Re: [CentOS] Can't delete or move /home on 7.3 install
Yup, verified those options are *not* set in 7.2. For a quick test I simply removed them from /usr/lib/systemd/system/NetworkManager.service, did a systemctl daemon-reload, restarted NetworkManager, logged back in as root, and was able to whack /home (7.3). On Tue, Dec 20, 2016 at 11:07 AM, Matthew Miller wrote: > On Fri, Dec 16, 2016 at 02:29:28PM -0500, Jonathan Billings wrote: >> The culprit? NetworkManager has /home open. I can't figure out >> *WHY*. > > NetworkManager.service has 'ProtectHome=read-only', which keeps NM from > writing there. I presume namespacing /home in this way counts against > unmounting it. This is a good security protection for everyone running > NM, so I can see it being worth the tradeoff vs. being able to move or > remove /home on a live system. > > (It also has ProtectSystem=true, which mounts /usr and /boot read-only > as well.) > > If you wanted to change this, drop ProtectHome=false into > /etc/systemd/system/NetworkMananger.service.d/override.conf (possibly > by using sudo systemctl edit foo NetworkMananger). > > -- > Matthew Miller > > Fedora Project Leader > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- "replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem." ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't delete or move /home on 7.3 install
Confirmed as well, thanks! What's really odd is I didn't see *anything* having a lock on /home, nada, zilch. We have a work-around in place for this but I was beating my head against the wall trying to figure it out. On Fri, Dec 16, 2016 at 11:29 AM, Jonathan Billings wrote: > On Fri, Dec 16, 2016 at 10:17:21AM -0800, Glenn E. Bailey III wrote: >> This is a base install. If you deploy an instance in ec2 or GCE (ec2 >> you can do the free tier) it's easily repeatable. Even on a RHEL 7.3 >> instance. Note you'll need to allow root and password logins via SSH >> before attempting. > > I can confirm this. > > The culprit? NetworkManager has /home open. I can't figure out > *WHY*. > > # systemctl start NetworkManager.service > # rmdir /home > rmdir: failed to remove ‘/home’: Device or resource busy > # systemctl stop NetworkManager.service > # rmdir /home > rmdir: failed to remove ‘/home’: Device or resource busy > # systemctl stop NetworkManager.service > # rmdir /home > rmdir: failed to remove ‘/home’: Device or resource busy > # systemctl kill NetworkManager.service > # rmdir /home > rmdir: failed to remove ‘/home’: Device or resource busy > # rmdir /home > > So it takes some time for all the parts of NetworkManager to die, but > eventually, they do and you can remove /home. > > Unfortunately, I don't see any reason why /home would be in use by > NM. Very odd. > > -- > Jonathan Billings > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- "replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem." ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't delete or move /home on 7.3 install
This is a base install. If you deploy an instance in ec2 or GCE (ec2 you can do the free tier) it's easily repeatable. Even on a RHEL 7.3 instance. Note you'll need to allow root and password logins via SSH before attempting. On Fri, Dec 16, 2016 at 5:47 AM, Jonathan Billings wrote: > On Thu, Dec 15, 2016 at 11:51:28AM -0800, Glenn E. Bailey III wrote: >> Doing a lsof showed no open files against /home. Something else is >> locking it, not a user process. Also disabled SELinux, did a init 1, >> and only way to remove it was via single user by passing >> init=/sysinit/bin/sh > > It sounds like /home is being managed by something in the kernel, then. > > Are you exporting /home via NFS or SMB? AutoFS? I'm trying to think > what would start at runlevel 1, although if this is c7 that might not > be a valid description anymore, perhaps services are being started at > 'rescue.target'. > > -- > Jonathan Billings > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- "replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem." ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't delete or move /home on 7.3 install
Doing a lsof showed no open files against /home. Something else is locking it, not a user process. Also disabled SELinux, did a init 1, and only way to remove it was via single user by passing init=/sysinit/bin/sh On Thu, Dec 15, 2016 at 10:48 AM, Leonard den Ottolander wrote: > Hello Glen, > > On Thu, 2016-12-15 at 10:10 -0800, Glenn E. Bailey III wrote: >> I was most def root. > > There's a difference whether you logged in as root or su-ed to root. In > the latter case /home is still in use by the user you su-ed from. > > Even though it is not strictly necessary to init 1 you must make sure > not a single user that uses /home for their home directory is logged in > and no system user accesses files there (f.e. apache configured with > home dirs) when attempting to move /home. > > Regards, > Leonard. > > -- > mount -t life -o ro /dev/dna /genetic/research > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- "replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem." ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Can't delete or move /home on 7.3 install
I was most def root. /home isn't mounted as a separate filesystem. It's not even tmpfs or btrfs. I was able to boot into single user mode to remove it, but this isn't possible in an automated fashion. I may just have to start building my own images. Still curious to know why I can't rename or move it. Anyone else try this on a stock 7.3 build? On Thu, Dec 15, 2016 at 8:42 AM, wrote: > Jon LaBadie wrote: >> On Thu, Dec 15, 2016 at 04:10:07AM -0600, geo.inbox.ignored wrote: >>> On 12/15/2016 01:47 AM, Gianluca Cecchi wrote: >>> > On Thu, Dec 15, 2016 at 2:49 AM, Glenn E. Bailey III < >>> > replic...@dallaslamers.org> wrote: >>> > >>> >> Tried this in both AWS and GCE as I though it may be a specific cloud >>> >> vendor issue. SELinux is disabled, lsof | grep home shows nothing, >>> >> lsattr /home shows nothing. Simply get "Device or resource busy." >>> >> >>> >> Works just find on 7.2 so I'm kinda at a loss. Scanned over the RHEL >>> >> release notes and didn't see anything. Anyone else have this issue? >>> We >>> >> move our /home to another mount point and symlink /home to it .. >>> >> >>> >> >>> > Do you have access to the console, so that you can try to do the move >>> while >>> > in single user mode? >>> > >>> }} >>> >>> that is one possibility. >>> >>> even greater is op is a 'user', not 'root'. > > > Here's a question to OP: how did you log into the system? If as *user*, > rather than as root, the filesystem is busy because you're logged on, and > in it. > > Missed some of the posts overnight - has anyone asked for the o/p of df -h? > > mark > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- "replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem." ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Can't delete or move /home on 7.3 install
Tried this in both AWS and GCE as I though it may be a specific cloud vendor issue. SELinux is disabled, lsof | grep home shows nothing, lsattr /home shows nothing. Simply get "Device or resource busy." Works just find on 7.2 so I'm kinda at a loss. Scanned over the RHEL release notes and didn't see anything. Anyone else have this issue? We move our /home to another mount point and symlink /home to it .. -- "replicants are like any other machine. They're either a benefit or a hazard. If they're a benefit, it's not my problem." ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to view a picture under shell?
thanks a lot, I also found the project at https://sourceforge.net/projects/aa-project/files/?source=navbar, Thanks. 2016-11-02 2:19 GMT+08:00 Julius Tchanque : > Hi Glenn, > I found this project similar to what you want: https://github.com/ > MilenMMinev/AsciiViewer > > Regards, > Julius > On 1 November 2016 at 03:43, Glenn WANG wrote: > > > hi, all, is there any command(such asciiview) to view the picture under > > bash shell? I found the asciiview could meet my requirement, but how to > > install it on centos? thanks. > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] how to view a picture under shell?
hi, all, is there any command(such asciiview) to view the picture under bash shell? I found the asciiview could meet my requirement, but how to install it on centos? thanks. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
I did :)
I'm all for an easy life.
I got a very similar error
instead of but no connection has been authorized with policy RSASIG+IKEV1_ALLOW
I got
but no connection has been authorized with policy PSK+IKEV1_ALLOW
I did read somewhere though errors are re herrings which is helpful.
Thanks
On 1 April 2016 at 18:39, Eero Volotinen wrote:
> IPSec is very complex with certificates. try first with PSK authentication
> and then with certificates
>
> --
> Eero
>
> 2016-04-01 20:21 GMT+03:00 Glenn Pierce :
>
>> I generated according to the docs . Which produced
>> my server.secrets as below
>>
>> used the command
>>
>> ipsec newhostkey --configdir /etc/ipsec.d --output
>> /etc/ipsec.d/www.example.com.secrets
>>
>>
>> : RSA {
>> # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016
>> # for signatures only, UNSAFE FOR ENCRYPTION
>>
>> #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>> Modulus:
>>
>> 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33
>> PublicExponent: 0x03
>> # everything after this point is CKA_ID in hex format - not
>> the real values
>> PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
>> }
>> # do not change the indenting of that "}"
>>
>> On 1 April 2016 at 18:04, Eero Volotinen wrote:
>> > You must define connection address and key in ipsec.secrets.
>> >
>> > --
>> > Eero
>> >
>> >
>> > 2016-04-01 19:38 GMT+03:00 Glenn Pierce :
>> >
>> >> Just trying to follow the instructions here
>> >>
>> >>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
>> >>
>> >> I don't think I am doing anything special.
>> >>
>> >> At the point where there is some communication going on
>> >>
>> >> Getting this error
>> >>
>> >> packet from *:1024: received Vendor ID payload [Cisco-Unity]
>> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from
>> >> ***:1024: received Vendor ID payload [Dead Peer Detection]
>> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
>> >> :1024: initial Main Mode message received on :500 but no
>> >> connection has been authorized with policy RSASIG+IKEV1_ALLOW
>> >>
>> >> The errors are so vague.
>> >> Not sure what the problem is now
>> >>
>> >>
>> >>
>> >> My conf
>> >>
>> >>
>> >>
>> >> conn tunnel
>> >> #phase2alg=aes256-sha1;modp1024
>> >> keyexchange=ike
>> >> #ike=aes256-sha1;modp1024
>> >> left=192.168.1.122
>> >> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss
>> >> (I am
Re: [CentOS] Libreswan PEM format
I generated according to the docs . Which produced
my server.secrets as below
used the command
ipsec newhostkey --configdir /etc/ipsec.d --output
/etc/ipsec.d/www.example.com.secrets
: RSA {
# RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
Modulus:
0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33
PublicExponent: 0x03
# everything after this point is CKA_ID in hex format - not
the real values
PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514
}
# do not change the indenting of that "}"
On 1 April 2016 at 18:04, Eero Volotinen wrote:
> You must define connection address and key in ipsec.secrets.
>
> --
> Eero
>
>
> 2016-04-01 19:38 GMT+03:00 Glenn Pierce :
>
>> Just trying to follow the instructions here
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
>>
>> I don't think I am doing anything special.
>>
>> At the point where there is some communication going on
>>
>> Getting this error
>>
>> packet from *:1024: received Vendor ID payload [Cisco-Unity]
>> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from
>> ***:1024: received Vendor ID payload [Dead Peer Detection]
>> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***
>> :1024: initial Main Mode message received on :500 but no
>> connection has been authorized with policy RSASIG+IKEV1_ALLOW
>>
>> The errors are so vague.
>> Not sure what the problem is now
>>
>>
>>
>> My conf
>>
>>
>>
>> conn tunnel
>> #phase2alg=aes256-sha1;modp1024
>> keyexchange=ike
>> #ike=aes256-sha1;modp1024
>> left=192.168.1.122
>> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss
>> (I am testing at home)
>>
>> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw==
>> right=89.200.134.211
>>
>> rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1
Re: [CentOS] Libreswan PEM format
Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***:1024: received Vendor ID payload [Dead Peer Detection] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** :1024: initial Main Mode message received on :500 but no connection has been authorized with policy RSASIG+IKEV1_ALLOW The errors are so vague. Not sure what the problem is now My conf conn tunnel #phase2alg=aes256-sha1;modp1024 keyexchange=ike #ike=aes256-sha1;modp1024 left=192.168.1.122 leftnexthop=81.129.247.152 # My ISP assigned external ip adresss (I am testing at home) leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== right=89.200.134.211 rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== authby=secret|rsasig # load and initiate automatically auto=start conn site1 also=tunnel leftsubnet=10.0.128.0/22 rightsubnet=192.168.1.222/32 conn site2 also=tunnel On 1 April 2016 at 15:58, Eero Volotinen wrote: > So you are using pkcs12 on centos: > > https://www.sslshopper.com/article-most-common-openssl-commands.html > -- > Eero > > 2016-04-01 17:44 GMT+03:00 Glenn Pierce : > >> Sorry but I have looked for over two days. Trying every command I could >> find. >> >> There is obviously a misunderstanding somewhere. >> >> After generating a key pair with >> ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets >> >> I exported to a file with >> ipsec showhostkey --ipseckey > file >> >> The man pages says >> ipsec showhostkey outputs in ipsec.conf(5) format, >> >> Ie >> >> >> ***.server.net.INIPSECKEY 10 0 2 . >> >> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> >> >> is this the format openssl is meant to beable to convert ? or is the >> an intermediate step I am missing as like I said not command I found >> seems to work. >> >> >> On 1 April 2016 at 14:35, Eero Volotinen wrote: >> > It works, try googling for openssl pem conversion >> > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: >> > >> >> I have tried >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >> >> >> >> I get >> >> unable to load Private Key >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >> >> >> >> >> >> >> >> On 1 April 2016 at 13:59, Eero Volotinen wrote: >> >> > You can do any kind of format conversions with openssl commandline >> >> client. >> >> > >> >> > Eero >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >> >> > >> >> >> Hi I am trying to setup a libreswa
Re: [CentOS] Libreswan PEM format
I just removed the name. I will be regenerating again. To be honest if an attacker to get this to work I would buy then a drink :) On 1 April 2016 at 17:01, Gordon Messmer wrote: > On 04/01/2016 07:44 AM, Glenn Pierce wrote: >> >> Ie >> ***.server.net.INIPSECKEY 10 0 2 . > > > Was that a key that you generated as an example, or your actual VPN key? > The fact that you obscured part of it makes me think it might be the latter, > but if that's the case, you really should generate a new key for your > server. The part you obscured isn't the sensitive part. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
Typical I think I just did it . I downloaded a perl script to do it at https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl First I did ipsec showhostkey --right > right.pub I then edited the file to remove the ipsec key = line Then I converted with perl pubkey-converter.pl -p < right.pub > /home/glenn/right.pub On 1 April 2016 at 15:44, Glenn Pierce wrote: > Sorry but I have looked for over two days. Trying every command I could find. > > There is obviously a misunderstanding somewhere. > > After generating a key pair with > ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets > > I exported to a file with > ipsec showhostkey --ipseckey > file > > The man pages says > ipsec showhostkey outputs in ipsec.conf(5) format, > > Ie > > > ***.server.net.INIPSECKEY 10 0 2 . > AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > > > is this the format openssl is meant to beable to convert ? or is the > an intermediate step I am missing as like I said not command I found > seems to work. > > > On 1 April 2016 at 14:35, Eero Volotinen wrote: >> It works, try googling for openssl pem conversion >> 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: >> >>> I have tried >>> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >>> >>> I get >>> unable to load Private Key >>> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >>> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >>> >>> >>> >>> On 1 April 2016 at 13:59, Eero Volotinen wrote: >>> > You can do any kind of format conversions with openssl commandline >>> client. >>> > >>> > Eero >>> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >>> > >>> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >>> >> router. >>> >> >>> >> I am try to get the keys working. My problem is the Mikrotik router >>> >> wants the key in PEM format >>> >> >>> >> How do I export the keys generated with ipsec newhostkey >>> >> into PEM format ? >>> >> >>> >> >>> >> Thanks >>> >> ___ >>> >> CentOS mailing list >>> >> CentOS@centos.org >>> >> https://lists.centos.org/mailman/listinfo/centos >>> >> >>> > ___ >>> > CentOS mailing list >>> > CentOS@centos.org >>> > https://lists.centos.org/mailman/listinfo/centos >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.INIPSECKEY 10 0 2 . AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== is this the format openssl is meant to beable to convert ? or is the an intermediate step I am missing as like I said not command I found seems to work. On 1 April 2016 at 14:35, Eero Volotinen wrote: > It works, try googling for openssl pem conversion > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: > >> I have tried >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >> >> I get >> unable to load Private Key >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >> >> >> >> On 1 April 2016 at 13:59, Eero Volotinen wrote: >> > You can do any kind of format conversions with openssl commandline >> client. >> > >> > Eero >> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >> > >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >> >> router. >> >> >> >> I am try to get the keys working. My problem is the Mikrotik router >> >> wants the key in PEM format >> >> >> >> How do I export the keys generated with ipsec newhostkey >> >> into PEM format ? >> >> >> >> >> >> Thanks >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY On 1 April 2016 at 13:59, Eero Volotinen wrote: > You can do any kind of format conversions with openssl commandline client. > > Eero > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: > >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >> router. >> >> I am try to get the keys working. My problem is the Mikrotik router >> wants the key in PEM format >> >> How do I export the keys generated with ipsec newhostkey >> into PEM format ? >> >> >> Thanks >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Libreswan PEM format
Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik router. I am try to get the keys working. My problem is the Mikrotik router wants the key in PEM format How do I export the keys generated with ipsec newhostkey into PEM format ? Thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
I'm Sur my boss will agree. Looks like I have a multi terra byte postgres move to look forward to. Thanks evryone -Original Message- From: "m.r...@5-cent.us" Sent: 21/03/2016 20:03 To: "CentOS mailing list" Subject: Re: [CentOS] IPSec multiple VPN setups Glenn Pierce wrote: > Yes reinstall. I get you have to purchase a new instance for a time to > move over. I'd figure that they just move you to an instance that's already running a newer version of the o/s, giving you time to test for breakage. I really don't see them charging, except, possibly, for running in parallel during testing. mark > > -Original Message- > From: "Eero Volotinen" > Sent: 21/03/2016 18:38 > To: "CentOS mailing list" > Subject: Re: [CentOS] IPSec multiple VPN setups > > err. upgrades? > > You mean reinstall? As upgrading between major releases are not supported > in any way on centos / rhel and clones.. > > -- > Eero > > 2016-03-21 20:33 GMT+02:00 : > >> Glenn Pierce wrote: >> > I asked about upgrading once and got no reply. Does anyone have >> experience >> > of having a hosted centos upgraded on a virtual server. Would you >> usually >> > have to pay for a transition instance ? >> > >> I pay for my own hosting (5-cent.us) at hostmonster. They've done >> upgrades, and they announced it to *me*, and no, I didn't pay anything. >> And I'm just a "consumer grade" - something like $6US/month. >> >> I would expect *far* more for commercial hosting. >> >> mark >> >> > -Original Message- >> > From: "Eero Volotinen" >> > Sent: 21/03/2016 18:11 >> > To: "CentOS mailing list" >> > Subject: Re: [CentOS] IPSec multiple VPN setups >> > >> > Memset.com ? In real world, rhel 5/centos 5 gets only critical >> security >> > patches. >> > >> > Eero >> > 21.3.2016 7.54 ip. kirjoitti: >> > >> >> Glenn Pierce wrote: >> >> > Will ask my boss :) We are hosted on memset so not so easy to >> update >> >> > >> >> > Thanks >> >> >> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 >> years >> >> ago? They haven't sent warnings that 5 was hitting eol? >> >> >> >> Who are they, please? I want to make sure that if someone asks me >> about >> >> hosting, I can add that to places they should avoid. >> >> >> >> mark >> >> >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Yes reinstall. I get you have to purchase a new instance for a time to move over. -Original Message- From: "Eero Volotinen" Sent: 21/03/2016 18:38 To: "CentOS mailing list" Subject: Re: [CentOS] IPSec multiple VPN setups err. upgrades? You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones.. -- Eero 2016-03-21 20:33 GMT+02:00 : > Glenn Pierce wrote: > > I asked about upgrading once and got no reply. Does anyone have > experience > > of having a hosted centos upgraded on a virtual server. Would you usually > > have to pay for a transition instance ? > > > I pay for my own hosting (5-cent.us) at hostmonster. They've done > upgrades, and they announced it to *me*, and no, I didn't pay anything. > And I'm just a "consumer grade" - something like $6US/month. > > I would expect *far* more for commercial hosting. > > mark > > > -Original Message- > > From: "Eero Volotinen" > > Sent: 21/03/2016 18:11 > > To: "CentOS mailing list" > > Subject: Re: [CentOS] IPSec multiple VPN setups > > > > Memset.com ? In real world, rhel 5/centos 5 gets only critical security > > patches. > > > > Eero > > 21.3.2016 7.54 ip. kirjoitti: > > > >> Glenn Pierce wrote: > >> > Will ask my boss :) We are hosted on memset so not so easy to update > >> > > >> > Thanks > >> > >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years > >> ago? They haven't sent warnings that 5 was hitting eol? > >> > >> Who are they, please? I want to make sure that if someone asks me about > >> hosting, I can add that to places they should avoid. > >> > >> mark > >> > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
I asked about upgrading once and got no reply. Does anyone have experience of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ? -Original Message- From: "Eero Volotinen" Sent: 21/03/2016 18:11 To: "CentOS mailing list" Subject: Re: [CentOS] IPSec multiple VPN setups Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches. Eero 21.3.2016 7.54 ip. kirjoitti: > Glenn Pierce wrote: > > Will ask my boss :) We are hosted on memset so not so easy to update > > > > Thanks > > Um, wait a minute: you're hosted? And they haven't pushed you to 6 years > ago? They haven't sent warnings that 5 was hitting eol? > > Who are they, please? I want to make sure that if someone asks me about > hosting, I can add that to places they should avoid. > > mark > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
To be fair its not highly sensitive info we are dealing with. -Original Message- From: "Eero Volotinen" Sent: 21/03/2016 17:51 To: "CentOS mailing list" Subject: Re: [CentOS] IPSec multiple VPN setups Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" kirjoitti: > Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > > > > Eero > > 21.3.2016 7.25 ip. "Mike - st257" kirjoitti: > > > >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 > >> wrote: > >> > >> > I second Eero's comment, use a new IPSec daemon. > >> > > >> > Openswan was forked and became Libreswan. Paul, now a RH employee, > was a > >> > main developer for the Openswan project before he and others created > the > >> > Libreswan fork. > >> > https://libreswan.org/ > >> > > >> > EL6 has Openswan > >> > EL7 has Libreswan > >> > > >> > Racoon isn't all that fun to work with. > >> > If you have the option, ditch it and EL5 and move to a newer platform > >> > (preferably EL7 with Libreswan). > >> > > >> > >> There's an RPM spec file (though I've not used it) for building Openswan > >> for EL5. > >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 > >> > >> Additionally, here's some info but I advise against the Racoon IPSec > >> daemon. > >> > >> > https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html > >> https://wiki.debian.org/IPsec > >> > >> > >> > > >> > > >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen < > eero.voloti...@iki.fi> > >> > wrote: > >> > > >> >> Yes you can. Please use newer version of centos and strong/openswan. > >> >> > >> >> Eero > >> >> 21.3.2016 7.05 ip. "Glenn Pierce" kirjoitti: > >> >> > >> >> > Hi I hope someone can answer something I'm sure is quite basic. > >> >> > > >> >> > I am following the instructions at > >> >> > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > >> >> > On setting up a VPN > >> >> > > >> >> > The part I am having trouble with is when it show the > >> >> > /etc/racoon/racoon.conf file. > >> >> > But it doesn't say whay you have to do with this file. > >> >> > > >> >> > When I bring up my connection > >> >> > > >> >> > ifup bicester > >> >> > > >> >> > I get > >> >> > RTNETLINK answers: No such device > >> >> > > >> >> > looking at /var/messages I see > >> >> > > >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in > >> >> use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > >> >> > used as isakmp port (fd=25) > >> >> > > >> >> > There was an existing setup done long ago. > >> >> > > >> >> > How can I setup more than one vpn connection (manually as this is a > >> >> > headless server) > >> >> > or is that not possible ? > >> >> > > >> >> > Thanks for any pointers > >> >> > ___ > >> >> > CentOS mailing list > >> >> > CentOS@centos.org > >> >> > https://lists.centos.org/mailman/listinfo/centos > >> >> > > >> >> ___ > >> >> CentOS mailing list > >> >> CentOS@centos.org > >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> > >> > > >> > > >> > > >> > -- > >> > ---~~.~~--- > >> > Mike > >> > // SilverTip257 // > >> > > >> > >> > >> > >> -- > >> ---~~.~~--- > >> Mike > >> // SilverTip257 // > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Will ask my boss :) We are hosted on memset so not so easy to update Thanks On 21 March 2016 at 17:36, Eero Volotinen wrote: > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > > Eero > 21.3.2016 7.25 ip. "Mike - st257" kirjoitti: > >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 >> wrote: >> >> > I second Eero's comment, use a new IPSec daemon. >> > >> > Openswan was forked and became Libreswan. Paul, now a RH employee, was a >> > main developer for the Openswan project before he and others created the >> > Libreswan fork. >> > https://libreswan.org/ >> > >> > EL6 has Openswan >> > EL7 has Libreswan >> > >> > Racoon isn't all that fun to work with. >> > If you have the option, ditch it and EL5 and move to a newer platform >> > (preferably EL7 with Libreswan). >> > >> >> There's an RPM spec file (though I've not used it) for building Openswan >> for EL5. >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 >> >> Additionally, here's some info but I advise against the Racoon IPSec >> daemon. >> >> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html >> https://wiki.debian.org/IPsec >> >> >> > >> > >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen >> > wrote: >> > >> >> Yes you can. Please use newer version of centos and strong/openswan. >> >> >> >> Eero >> >> 21.3.2016 7.05 ip. "Glenn Pierce" kirjoitti: >> >> >> >> > Hi I hope someone can answer something I'm sure is quite basic. >> >> > >> >> > I am following the instructions at >> >> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html >> >> > On setting up a VPN >> >> > >> >> > The part I am having trouble with is when it show the >> >> > /etc/racoon/racoon.conf file. >> >> > But it doesn't say whay you have to do with this file. >> >> > >> >> > When I bring up my connection >> >> > >> >> > ifup bicester >> >> > >> >> > I get >> >> > RTNETLINK answers: No such device >> >> > >> >> > looking at /var/messages I see >> >> > >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in >> >> use). >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> >> > (Address already in use). >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> >> > (Address already in use). >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> >> > (Address already in use). >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] >> >> > (Address already in use). >> >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] >> >> > used as isakmp port (fd=25) >> >> > >> >> > There was an existing setup done long ago. >> >> > >> >> > How can I setup more than one vpn connection (manually as this is a >> >> > headless server) >> >> > or is that not possible ? >> >> > >> >> > Thanks for any pointers >> >> > ___ >> >> > CentOS mailing list >> >> > CentOS@centos.org >> >> > https://lists.centos.org/mailman/listinfo/centos >> >> > >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > >> > >> > >> > -- >> > ---~~.~~--- >> > Mike >> > // SilverTip257 // >> > >> >> >> >> -- >> ---~~.~~--- >> Mike >> // SilverTip257 // >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] IPSec multiple VPN setups
Hi I hope someone can answer something I'm sure is quite basic. I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file. When I bring up my connection ifup bicester I get RTNETLINK answers: No such device looking at /var/messages I see ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25) There was an existing setup done long ago. How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ? Thanks for any pointers ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Socket behavior change from 6.5 to 6.6
I'd like to thank everyone for their replies and advice. I'm sorry it took so long for me to respond; I took a long weekend after a long shift. Some remaining questions can be found in the final section of this posting. The summary (I hope i have all of this correct): Problem: A DOS box (client) connects to a Linux box (server) using the same local port (1025) on the client each time. The client sends data which the server reads; the server is passive and does not write any data. If the client crashes and fails to properly close the connection, under CentOS 6.5, the unclosed listener on the server receives a 0-length recv(), allowing for a "clean" reconnect; under 6.6, it does not, and the client unsuccessfully retries the reconnect endlessly. Diagnosis: Because the client is connecting using the same port every time, the server sees the same 5-tuple each time. At that point, the reconnection should fail until the old socket on the server is closed, and the previous behavior of receiving a 0-length recv() on the old server socket is unsupported and unreliable. Until the update to CentOS 6.6 'broke' the existing functionality, I had never looked deeply into the connection between the client and the server; it 'just worked', so I left it alone. Once it did break, I realized that because the client was connecting on the same port every time, the whole setup might have been relying on unsupported behavior. My workaround: I unfortunately had to implement an emergency workaround before receiving any replies. Fortunately, the client also sends status messages to the same computer (but a different server program) over a serial-port side-channel (well, it's more complicated than that, but anyway). I set up a listener for a "failed connection" status message which signal()s the server program to close all client connections (but not the bound dispatchers) and thereby force all clients to reconnect. It's a cheat and a cheesy hack, but it works. Other diagnostics: One test I intend to run in a couple of weeks (next opportunity) is to boot the CentOS 6.6 box with the older kernel, in order to find out whether the behavior change is in the kernel or in the libraries. Correct solutions: 1) Client port: The client should be connecting on a random, ephemeral port like a good client instead of on a fixed port, which I suspected. I don't know if this can be changed (due to a really dumb binary TCP driver). 2) Protocol change: The server never writes to the socket in the existing protocol, and can therefore never find out that the connection is dead. Writing to the socket would reveal this. But what happens if the server writes to the socket, and the client never reads? (We do, as it happens, have access to the client software, so the protocol can be fixed eventually. But I'm still curious as to the answer.) 3) Several people suggested using SO_REUSEADDR and/or an SO_LINGER of zero to drop the socket out of TIME_WAIT, but does the socket enter TIME_WAIT as soon as the client crashes? I didn't think so, but I may be wrong. 4) Several people suggested SO_KEEPALIVE, but those occur only after hours unless you change kernel parameters via procfs and/or sysctl, and when the client crashes, I need recovery right away, not hours down the road. Time here is literally worth a dollar per second, roughly. Anyway, thanks for the discusssion and helpful links. At one time I knew all this stuff, but it has been 20 years since I had to dig into the TCP protocol this deeply. -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Socket behavior change from 6.5 to 6.6
[I wish I knew how to get the mailing list to thread my replies properly in the archives; I subscribe to the daily digest, and replying to that doesn't do it.] Greg Lindahl wrote: > On Thu, Jan 15, 2015 at 03:40:08PM -0300, Glenn Eychaner wrote: > > > My only theory is that this has something to do with non-ephemeral ports and > > socket reuse, but I'm not sure what. > > If you want a quick detection that the link is dead, have the server > occasionally send bytes to the dos box. You will get an immediate > error if the dos box is up and knows that connection is kaput. What if I am sending bytes to the DOS box, but it never reads the socket? (Let us assume, for the sake of argument, that I can't change the DOS box software. In fact, I can, but it's more difficult than changing the Linux end.) Won't that either result in my detecting the socket as "dead" when it is not, or eventually overflowing the socket buffering? > Given that the port numbers of the new connection are the same, I'm > kind of surprised that the behavior changed from 6.5 to 6.6, but, I > always use defensive programming (sending those extra bytes). I was super-surprised by the change, in that I fully tested the upgrade on my simulator system before deploying, and still got bit on deployment. Of course, the simulator doesn't have a real DOS box, just a simulation process that sends the images. [And, I also recently got bit by this http://www.macstadium.com/blog/osx-10-9-mavericks-bugs/ after upgrading some Macs. Sigh, network issues.] Alex from Germany wrote: > Since you always use the same local port - > maybe you need to set SO_REUSEADDR option. I assume I would have to set that on the client (DOS) side (the box which is using the same local port 1025 each time); setting it on the bound-listener socket on the Linux side doesn't seem like it would do anything to resolve the issue, based on my reading of SO_REUSEADDR on the net: http://www.unixguide.net/network/socketfaq/4.5.shtml http://stackoverflow.com/questions/14388706/ -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Socket behavior change from 6.5 to 6.6
I will try to explain this as best I can. I have two computers; one a Supermicro X10SAE running CentOS 6, the other a very old DOS box.[*] The DOS box runs a CCD camera, sending images via Ethernet to the X10SAE. Thus, the X10SAE runs a Python server on port 5700 (a socket which binds to 5700 and listens, and then accepts a connection from the DOS box; nothing fancy).[**] The DOS box connects to the server and sends images. This all works great, except: When the DOS box exits, crashes, or is rebooted, it fails to shut down the socket properly. Under CentOS 6.5, upon reboot, when the DOS box would attempt to reconnect, the original accepted server socket would (after a couple of connection attempts from the DOS box) see a 0-length recv and close, allowing the server to accept a new connection and resume receiving images. Under CentOS 6.6, the server never sees the 0-length recv. The DOS box flails away attempting to reconnect forever, and the server never seems to get any type of signal that the DOS box is attempting to reconnect. Possibly relevant facts: - The DOS box uses the same local port (1025) every time it tries to connect. It does not use a random ephemeral port. - The exact same code was tested on a CentOS 6.5 and 6.6 box, resulting in the described behavior. The boxes were identical clones except for the O/S upgrade. - The Python interpreter was not changed during the upgrade, because I run this code using my own 2.7.2 install. However, both glibc and the kernel were upgraded as part of the O/S upgrade. My only theory is that this has something to do with non-ephemeral ports and socket reuse, but I'm not sure what. It is entirely possible that some low-level socket option default has changed between 6.5 and 6.6, and I wouldn't know it. It is also possible that I have been relying on unsupported behavior this whole time, and that the current behavior is actually correct. Does anyone have any insight they can offer? [*] Hardware is not an issue; in fact, I have two identical systems, each of which has one X10SAE and three DOS boxes. But the problem can be boiled down to a single pair. [**] I'm actually using an asyncore.dispatcher to do the bind/listen, and then tossing the accept()ed socket into an asynchat. But I actually went ahead and put a trap on socket.recv() just to be sure that I'm not swallowing the 0-length recv by accident. -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] machine check exception
You have (AFAIK) provided no details as to which version of CentOS you are running nor of your hardware, but I'll try to help as I can. (In fact, it is unclear whether the MCE crashed your system or not!) I had a set of systems that occasionally logged MCEs (memory partity errors, in my case), and spent a month tearing into them. First, make sure that "mcelog" is installed on your system. If you are running 64-bit CentOS 6, you should be able to "yum install mcelog". If you are running 32-bit CentOS 6 or CentOS 5, you'll have to download mcelog from the source (http://www.mcelog.org) and install it yourself, but if that is the case, let me know and I'll send further help. (I don't know about CentOS 7.) Second, make sure mcelogd is running at all times using system-config-services or chkconfig. Once you have done these two things, the next time you see an MCE, you should get an entry in /var/log/mcelog. This will tell you a LOT more about the MCE. Post the MCE here and/or Email it to me (I skim the digest and may miss a single post), and we can break it down further from there. [In my case, changing the memory had no effect on the MCEs, nor did any number of other suggested solutions; I eventually decided that since they were "corrected memory parity errors", and thus non-fatal to processes or the system, I would ignore them. And as of the last kernel update, I don't see them any more, though I have not dug more deeply to see if there was some causal connection.] -G. On Oct 15, 2014, at 9:00 AM, centos-requ...@centos.org wrote: > Unfortunately, No iLO Event Logs and IML Logs configured on the server. > > Can anybody suggest which tools on the server I can configure so next time > server will have all the log records. Its really hard to prove to the > peoples that the issue is at hardware level (When the Hardware vendor and > Application Owners are from different companies ). -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Machine check events
m.roth writes: > Is the system still under warranty? How 'bout the memory, if you've > replaced it? You *should* replace it. It's not going to get better This is brand-new Kingston 1600MHz ECC memory on a workstation/server running at high altitude in a relatively open environment; I am loath to replace it based on a single correctable parity error every few days. Especially since both active computers are (thus far) seeing about the same error frequency (though it will take many more days or even weeks to determine that for certain; I haven't seen one in the last three days on either active computer), and memtest was run on these computers overnight (18+ hours) between build and deployment without apparent issue. [The computers were built in the states and then shipped 10,000 miles to the observatory location.] And the turnaround time from the observatory to the U.S. on servicing is no small matter. I have five of these computers (two active, one "hot" spare, one "cold" spare, one test system); if in the long run one proves to be a problem, i will deal with it at that time. If the memory is a bad batch, I'll need more proof. -G. On Nov 27, 2013, at 3:56 PM, Glenn Eychaner wrote: > And all that work was done to get this, output of a corrected memory parity > error. I get about one of these per workstation per 3 days, more or less; is > this a surprising number? (The workstation under the heaviest load gets > more, while the idle spare gets none at all; no surprise there!) > > MCE 6 > CPU 1 BANK 0 > TIME 1385426237 Mon Nov 25 21:37:17 2013 > MCG status: > MCi status: > Corrected error > Error enabled > MCA: Internal parity error > STATUS 904f0005 MCGSTATUS 0 > MCGCAP c09 APICID 2 SOCKETID 0 > CPUID Vendor Intel Family 6 Model 60 -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Machine check events
And all that work was done to get this, output of a corrected memory parity error. I get about one of these per workstation per 3 days, more or less; is this a surprising number? (The workstation under the heaviest load gets more, while the idle spare gets none at all; no surprise there!) MCE 6 CPU 1 BANK 0 TIME 1385426237 Mon Nov 25 21:37:17 2013 MCG status: MCi status: Corrected error Error enabled MCA: Internal parity error STATUS 904f0005 MCGSTATUS 0 MCGCAP c09 APICID 2 SOCKETID 0 CPUID Vendor Intel Family 6 Model 60 Anyway, -G. On Nov 27, 2013, at 3:32 PM, Glenn Eychaner wrote: > On further, further, further toying, I now have mcelog running on my 32-bit > CentOS 6 systems! I admit to doing it the "dumb" way: I grabbed the source > from the git repository, compiled and installed it, and THEN discovered > that the init.d file supplied with the source was not CentOS compatible, so > I grabbed the x86-64 RPM, extracted the startup files, and copied them into > place. The RPM was small enough to make this easy. > > What I SHOULD have done is to grab the source RPM, replace the source with > the latest source, build and install the source RPM, and then repackage the > RPMs again for future consumption. Maybe I will try that at a future date, > but > I don't really have time today. > > -G. > > On Nov 26, 2013, at 11:11 AM, Glenn Eychaner wrote: > >> On further, further investigation, it looks like according to the mcelog >> install >> guide at http://www.mcelog.org/installation.html, I could "roll my own" for >> 32-bit >> CentOS 6: >> >> "For bad page offlining you will need a 2.6.33+ kernel or a 2.6.32 kernel >> with >> the soft offlining capability backported (like RHEL6 or SLES11-SP1)" >> "The kernel has to have CONFIG_X86_MCE enabled. For 32bit kernels you >> need at least a 2.6,30 kernel." >> >> The current kernel I am running is 2.6.32-358.23.2, but I can't tell whether >> it >> has CONFIG_X86_MCE enabled. How can I find this out? >> >> JD writes: >> >>> yum info mcelog >>> ... >>> Description : mcelog is a daemon that collects and decodes Machine Check >>> : Exception data on x86-64 machines. >>> >>> So not for 32-bit... >> >> On Nov 26, 2013, at 9:25 AM, Glenn Eychaner wrote: >> >>> Further investigation seems to indicate that these events should be handled >>> by "mcelog" or "mced". However, there is no /var/log/mcelog, nor do I have a >>> "mcelog" or "mced" binary, nor does yum seem to contain anything related >>> (based on "yum whatprovides '*/mcelog'" and similar queries). >>> >>> Thus, I still don't know what to do with these errors. Ignore them? I am >>> running 32-bit CentOS 6.4 (legacy software reasons). >>> >>> On Nov 25, 2013, at 11:05 AM, Glenn Eychaner wrote: >>> >>>> On my new Haswell-based machines, I am occasionally seeing entries like the >>>> following in /var/log/messages: >>>>kernel: [Hardware Error]: Machine check events logged >>>> (I would not have even noticed them, except that they get flagged by >>>> logwatch.) >>>> These messages always occur alone, and don't seem to have a corresponding >>>> entry in any other log file in /var/log. How can I get more info about >>>> these >>>> messages? -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Machine check events
On further, further, further toying, I now have mcelog running on my 32-bit CentOS 6 systems! I admit to doing it the "dumb" way: I grabbed the source from the git repository, compiled and installed it, and THEN discovered that the init.d file supplied with the source was not CentOS compatible, so I grabbed the x86-64 RPM, extracted the startup files, and copied them into place. The RPM was small enough to make this easy. What I SHOULD have done is to grab the source RPM, replace the source with the latest source, build and install the source RPM, and then repackage the RPMs again for future consumption. Maybe I will try that at a future date, but I don't really have time today. -G. On Nov 26, 2013, at 11:11 AM, Glenn Eychaner wrote: > On further, further investigation, it looks like according to the mcelog > install > guide at http://www.mcelog.org/installation.html, I could "roll my own" for > 32-bit > CentOS 6: > > "For bad page offlining you will need a 2.6.33+ kernel or a 2.6.32 kernel with > the soft offlining capability backported (like RHEL6 or SLES11-SP1)" > "The kernel has to have CONFIG_X86_MCE enabled. For 32bit kernels you > need at least a 2.6,30 kernel." > > The current kernel I am running is 2.6.32-358.23.2, but I can't tell whether > it > has CONFIG_X86_MCE enabled. How can I find this out? > > JD writes: > >> yum info mcelog >> ... >> Description : mcelog is a daemon that collects and decodes Machine Check >>: Exception data on x86-64 machines. >> >> So not for 32-bit... > > On Nov 26, 2013, at 9:25 AM, Glenn Eychaner wrote: > >> Further investigation seems to indicate that these events should be handled >> by "mcelog" or "mced". However, there is no /var/log/mcelog, nor do I have a >> "mcelog" or "mced" binary, nor does yum seem to contain anything related >> (based on "yum whatprovides '*/mcelog'" and similar queries). >> >> Thus, I still don't know what to do with these errors. Ignore them? I am >> running 32-bit CentOS 6.4 (legacy software reasons). >> >> On Nov 25, 2013, at 11:05 AM, Glenn Eychaner wrote: >> >>> On my new Haswell-based machines, I am occasionally seeing entries like the >>> following in /var/log/messages: >>> kernel: [Hardware Error]: Machine check events logged >>> (I would not have even noticed them, except that they get flagged by >>> logwatch.) >>> These messages always occur alone, and don't seem to have a corresponding >>> entry in any other log file in /var/log. How can I get more info about these >>> messages? -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Machine check events
On further, further investigation, it looks like according to the mcelog install guide at http://www.mcelog.org/installation.html, I could "roll my own" for 32-bit CentOS 6: "For bad page offlining you will need a 2.6.33+ kernel or a 2.6.32 kernel with the soft offlining capability backported (like RHEL6 or SLES11-SP1)" "The kernel has to have CONFIG_X86_MCE enabled. For 32bit kernels you need at least a 2.6,30 kernel." The current kernel I am running is 2.6.32-358.23.2, but I can't tell whether it has CONFIG_X86_MCE enabled. How can I find this out? Thanks, -G. JD writes: > yum info mcelog > ... > Description : mcelog is a daemon that collects and decodes Machine Check > : Exception data on x86-64 machines. > > So not for 32-bit... On Nov 26, 2013, at 9:25 AM, Glenn Eychaner wrote: > Further investigation seems to indicate that these events should be handled > by "mcelog" or "mced". However, there is no /var/log/mcelog, nor do I have a > "mcelog" or "mced" binary, nor does yum seem to contain anything related > (based on "yum whatprovides '*/mcelog'" and similar queries). > > Thus, I still don't know what to do with these errors. Ignore them? I am > running 32-bit CentOS 6.4 (legacy software reasons). > > On Nov 25, 2013, at 11:05 AM, Glenn Eychaner wrote: > >> On my new Haswell-based machines, I am occasionally seeing entries like the >> following in /var/log/messages: >> kernel: [Hardware Error]: Machine check events logged >> (I would not have even noticed them, except that they get flagged by >> logwatch.) >> These messages always occur alone, and don't seem to have a corresponding >> entry in any other log file in /var/log. How can I get more info about these >> messages? > -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Machine check events
Further investigation seems to indicate that these events should be handled by "mcelog" or "mced". However, there is no /var/log/mcelog, nor do I have a "mcelog" or "mced" binary, nor does yum seem to contain anything related (based on "yum whatprovides '*/mcelog'" and similar queries). Thus, I still don't know what to do with these errors. Ignore them? I am running 32-bit CentOS 6.4 (legacy software reasons). -G. On Nov 25, 2013, at 11:05 AM, Glenn Eychaner wrote: > On my new Haswell-based machines, I am occasionally seeing entries like the > following in /var/log/messages: > kernel: [Hardware Error]: Machine check events logged > (I would not have even noticed them, except that they get flagged by > logwatch.) > These messages always occur alone, and don't seem to have a corresponding > entry in any other log file in /var/log. How can I get more info about these > messages? -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Machine check events
On my new Haswell-based machines, I am occasionally seeing entries like the following in /var/log/messages: kernel: [Hardware Error]: Machine check events logged (I would not have even noticed them, except that they get flagged by logwatch.) These messages always occur alone, and don't seem to have a corresponding entry in any other log file in /var/log. How can I get more info about these messages? Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS LiveCD on USB
On Nov 19, 2013, at 2:07 PM, Glenn Eychaner wrote: > Possibly a hardware incompatibility? (I haven't been able to test a LiveCD in > the optical drive yet, but will do so now.) The system boots a liveCD from the DVD drive just fine. It boots CentOS 6.4 from the hard disk. It boots everything BUT CentOS 6.4 LiveCD from the USB key. -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS LiveCD on USB
On Nov 19, 2013, at 1:55 PM, Glenn Eychaner wrote: > I had already gotten rid of rghb. The grub2 entry on the key for booting the > LiveCD reads: > [...] > linux /CentOS-Live/isolinux/vmlinuz0 root=UUID=A352-6D7C ro liveimg > nodiskmount nolvmmount selinux=disabled live_dir=/CentOS_Live/LiveOS D'Oh! It was obvious right after I sent the message; underscore instead of dash in live_dir. Sigh. HOWEVER, even after correcting that, it STILL doesn't boot; same exact message as before. I have a suspicion that it's not finding the USB key during the device scan, given that I can't find the USB key in /dev in rdshell. Possibly a hardware incompatibility? (I haven't been able to test a LiveCD in the optical drive yet, but will do so now.) -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS LiveCD on USB
I had already gotten rid of rghb. The grub2 entry on the key for booting the
LiveCD reads:
menuentry "CentOS 6.4 Live" {
set root=(hd0,1)
linux /CentOS-Live/isolinux/vmlinuz0 root=UUID=A352-6D7C ro liveimg nodiskmount
nolvmmount selinux=disabled live_dir=/CentOS_Live/LiveOS
initrd /CentOS-Live/isolinux/initrd0.img
}
The contents of the LiveCD appear in /CentOS_Live as one would expect. The
boot fails right after a device scan (obvious by tens of lines listing "ataN:",
"scsiN:", "sd 0:0:0:0:", etc.) with the "No root device" error below.
In the rdshell, /dev/sda shows up as the internal system hard drive rather
than the USB key. The USB key does not show up as /dev/sdb nor any
other device that I can find. Finally, I looked in /dev/mapper (duh); it
contains /dev/mapper/control, but no /dev/mapper/live-rw.
Sorry for any confusion,
-G.
m.roth wrote:
> Glenn Eychaner wrote:
> > I have been following these instructions:
> > https://www.centos.org/forums/viewtopic.php?t=501
> > to put a bunch of utilities (Clonezilla, SystemRescue, CentOS
> > netinstall/rescue, etc.) on a single USB key. It works great for
> everything (including
> > Ubuntu Live) except the CentOS 6.4 LiveCD. (You can see my postings at
> the bottom of
> > the forum.) When booting the LiveCD, I got:
> > Kernel panic - not syncing: Attempted to kill init!
> > Pid: 1, comm: init Not tainted 2.6.32-358.el6.i686 #1
> > After removing "quiet" and adding "selinux=disabled", I got more
>
> Get rid of rhgb, too.
>
> > information; the boot stalls after finding devices, and gives:
> > No root device "block:/dev/mapper/live-rw" found
> > dracut suggests adding "rdshell", which I did. This was not helpful (I
> > had no idea what to do in the dracut shell), but did notice that in the
> dracut
>
> > shell /dev/ did NOT seem to contain my USB drive at /dev/sdb as I would
> expect.
>
> When you boot from a USB key, it always shows as /dev/sda. Second, rdshell
> is a grub shell.
>
> Are you trying to boot from the USB? If so, I'd fix the grub menu on that,
> if it's on /dev/sda1 of the flash drive, to use /dev/sda2 for the root=
--
Glenn Eychaner (geycha...@lco.cl)
Telescope Systems Programmer, Las Campanas Observatory
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS LiveCD on USB
I have been following these instructions: https://www.centos.org/forums/viewtopic.php?t=501 to put a bunch of utilities (Clonezilla, SystemRescue, CentOS netinstall/rescue, etc.) on a single USB key. It works great for everything (including Ubuntu Live) except the CentOS 6.4 LiveCD. (You can see my postings at the bottom of the forum.) When booting the LiveCD, I got: Kernel panic - not syncing: Attempted to kill init! Pid: 1, comm: init Not tainted 2.6.32-358.el6.i686 #1 After removing "quiet" and adding "selinux=disabled", I got more information; the boot stalls after finding devices, and gives: No root device "block:/dev/mapper/live-rw" found dracut suggests adding "rdshell", which I did. This was not helpful (I had no idea what to do in the dracut shell), but did notice that in the dracut shell /dev/ did NOT seem to contain my USB drive at /dev/sdb as I would expect. (One reason it seemeed not helpful) So: 1) I used VFAT rather than ext2/3/4. Do I have to use ext2/3/4? 2) Do I need to rebuild the initramfs file somewhere in the CentOS LiveCD directory? 3) Is this just a straight-up hardware incompatibility? The computer is a brand-new SuperMicro X10SAE Haswell system. Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with X11 application and Nouveau driver
Nvidia driver fixed the problem. Thank you El Repo! Where do I send you $10? (Seriously. This saved me so much time.) -G. Nicolas Thierry-Mieg wrote: > If you just want an easy solution you could try the nvidia drivers from > elrepo. Start with nvidia-detect to find out which version you need, as > explained here: > > http://elrepo.org/tiki/kmod-nvidia On Nov 13, 2013, at 5:38 PM, Glenn Eychaner wrote: > I have finally received and am configuring my new workstations eith the > NVS510 graphics cards, and have run into rather a problem. The X server > seems to be loading the NOUVEAU driver properly (based on the contents of > Xorg.0.log), but I have one X11 application that doesn't work correctly; it > runs as though XSynchronized is always True, even though it's explicitly set > to False in the code. In other words, its redraw behavior is god-awful; worse > because it auto-redraws once per second for little apparent reason. And some > of the windows draw with artifacts if they're covered and uncovered. > > Any ideas, anyone? I will gladly provide more info on request, but I'm not > an expert X11 programmer (worse, this application uses a third party wrapper > library). This is definitely new behavior on this new computer (the previous > computers, also using the Nouveau driver with GeForce 7600 cards, did not > seem to have this behavior). -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Problem with X11 application and Nouveau driver
I have finally received and am configuring my new workstations eith the NVS510 graphics cards, and have run into rather a problem. The X server seems to be loading the NOUVEAU driver properly (based on the contents of Xorg.0.log), but I have one X11 application that doesn't work correctly; it runs as though XSynchronized is always True, even though it's explicitly set to False in the code. In other words, its redraw behavior is god-awful; worse because it auto-redraws once per second for little apparent reason. And some of the windows draw with artifacts if they're covered and uncovered. Any ideas, anyone? I will gladly provide more info on request, but I'm not an expert X11 programmer (worse, this application uses a third party wrapper library). This is definitely new behavior on this new computer (the previous computers, also using the Nouveau driver with GeForce 7600 cards, did not seem to have this behavior). -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Cloning CentOS workstations
I manage a set of CentOS operations workstations which are all clones of each
other (3 "live" and 1 "spare" kept powered down); each has a single drive with
four partitions (/boot, /, /home, swap). I've already set up cron'd rsync jobs
to copy the operations accounts between the workstations on a daily basis,
so that when one fails, it is a simple, quick process to swap in the spare,
restore the accounts from one of the others, and continue operations. This has
been successfully tested in practice on more than one occasion.
However, when I perform system updates (about once a month), I like to create
a temporary "clone" of the system to an external drive before running the
update, so that I can simply swap drives or clone back if something goes
horribly wrong. I have been using "CloneZilla" to do this, but it can take a
while since it blanks each partition before copying, and requires a system
shutdown.
Question 1: Would it be sufficient to simply use CloneZilla once to initialize
the backup drive (or do it manually, but CloneZilla makes it easy-peasy), and
then use "rsync -aHx --delete" (let me know if I missed an important rsync
option) to update the clone partitions from then on? I am assuming that the
MBR typically doesn't get rewritten during system updates, though
"/etc/grub.conf" obviously does get changed.
Suppose I want to store more than one workstation on a single drive (easy),
and be able to boot into any of the stored configurations (hard). Here's what
I thought of:
1) Create a small "master" partition which contains a bootloader (such as a
CentOS rescue disk), and a single "swap" partition.
2) Create one partition "set" per workstation (/boot, /, /home, excluding
swap). Obviously, these will all likely be logical, and each workstation must
use unique labels for mounting partitions.
3) On the "master" partition, modify the bootloader menu to allow one to
chainload the /boot partitions for each configuration. (This is the "Voila!"
step that I haven't fully figured out.)
Question 2: Is there a better way to do the above? How do I perform the
"Voila!" step, i.e. what's the right chainload command for this? Also, the
chainloaded partitions are logical; is this OK?
I also have a single off-site NAS disk which contains clones of all the
critical workstations on-site. Most of them are Macs, so I can use
sparseimages on the NAS for the clones and get easy-peasy incremental
clones. I also do this for the Linux box (backing it up incrementally to an
HFS case-sensitive sparseimage via rsync), but it's (obviously) a bit of a
kludge.
Question 3: Is there a UNIX equivalent to the Mac sparseimage that I should be
using for this? ("tar -u" can do it (duh), but then the backup file grows
without bound.)
Thanks,
-G.
--
Glenn Eychaner (geycha...@lco.cl)
Telescope Systems Programmer, Las Campanas Observatory
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Tk font problem with CentOS 6
I'm having an odd problem which I can't seem to find the answer to. I have recently upgraded from CentOS 5 to CentOS 6 (using a fresh install and migrate). However, I have a bunch of Tk widgets that use font names like "12x24" and "5x7", etc. Under CentOS 5 (Tk 8.4), this worked fine; however, under CentOS 6 (Tk 8.5), this does not seem to work properly; it does not find the fonts and reverts to a (pretty, but wrong) default font. I have verified using xlsfonts, xdpyfont, etc. that the fonts exist; for example, "12x24" is apparently now an alias for: -Sony-Fixed-Medium-R-Normal--24-170-100-100-C-120-ISO8859-1 and if I specify this full name in Tk, it works fine. What am I doing wrong here, or did the enhanced font support in Tk 8.5 subtly break fonts using an "WxH" designation? -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Intel 4600 Graphics (Haswell) in CentOS 6.4
Quick question that I haven't been able to find the answer to (and not for lack of trying, believe me): Is dual-monitor display for the new Intel HD Graphics 4600 (Haswell, e.g. Intel E3-1200v3 family processors) supported in CentOS 6.4? In particular, I'm looking at a SuperMicro X10SAE; SuperMicro has already replied that triple-display only works with a VGA-HDMI-DP combo (lame) and only in Windows (lame), but had no information as to dual-display (they reported to me that only tested single-head configurations [lame] before marking it as "supported" on their website). http://www.supermicro.com/support/resources/OS/C226.cfm I already found that the Intel opensource site only has releases for Fedora 19 and Ubuntu 13, and that X.org lists the latest release as 2011Q3 and the latest support as SandyBridge: http://01.org/linuxgraphics/downloads http://www.x.org/wiki/IntelGraphicsDriver/ But the latest version of xorg-x11-drv-intel in ElRepo Extras was uploaded in March of this year, and I haven't found whether the upstream vendor backported or sideported something into the latest distribution. [Yes, I'm STILL working on the workstation configuration. We're considering putting off triple-head support to cut costs, because the dreamy NVS510 cards are expensive. It's like a morass of quicksand sometimes.] Gracias y saludos, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USB Audio sound card
On Aug 23, 2013, at 8:00 AM, centos-requ...@centos.org wrote: > From: Fred Smith > Subject: Re: [CentOS] USB Audio sound card > > On Thu, Aug 22, 2013 at 10:03:08PM -0400, Glenn Eychaner wrote: >> On Aug 22, 2013, at 3:11 PM, Glenn Eychaner wrote: >> >> I apologize. I should have said here "A quick search of the web (and the >> NewEgg >> comments) indicates that these devices generally work under *Linux*, but do >> they >> work in CentOS 6? > > good point. I should have known that's what you meant. > > however, it gives one hope. especially since many of those comments are > a couple years old, it's given time for drivers to work their way into > other distros--assuming the drivers were new at that time, and they may > not have been. > > especially that first one you ask about is dirt cheap, so maybe the way > to do it is to go buy one and try it. If I were in the U.S., I certainly would do that. As it is, I'm in Chile; if I can even find something similar here, it will likely be more expensive (I found one so far, but it's a high-end 5.1 model and costs USD$40), and ordering from the U.S. is a multiweek turnaround time. Hence, I decided to ask first and suffer the wrath of the list for "asking the obvious". -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] USB Audio sound card
On Aug 22, 2013, at 3:11 PM, Glenn Eychaner wrote: > A quick search of the web says that yes, > these devices will work under CentOS and show up as /dev/dspX devices. So, do > devices like these: I apologize. I should have said here "A quick search of the web (and the NewEgg comments) indicates that these devices generally work under *Linux*, but do they work in CentOS 6? [I have found in the past that "Works in Ubuntu YY.MM", "Works in Fedora N", do not always imply "Works in CentOS/RHEL" ; the driver support in CentOS/RHEL is sometimes more spartan than the cutting-edge distros. Of course, most of my experience is with CentOS 5; I only recently moved forward to CentOS 6 after extensive testing. What can I say? I'm as "cutting edge" as a dull butter knife.] > SYBA SD-CM-UAUD USB Stereo Audio Adapter > http://www.newegg.com/Product/Product.aspx?Item=N82E16812186035 > Turtle Beach Audio Advantage Amigo II USB Interface Sound Card & Headset > Adapter > http://www.newegg.com/Product/Product.aspx?Item=N82E16829118008 > StarTech ICUSBAUDIO USB to Stereo Audio Adapter Converter > http://www.newegg.com/Product/Product.aspx?Item=N82E16829128002 -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] USB Audio sound card
All- Ah, the saga of the 1U workstation continues. So, in all my work configuring the thing, I completely forgot about AUDIO; I only realized my mistake when I went on a cable-measuring expedition this morning. Unfortunately, none of the 1U servers I've been looking at come with audio outputs (there aren't even audio headers on the motherboard), and I've used the only availabnle slot for my fancy graphics card! Now, a lesser (or maybe smarter) individual would give up at this point, and go back to MiniITX or a 2U rackmount (if I could find a short-depth one). "Nay!" I say. What about USB Audio? I don't need 5.1 or 7.1 audio here; I'm plugging in a Dell monitor soundbar. A quick search of the web says that yes, these devices will work under CentOS and show up as /dev/dspX devices. So, do devices like these: SYBA SD-CM-UAUD USB Stereo Audio Adapter http://www.newegg.com/Product/Product.aspx?Item=N82E16812186035 Turtle Beach Audio Advantage Amigo II USB Interface Sound Card & Headset Adapter http://www.newegg.com/Product/Product.aspx?Item=N82E16829118008 StarTech ICUSBAUDIO USB to Stereo Audio Adapter Converter http://www.newegg.com/Product/Product.aspx?Item=N82E16829128002 work under CentOS 6? Is there one that anyone can recommend? -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Slightly OT: PCIe x16 card in x8 slot
So, in the ongoing saga of the unusual 1U short-depth workstation, we have narrowed the field to two choices. Both entrants are configured with 16GB memory (4x4GB), two 2.5" drives (1x250GB SSD and 1x1TB HDD), and an NVIDIA NVS510 graphic card (quad display): 1) SuperMicro 5017R-MF, Xeon E5-2609 processor 2) SuperMicro 5017C-LF, Xeon E3-1220 processor (I wish SuperMicro had a list of their servers by chassis somewhere.) I have no preference between the solutions for right now, though I have a major concern with the second solution; the PCIe slot is only x8, and the NVS510 is a x16 card. The vendor assures me that a riser/adapter can be found to plug the card into the slot, and that it will work, but I am highly concerned about the performance. I know nothing about PCIe (I haven't built a system in 10 years, though I have read the PCIe Wikipedia entries and some guides); what kind of performance hit can I expect? Also, are there any solutions I have overlooked? Thanks again, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Triple- or Quad-display single-card graphics solutions
Just found this thread http://lists.centos.org/pipermail/centos/2013-April/134212.html and Emailed the author for details. On Aug 20, 2013, at 2:52 PM, Glenn Eychaner wrote: > So, after some discussion of our new control workstations, we are iterating > in on a solution; we are looking at a 1U short-depth SuperMicro SuperServer > 5017R-MF with a graphics card in the PCI-Ex16 expansion slot. However, the > display requirements have increased to 3 or more monitors for future > expansion, so I was wondering whether anyone had any experience with triple- > or quad-display single card solutions. Thus far, I have found two promising > solutions: > > NVidia NVS 510 or 450 > Matrox M-series M9138 or M9148 > > Both these solutions claim to have Linux support, but I was wondering if > anyone had any experience with them in CentOS 6.4? And if there were any > other solutions I had overlooked? -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Triple- or Quad-display single-card graphics solutions
So, after some discussion of our new control workstations, we are iterating in on a solution; we are looking at a 1U short-depth SuperMicro SuperServer 5017R-MF with a graphics card in the PCI-Ex16 expansion slot. However, the display requirements have increased to 3 or more monitors for future expansion, so I was wondering whether anyone had any experience with triple- or quad-display single card solutions. Thus far, I have found two promising solutions: NVidia NVS 510 or 450 Matrox M-series M9138 or M9148 Both these solutions claim to have Linux support, but I was wondering if anyone had any experience with them in CentOS 6.4? And if there were any other solutions I had overlooked? Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Intel e1000e driver bug and 82574L controller
One of the more promising solutions I'm looking at for my dual-ethernet dual-monitor workstation contains an Intel 82574L Ethernet controller. I found a LOT of postings regarding a bug in the driver for this controller: http://www.doxer.org/learn-linux/resolved-intel-e1000e-driver-bug-on-82574l-ethernet-controller-causing-network-blipping/ https://bugzilla.redhat.com/show_bug.cgi?id=632650 but there isn't any clear indication as to whether the bug has been resolved in mainline CentOS 6.4 or not. Has this bug been resolved? -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Motherboard and chipset compatibility
> > Since the reqirements are (relatively) modest (except those two), I was > > hoping to squeeze something in. > > how about an ultrasmall form factor desktop, such as the Dell Optiplex > 7010 USFF ? those have dual displayport outputs (requires $7 optional > video output panel), and are 24x6.5x24cm I didn't even know that the Optiplex 7010 was CentOS compatible (though someone may have mentioned it in my previous thread); it is not on the RedHat Hardware List, not does Dell's web site go out of its way to mention it. Again, how does one find this kind of thing out? There has to be a better solution than 3 days of web searches, Emails to tech support, and forum posts. In addition, the USFF Optiplex seems to be limited to a Core i3 processor and a mere 2GB of memory, which while acceptable is not optimal (and worse than some other solutions I'm looking at). And for everyone suggesting KVMs, VMs, SSH, or other solutions...this is a telescope operations system, so none of those are really appropriate to the task, I'm afraid. I really want direct monitor/keyboard/mouse connections (and yes, I keep a hotspare warmed up at all times in case of a critical failure, and have had to use it on more than one occasion). And I'm sorry my postings don't seem to thread right in the archives. I subscribe to the Digest form orf the list and am compiling these replies using the web archives. Anyway, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Motherboard and chipset compatibility
John R Pierce wrote: > On 8/12/2013 9:14 AM, Glenn Eychaner wrote: > > * 1U short-depth rackmount chassis OR Mini-ITX small-footprint chassis > > * Dual 1920x1200 monitor display > > those two requirements together are unusual. most rackmount 1U systems > are headless, except a basic VGA for initial configuration. > dual display is generally found on a desktop system. I agree. In this case, the floor is not the best environment for the equipment, the adjacent rack has only 1U of short-depth rack space available, and the desktop is already crowded with keyboards and monitors. Since the reqirements are (relatively) modest (except those two), I was hoping to squeeze something in. Looks like I'm out of luck, and buying another full tower to hold a motherboard, a disk drive, and one expansion card. Sigh. -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Motherboard and chipset compatibility
m.roth at 5-cent.us wrote: > Now, about what you're looking to build - you say that you want 1U, and > mention rackspace: in my experience, rackmounts are a *lot* larger than a > pizza box, so I'm a little confused at the requirements you're building > for. The rack is already full; I only get that 1U of space by removing a spare part to another location, and unfortunately, I have a depth limit due to the power distribution module on the rack rear. These computers are replacing tower PCs that sit on the floor under a desk in a rather hostile environment, so I'd like to move them to either the desktop or the adjacent rack, but have limited space in either location (1U of short-depth rack or about room for a miniITX box on the desk). -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Motherboard and chipset compatibility
So, having returned from a month's vacation, I'm back to work on attempting to build a set of small form factor CentOS compatible computers. I've really tried to do my homework, but this doesn't appear (at first glance) to be at all easy. It's not made easier by the fact that I have to get it right the first time (and I haven't built a PC in a decade); the time and money cost of shipping anything to and from my remote location in Chile means I can't afford to waste time buying and returning things. First question: does anyone have any experience with the Jetway NF9E-Q77 or ZOTAC Z77ITX-A-E motherboards? Having struck out on Intel Q77 or Z77-based SFF motherboards (the DQ77** series is completely out of stock everywhere, and the DZ77** series is ATX only), I have found a couple of Mini-ITX systems based on these two motherboards. Second question: Where can I get information about which Intel chipsets (Z77 vs Z87 vs Q77 vs C602 vs ...geez, there are a LOT of chipsets, as evidenced by http://www.supermicro.com/support/faqs/os.cfm) are supported by CentOS 6 / RHEL 6? I have not been able to find this information on either the Intel, RedHat, or CentOS web sites. Third (more general) question: My requirements are (I believe) modest: * 1U short-depth rackmount chassis OR Mini-ITX small-footprint chassis * Dual GbE network ports * Dual 1920x1200 monitor display * One SSD drive * 32-bit CentOS 6.4 compatible. It's the combination of the first, third, and fifth requirements that really seems to get me hung up. I've found plenty of 1U server systems (such as SuperMicro), but none of them support dual displays. (Some of them have a PCIe16x riser card that could conceivably accomodate a separate graphics card, assuming I could find one that fits; I have Emails in to various tech supports to inquire about this. I've found LOTS of 2U solutions, thanks, but only have 1U of available rack.) As far as Linux support goes, the RHEL Hardware List has thus far been pretty useless (much of the hardware on it is obsolete or discontinued), and most manufacturers' web sites have been equally useless. (One exception being ASUS, which has a Linux-compatibility list at http://www.asus.com/websites/global/aboutasus/OS/Linux.pdf SuperMicro has a very nice list referenced above, but none of their small form factor motherboards support dual displays AFAICT; I have found nothing useful at Intel's site.) Does anyone have any resources they'd like to point me to? Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 SFF motherboard or complete system
I am trying to assemble or purchase a set of CentOS 6 compatible SFF workstations, and am finding it incredibly frustrating to do so. hardware.redhat.com is so slow as to be useless and provides almost no information about each of the 1,300 or so products listed in their database; clicking through them one at a time is incredibly frustrating (and about half of them are discontinued or out of stock when I actually go looking for them, like the Intel DQ series motherboards I was interested in). Vendor web sites are almost no use; they trumpet their Windows 8 compatibility all over the site, but finding information about Linux compatibility is next to impossible. My requirements aren't overwhelming; an i7 processor, four memeory slots preferred, dual 24" (1920x1200) monitor capability, and dual ethernet (or an expansion slot for a second Ethernet card). Anyone have any advice on how to attack this these days? I've been out of the hardware-purchase game on the Linux side for years, and most of my bookmarks no longer point anywhere useful, sadly. -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6.4: Possible bug in system-config-network-cmd
On May 21, 2013, at 4:52 PM, Glenn Eychaner wrote: > I'm having a puzzling problem with system-config-network-cmd in CentOS > 6.4 This all works great, EXCEPT that if the machine is booted a fixed-IP > profile, the the DHCP ifcfg file also winds up in > /etc/sysconfig/network-scripts. So, if I have in > profiles/dhcp/ifcfg-eth0_dhcp (with a hardlink in devices/, of course): After some fooling around, I figured out that the problem is with the default profile. When you switch profiles, it copies whatever devices are in the profile you switched to AND whatever is in the default profile into .../network-scripts/, and if you delete the default profile or remove all the network devices, it will *repopulate it for you* the next time you switch. And of course you can't just use the same generic name in all the profiles (ifcfg_eth0), because then it gets really confused since the device names in .../profiles/* have to match the devices in .../devices/. This is a CHANGE in behavior from CentOS 5, and whoever thought it was a good idea should be forced to use Windows ME for 30 days. -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 6 and PHP
Still upgrading CentOS 5 to CentOS 6, and have run into the next issue: When I install httpd and php, everything works great, and the default-test "" works great. The problem is that I have a bunch of old HTML that seems to use "" and cleaning any that don't match after running system-config-network-cmd. I suspect it has to do with either the contents of /etc/udev/rules.d/70-persistant-net.rules or the format of my ifcfg-ethX_* files, but haven't been able to resolve it. Probably will leave it as "workaround works". UUIDs and boot drives: Didn't solve this one either, but again didn't try very hard because the recovery from a failed attempt is a royal pain. I decided that the actual UUIDs weren't important enough to me to matter, since I seldom boot with more than one workstation's drive connected at a time. I will probably go back to labels, since I can change those (apparently) without rendering the system unbootable. Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Changing disk UUID after cloning
On May 22, 2013, at 4:14 PM, Reindl Harald wrote: > Am 22.05.2013 21:58, schrieb Glenn Eychaner: >> So, I have a CentOS 6 system, and I want to make several clones of it. I'm >> using Clonezilla to clone the drives; that's no problem. But the drive >> UUIDs are driving me up the wall. After cloning, the two drives have the >> same UUID, but I'd like each clone to have different UUIDs so there's no >> possibility of a conflict when I am running diagnostics with two drives >> installed, etc. But when I change the UUID of the /boot or / partition (even >> if I update /etc/fstab), the system won't boot; it GRUBs OK (after I use >> recovery mode to rerun grub-install), but never gets to the 'Welcome to >> CentOS " message. Do I need to "rebless" vmlinuz or initrd or initramfs in >> the /boot partition if I change the drive UUID? > > for the inital boot /etc/fstab is *irrelevant* > logical thinking: if it can read it the partition is already mounted > > * at least GRUB config contains a line like > "root=UUID=b935b5db-0051-4f7f-83ac-6a6651fe0988" Not on my system; CentOS 6 uses grub 0.97, and my grub.conf file doesn't contain any UUIDs that I can find. > * dracut / initramfs contains at least the UUID for /boot > * did yiou try "dracut -f" after the changes? That's probably the problem; I will make another attempt in the morning, if I decide that I care. I may simply decide that I don't care if I have duplicated UUIDs between workstations, if it becomes too much trouble to fix. :-) -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Changing disk UUID after cloning
So, I have a CentOS 6 system, and I want to make several clones of it. I'm using Clonezilla to clone the drives; that's no problem. But the drive UUIDs are driving me up the wall. After cloning, the two drives have the same UUID, but I'd like each clone to have different UUIDs so there's no possibility of a conflict when I am running diagnostics with two drives installed, etc. But when I change the UUID of the /boot or / partition (even if I update /etc/fstab), the system won't boot; it GRUBs OK (after I use recovery mode to rerun grub-install), but never gets to the 'Welcome to CentOS " message. Do I need to "rebless" vmlinuz or initrd or initramfs in the /boot partition if I change the drive UUID? Or should I just ignore UUID and go back to using labels in /etc/fstab (which is what I did in CentOS 5)? Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 6.4: Possible bug in system-config-network-cmd
m.roth:
> Hmmm... have you looked at /etc/udev/rules.d/70-persistant-net.rules?
# PCI device 0x8086:0x104b (e1000e)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:16:xx:xx:xx:xx", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x10b7:0x9200 (3c59x)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{address}=="00:04:xx:xx;xx:xx", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
Not sure there's anything relevant there...
-G.
--
Glenn Eychaner (geycha...@lco.cl)
Telescope Systems Programmer, Las Campanas Observatory
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 6.4: Possible bug in system-config-network-cmd
I'm having a puzzling problem with system-config-network-cmd in CentOS 6.4. I have a workstation with a number of different grub boot configurations (a spare for a set of workstations, basically), each of which has a parameter MYHOST=, and I am using system-config-network-cmd to set the boot configuration during the network process (using a small custom system service that runs just before network startup, reads the configuration name from /proc/cmdline and calls "system-config-network-cmd -p "). I have properly disabled NetworkManager, and have /etc/sysconfig/networking/devices and .../profiles set up correctly AFAIK (it was all copied from a CentOS 5 machine, and the hand links were maintained properly as needed; such a PITA that they got rid of the very nice GUI for this). This all works great, EXCEPT that if the machine is booted a fixed-IP profile, the the DHCP ifcfg file also winds up in /etc/sysconfig/network-scripts. So, if I have in profiles/dhcp/ifcfg-eth0_dhcp (with a hardlink in devices/, of course): TYPE=Ethernet DEVICE=eth0 HWADDR= BOOTPROTO=dhcp ONBOOT=yes USERCTL=no IPV6INIT=no PEERDNS=yes and in profiles/fixed/ifcfg-eth0_fixed GATEWAY=x.y.z.1 TYPE=Ethernet DEVICE=eth0 HWADDR= BOOTPROTO=none NETMASK=255.255.255.0 IPADDR=x.y.z.n ONBOOT=yes USERCTL=no IPV6INIT=no PEERDNS=yes If I boot into fixed, I find that ifcfg-eth0_dhcp is also in network-scripts, and it tries to activate this interface, even though this interface is NOT in profiles/fixed in any way! This worked great in CentOS 5, so I think I know what I'm doing here? For now, I am "fixing" the issue by running a find on network-scripts to remove inappropriate files after running systme-config-network-cmd, but that is complete cheese, of course. Is there something missing from ifcfg-eth0_dhcp that is confusing the system-config-network-cmd script? Is there any documentation on this that's helpful? And is there simply a better way to do this that I've missed? Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Configuring printers in CentOS 5
Could someone please explain to me how to best configure printers in CentOS 5? I've been trying to configure a new printer, which is served by a Mac Mini: If I open a web browser at localhost:631, or "system-configure-printers" and I configure the new printer as an IPP printer, it winds up in a list of "Remote printers", and once it winds up there I can't seem to delete the printer or change the settings at all. If I try using the system-config-printers interface, it's all greyed out; if I try using CUPS, it actually tries to connect to CUPS on the Mini! In order to delete it, I have to manually revert the /etc/cups files and restart the cups printing system in system-config-services. I just don't understand printer configuration on Linux. On the Macs, it's just plug and go. Why does CentOS have to make it so confusing? -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] projects.centos.org down again
> Garry Dale wrote: >> There is an open bug report from 2009-09-21 with a similar summary [1]. >> Since bug 3858 was never closed, I've updated the notes. > > Per updates to bug tracker, the projects.centos.org site is back online. > > Should bug 3858 [1] now be closed, or is it acting as a placeholder for > events such as this? Just curious... Well, projects.centos.org was up briefly over the weekend, but appears (from my end) to be down again, same symptoms; HTTP connections just hang. Next time I'll download the LiveCD instructions I'm looking for to a static file! -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Projects.centos.org down?
I have been trying to get to the CentOS LiveCD site at projects.centos.org the last couple of days, but have been unable to reach it. Is it down, and is there any info on when it might be back up? Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS, Firefox, and Java Plugin
On Sep 22, 2010, at 11:22 PM, Glenn Eychaner wrote: > The latest updates to CentOS 5.5 seem to have broken the Java plugin, > and have defeated any and all attempts to get it working again. > I'm running CentOS 5.5 (32-bit) and Firefox 3.6.9 (installed from the > CentOS repository); I've tried BOTH the openJDK plugin available > through the Argeo repositories, and installing Java 1.6.0 directly > from Sun/Oracle and creating the plugin soft link in /usr/lib/mozilla/plugins. > Neither works at all. Thanks to everyone for their help. It turns out that I had two problems: 1) The page that you get redirected to by the Firefox plugin finder links to these (incorrect) install instructions: http://java.com/en/download/help/linux_install.xml#rpm The correct install instructions can be found at Oracle's website: http://www.oracle.com/technetwork/java/javase/install-linux-rpm-137089.html 2) I was using the Argeo-Plus plugin (32-bit), which appears to be broken. Mathieu, if you get it working again, I'd be happy to use it, but if not, I understand. I was aware that the location had changed (serendipitously), and have the latest version (I've since rolled everything to the Oracle/Sun plugin). Thanks all, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS, Firefox, and Java Plugin
The latest updates to CentOS 5.5 seem to have broken the Java plugin, and have defeated any and all attempts to get it working again. I'm running CentOS 5.5 (32-bit) and Firefox 3.6.9 (installed from the CentOS repository); I've tried BOTH the openJDK plugin available through the Argeo repositories, and installing Java 1.6.0 directly from Sun/Oracle and creating the plugin soft link in /usr/lib/mozilla/plugins. Neither works at all. This was working a while ago, but it broke and I didn't notice. Thanks for any help you can provide, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] System beeps in kernel 2.6.18-194
On Aug 31, 2010, at 9:36 AM, Glenn Eychaner wrote: > On Aug 26, 2010, at 12:00 PM, centos-requ...@centos.org wrote: > >>> ?Is there someplace can I find *detailed* release notes on the differences >>> between -164 and -194 kernels to help in looking for the problem, pinning >>> it down, and submitting a patch (and/or building my own kernel), or should >>> I just download the SRPMS and dig in? >> >> You can find kernel changelog diffs here (maintaind by Alan Bartlett): >> >> http://www.centos.toracat.org/ajb/kernel-clog-diff/ > > Is there any place that I can find RPM or SRPM packages for the kernels > between 18-164 and 18-194 that are listed in this kernel log? It would > really help narrow down the problem if I could just build each kernel version > and test it; then at least I'd only have one set of differences to go through > rather than 30. Having read the kernel log diff list, and searched it for items related to "sound", I'm really suspicious of the following listed change: * Mon Dec 21 2009 Jarod Wilson [2.6.18-183.el5] [...] < - [sound] alsa hda driver update for rhel5.5 (Jaroslav Kysela) [525390] How do I go about backing out this change (reverting the alsa hda drivers in the -194 kernel to the -164 kernel versions) for testing? -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] System beeps in kernel 2.6.18-194
On Aug 26, 2010, at 12:00 PM, centos-requ...@centos.org wrote: >> ?Is there someplace can I find *detailed* release notes on the differences >> between -164 and -194 kernels to help in looking for the problem, pinning it >> down, and submitting a patch (and/or building my own kernel), or should I >> just download the SRPMS and dig in? > > You can find kernel changelog diffs here (maintaind by Alan Bartlett): > > http://www.centos.toracat.org/ajb/kernel-clog-diff/ Is there any place that I can find RPM or SRPM packages for the kernels between 18-164 and 18-194 that are listed in this kernel log? It would really help narrow down the problem if I could just build each kernel version and test it; then at least I'd only have one set of differences to go through rather than 30. [Not a kernel expert, but willing to give it a solid go!] Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] System beeps in kernel 2.6.18-194
Akemi Yagi amyagi at gmail.com wrote: > On Wed, Aug 25, 2010 at 2:39 PM, Glenn Eychaner wrote: >> So, just today I noticed a problem with kernel 2.6.18-194 (CentOS 5.5) on >> several Intel DP965LT systems; the system beeps (such as terminal beeps) are >> no longer passed through to the external speakers. This is a problem >> because in our situation the boxes are distant from their monitor/keyboard, >> the system speaker on this motherboard is extremely weak, and there are no >> system speaker header pins on the motherboard. The problem goes away if I >> revert the system to 2.6.18-164 with no other changes. >> I looked through the list archives and searched the web for other people who >> have encountered this, but it's pretty specific (and hard to search for >> "system beep"!) > > Does it have Nvidia controllers? If so, it may be related to: > http://bugs.centos.org/view.php?id=4335 Nope. It has a PCI NVidia graphics card, but the tech specs for the board (page 12) show Intel chipsets (as expected). http://downloadmirror.intel.com/15049/eng/DP965LT_TechProdSpec.pdf Besides, I tried adding the "enable_msi=0" to that line of modprobe.conf, and it didn't make any difference. >> Is there someplace can I find *detailed* release notes on the differences >> between -164 and -194 kernels to help in looking for the problem, pinning it >> down, and submitting a patch (and/or building my own kernel), or should I >> just download the SRPMS and dig in? > > You can find kernel changelog diffs here (maintaind by Alan Bartlett): > http://www.centos.toracat.org/ajb/kernel-clog-diff/ Wow. Considering I need to look at everything from 164-15 to 194-3, that's a lot of heavy reading and searching. -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] System beeps in kernel 2.6.18-194
So, just today I noticed a problem with kernel 2.6.18-194 (CentOS 5.5) on several Intel DP965LT systems; the system beeps (such as terminal beeps) are no longer passed through to the external speakers. This is a problem because in our situation the boxes are distant from their monitor/keyboard, the system speaker on this motherboard is extremely weak, and there are no system speaker header pins on the motherboard. The problem goes away if I revert the system to 2.6.18-164 with no other changes. I looked through the list archives and searched the web for other people who have encountered this, but it's pretty specific (and hard to search for "system beep"!) Is there someplace can I find *detailed* release notes on the differences between -164 and -194 kernels to help in looking for the problem, pinning it down, and submitting a patch (and/or building my own kernel), or should I just download the SRPMS and dig in? Thanks, -G. -- Glenn Eychaner (geycha...@lco.cl) Telescope Systems Programmer, Las Campanas Observatory ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dealing with MS .msg files on Linix
At 02:12 PM 11/2/2009, you wrote: >On Mon, November 2, 2009 2:06 pm, James B. Byrne wrote: > > I am a digest subscriber, so the favour of a direct copy of any > > replies is requested. > > > > > > Our firm uses SquirrelMail (SM) for email and we have a client who > > has begun sending us email documents that SM cannot open. This is a > > MicroSoft Outlook artifact and I suspect it is tied to the XML used > > in the message composition. The problem for us is that the result > > of opening such an email with SM is that it displays nothing. The > > To, From, Subject, and message body all all missing and no > > attachments are found. > > > > If we use Thunderbird then we can see the original message and its > > attachments; and that is what we are using in the meantime to get > > around this problem. However, it would be far more convenient if we > > could use some way of dealing with this message format from within > > SM. > > > > Has anyone here run into this situation? How did you handle it? Is > > there a SquirrelMail solution or must we change email programs just > > to deal with this correspondent? > > > > I have done the Google thing and have not turned up anything of use. > > Perhaps I am using the wrong words. > > > > Sincerely, > > >We have ran into this before I believe. Its been awhile. Have you tried >viewing the message as plain text or html? > >Bo I've used? MailScanner a lot in the past. MailScanner used Perl libraries to decode and translate the .msg files to text as an option. http://mailscanner.info. Good software, but if you already have an antivirus/anti-spam solution, it would be overkill, to the maximus! Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Securely backing up Linux machines to NAS?
At 10:42 PM 9/11/2009, you wrote: >I have been tasked with having a Buffalo Terastation Pro 2 NAS box, >likely to be connected to a Linux box via samba, be the storage device >to back up mostly Ubuntu and Centos systems. The trick is, the >machines to be backed up need to do so in an automated fashion and >make a secure, encrypted connection to my Linux box hosting the NAS. >The NAS does have SSL enabled for web admin access, though the same >login credentials are used to authenticate the Linux host via samba to >the NAS. > >So what are the simplest options to back up the Linux hosts? rsync >does come to mind, but how to do so securely from each host? I'd >consider something via ssh, but that would mean an interactive login, >and encrypting individual files on the hosts is not an option. > >NFS is also available on the NAS, but considering the security >concerns, I will not use that, nor do I want to enable any more >services on the linux machines being backed up than necessary, meaning >samba is not an option, unless it remains the ONLY one. > >I ONLY plan to use samba to mount the NAS to my Linux server, unless >someone comes up with a more secure method, or even away to negate the >need of the Linux server and permit the hosts to back up directly to >the NAS... > >Ideas are welcome. > >Thanks. > >Scott Scott, http://www.jms1.net/code/rsync-backup.shtml Cheers! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Tomcat CLASSPATH issue
At 04:49 PM 6/16/2009, you wrote: > From the same version of Apache-Tomcat (6.0.18) web.xml config file: > > > > > > > You are setting CLASSPATH as an OS environment variable. Tomcat > wants/has it's own and you set it within the engine, or let the > engine take care of it for you. > > > interesting thanks - will investigate that FYI, if you are getting heavily into Tomcat, I would advise you join <mailto:users-subscr...@tomcat.apache.org>users-subscr...@tomcat.apache.org or consult http://marc.info/?l=tomcat-user where you are not OT. You'll get a wealth of information just lurking and searching the archives! Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT - Tomcat CLASSPATH issue
At 09:58 AM 6/16/2009, you wrote: > > Does this answer your question? > > http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html > > > > > >not really no .. From the same version of Apache-Tomcat (6.0.18) web.xml config file: You are setting CLASSPATH as an OS environment variable. Tomcat wants/has it's own and you set it within the engine, or let the engine take care of it for you. Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] pop3 attack
At 02:05 PM 3/13/2009, you wrote: >James Pifer wrote: > >> The masquerading options are for a different purpose. > >> I'm glad you got it sorted out. > >> > > > > > > Although I'm able to send mail to most people without a problem using > > smarthost, I still have a few that bounce back with errors like: > > Your message was rejected by mail.lance.com for the following reason: > > > > Service unavailable; Client host [cdptpa-omtalb.mail.rr.com] > blocked by zen.spamhaus.org; http://www.spamhaus.org/query/bl?ip=70.62.90.185 > > > > I'm using the smarthost server that I should be using according > to the information: > > define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl > > > > Although I'm in a residential IP range, my connection is Business > Class, so sending smtp mail is not restricted (at least contractually). > > > > Why would I still have this problem if I'm using smarthost? Is > there a way to resolve it? > > >The problem has nothing to do with the Smart host server entry. > >Read the information in the URL above and contact your ISP. Adding to that, Your ISP has a lot of zombied, sick clients on it. I find it hard to believe the number of zombied computers on the RoadRunner network trying to hit my mail server. Your upstream ISP server is letting a lot of junk through by lack of control by your ISP. Now, they've been black listed by spamhaus.org for that content. Unfortunately you chose a bad ISP. Complain to them and/or threaten to take your business elsewhere, but their problem is so large, they probably can't even begin to put a dent in it now! Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] WAY OT: domain name registration .co.za
At 12:01 PM 3/6/2009, you wrote: >2009/3/6 Bill Campbell > > > > On Fri, Mar 06, 2009, Glenn wrote: > > >Hello All, > > > > > >Very sorry about WAY off-topic query, but you folks really are one of > > >my most International subscribed groups. > > > > > >I am looking for a recommendation for a domain name registrar I can > > >register my .co.za domain name with that won't 'yank my chains'. I > > >tried a couple attempts at registering and found some hidden fees > > >along with the insistence that I had to host my DNS with them. Lots > > >of hosting bundles! > > > > > >I just want a registrar that can register the domain name and use MY > > >DNS servers. I'll do all the hosting, thank you very much! > >Hi Bill. >Have you tried registering your domain directly with the registrar? > >( http://co.za/coza_reg.txt ) > >Regards, > Andrew Thanks All! Again sorry about the OT!!! Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] WAY OT: domain name registration .co.za
Hello All, Very sorry about WAY off-topic query, but you folks really are one of my most International subscribed groups. I am looking for a recommendation for a domain name registrar I can register my .co.za domain name with that won't 'yank my chains'. I tried a couple attempts at registering and found some hidden fees along with the insistence that I had to host my DNS with them. Lots of hosting bundles! I just want a registrar that can register the domain name and use MY DNS servers. I'll do all the hosting, thank you very much! Thanks in Advance! Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Emergency rescue help needed
At 04:57 PM 1/30/2009, you wrote: >On Friday 30 January 2009 20:51:53 Glenn wrote: > > > > Are you located in U.S., U.K. or Europe? I couldn't tell? > > >UK > >Anne Reason I asked is because APC has refurbished UPS for half price with free shipping a lot of the times in the US. I've had very good luck with the refurbished units. Sorry. Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Emergency rescue help needed
At 03:28 PM 1/30/2009, you wrote: >On Friday 30 January 2009 19:33:24 John R Pierce wrote: > > Chris Boyd wrote: > > > On Jan 30, 2009, at 11:28 AM, Anne Wilson wrote: > > >> OK, thanks. I'll look around. I guess if they are selling 'standard' > > >> batteries they will have some way of making sure that what I buy is > > >> compatible. Another adventure :-) > > > > > > There's info on the battery that will identify it. > > > > > > Voltage (typically 12V for a small UPS) > > > Ah or mAh (Amp-hours or milliamp-hours, typically 7.5 for a small UPS) > > > A manufacturer model number (they should be able to cross-reference to > > > get the equivalent) > > > > many of the smaller UPS's use a pair of 6V 12AH batteries wired in > > series... if these are mounted side-by-side, you can use a single 12V 12AH. > > > > many UPS batteries use a somewhat different rating than AH, based on > > minutes at some load factor. > > > > I get my batteries from > > http://search.digikey.com/scripts/DkSearch/dksus.dll?Cat=393246 > > > > anyways... measure the size of the battery, go here, select the voltage > > on the far right, and pick the size, and .250 spades (or whatever) and > > hit search. BB are somewhat cheaper, Panasonic are considered premium > > grade. a really large UPS will use M5 or M6 bolt lugs. > > > > > > prices -have- gone up a few years ago, Panasonic 12V 20AH were $44. > > now they are $73. ouch. > > > > if this is too complex, or if your UPS uses a funky battery assembly > > you're not up for hacking, try these guys... > > http://www.refurbups.com/Catalog/By-APC-RBC-Battery-Number;jsessionid=0a010 > >5501f434fd727d50b9643569c308deb23faa548.e3eSc34OaxmTe34Pa38Ta38Qb350 > > >OK. Thanks, both of you. Info bookmarked for investigation :-) > >Anne Anne, Are you located in U.S., U.K. or Europe? I couldn't tell? Thanks, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Emergency rescue help needed
At 03:44 PM 1/29/2009, you wrote: >On Thursday 29 January 2009 20:23:40 Lanny Marcus wrote: > > Assuming that the Diagnostic tests you run on the hard drive and RAM > > are OK, if the box was made by Dell, Compaq/HP, etc., they probably > > have Diagnostics you can run on the mobo/cpu that you can Download > > from their web site. If not, hopefully from the web site of the mobo > > manufacturer. > > >It's a home-build. I've been doing this since about 1990. The drives are >Hitachi, and I seem to recall that once before I tried to run the Hitachi >diagnostics, without success. My request for help/information from them was >ignored. However, at the time I got the drives they had a good warranty >period, which is something I always check as a guide to how much confidence >the manufacturer has in them. > > > You said that the UPS is fully charged. I wonder if you need a UPS > > with larger capacity and if your UPS is working properly. > >I don't think there's any problem with the UPS (APC). > > > Depends on > > how long the frequent outages were that day. My observation is that if > > the power goes down (especially when we have Thunderstorm activity) it > > may come back up and then go down again, sometimes in 1 or 2 minutes > > or less. > > >The village has had several weeks of being powered by emergency generators >stuck in fields. We've had very many power dips and momentary >losses, then in >the space of last week we had an 11-hour outage, followed a few days later by >a 4.5 hour one and two short ones soon after that. I think it was the >rapidity of those outages that caused the problem. > > > The cheap PSU's are vastly over rated, with regard to their capacity. > > The one I bought for this Dell Dimension 2400 a few weeks ago says > > "550 watts". The motherboard repairman told me he believes the true > > capacity is about 50% of that. > > >I buy only recommended brands, and watch the load. However, that box has a >PSU that came with the (not cheap) box, so I don't know the quality. I think >it should be replaced. I can't remember its rating - I'll check >tomorrow when >I pull the box out. > > > If your data is critical, the backups should be stored off site. There > > are some companies mentioned on webhostingtalk.com who provide backup > > service to their servers over the Internet. > > >Critical only to me - personal stuff. All the same, I take your point. I >will move the backups to a safer spot. > > > In my own box, the vast majority of the symptoms, if not all symptoms, > > disappeared, after I unplugged the connectors and reseated them. Then, > > the new PSU. In my wife's box, a strange intermittent problem, > > where the BIOS couldn't see the hard drive when booting, disappeared, > > when I replaced the EIDE cable. > > > > When you have the cover off, put your hand on the Shroud over the CPU > > and see whether or not it is hot or cool. If it is hot, that's not an > > indication of good cooling. The Capacitors on the motherboard should > > look alike and not be hot to the touch. GL Capacitors on the motherboard will look like they are rounded and bowing upward or cracked, or may even have some yellowish, dried, liquid, if they are defective. If they are intermittent, they may show only the slightest signs of this. The capacitors have a liquid inside that literally cooks off if they get too hot. >I'll check those at the same time. Thanks for the reply > >Anne > > >___ >CentOS mailing list >CentOS@centos.org >http://lists.centos.org/mailman/listinfo/centos > > >No virus found in this incoming message. >Checked by AVG - http://www.avg.com >Version: 8.0.176 / Virus Database: 270.10.15/1923 - Release Date: >1/29/2009 7:13 AM ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Infrastructure Documenting
Hierarchies are as diverse and personal as they come. What is more important is to have your site be searchable. To that end you might invest in adding search tags to each document. So that you have access to them all in a flat way as well as the hierarchy. --Glenn 2009/1/23 Joseph L. Casale : > We are moving all our (limited and badly organized) documentation to a wiki. > Anyone got any examples/pointers to a hierarchy that made logical sense? We > are hoping to move everything from topology to application specific notes in > to the wiki. Given the size of this task, I only want to do this once:) > > Thanks for any reco's! > jlc > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > -- See my blog at http://snap-happy3216.blogspot.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Help with a good recovery plan.. Linux rescue?
Hello All, I have a machine that crashed. Some part of the motherboard (power supply-related) went south. The motherboard, CPU and memory have been replaced with a much newer architecture. The OS and data are intact on two SATA drives that were RAID1 with LVM. I am going to use 'linux rescue' to recover the LVM backup so I can mount the RAIDs (there were two) in a new CentOS install, on a third disk. I have no indication that I could recover the previous CentOS (somewhere between CentOS 5.1 and 5.2 on updates). Can I use 'linux rescue' to fix that OS up to boot it? The kernel panics in its current state (because the hardware architecture is so strikingly different). What is the methodology of fixing the kernel in this circumstance? Thanks in Advance! Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: SYD flood dropped on Sendmail (centos 4.x)
At 07:03 PM 11/20/2008, you wrote: on 11-20-2008 3:31 PM Kai Schaetzl spake the following: > Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800: > >> I get complaints about "the servers asking for username and password". > > from your users or what? Of course, they may complain. A big dictionary > attack can take almost all the bandwidth for some time or leave a backlog > of dovecot instances. > Please, as I understand you are a server adminstrator for quite a few > machines, correct? Yet, you are answering in a way as if you just brought > your first server online. > > Btw, it's a *SYN* flood, not a SYD flood and that won't change even if you > repeat it again and again. > > I >> started test@ accounts all many servers to try and track it down. > > Pardon, you did what? > >> I have tried restarting POP and SMTP in the past > > You may want to kill all dovecot instances, in case you *are* running > dovecot (if not, then of what you use, but I know that dovecot likes to > hang in this way if hammered). Just restarting it may not kill the backlog > of hanging connections. A "ps ax|grep login" would help to see if > instances are still running. > Restarting SMTP: again, this has nothing to do with SMTP! > > Kai > CentOS 4 comes with a very OLD version of dovecot. If you are using dovecot, you can get a much newer version at atrpms.net. The upgrade might be all you need to fix it. Watch out for this gotcha! The Dovecot version 1.0.x that comes with CentOS 5.x is much better and I run it and would recommend it, but the configs for 0.99.x (Came with CentOS 4.x) are incompatible with the previous version. Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Picasa vs. native photo management apps
At 02:57 PM 10/31/2008, you wrote: I recommend taking a good look at Digicam. For the types of tasks listed above, its very good and fairly easy. It also supports bulk processing, tagging images, etc. Its part image database and part image manipulator. Link? Please? Digicam gives too many hits on search engine even with refining the search. (Lurking and inquisitive) Thanks, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] offtopic question .. apprecyice ur help
At 01:34 PM 10/31/2008, you wrote: Thanks guys for ur immediate reply do apprecite i try to incoporate some of the RBLS and check it out regards simon Depending upon your outcome, there are other methods you can use to modify for better results. You may find inserting the RBL in sendmail as a successful choice. In case you do not, What I use is a combination of scoring within SpamAssassin on the public RBLs and maintaining my own RBL on my local mail servers (See http://www.corpit.ru/mjt/rbldnsd.html). I got too many false positives off publicly available RBLs, but adding up the number of RBLs a sender 'hits' made my SpamAssassin scoring method VERY ACCURATE! Good luck and keep fighting! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Mailing List Spam
At 12:46 PM 10/3/2008, you wrote: Hello? This is way off topic for the CentOS list. Enough already. mhr Sorry. My last one slipped-in before you called 'cease-fire.' I'm done. Thanks Moderator! Cheers! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] OT Mailing List Spam
At 12:34 PM 10/3/2008, you wrote: Bob Hoffman wrote: > I wait until a legitimate company spams me...then I call them > up and see if it was themthen I let years of spam aggression > boil out to the company over the phoneand hope they take me > off the list. > Now that is how to blow off spam steam. Sadly you have a long way to go ... I'm willing to bet that the eircom.net spammer has spammed many on this list but due to no-one taking action he was still in business. Regards, Vandaman. I actually responded to their web form, just that once and notified them of my future intention of automatically blocking their individual offending IPs. I'm still reporting to their abuse address. If they want to ignore me.. fine. I've also reported to [EMAIL PROTECTED] so that it is documented (not that anyone there pays attention either, but I hope that someone does a tally at the end of a day/week/month/quarter to see who is most misbehaved). I also email anyone else who will listen, like [EMAIL PROTECTED] Maybe their lawyers will take head. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Mailing List Spam
At 11:56 AM 10/3/2008, you wrote: On Fri, Oct 03, 2008, Mark A. Lewis wrote: >>This is why the RFC clearly states that you must answer certain email >>addresses; abuse@ being one! If you don't follow the RFC's than how >>can anyone expect your protocols or operations to be compliant with >>any standards? >> >>Now, someone decided, in their infinite wisdom, that if you send an >>auto-reply directing you to a web form, that this is compliant.. >>where as I read it as a cheat! That does not allow me to use the >>abuse@ address for the function it was intended and as stated earlier: >> >>I DO NOT HAVE TIME IN A DAY TO GO REPORTING SOME ADMINISTRATOR'S >>DEFICIENCY IN POLICING HIS/HER OWN USERS THROUGH A PROPRIETARY WEB FORM. >> >>Therefore, I have been given authority to block them, meeting my >>management's criteria. >> >>Make sure your rules meet the RFCs and your management's criteria and >>you will make your life a whole lot simpler.. Oh, and argue the RFC's >>with management, in case they do not understand! >So, let's look at your stance. >[EMAIL PROTECTED] would probably get millions of mails a day. Acting more as >a spam trap more than anything else, and I don't think anyone would call >them unreasonable for not reading each and every mail sent to it. If you >think they should, perhaps you should volunteer. Male Bovine Defecation! If yahoo is going to provide mail services, they damn well should do it in a responsible manner. Just becaue they are big does not exempt them from this responsibility. On the contrary, the large free mail providers, yahoo, hotmail, gmail, etc. are frequently used by spammers, phishers, and other criminals for drop boxes to further their crimes. As large as it is, AOL does a very good job of dealing with complaints and handling spam. They are also quite active in the anti-spam/anti-phishing community. Agreed! AOL does do a fine job at policing their users. And for that matter when I report these zombied users (mostly) or rampant criminals (rare) to a large ISP, usually 10x+ the size of my organization, I am already working for them; policing users they should have caught! If they are on their network spewing port 25 packets in large volumes, with no authentication to their mail gateway, then they are not effectively policing their users! I can and will catch anyone doing so, because I am a very small organization with no political clout and have a reputation to maintain! Why don't you go work for them? Sounds like you already do and are in CYA-mode. I already report their abusive, zombied customers. These organizations can filter all the incoming for their users. They've left it to you and I to clean up after their users shortcomings on outgoing. Lazy? Profits? Both? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Mailing List Spam
At 01:47 AM 10/3/2008, you wrote: On Thu, Oct 2, 2008 at 8:21 PM, Chris Boyd <[EMAIL PROTECTED]> wrote: > > On Oct 2, 2008, at 3:17 PM, Vandaman wrote: > >> 1. Go to the eircom page or type abuse at eircom in google to get the web >> form. The form looks like it goes direct to their tech support, they >> responded very fast. > > Yes, but the trend is for the big ISPs to use ARF, which sort of defeats the > idea of humans filling out forms. This is getting WAY off topic, but: ARF is really meant to be a format for ISPs to report abuse to one another. For example, when an AOLer clicks the "Report Spam" button, AOL pastes up an ARF format message and sends it to the entity who controls the IP address from which AOL received the original message. This only works if that entity has registered an email address with AOL's "feedback loop" service. ARF is not intended for use by end users making spam complaints to abuse desks. This is why the RFC clearly states that you must answer certain email addresses; abuse@ being one! If you don't follow the RFC's than how can anyone expect your protocols or operations to be compliant with any standards? Now, someone decided, in their infinite wisdom, that if you send an auto-reply directing you to a web form, that this is compliant.. where as I read it as a cheat! That does not allow me to use the abuse@ address for the function it was intended and as stated earlier: I DO NOT HAVE TIME IN A DAY TO GO REPORTING SOME ADMINISTRATOR'S DEFICIENCY IN POLICING HIS/HER OWN USERS THROUGH A PROPRIETARY WEB FORM. Therefore, I have been given authority to block them, meeting my management's criteria. Make sure your rules meet the RFCs and your management's criteria and you will make your life a whole lot simpler.. Oh, and argue the RFC's with management, in case they do not understand! Cheers! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT Mailing List Spam
At 03:13 PM 10/2/2008, you wrote: John R Pierce a écrit : except, 99% of spam has forged FROM addresses, Yeah, but at least one sender IP that can't be forged. Run jwhois on that, which usually gives you an [EMAIL PROTECTED] adress, and then simply forward them the spam. Normal providers hate hosting spammers. Unless, of course, it's one of those phantom PC farms constitued of 50.000 infested Windows PC's. As it was, the original poster of the thread did not post his email headers, so we are just taking his word for it that it came from eircom.net. However, emailing their [EMAIL PROTECTED] now gets an auto-response that they will not accept reports via email, but you must now fill in a web form to report. In which case I notified them that I considered that RFC-Ignorant behavior and that each and every offending IP would be included in my local DNSBL. Problem solved! Cheers! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: How to check for rootkit, troians etc in backed up files?
At 04:04 PM 9/16/2008, you wrote: on 9-16-2008 12:25 PM Alex spake the following: On Tue, 16 Sep 2008 12:08:46 -0700 Scott Silva <[EMAIL PROTECTED]> took out a #2 pencil and scribbled: Thanks (even if late!) for the suggestions, I've applied them. A reply in 3 days is late? That is good for a lot of lists. Your thank you almost 2 weeks later is what is late. ;-P I think that's what he meant. At least that's what my reality distortion field says. =-P Sorry... Bad day ... Short fuse... Insert virtual slappings below... Me too.. rough day, that is. Go home, have a (insert your favorite beverage) and thank your __ (insert higher-power) that things weren't worse! That's my plan! Cheers! Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] learning centos
At 05:53 PM 8/12/2008, you wrote: On Tue, Aug 12, 2008 at 05:41:17AM -0700, Akemi Yagi wrote: > On Tue, Aug 12, 2008 at 5:11 AM, pedro henrique antunes de oliveira > <[EMAIL PROTECTED]> wrote: > > Hello, I'm new to CENTOS and I'd like to learn how to use it from ground up. > > > > Can anyone recommend me books on it? > > > > I already have the documentation from the web site, can I start with it? > > > > I've already done very basic stuff on archlinux and slackware. > > Take a look at #4 of > http://www.centos.org/modules/newbb/viewtopic.php?topic_id=14273&forum=47 > (for example) And do recall that CentOS draws from Redhat. There are many 'books' about RedHat -- from the ground up. Welcome. Dive in. The only way to learn is to sink AND swim! Preferably, you'll be treading water for a while. Read the posts here! Very good! Also, subscribe to http://lists.centos.org/mailman/listinfo/centos-announce for OS update announcements! Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: I'm Stuck
At 11:31 PM 8/6/2008, you wrote: Dear List, Many thanks for all the suggestions! I will see if the Vaio can boot from a pen drive. Being several years old, I'm not sure. If not, the suggestion to put the drive in another computer is intriguing. Best regards, -- I have used this technique on Windows and Linux machines for many years (over a decade). This will work unless your file system is encrypted. Even then, I think, as long as you have the encryption key and nnative tools for the OS that mounts it, it will work. With the proliferation of USB and Firewire enclosures these days it has actually gotten easier.. especially with notebook drives! Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: ISC dhcpd and Vista clients
At 03:41 PM 7/31/2008, you wrote: on 7-31-2008 12:24 PM Tim Utschig spake the following: On 07/31/08 12:02, Scott Silva wrote: The other answer is to get ISC dhcpd to honor the broadcast flag, and broadcast all packets instead of unicasting the answer packets. That I can't find a setting for. I have no Vista clients to test with, but have you tried "always-broadcast on;" ? From "man dhcpd.conf" on CentOS 5.2: always-broadcast flag; The DHCP and BOOTP protocols both require DHCP and BOOTP clients to set the broadcast bit in the flags field of the BOOTP message header. Unfortunately, some DHCP and BOOTP clients do not do this, and therefore may not receive responses from the DHCP server.The DHCP server can be made to always broadcast its responses to clients by setting this flag to 'on' for the relevant scope; relevant scopes would be inside a conditional statement, as a parameter for a class, or as a parameter for a host declaration. To avoid creating excess broadcast traffic on your network, we recommend that you restrict the use of this option to as few clients as possible. For example, the Microsoft DHCP client is known not to have this problem, as are the OpenTransport and ISC DHCP clients. SO... I have to flood my network with broadcast traffic or pay the microsoft extortion... Bill strikes again! Thanks for that. I had been reading the dhcp man page (I should say book! What a long one.) I guess I missed that. I'll have to set any Vista clients to named hosts so I can limit the traffic. According to that man page, ISC implies that Vista is broken, and Microsoft implies that ISC is broken. Were playing the blame game again! How fun! ;-P And I thought it was going to get boring... Nice. Microsoft is regressing to its good old formula of flooding the LAN with lots of 'me too' and 'I am here' packets. Way to improve efficiency! Yep. Think I'll stick with XP SP2 where and when I can, until I am forced to move on. Cheers! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: ISC dhcpd and Vista clients
At 12:52 PM 7/31/2008, you wrote: on 7-30-2008 11:20 PM Paul Bijnens spake the following: Scott Silva wrote: on 7-30-2008 2:53 PM Paul Bijnens spake the following: Scott Silva wrote: Has anyone had good luck serving dhcp addresses to Vista clients that work reliably? I have a test system and I can't seem to find out how to properly get dhcpd to always respond with broadcast instead of unicast since Vista won't honor unicast dhcp packets. My Vista (my wife's actually) has no problems with unicast dhcp packets. Stock dhcpd server in CentOS 5, and Vista Home. Worked without any special config. Are you sure that is the problem? Not sure, but it is one of the suggested problems I see in many google searches. There are registry edits that help, but I don't want to have to do a bunch of edits when we get stuck with a hundred Vista machines. I have plenty of time, for now, to experiment. There are posts that say the subnet needs to be authoritative, but mine is. What happens is that the Vista system will not route outside the local subnet for more than 5 or 10 minutes. Do you mean that you do get an IP-number and default gateway from the dhcp server, but after 5 to 10 minutes, the default route setting gets lost? To me that would mean that the dhcp is working fine, but something else kicks in after that time that messes up the dhcp settings. Any additional firewall software on the laptop, like Norton etc. Or can you relate the loss of routing to an action on the dhcp server, like lease renewing etc. I think I am going to have to spend some more time on this. Maybe with a sniffer and some patience. The laptop just had Vista Ultimate because that is the version we acquired for testing, and our standard McAfee virus scanner. I will have to toss together a VM machine and try different combos of stuff. As a matter of fact I have a VM loaded on my laptop that I was playing with at home as it runs fine there. That way the only difference will be the change in location. It is just dog slow, but for this test it doesn't matter that much. I'll have to look at the troubled machine and see if I can detect problems in the routing tables and such. I just have to figure out if the same commands do what I want between Vista and XP, or if I need to do some reading. My recent reading has lead me to believe that Windows Vista comes with IPV6 enabled by default and can really generate some traffic if you do not turn it off and possibly cause problems if your network infrastructure does not support it. Is that possibly a problem? Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Updated bind marked as vulnerable
At 02:08 PM 7/30/2008, you wrote: Hi, I have a Centos 4.6 machine that even tough has been updated with the latest bind 9.2.4-28.0.1.el4 is marked as vulnerable by <https://www.dns-oarc.net/oarc/services/dnsentropy>https://www.dns-oarc.net/oarc/services/dnsentropy. I have another machine which also uses that same distro and is not. Do I have to do any other update? Hello, Big discussion on this group two weeks ago. Most likely, your problem is this line in /etc/named.conf: query-source address * port 53; Remove that and retest. However, be forewarned that it could cause problems with restarting named.. in which case, do not delete the line, just comment it, then uncomment if you get into trouble and reconsult the archives. That problem was resolved late week before last or early last week too. If you want some better advice, post your errors. Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: securing rsync over ssh
At 02:43 PM 7/29/2008, you wrote: On Tue, 29 Jul 2008, Kai Schaetzl wrote: I want to secure some remote rsyncs over ssh by using the command= option in .authorized_keys. As I understand I can use only the full command there, as it is not a list of "allowed commands" but the command that will be executed when logging in with this key. Now, I'm running several rsync commands on individual directories in the root, not just one command. I do that to pull different exclude lists in. I want to exclude nothing in some directories and a few different things in other directories. rsyncing per /rooted directory seems to be the cleanest and easiest way. All other combinations of complicated exclude/include lists may have unexpected results. I thought about putting the remote command in a shell script. However, I think this won't work as each rsync on the remote side will be executed with the first rsync command in the script on the local side. Is there a solution (besides using several keys or so)? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com By 'secure some remote rsyncs' do you mean only allow rsync but not interactive login? If so perhaps this will meet your needs: http://troy.jdmz.net/rsync/index.html Hello Kai, I wanted to reply with a solution, but I did not quite understand the problem.. It certainly appears that you have the rsync and ssh skills/competency to do what you want. Thanks, Glenn Parsons ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Dual video card, 1 monitor each (ref dual head) CentoS4.6 xorg does only 1 head
At 11:13 AM 7/22/2008, you wrote:
On Tue, 22 Jul 2008 06:03:16 -0400
"William L. Maltby" <[EMAIL PROTECTED]> took out a #2 pencil
and scribbled:
> I need to start running a dual head on one of my machines.
> Eventual target is CentOS 5.x. Decided to test first on my 4.6
> setup (eventually it will achieve 5.x). Both machines are fully
> up to date.
>
> The test machine is 4.6, 2 radeon video cards. Searched the web,
> CentOS site, even bugzilla. This bugzilla entry from a 4.2
> system), http://bugs.centos.org/view.php?id=1875
> had only a WFM response.
>
> I've attached a gzipped text file of pertinent information.
>
> Briefly, kudzu did the right thing when I installed the second
> card. System-config-display also behaved correctly. X start ok,
> but will only use one head at a time. Adding a second "BusID" so
> that both cards are explicitly addressed didn't help. When the 2
> "BusID" entries are switched, the active screen doesn't move
> (it's always "Screen0") and the ignored screen ("Screen1")
> remains the same. The monitor attached to the video card for
> "Screen0" becomes the active one.
>
> Q1: Anyone have a two video card CentOS 4.6 setup working?
>
> Q2: Is it working in CentOS 5?
>
> Q3: Anyone see something I'm doing wrong? Suggestions?
>
> TIA,
This was addressed on the list at one point, and marked as solved
by the poster.
http://lists.centos.org/pipermail/centos/2007-May/080915.html
Does this help you out? I haven't had occasion to play with dual
head yet.
A quick google also turned this up, but it is not directly related
to CentOS, I run an nvidia card and can't speak to how well this
would work for you.
http://www.linuxine.com/2008/06/how-to-enable-dual-monitors-with-ati-diplay-card-in-linux.html
Mind the line wrapping.
HTH
Alex White
Good reading, even though I am not doing dual-head at the moment.
First thing that popped in my head upon reading the initial request
was check Matrox.. they've always been on the high-end and I knew
their graphics cards were well supported in Linux. Shop eBay and see
Matrox' site (http://www.matrox.com/graphics/en/support/drivers/) to
compare whether the card has a Linux driver. Many of their models are
dual-head on one card.
Cheers,
Glenn
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] African IP addresses list
At 09:38 AM 7/1/2008, you wrote: On Tue, Jul 1, 2008 at 7:44 AM, Tony Wicks <<mailto:[EMAIL PROTECTED]>[EMAIL PROTECTED]> wrote: > I would like to add something, as a South African citizen. South Africa, is NOT part of Africa for that matter, it's a republic on it's own. It's almost like saying "Let's ban America, cause someone in Mexico spammed me". South Africa, which is on the 196/8 range does a LOT of business overseas in many countries, and I do want to warn that you could loose a lot of good business due to this practice. Most of the fraud you experience could come from Nigeria, or one of the other central & western Africa countries. To ban a whole continent because of problems some countries cause could be problematic. For that matter is China a different country from Russia, from Switzerland, even though they share the same land mass -- I need to put my 2c in here. I'm from New Zealand, we are a first world democratic country (the first in the worlds to give the vote to ALL adults I may mention). I have had the misfortune many of times of being unable to transact business because people from the US in their ignorance think, that New Zealand, isn't that part of Australia, which is right next to Asia, can't do business with those Asians, they will rip me off. Now sometimes people from the US have asked me why people in the other parts of the world get a bit annoyed at the "the only country that is free and true if the good old US of A" attitude, and well here you go as an example. Lets ban all of Africa because someone from Nigeria is a scammer. Africa is a pretty big place, and you know what, I've met many South Africans that are real nice (even employed a few). I've always been someone who defends America when people run it down, but it is a two way street, don't treat a whole country as criminals because you don't know the difference between one side of a continent from another, its kind of insulting you know. And some day you might well need the rest of us, you never know. If a business only wants to do transaction with people in their own country, what is wrong with that? There is no international law that says they have to provide services or products to you because you live in a different country. Sometimes the lost revenue by not doing business outside your own country is better than having to deal with the possibility of fraud. Sometimes it is more of a hassle to deal with shipping, service and/or support issues with people from a different country and it's just not worth it. -- -matt Hello All, I've seen a lot of very good and valid comments come out of this discussion! I had a mail server that, initially, had no need for foreign (Outside US) communication. Then exceptions started highly complicating the situation. I used this database lookup to compile a list, by country, of those I wanted to block based upon my mail server's history with communications with them and on the histories of my users/customers. http://ip.ludost.net/ Very useful tool! Cheers, Glenn Parsons ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade mail server to new machine
At 01:17 PM 6/24/2008, you wrote: I have an old RHEL3 box that I am upgrading to CentOS5. I picked up a new Dell Poweredge R200 to use for that. Is there an easy way to copy all the user accounts and existing mail from the old server to the new one? if local users copy /home/* /etc/passwd /etc/shadow after first making sure there are no dupes on new system as for mail - what format is tha mail box in? maybe as simple as copying /var/spool/something personally i like to use rsync for this as it keeps perms well if you ask it to - your tool of choice is your call though rsync is definitely a very good friend, especially with permissions and timestamps. Do 'man rsync' I use rsync -avz -e "ssh -p portxxx" source destination. My ssh port is non-standard. Very secure! Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Upgrade mail server to new machine
At 12:56 PM 6/24/2008, you wrote: I have an old RHEL3 box that I am upgrading to CentOS5. I picked up a new Dell Poweredge R200 to use for that. Is there an easy way to copy all the user accounts and existing mail from the old server to the new one? Thanks. -- -=/>Thom I have used Webmin/Virtualmin to backup and restore users/groups/virtualhosts and to move across servers for mail. http://www.webmin.com Cheers, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Mail problems? Need help finding this process!
Hello All, I can't get this one figured out. The few search hits I get on it suggest it is mail-related, but I don't even know how that was determined. Apr 11 12:18:17 mxt root: Process did not exit cleanly, returned 255 with signal 0 I get one of these per minute. I can't seem to tweak for more verbosity. Could someone tell me what is going on or point me to a place to start troubleshooting this? CentOS 5 final fully updated Sendmail 8.13.8 Dovecot 1.01 MailScanner 4.68.8 SpamAssassin 3.2.4 ClamAV 0.92.1 My milters have been turned off for troubleshooting. Thanks, Glenn ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
