 AM, Robert Heller wrote: > Ok, it is consistent and repeatable: > > *Everytime* I do a routine 'yum update' on the CentOS 6.5 server (64-bit) the > printers (both of them networked laser printers, one an [old] HP Laserjet 4200 > and one a [new] Brother MFC-9970CDW), cups loses the ability to print (its > filter chain becomes broken). According to the CUPS mailing list, this error > is 'never' because of of problem with cups, but always with the 'underlying > operating system' -- eg the 'underlying operating system' has messed with the > filters CUPS uses for the printers. I have not experienced any broken chains. With generic (Debian Wheezy) driver my Samsung 1640 printer would not print any pages randomly. cups administration (localhost:631) would show things are fine. At times a cups restart would help. > > So is this a *known* problem? Or is there something Redhat has done to the > distributed cups RPM (or is it something the CentOS developers have done to > the Redhat source rpm)? I don't think so. My problem with Samsung 1640, were on Debian. > > The *appearent* cure (workaround?) is to delete the printers, and re-install > them. Yes, it would work for a while for me. > Has anyone else had this problem? In my case, I installed the printer driver for 1640 from Samsung's support site and things have more stable for me. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
SOLVED On Wed, Aug 6, 2014 at 10:28 PM, James A. Peltier wrote: > - Original Message - > | On Wed, Aug 06, 2014 at 04:50:41PM +, Tony Mountifield wrote: > | > > | > Probably rsyslog is being started before /var/log is mounted, and > | > so it > | > is opening files within /var/log on the root device. > | > | rsyslog should start after local mounts are finished. > | > | I suspect it's selinux; /var/log should have a "var_log_t" context > | and I > | suspect it doesn't. > > running a restorecon -vv on /var/log should correct that automatically I > would think. > I had suspected SElinux and have it disabled still rsyslogd was not logging on the new device mounted on /var/log/ *** restorecon -vv /var/log does the trick! *** @ James A. Peltier Thank you! FWIW - here are the steps 1. service rsyslog stop 2. mount /mnt/ 3. rsync -aP /var/log/ /mnt/ 4. rm -fr /var/log/* 5. umount /mnt 6. mount /var/log/ (also make change to /etc/fstab) 7. restorecon -vv /var/log <<< the solution 8. service rsyslog start. 9. logger "this is a test" 10. tail /var/log/messages to verify that indeed the logger string was logged. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/
The system is an AWS Instance based on a community CentOS 6.4 AMI snapshot. The vdisk is as follows as shown below [1] The root LVM contains /var/log/ I have attached another block device with ext4 FS. I copied the files from /var/log to this device (mounted on /mnt) and then changed /etc/fstab to mount this device on /var/log on boot. However, I do not see anything being logged in /var/log/messages. To test the logging, I used the 'logger' command to log some string; nothing appears in /var/log/messages. 'service rsyslog status' reports the daemon is running. When I stop rsyslog, umount the /var/log device and then restart rsyslog, I can see that logs are being recorded in /var/log/messages. Using the 'logger' command I can see messages written in /var/log/messages. man pages of ryslog.conf and rsyslogd show nothing related to logs being on a separate device Any pointers to fix the problem would be much appreciated. [1] Disk /dev/xvda: 8589 MB, 8589934592 bytes Device Boot Start End Blocks Id System /dev/xvda1 * 1 64 512000 83 Linux /dev/xvda2 641045 7875584 8e Linux LVM Disk /dev/mapper/VolGroup-lv_root: 7205 MB, 7205814272 bytes Disk /dev/mapper/VolGroup-lv_swap: 855 MB, 855638016 bytes -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Multi-Seat using Thin Clients
On Sun, Aug 3, 2014 at 10:25 PM, Aaron Siegel wrote: > Hello > > I have been wanting to set up a multi-seat system built around my linux > desktop. Several years ago I set up a multi-seat system using X11. It > difficult to setup and cause many different system errors. My new > desktop supports VT-d but the VGA passthru is still too experimental for > me at this point. No need for Virtualisation. Take a look @ LTSP <http://www.ltsp.org/> HTH -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Convert "bare partition" to RAID1 / mdadm?
On Fri, Jul 25, 2014 at 8:40 PM, Les Mikesell wrote: > On Fri, Jul 25, 2014 at 8:56 AM, Robert Nichols > > What happens if you mount the partition of a raid1 member directly > instead of the md device? I've only done that read-only, but it does > seen to work. > This is the flip side of the OP's use case i.e. you already have a RAID device.and mounting one of it's member. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Convert "bare partition" to RAID1 / mdadm?
On Fri, Jul 25, 2014 at 5:41 AM, Lists wrote: > I have a large disk full of data that I'd like to upgrade to SW RAID 1 > with a minimum of downtime. Taking it offline for a day or more to rsync > all the files over is a non-starter. Since I've mounted SW RAID1 drives > directly with "mount -t ext3 /dev/sdX" it would seem possible to flip > the process around, perhaps change the partition type with fdisk or > parted, and remount as SW RAID1? > > I'm not trying to move over the O/S, just a data paritition with LOTS of > data. So far, Google pounding has resulted in howtos like this one > that's otherwise quite useful, but has a big "copy all your data over" > step I'd like to skip: > > http://sysadmin.compxtreme.ro/how-to-migrate-a-single-disk-linux-system-to-software-raid1/ For data partitions a lot of the stuff is not applicable. With respect to the madam steps, creating degraded arrays, filesystem on those degraded arrays and then copy over the data etc. is spot on IMO. I would recommend the steps in the above tutorial to really be assured that none of data is corrupted. > > But it would seem to me that a sequence roughly like this should work > without having to recopy all the files. > > 1) umount /var/data; > 2) parted /dev/sdX > (change type to fd - Linux RAID auto) > 3) Set some volume parameters so it's seen as a RAID1 partition > "Degraded". (parted?) > 4) ??? Insert mdadm magic here ??? > 5) Profit! `mount /dev/md1 /var/data` > > Wondering if anybody has done anything like this before... > 'mdadm' starts initializing the array (writing on the disk), overwriting your file system on that partition. I would not recommend it but you can try it and see what happens with your experiment. Should be a no brainer since you have secondary back ups of the data elsewhere (stated in this thread). -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't add printer
On Wed, Jul 23, 2014 at 8:51 PM, Wes James wrote: > I tried to add the printer: > > HP Color LaserJet CP4020 Series Printer > > but CentOS 7 must not know what driver to use. Are you adding the printer from the CUPS webui? You may not find any Linux drivers on the official driver page but ... try the HPLIP drivers <http://hplipopensource.com/hplip-web/models/color_laserjet/hp_color_laserjet_cp4020_series.html> -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] One nice thing about upstream 7
On Wed, Jul 23, 2014 at 2:24 AM, wrote: > My manager took the "binary DVD" and dd'd it onto a flash drive... and it > booted. No problems at all. The 6.5 ISOs are also hybrid. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cemtos 7 : Systemd alternatives ?
On Wed, Jul 9, 2014 at 2:02 AM, wrote: > > 'Ey! What'cho got 'gainst punch cards? > and let's not forget the punched tapes :) -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Creating PDF with editable fields
On Sat, Jun 21, 2014 at 12:52 AM, Bowie Bailey wrote: > > Do you have any suggestions for a good program to create PDF forms > (linux or MS)? I have a PDF document here that we have our customers > fill out. I looked into making it a form a while back, but I couldn't > find any reasonable way to do it (there are a LOT of fields and > check-boxes on this form). All of the things I tried wanted to add > visual elements to the form along with the fields and I don't have room > on the form for that. I just want to be able to say "allow typing here, > here, here, ...". Please name "All of the things I tried " so that we can avoid repeating what you may have already tried. IIRC, LibreOffice has this feature and found the link below with search keywords "creating pdf forms linux" <http://www.maketecheasier.com/create-a-pdf-with-fillable-forms-in-libreoffice/> Here is a how to with xournal (that Mark suggested in a different thread) + LO. <http://askubuntu.com/questions/166875/create-fillable-or-editable-fields-in-a-pdf> Although your question is PDF related, it is deviating from the OP's query (thread) about a light weight PDF reader. In future, please start a new thread when the query is different. HTH -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sshd_config AllowUsers syntax wrong in documentation
On Thu, Jun 26, 2014 at 4:22 PM, Kai Schaetzl wrote: > It seems the syntax for AllowUsers in sshd_config is not the same that is > given in man sshd_config and in several documentation on the web. > (http://www.openssh.com/cgi-bin/man.cgi?query=sshd_config) > > e.g. > > AllowUsers root > > does work. > > AllowUsers root username IIRC, I had encountered similar issue on a Debian box but did not investigate much. Instead, I went with the "AllowGroups" option e.g. AllowGroups admins and add users to the group. Only members of the group can login with ssh. HTH, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] umask setting in /etc/profile not working
On Wed, Jun 11, 2014 at 8:28 PM, Tim Dunphy wrote: >> >>root@uszmpwsld011 apps]# grep umask /etc/* > /etc/bashrc:umask 002 > /etc/bashrc:umask 002 Login as the 'user' and do the following: grep -i umask $HOME/{.bash*,.profile} and make sure the user is not resetting the system default. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squid proxy, https and apple store
On Wed, Jun 11, 2014 at 7:18 PM, Götz Reinicke - IT Koordinator wrote: > Am 11.06.14 15:43, schrieb Arun Khan: > >> CentOS version? > > "old" one 5.10 > >> Squid version? > > squid-2.6.STABLE21-6.el5 > >> >> FWIW, Squid2 supports http 1.0 and Squid3 supports http1.1. >> >> My team faced similar issues with Debian (Wheezy) + Squid2. Switched >> to Squid3 and the problems went away. > > O.K. may be I'll try 3.x if not someone knows somthing different. > And let us know if it resolves your problem. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] squid proxy, https and apple store
On Wed, Jun 11, 2014 at 5:15 PM, Götz Reinicke - IT Koordinator wrote: > I'm a bit confused regarding the connection of a Mac OS X system to the > app store by the app store client. > > Squid is configured using ncsa_auth and I can access https and http > websites without a problem. > CentOS version? Squid version? FWIW, Squid2 supports http 1.0 and Squid3 supports http1.1. My team faced similar issues with Debian (Wheezy) + Squid2. Switched to Squid3 and the problems went away. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LDAP login problem for CentOS 6.5
On Fri, Jun 6, 2014 at 12:34 PM, wrote: > > A fresh 6.5 system was installed recently to become a central server. > Both OpenLDAP and 389 Directory Server were installed and configured > (not at the same time) with groups and normal user accounts. > The server was configured to use LDAP authentication (through > authconfig and system-config-authentication). > > First, the LDAP user wasn't identified by running the 'id' command. > The same with SSH. How have you configured your 'client' node to connect to the openLDAP server? > Although ldapsearch listed all objects correctly. > Observing /var/log/secure had shown that the user is not identified at > all (no uid etc.). Following another article, POSIX details (uid + > gid, and set gid to some LDAP group) were set for that user and the > 'id' command was successful. Your ldapquery command must be connecting to the LDAP server directly. Please share the full ldapsearch command line. > However, still, SSH connections are refused and the log states: > "Authentication service cannot retrieve authentication info" (for pam_sss). > The secure log shows that user details are unavailable > (uid=0,gid=0...) to sshd. uid/gid=0 is super user (root). Let this user be 'local' and not from LDAP. Define a non root user 'John/Jane Doe' and work through the setup. > Locally, when a root performs "su user", the login is successful, home > is created and the secure log state authentication is performed by > pam_unix, contrast to pam_sss. > I use the 'sssd' package to be the backend which queries users from both 'local' and the 'LDAP' server, in conjunction with the tool 'authconfig' which makes the necessary changes to the PAM config files. Read through the refs. [a] below. > Need to mention that we've tried to follow most of the literature > online (RedHat directory server, CentOS OpenLDAP client setup and many > other resources). None were found to be complete enough to bring a > system to a working state where users are able to login and > authenticate. > > In addition, system-config-authentication requires the use of LDAPS or > LDAP with TLS. Only command line tools are able to configure simple > LDAP (no TLS or SSL). > However, even being a security measure, we'd like to avoid all the > (serious) burden of working with certificates at first for simple > experimentation. > It is OK to get started with plain text LDAP auth. but for production use must use TLS to encrypt the packets for user auth. > Any comment or insight will be helpful. > In addition, any link to where we can find a step-by-step guide to > install an (working) LDAP server with a client, will be more than > appreciated. [a] Refs <https://fedorahosted.org/sssd/> <https://fedorahosted.org/sssd/wiki/FAQ> <https://help.ubuntu.com/12.04/serverguide/openldap-server.html> <https://sites.google.com/site/guenterbartsch/blog/usesssdinsteadofnslcdinldapsetuponcentosrhel6> It is also useful to share the contents of the relevant entries in the log files. The conf files like /etc/ldap.conf and /etc/sssd/sssd.conf in case you are still facing problems. Eventually, you will have to deal with authenticating Windows clients/users through Samba (smb.conf) but that is another thread. **Suggestion** - if you have Windows nodes in your network that require network authentication then consider Samba4; I migrating one setup from openLDAP+Samba (NT4 PDC) to a Samba4 AD/DC. For Linux clients, SSSD can also use back end MS AD/DC. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] build system for cutting edge software
On Mon, May 19, 2014 at 5:02 PM, Gergely Buday wrote: > On 19 May 2014 04:50, Matthew Miller wrote: >> On Sun, May 18, 2014 at 01:30:24PM -0400, Robert Moskowitz wrote: >>> > An idea is to build it in a directory, as much independent as it is >>> > possible from the installed libraries on the centos installation. Is >>> > there an automated build system for such an endeavour? >>> Run Fedora as a VM? >> >> Or, run Docker with a Fedora container. > >> You might be interested in Software Collections. See >> <https://www.softwarecollections.org/>. This is basically a system for >> packaging RPMs that instal in /opt instead of into the distribution proper. > > Thanks, software collections seem to be the thing I imagined. No > wonder that somebody has already done it. > You may also want to look at Open Build Service (from openSUSE) <http://en.wikipedia.org/wiki/Open_Build_Service> and the portal <http://openbuildservice.org/> Purportedly, you can build packages for several distributions. YMMV - no personal experience. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos backup tools
On Fri, May 16, 2014 at 8:38 PM, Derrik Walker v2.0 wrote: >> > I've been using BackupPC for years. I currently have it running on a > small CentOS system that mainly does backups. > > I like it because it's agentless ( it uses ssh/rsync ). The Pooling and > Data-deduping is also nice, and saves on space. > +1 to backuppc. A word of caution - database backups should be done with their respective native tools. A colleague, was backing up /var/lib/mysql/ thinking he could restore the db from the backup! -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Samba4 questions
On Wed, Apr 23, 2014 at 1:25 AM, Les Mikesell wrote: > SME server used to be pretty good at that sort of thing (small > business server). You could just add users and put them in groups > with the web interface and set up file shares by group. The ClearOS > version might be more up to date, though.The old lanman > authentication wouldn't be as secure as AD, though. > +1 to Les's comments. @ OP - if you are not averse to switching distributions, then give Zentyal (www.zentyal.org) a try; it has Samba 4.1.5 IIRC and based on Ubuntu 12.04.3 LTS. The Zentyal folks have done a good job on the Web UI so user/group and file share management is fairly straightforward. Recently, I migrated a 50 node setup, a mix of CentOS desktops, Linux Storage (Debian), Windows 7 Pro, OS X, from a openLDAP+Samba3 PDC setup to Samba4 AD/DC. Much as this group has helped you, you will have to do some homework (reading + experimentation) and bring yourself up to speed on Samba4. There is a lot of documentation <http://www.samba.org/samba/docs/> and wiki.samba.org. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there any benefit to using NetworkManager on a server with a static IP?
On Wed, Mar 26, 2014 at 9:05 AM, Christopher Jacoby wrote: > I've been banging my head against the wall trying to get a simple two NIC > bond to work. Got really odd behavior from service network restart, then > finally decided to disable NetworkManager. Voila! Bonding and the network > service script starts working just the way I expect. > > Does anyone here actually use NetworkManager on anything but a laptop or > desktop? I can't seem to figure out a reason to use it on a server. > IMO, Network Manager is for desktop users who may connect to the 'Net in various ways, wired LAN, WiFi, USB data dongles (from Telcom providers). With bridging and bonding scenarios, it causes more heartburn than ease of use. Server installs that I undertake personally, it is turned OFF. However, when I have had to service other admin's installation, for networking issues, I turn OFF the Network Manager. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sssd run level get turned off automagically
On Tue, Mar 25, 2014 at 1:44 PM, Clint Dilks wrote: > On 25/03/2014 7:52 PM, "Arun Khan" wrote: >> >> CentOS 6.5 (AMD64) >> LDAP DS: via SSSD >> >> When I did the OS installation (client site), I had turned the service >> ON with 'chkconfig sssd on' and 'chkconfig sssd --list' showed that >> it was ON >> >> However, whenever the server has been 'hard' rebooted, 'service sssd >> status' shows that it is not running.'chkconfig sssd --list' shows >> it is OFF! >> >> I don't understand how it is automagically turned off. Any ideas what >> could be the problem. >> > > Hi did you run authconfig after setting sssd to start on boot? > The command I used was taken from this site <http://www.couyon.net/1/post/2012/04/enabling-ldap-usergroup-support-and-authentication-in-centos-6.html> authconfig --enablesssd --enablesssdauth --enablelocauthorize --update File /etc/sssd/sssd.conf -- once sssd is running no issue with LDAP binding. Thanks -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sssd run level get turned off automagically
CentOS 6.5 (AMD64) LDAP DS: via SSSD When I did the OS installation (client site), I had turned the service ON with 'chkconfig sssd on' and 'chkconfig sssd --list' showed that it was ON However, whenever the server has been 'hard' rebooted, 'service sssd status' shows that it is not running.'chkconfig sssd --list' shows it is OFF! I don't understand how it is automagically turned off. Any ideas what could be the problem. [root@storage ~]# chkconfig sssd --list sssd0:off 1:off 2:on3:off 4:off 5:off 6:off [root@storage ~]# chkconfig sssd on [root@storage ~]# chkconfig sssd --list sssd0:off 1:off 2:on3:on4:on5:on6:off [root@storage ~]# service sssd start Starting sssd: [ OK ] [root@storage ~]# service sssd status sssd (pid 3511) is running... -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] KVM and Win7-64 Sound
On Tue, Feb 25, 2014 at 6:40 AM, david wrote: > > Sound does not work in the Windows 7 (64-bit) PRO installation as a > Virtual Machine, and I have tried specifying the emulated hardware as > AC97, and ICH6. The few times I have tried desktop VM with LKVM, the user experience within the VM, has been spotty. Whereas with VB it has been acceptable (same no. of CPUs, RAM etc in LKVM v/s VB). For desktop VM, I would suggest Virtual Box. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Thanks on 6.5
On Mon, Dec 2, 2013 at 9:59 PM, wrote: >Thanks for the hard work, and quick followup to upstream. What's > especially nice for us, and for other folks using CentOS at US federal > gov't agencies, is that finally, the stock ssh-agent works seamlessly > with pkcs11 and PIV/CAC cards, which is being required across the > board. We'd been building our own openssh pieces... (and it was my > manager that pushed that enhancement through a RH request ) > And thanks to you and your manager for being the catalyst :) -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Where to put the kernel driver for a Fibre Channel HBA card.
On Mon, Dec 2, 2013 at 11:09 PM, Ned Slider wrote: > On 02/12/13 14:36, Arun Khan wrote: >> CentOS 6.4 (amd64) stock kernel. >> HBA FC Accusys ACS 63200NT >> >> I built the driver from source, insmod activates the device and I can >> see the 24 TB storage volume via 'parted --list' I have created a XFS >> files system and mounted it under /srv/ >> >> Where do I need to install the driver in /lib/modules/ ... directory >> tree so that it is loaded automatically when the system boots? >> >> TIA, >> > > If your module is replacing a driver already in the kernel tree then it > should go in /lib/modules/$(uname -r)/updates/ > It is not present in the stock kernel. > If it's a new driver not present in the kernel then it should go in > /lib/modules/$(uname -r)/extra/ > Thanks - I was not sure of where to copy the driver. > and then run 'depmod -a' Yes, I knew this has to be done to build the dependency list after putting the driver file in the proper directory > > BTW, you should use modprobe and modprobe -r to load and unload modules > rather than insmod as modprobe understands module dependencies whereas > insmod doesn't. > I tried modprobe first to insert the driver but it kept saying module not found. insmod ./ worked. I believe, modprobe will work if the driver is in the /lib/modules/$(uname -r)/ tree and the depmod has been done. Gracias, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Where to put the kernel driver for a Fibre Channel HBA card.
CentOS 6.4 (amd64) stock kernel. HBA FC Accusys ACS 63200NT I built the driver from source, insmod activates the device and I can see the 24 TB storage volume via 'parted --list' I have created a XFS files system and mounted it under /srv/ Where do I need to install the driver in /lib/modules/ ... directory tree so that it is loaded automatically when the system boots? TIA, -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS Hardware clock time setting.
On Mon, Dec 2, 2013 at 4:54 PM, Rajagopal Swaminathan wrote: > Greetings, > > On Mon, Dec 2, 2013 at 4:37 PM, Anand Singh wrote: >> Hi, I would like to sync my CentOS 6.3 hardware clock time to my NTP >> server's time. Can I do that without reboot the hosts? >> >> If yes, it would be great if anyone of you can provide me steps to do that. >> I am newbie in CentOS. >> > > ntpdate > > service ntpd restart Also ensure that ntpdate service is turned OFF and ntpd service is ON (see chkconfig). -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Thank You To The CentOS Team
On Mon, Dec 2, 2013 at 8:26 AM, Mark LaPierre wrote: > Hey all you dedicated folks out there who support the CentOS project. > Thank you all for your dedicated effort and the great deal of work to > get the 6.5 release up and running. > > Thank you all! > +1! The Team is doing a great job + service to the community; we appreciate it very much. Cheers ... -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Story of an email
On Fri, Nov 29, 2013 at 3:04 AM, Timothy Murphy wrote: > I'm running postfix + dovecot on my CentOS server, > together with amavisd, clamd and spamassassin, > following the instructions in > <http://wiki.centos.org/HowTos/postfix>. > As far as I can see it is all working, > but I must admit I'm not clear exactly what path > an incoming email travels along. > I asked this question before, and someone suggested > a document I should read, > but unfortunately I've mislaid the note I made at the time. > > So if someone could enlighten me - > or point to a source of enlightenment - > I should be most grateful. > Search string "spamassasin routing via postfix" - interesting links (perhaps enlightening) <http://commons.oreilly.com/wiki/index.php/SpamAssassin/Integrating_SpamAssassinwith_Postfix> <http://jessen.ch/articles/spamassassin-and-postfix/config.shtml> <http://forum.parallels.com/showthread.php?293113-Understanding-Postfix-amp-Spamassassin> Hopefully, the above links provide the info you are looking for. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Postfix relay on Comcast
On Fri, Nov 22, 2013 at 7:38 AM, Lists wrote: > How to get postfix working on CentOS 6 and Comcast. Recently, they've > changed their policies regards email relay and require authentication > even to send email. (they no longer use IP address ranges, presumably in > an attempt to curb outgoing SPAM) > > I didn't see an updated howto anywhere on the Interwebs, thought I'd > point out what I had to do. The part that had me stumped for longer than > I care to admit was having to install cyrus-sasl-plain rpm - EL5 > apparently had that installed as part of the cyrus-sasl package. search keywords gave ample links with pretty much the same documents Here is one specifically for CentOS with GMail as smtp smart host. Replace Gmail smtp host with Comcast smtp host and change port 587 if Comcast is using something different. <http://blog.earth-works.com/2013/05/14/postfix-relay-using-gmail-on-centos/> HTH, -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disk cloning ?
On Mon, Nov 11, 2013 at 4:29 PM, hadi motamedi wrote: > > Please find below : > #parted -list > disk /dev/hda 21.5GB > sector : 512B/512B > partition : msdos > disk : /dev/sdb 40GB > sector : 512B/512B > partition : msdos > error: unable to open /dev/md0 > unrecognized disk label. The devices listed above do *not* match with your original post. #dd if=/dev/sdb of=/dev/sdc Also do *not* cross post the same query to multiple mailing lists. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disk cloning ?
On Mon, Nov 11, 2013 at 3:14 PM, hadi motamedi wrote: > Dear All > I needed to clone my disk to another hard drive . I did it as the following : > #dd if=/dev/sdb of=/dev/sdc > But after a while, the procedure ended with the "writing to /dev/sdc > input/output error" message. Is /dev/sdc >= /dev/sdb? Also, input/output error is an indication of a hardware problem (disk controller on the board, cable, or the disk). > Can you please let me know how can I overcome this as the fdisk now returns > as " > #fdisk /dev/sdc > "I do not know how to handle files with mode 81a4 > must set cylinders" What does 'parted --list' display? > What can I do at know ? Post the answers for above. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] logical volume and drive names after mirroring a centos installation via rsync
On Sat, Nov 9, 2013 at 6:28 PM, Peter Peltonen wrote: > > Now I would need to figure out how to boot to the CentOS installation on > server A/sdb and I would like to ask about a few details: > > - I am confused about the logical volume names: which ones should I use on > the new server's fstab, the old ones (rsynced from server B/sda) or the > ones I used when creating the logical volumes from server A? If I need to > use the new ones, should I update the names also somewhere else than fstab? > Yes, you need to use the new LVM device names in the /etc/fstab. > - As the new installation will boot from sdb instead of sda, do I need to > update this information somewhere (like /boot/grub/device.map) ? > It depends are you going to remove 'sda' from the server. In which case your sdb will become the sda. You will need to install grub on this disk. > - How do I install grub on the second drive? Do I simply command from the > A/sda installation: > What are you planning to do with the 'old' sda? Do you want to keep it around until things check out with sdb? In this case, you need to add entry for the CentOS on sdb to the existing menu.lst. > grub-install /dev/sdb > > ? > > - And to access this new grub I just mark the second drive as the boot > drive in BIOS and boot, yes? > You could boot the OS on the second disk from grub on the first disk. See above. > - If I also wanted to boot to the new A/sdb system by using the grub in > A/sda installation, what should the entry in /boot/grub/menu.lst look like, > do I just change the hd(0,0) parameter to hd(1,0) and edit correct kernel > and initrd values? > See above. First finalize your strategy -- keep 'old' sda in the system or remove it. Depending on this you may or may not have to install grub on the 'sdb'. HTH, -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install to internal USB?
On Sat, Nov 9, 2013 at 4:13 PM, John R Pierce wrote: > On 11/9/2013 2:40 AM, Arun Khan wrote: >> On Sat, Nov 9, 2013 at 4:31 AM, Jim Wise wrote: >>> > >>> > >>> >How close is Centos (or the upstream) to being able to run with all but >>> >/var and /tmp readonly? >>> > >> Don't know about CentOS. However there is Voyage Linux (derivative of >> Debian) that runs from an 'ro' filesystem + 'rw' files in ramfs. > > you could use the centos liveCD as a basis for a ramdisk image ... > It is a thought. However, for low storage (256MB CF), low mem (256MB), slower cpu (< 500 MHz) - VoyageLinux is a good fit. One can remount / 'rw' make the config changes, to make the changes persistent and then remount 'ro'. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install to internal USB?
On Sat, Nov 9, 2013 at 4:31 AM, Jim Wise wrote: > > > How close is Centos (or the upstream) to being able to run with all but /var > and /tmp readonly? > Don't know about CentOS. However there is Voyage Linux (derivative of Debian) that runs from an 'ro' filesystem + 'rw' files in ramfs. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install to internal USB?
On Sat, Nov 9, 2013 at 2:27 AM, Lists wrote: > Saw a trick today, wondering if anybody else had done/tried this? Assume > you have a 1U rackmount with 4 front-accessed drive bays, and you want > all four bays for a 4-disk RAID5 storage. > > The idea is to use an internal USB adapter and a couple of bigger USB > thumb drives to install to, RAID 1 style, freeing up all your external > drive bays. At first, I didn't think that a thumb drive would hold > enough for the O/S, but in actual production use for a file server with > 14 TB of redundant storage, the OS actually uses less than 6 GB! > > Here's the internal USB adapter specifically mentioned: > http://www.amazon.com/gp/product/B007PODI1W > Some of the newer workstation/server boards have an internal USB (female) connector soldered on to the board; specifically meant for embedded OS.I have seen it on the Supermicro and Dell systems. > I'd be concerned about getting a higher quality drive than the $10 > givaways at Staples; Anybody here ever tried this? Make sure you do buy industrial quality USB pen drives. I use Apacer but there are others in the market. I prefer to use SATA Disk on Modules (DoM). For basic server install a 2GB DoM is plenty. In either case, do not put swap on the flash drive. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] chipsets etc to avoid for CentOS 6.x
On Fri, Nov 8, 2013 at 11:18 AM, Arun Khan wrote: > On Fri, Nov 8, 2013 at 10:35 AM, Devin Reade wrote: >> >> I've typically stuck to Intel CPUs, and prefer Gigabyte or Intel >> motherboards. I'd prefer to minimize the likelihood of non-working >> or marginally-working hardware. > > Gigabyte does list Linux for their boards, albeit as caveat -- an example > here: > <http://www.gigabyte.in/products/product-page.aspx?pid=4388#sp> > > I would suggest select a board that has been in the market for about 6 > months. Look up the chipset on the board and verify support for it > in the Linux kernel. Also, besides costing a little less it will > most likely work with the latest incarnate of the OS. > I had meant to add following info in my earlier response - Supermicro makes desktop/workstation boards based on i3/i5/i7 CPUs and compatible chip set: <http://www.supermicro.com.tw/products/motherboard/Core/index.cfm> OS compatibility for board chip set ==> <http://www.supermicro.com.tw/products/motherboard/Core/index.cfm> HTH -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] chipsets etc to avoid for CentOS 6.x
On Fri, Nov 8, 2013 at 10:35 AM, Devin Reade wrote: > > I've typically stuck to Intel CPUs, and prefer Gigabyte or Intel > motherboards. I'd prefer to minimize the likelihood of non-working > or marginally-working hardware. As for "Desktop" grade boards - officially Intel does not support them. Although they may well with Linux, in case of problems (RMA) they will ask you to do Windows specific things before giving a RMA number. Server boards - specific versions of RHEL + SLES mentioned for the specific board; mention of CentOS or any other Linux distro results in "unsupported" OS. This has been my experience with Intel in India. Gigabyte does list Linux for their boards, albeit as caveat -- an example here: <http://www.gigabyte.in/products/product-page.aspx?pid=4388#sp> I would suggest select a board that has been in the market for about 6 months. Look up the chipset on the board and verify support for it in the Linux kernel. Also, besides costing a little less it will most likely work with the latest incarnate of the OS. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] read-only file system when trying to save files
On Sat, Nov 2, 2013 at 4:21 AM, Wes James wrote: > > That was it. This is an old mac pro that I put centos on yesterday. It > had 4 disks in it and this is the 3rd that has died. A faculty member had > it for 5-6 years and it was on 24/7. It's been in the junk pile for > several months. I guess long enough for the disks to go south from sitting > on so long then going off for a period... maybe Anyone heard of this? > It is hard to predict hard disk failure. I have had "sealed" Seagate enterprise grade disks DoA. Install smartd (smartctl) and watch the logs for impending failures and take corrective actions when you start noticing failures in the smart report; even this is not full proof. RAID gives some comfort level but do keep backup of important data in multiple places. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sssd - ldap uid/gid does not match with uid/gids in the openLDAP DS
On Wed, Oct 9, 2013 at 11:13 AM, Arun Khan wrote: > On Wed, Oct 9, 2013 at 2:29 AM, Paul Heinlein wrote: >> On Wed, 9 Oct 2013, Arun Khan wrote: >> >>> In order for jdoe to show up as member of 'project1' group, I have to >>> restart sssd. >>> >>> In sssd.conf, in the domain section enumerate=FALSE. >>> >>> I would appreciate any pointers to shorten the client side updates >>> regarding uid+gid association. >> >> >> Th default entry_cache_timeout is 5400 seconds, an hour and a half, probably >> well beyond the "> 5 mins" you waited. >> >> I set "entry_cache_timeout = 600" in the domain section section of the >> standard sssd.conf for CentOS machines. You can set >> entry_cache_group_timeout specifically if you need more frequent checks for >> group entries. >> > > Thanks very much for the pointer. I will try it out. SOLVED. I set the timeouts to low values (10s), tested and the settings work like a champ! Thanks again for the pointer. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] "Enterprise Class Hard Drive" - Scam Warning
On Wed, Oct 2, 2013 at 11:51 PM, Steve Brooks wrote: > The retailer is certainly willing to refund and the manufacturer is > also willing to replace.. The worrying part is that the drives that were > replaced under warranty should *not* find there way back onto the shelves > re-packaged as new enterprise class drives.. Thanks for the heads. After a slew of HDD failures, I use smartctl, badblocks on every drive before putting them into production. However this may not be practical when there are many disks in a storage. Usually repaired drives are marked "Refurbished" if the RMA is handled by the manufacturer directly. RMA handled by retailer who knows what instruction the management gives regarding returns. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sssd - ldap uid/gid does not match with uid/gids in the openLDAP DS
On Wed, Oct 9, 2013 at 2:29 AM, Paul Heinlein wrote: > On Wed, 9 Oct 2013, Arun Khan wrote: > >> In order for jdoe to show up as member of 'project1' group, I have to >> restart sssd. >> >> In sssd.conf, in the domain section enumerate=FALSE. >> >> I would appreciate any pointers to shorten the client side updates >> regarding uid+gid association. > > > Th default entry_cache_timeout is 5400 seconds, an hour and a half, probably > well beyond the "> 5 mins" you waited. > > I set "entry_cache_timeout = 600" in the domain section section of the > standard sssd.conf for CentOS machines. You can set > entry_cache_group_timeout specifically if you need more frequent checks for > group entries. > Thanks very much for the pointer. I will try it out. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] sssd - ldap uid/gid does not match with uid/gids in the openLDAP DS
CentOS 6.4 (amd64) client desktop with SSSD installed+configured to do LDAP AUTH from an openLDAP DS. Groups in LDAP DS -- dsusers (for all users), project1, project2, The objective is to give group permissions to directory trees with users belonging to various groups; users thereby inheriting the ACL given to respective groups. Test case -- uid: jdoe, gid: dsusers (primary) On LDAP client workstation - id jdoe shows uid+gid as above. Then I add uid jdoe to the 'project1' group in the openLDAP DS. On the client workstation - id jdoe shows member of 'dsusers' only. Thinking it could be due to local cache, I have deleted the files in /var/lib/sss/db/ and still id jdoe reports member of dsusers only. I have also waited > 5 mins. expecting the client side cache to be updated but still the same issue. jdoe does not show up as member of project1. In order for jdoe to show up as member of 'project1' group, I have to restart sssd. In sssd.conf, in the domain section enumerate=FALSE. I would appreciate any pointers to shorten the client side updates regarding uid+gid association. TIA. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.4 Installation on Dell R720
On Tue, Oct 8, 2013 at 10:55 AM, Kaushal Shriyan wrote: > Hi, > > I am planning to install CentOS 6.4 on Dell R720 which has hardware raid > card and 6 hard disk slots available. > > I have planned with the below set up :- > > *2 Hard disks configured in RAID 1 for installing OS What is the HDD size? For a base OS + MySQL server, a 4GB SATA Disk on Module (DoM) may be sufficient. > * > *4 Hard disks configured in RAID 10 for data drive.* > Again, hopefully, you have sized these disks for sufficient space for the DB files, presuming you will mount this device on /var/lib/mysql. > Please suggest and recommend if the above approach is correct and let me > know if i am missing anything which is crucial to set up a production > server. This server will host MySQL DB server. You may want to put /tmp, /var/tmp/, /var/log on separate partitions - 1G, 1G, 3G, respectively. You can "steal" this kind of space by creating a LV on your RAID10 device and carving it up as above with the rest for your MySQL files. HTH, -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partitionable Raid
On Wed, Oct 2, 2013 at 5:10 PM, Ireneusz Piasecki wrote: > W dniu 2013-10-02 13:03, Arun Khan pisze: >> On Wed, Oct 2, 2013 at 4:29 PM, Arun Khan wrote: >> >>> June/2013 time frame and posted my woes in this mailing list. >> >> oops, s/b June/2012. > Yes, June. But, if i good remember, this was a problem with dracut > itself. I have had C6.2 with standard raid-1 at top of partition and > suffered this problem too. Dracut update solved my problem with system > non booting with one drive in RAID-1 scenario. dracut updated Oct 03 2012. Indeed, it was a dracut problem but for me, with dracut updates, there was no solution in the Aug/Sep time frame during my consultation gig at client site. > So above solution at wiki isn't bad at all. YMMV and it is good that the problem has been fixed. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partitionable Raid
On Wed, Oct 2, 2013 at 4:29 PM, Arun Khan wrote: > June/2013 time frame and posted my woes in this mailing list. oops, s/b June/2012. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partitionable Raid
On Wed, Oct 2, 2013 at 4:50 AM, Billy Crook wrote: > If sda fails outright, sdb will BECOME sda. This is usually the case > when a "drive fails". In the case of the partionable RAID stated by OP, the boot fails (see my posting from June/2012. > If sda is skillfully overwritten in specific places with the intention > of producing a curcumstance in which Linux kernel raid will fail, then > Linux kernel raid will fail. Even a non raid will fail, will it not? -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Partitionable Raid
On Tue, Oct 1, 2013 at 9:33 PM, Eugenio Pacheco wrote: > Hi, > > After reading the tutorial at > http://wiki.centos.org/HowTos/Install_On_Partitionable_RAID1 I have the > following question: Please steer away from the above if possible. I did this around June/2013 time frame and posted my woes in this mailing list. Please search the archives and go through the entire thread. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Setting up postfix under CentOS-6
On Thu, Sep 12, 2013 at 3:33 PM, Timothy Murphy wrote: > I recently, perhaps foolishly, changed over a remote server > from sendmail/procmail to postfix/amavis/spamassassin/clamd , > and I'm finding it difficult to configure this setup. > It would have been helpful, if you had described briefly what was your sendmail setup e.g. relaying mail through smart host, authenticating local users before allowing relay etc. > > The CentOS document <http://wiki.centos.org/HowTos/postfix> > explicitly says that its instructions may not work in CentOS-6. > Does anyone know of reasonably simple postfix documentation > for CentOS-6? > > What is the harm in trying out and finding for yourself? Postfix's main.cfhas all the conceivable configuration that most sites would deploy. +1 to everyone's responses. > I've been amazed how bad the postfix documentation is. > It actually seems to be worse that sendmail documentation, > which I thought established a record for this sort of thing. > The official documentation at > <http://www.postfix.org/documentation.html> > is ludicrously wordy, with every conceivable option > listed in random order. > I would suggest read the overview doc to see how the various modules work together <http://www.postfix.org/OVERVIEW.html> I abandoned sendmail and switched to postfix a long time ago and was glad that RHEL6/CentOS6 has switched to it as the default MTA. I found postfix documentation easier to follow. As with any software package, I budgeted time for a little trial and error got it working for my requirements. Alternately, you can try iRedMail. It is a collection of scripts that checks and installs all the requisite packages for an email server with pop3+imap support + RoundCube web mail; it supports CentOS6. Try it if you don't want to muck around hand editing conf files. iRedMail details <http://www.iredmail.org/> HTH, -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Run one-time startup script
On Fri, Sep 20, 2013 at 9:11 PM, John R Pierce wrote: > On 9/20/2013 5:31 AM, Kai Schaetzl wrote: > > I have to change IP numbers across a number of virtual and physical > > machines because of network center move. This has to be done before > > network startup, of course. I'm thinking about the best method to do > this. > > Where should I include/init this script? Or would it rather make more > > sense to do this on the last shutdown? > > reconfigure the servers to use dhcp and configure the hosts via > reservations on the dhcp servers. new location on a new subnet would > have require reservations, reboot and voila! > > DNS should be taking care of any application stuff (when the servers are > moved, their entries are updated on the DNS servers) +1 to DNS + DHCP. 1. Configure your DNS A entries to the new IP scheme. 2. Configure your DHCP to give out fixed IP based on the MAC addresses of your servers and their respective IP number in your new DNS scheme. 3. Configure the systems to do DHCP and they should boot up with the new IP numbers. 3. Services like Postfix, NFS etc. should be using DNS names rather than IP numbers IMO, so the changes should be minimal if any. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] surveillance DVR
On Wed, Jul 31, 2013 at 8:10 PM, wrote: > Does anyone know of a DVR that runs Linux that does NOT USE Active-X, > and/or allows logging in directly? > MythTV? It has a web UI. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: When no MTA is installed, How to send an email with a cronjob?
@ Indunil Jayasooriya IIRC, in one of your follow up post, you mention that you have the Zimbra suite installed and running on *this* machine (which is why you might have had to remove the distro's default postfix in the first place). If above is true then you should try to figure out how to send the cron emails using Zimbra's MTA (which BTW is also postfix). Why are you trying to re-invent the wheel? Am I missing something here? -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] When no MTA is installed, How to send an email with a cronjob?
On Sun, Jul 21, 2013 at 2:12 PM, Indunil Jayasooriya wrote: > Hi, > > When no MTA is installed, How to send an email with a cronjob? Install postfix and configure to accept messages from 'localhost' only. > > MAILTO=myem...@example.com I guess you have a 'real' email id in your setup. > 15 11 * * * root /root/scripts/backup.sh > > Can I send this email via SMTP server? Some global service providers may accept email from the postfix MTA in your server. Alternately, you can configure postfix to relay the message via a 'smart_host' (preferred method). It will require you to provide a valid email address + plus password for your postfix (client) to do authenticate itself and send the outgoing message. There is ample documentation on the 'Net to accomplish this. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Puppet el5 repo...
On Wed, Jul 3, 2013 at 8:42 PM, John Doe wrote: > > In the mean time, I am testing cfengine. > Very easy to install but the configuration/syntax is big and scary... ^_^ > > Take a look at chef <http://wiki.opscode.com/display/chef/Home> I am @ n00b stage with it but there is documentation at the wiki site. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6 guest OS does not detect reboot/shutdown signal from virt-manager
SOLVED On Wed, Jun 26, 2013 at 4:11 PM, Dirk Olmes wrote: >> > >From the virt-manager, I am able to shutdown/reboot the Debian and >> Ubuntu guest OSs but not the CentOS 6 guests. >> >> For the CentOS 6 guests, I have to resort to "Force off" > > Install the acpid package and make sure it is properly started when the > VM starts. > That was it! Thanks very much. -- Arun Khan Sent from my non-iphone/non-android device (অরুণ খান্/अरुण खान) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 guest OS does not detect reboot/shutdown signal from virt-manager
My setup is as follows: Host OS: Debian Wheezy amd64 stock kernel (3.2), virt-manager v0.9.1 Guest VMs: A bunch of Linux based servers - CentOS 6, Debian 6/7, Ubuntu 12.04 (all amd64 with stock kernel). All of them defined using virt-manager GUI interface. >From the virt-manager, I am able to shutdown/reboot the Debian and Ubuntu guest OSs but not the CentOS 6 guests. For the CentOS 6 guests, I have to resort to "Force off" I have looked at the syslog and messages log files but do see anything to correlate between host and guest OS. Any pointers on how to debug this problem would be much appreciated. Thanks, -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Run multiple instance of apache
On Mon, May 27, 2013 at 2:23 PM, HAJJ CHEHADE, Ahmad wrote: > Thank you Hartmut, I've watched this link before but It's not me who decide, > in fact I work for a company and they want me to duplicate services to be > able to start one and stop other or start both...so I don't have choice I > have to duplicate services, any suggestions Apart from the FreeBSD solution from Rainer. Load balance? You could have several VM instances of apache front end. Depending on the traffic you could start/stop the VM instances. Also please do not top post. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] security breach - ftp?
On Sun, May 19, 2013 at 9:29 PM, Philipp Duffner wrote: > > I think I really hit a snag with this one - I have no idea where to go > forward from here. > I'd appreciate any ideas. > I use aide (akin to tripwire) to keep file signature db. The online db file is immutable but I also keep a copy of it offline (along with sha1sum) Run aide (the static binary) against the db file to detect changes (if any). Also rpm -qa --verify will list files whose MD5 sums have changed, not a full proof method. You may also look at fail2ban, mod_evasive, mod_security (EPEL repo). -- Arun Khan Sent from my non-iphone/non-android device (অরুণ খান্/अरुण खान) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] F18: Create a USB install of CentOS 6 from iso
On Sat, May 18, 2013 at 5:32 PM, Scott Robbins wrote: > On Sat, May 18, 2013 at 01:56:06PM +0530, Arun Khan wrote: >> On Sat, May 18, 2013 at 3:09 AM, Mark LaPierre wrote: >> > On 05/17/2013 11:06 AM, Mihamina Rakotomandimby wrote: >> >> Hi all, >> >> >> >> On a F18, I installed livecd-tools-18.15-1 >> >> >> > >> > This sounds like something you should post to the Fedora Users list. >> > The problem probably lies with the F18 application, not with the CentOS >> > ISO image. >> > >> >> Although it sounds like a F18 issue, the under lying issue (IMO) is >> that it the dd of ISO image to a pen drive device does not work with >> the RHEL/CentOS installer. > > FWIW, I have found that recent Fedora installs, at least the net.iso, works > without problem, whether one uses livecd-tools or dd. > In my post, I also mentioned that a plain dd of the ISO file onto an USB pen drive works for the netinstall use case. However, the dd method does not work for if you want the install to happen from the pen drive (w/o network connectivity). The OP was having problems with the livecd-tools, the links quoted earlier provide a manual method to do so. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] F18: Create a USB install of CentOS 6 from iso
On Sat, May 18, 2013 at 3:09 AM, Mark LaPierre wrote: > On 05/17/2013 11:06 AM, Mihamina Rakotomandimby wrote: >> Hi all, >> >> On a F18, I installed livecd-tools-18.15-1 >> > > This sounds like something you should post to the Fedora Users list. > The problem probably lies with the F18 application, not with the CentOS > ISO image. > Although it sounds like a F18 issue, the under lying issue (IMO) is that it the dd of ISO image to a pen drive device does not work with the RHEL/CentOS installer. Whereas with other Linux distros like the Debian / openSUSE / Ubuntu it is possible to dd the ISO images on to a pen drive, boot from it and complete the installation [1]. The OP is trying to use a tool which supposedly makes a bootable/installable USB device. Search keywords "centos create usb boot disk" throws up helpful links. The manual methods may the way to go to achieve the objective. [a] <http://wiki.centos.org/HowTos/InstallFromUSBkey> [b] <http://shivasbase.blogspot.in/2012/03/create-bootable-usb-with-centos.html> [c] <http://thenubbyadmin.com/2012/05/04/how-to-make-a-bootable-centos-6-usb-drive/> All of the above essentially say the same thing. @OP please try the method outlined in above links and report your success/failure. [1] This is my preferred method, it eliminates need for an optical media and burning the ISO image to a DVD. FWIW, I have dd'd the CentOS ISO image to a pen drive. In the installer, choose one of the 'network' methods (http / ftp / nfs / cifs etc). Also make sure the CentOS DVD content is available over the network via the chosen method (my choice http). -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a CentOS-friendly online backup company
On Sat, May 11, 2013 at 12:16 AM, Digimer wrote: > >So does anyone know of an online backup company that _will_ support > CentOS (and Windows)? > >Any pointers will be much appreciated! > Not an online but an in-house solution. Symantec Netbackup (or whatever it is called) apparently supports a whole bunch of Linux distros (as client). Recently, I deployed a CentOS LAMP server (guest in Windows Hyper-V) and the data center guys installed the CentOS client in it for daily backups. Perhaps some online vendor who is using the same in their infra can support CentOS. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Looking for a CentOS-friendly online backup company
On Sat, May 11, 2013 at 12:25 AM, wrote: > > I once started a support call with Sun/Oracle *shudder*, and > the engineer got all huffy, they didn't support CentOS (it was a hardware > problem), and he obviously didn't know anything about it. I escalated, and > got another engineer (and the story goes downhill from there). > It is a similar experience with Intel, Dell, ... The OS is not on their compatible list? Sorry can't help you, never mind it is a hardware problem. Whenever there is hardware problem, I play dumb and 'do' whatever they ask me to do and report failure for each operation. Eventually I get a RMA number. I run a small time consulting operation and this is the kind of flack I get. It is just not Linux. On an Intel S3000AH board, certified for Windows 2003 server, I was told that Windows 2008 server was not supported. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cents OS from Bash Shell
On Thu, Apr 25, 2013 at 6:00 PM, Mike Burger wrote: >> On Thu, 2013-04-25 at 13:04 +0100, Adekoya Adekunle wrote: >>> I want to know the right command to type from a bash shell so that i can >>>1) Check the version of my cent os >> >> lsb_release -a I believe you need to install the package to get lsb_release. It is not present in my minimal server install. > >From the question, he wants to know the version of CentOS, not the LSB info. > > rpm -q centos-release The default content in the file /etc/issue comes with Distro name + version number (CentOS, Debian, Ubuntu in my case). -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] phpmyadmin location
On Thu, Apr 18, 2013 at 10:00 PM, Tilman Schmidt wrote: > Am 18.04.2013 08:44, schrieb Arun Khan: >> On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 wrote: >> >>> But at the same time it's not prudent to allow anyone access to a service >>> (host/port/page/whatever) when they have no need to. >>> >>> Perfect example being people who let SSH open to the world on production >>> boxes and do little to nothing to protect it. >> >> How do you handle the ACL when multiple users need the ssh access? >> >> Use case scenario, I have setup CentOS based LAMP servers [...] the web >> developers who keep making changes (per client request) need sftp >> access to the boxen; their respective ISP service, provide only >> dynamic IPs (or charge extra which the freelancer will not pay for) >> >> At the moment, I have had to leave it open with fail2ban monitoring >> the ssh port. > > ACLs won't cut it in that scenario, Exactly. > but limiting SSH to public key > authentication (ie. disabling password authentication) and Agreed but explaining the concept to WAMP web application developers .... > disabling > direct root login should be sufficiently secure. This is the first thing I do after installation is complete :) -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] phpmyadmin location
On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 wrote: > But at the same time it's not prudent to allow anyone access to a service > (host/port/page/whatever) when they have no need to. > > Perfect example being people who let SSH open to the world on production > boxes and do little to nothing to protect it. How do you handle the ACL when multiple users need the ssh access? Use case scenario, I have setup CentOS based LAMP servers (as an admin) and pay extra for static IPs to assure my clients that I access their servers from specific IPs only. However, the web developers who keep making changes (per client request) need sftp access to the boxen; their respective ISP service, provide only dynamic IPs (or charge extra which the freelancer will not pay for) At the moment, I have had to leave it open with fail2ban monitoring the ssh port. -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] phpmyadmin location
On Sat, Apr 13, 2013 at 11:03 PM, Bruce Whealton wrote: > Hello all, > So, I installed phpmyadmin from the yum package manager. I am not > sure where it would be installed. In other words, I don't know how to reach > it in my browser. By default, the rpm installation creates an Apache Alias "/phpmyadmin" (take a look at the httpd.conf file). You can access it with /phpmyadmin> ip_number can be localhost, DNS name, or ip number. Follow the common password policy (> 8 chars alpha numeric upper/lower case). In case this system is on an Internet facing network, I would suggest you put some kind of access control on the directory e.g. .htaccess Basic Auth. HTH -- Arun Khan Sent from my non-iphone/non-android device ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [OT/HW] hardware raid -- comment/experience with 3Ware
On Wed, Mar 13, 2013 at 11:04 PM, Keith Keller wrote: > On 2013-03-13, SilverTip257 wrote: >> >> I'll argue that the software RAID process is slightly more complex. And it >> is crucial that one remember to hot-remove the disk ... after all one >> could panic their box by just yanking the drive. > > Agreed, but the OP specifically mentioned wanting to avoid creating more > on-site work. He could do all of the steps you mentioned remotely, so > the amount of on-site work for HW RAID or md RAID is equivalent, and > therefore shouldn't be a factor in choosing between them. The added > complexity might be an issue for a user new to RAID or to device > management. >From the discussions thus far, I have concluded that hardware raid has it's own issues. Thanks to everyone for sharing your thoughts, suggestions and comments. I am still leaning towards a hardware raid controller but will look into the MegaRAID controllers as well. -- Arun Khan ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos