[CentOS] Squashfs as rootfs
Hello. I'm trying to add option to grub menu (amongst other options) to boot from squashfs image. But 'root=live:/path/tofile' doesn't work. I didn't find anything useful on the internet. Anybody can point me in right direction? Maybe better choice is to replace grub with isolinux? I have working solution with iso with squashfs booting through PXE, but i don't know how to do this in grub. TIA -- Marcin Trendota ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Routing(?) issue
W dniu 14.09.2018 o 10:25, Deventer-2, M.S.J. van pisze: > this has nothing to do with CentOS but with your router which does not > support using the public IP from inside your network (which is quite > common). > If the port is open on your router when you access it from another > public IP then all is well. Thanks for info. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Routing(?) issue
W dniu 13.09.2018 o 22:19, Oleg Cherkasov pisze: > On 13. sep. 2018 21:02, Marcin Trendota wrote: >> >> There is nginx on port 80. >> I've turned off SELinux for testing purposes. >> >> [root@chamber ~]# nmap chamber -p80 >> [...] >> PORT STATE SERVICE >> 80/tcp open http >> >> [root@chamber ~]# nmap -p80 chmura. >> [...] >> PORT STATE SERVICE >> 80/tcp closed http > > Do a quick check with netstat/ss if you have nginx running on all > interfaces. [root@chamber ~]# netstat -l | grep http tcp0 0 0.0.0.0:http0.0.0.0:* LISTEN tcp6 0 0 [::]:http [::]:* LISTEN Looks like it is? Besides outside of my network this address works. (Sorry about private email (;) ) -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Routing(?) issue
Hello all I have weird problem i can't understand and don't know where to look. [root@chamber ~]# ip addr 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether bc:ae:c5:02:c7:dc brd ff:ff:ff:ff:ff:ff inet 10.0.0.200/24 brd 10.0.0.255 scope global noprefixroute enp1s0 valid_lft forever preferred_lft forever inet6 fe80::beae:c5ff:fe02:c7dc/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether c0:4a:00:03:bc:3e brd ff:ff:ff:ff:ff:ff inet 10.0.49.1/25 brd 10.0.49.127 scope global noprefixroute enp3s0 valid_lft forever preferred_lft forever inet6 fe80::6b5a:6660:981b:7b84/64 scope link noprefixroute valid_lft forever preferred_lft forever [root@chamber ~]# ip route default via 10.0.0.1 dev enp1s0 proto static metric 100 10.0.0.0/24 dev enp1s0 proto kernel scope link src 10.0.0.200 metric 100 10.0.49.0/25 dev enp3s0 proto kernel scope link src 10.0.49.1 metric 101 [root@chamber ~]# firewall-cmd --list-all --zone=home home (active) target: default icmp-block-inversion: no interfaces: enp3s0 sources: services: mdns samba http ipp-client dhcpv6-client vnc-server nfs dns dhcp imaps samba-client tftp smtp ports: 143/tcp 5666/tcp 2/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: root@chamber ~]# firewall-cmd --list-all --zone=external external (active) target: default icmp-block-inversion: no interfaces: enp1s0 sources: services: ssh http ports: protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: There is nginx on port 80. I've turned off SELinux for testing purposes. [root@chamber ~]# nmap chamber -p80 [...] PORT STATE SERVICE 80/tcp open http [root@chamber ~]# nmap -p80 chmura. [...] PORT STATE SERVICE 80/tcp closed http Same for any host within network (chamber is router). chmura.'s IP is public IP of chamber (well sort of - it's IP of ISP's router mounted on my chimney - it's WiMax or something like this). All ports are redirected to chamber (port 80 for sure). When i'm checking from network outside of mine, port is open and everything works as expected. I'm puzzled - really don't know what is happening. Any suggestions? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Change password and add user on RO filesystem
W dniu 05.09.2018 o 07:34, Keith Keller pisze: >> Is there any workaround (apart of remounting whole filesystem RW)? > Have you looked at this article? > https://warewolf.github.io/blog/2013/10/12/setting-up-a-read-only-rootfs-fedora-box/ > Unfortunately it doesn't really provide a local workaround, but if you > have something like LDAP available already that might be a way to go. I'm trying to keep it as simple as i can, so LDAP is last resort. But i'll consider it. > If not (and assuming you've added /etc/passwd and friends to > /etc/statetab*), one very crude option might be to manipulate the files > by hand. For /etc/passwd and /etc/group (if necessary) this is easy, > since it's just a plain text file with human-readable text. For > /etc/shadow this is slightly more complicated, since you need to > generate the password hash. For that you can use mkpasswd: > https://www.aychedee.com/2012/03/14/etc_shadow-password-hash-formats/ > Obviously doing this makes adding a user a nonatomic operation, so you > need to take care manipulating passwd and shadow in this way. (I don't > know if mkpasswd is available from a yum repo, but the included python > should be there.) Thanks for suggestion, i'll give it a try. > --keith -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Change password and add user on RO filesystem
Hi everyone I'm trying to create system with RO root filesystem, so i'm using /etc/sysconfig/readonly-root along wih /etc/rwtab and /etc/statetab. Apart of numerous problems with services running on RO filesystem (which i'm constantly resolving adding entries to /etc/statetab) one thing popped up. I'm unable to add user or change his password. Error is 'cannot lock /etc/passwd; try again later.'. After research it turns up (at least on Fedora, but i assume same on CentOS) some files being created in /etc. For example /etc/shadow., and some others with PID in name. Obviously it's impossible on RO filesystem... Is there any workaround (apart of remounting whole filesystem RW)? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] git public web frontends
W dniu 06.06.2018 o 12:06, Alice Wonder pisze: > Set up a CentOS 7.5 VM linode for git now that github has been bought. > I'm not anti-microsoft but I'm worried they will make changes that I > don't like (e.g. requiring ms account, changing billing, etc.) so I > figured better take control now. > Currently moving my private repos and have them set up in my home > directory there, but my public repos - I want to set them up with a web > interface so people can browse them etc. and do a git clone w/o needing > authentication. > I'll be putting those in /srv/git and using a different username than > the account for my private git repositories. > But... can anyone recommend a web front end? > It doesn't need to be as fancy as github but it does need to parse > markdown as all my documentation is in markdown. > Thanks for suggestions. > Preferably something that "just works" with CentOS 7. > -=- > What would be fantastic is if someone made some kind of federation type > service similar to how Mastodon works that lets public git repositories > that opt in be found without needing to be on a centralized server. > > But I doubt that currently exists. Have you tried GitLab? I'm currently testing it, i thing it could be self-hosted. You also can try gitbucket, we are using it and works on CentOS7 -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Allowing non-root users to reboot a workstation
W dniu 02.02.2018 o 18:27, Felipe Westfields pisze: > That seems to have worked on my own test account - I applied it to the user > having the issue and asked for his feedback when he gets a chance. > Thanks! > On Fri, Feb 2, 2018 at 11:40 AM, Darr247 wrote: >> Did you try adding >> UserName ALL= NOPASSWD: /sbin/reboot >> As the last line of their /etc/sudoers files? >> (replacing UserName with their actual user name, of course.) >> That should grant them root access to only the /sbin/reboot command (add >> more commands using comma delimiting). It may be more appropriate to place this line in separate file under /etc/sudoers.d/ -- MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Accessing crashed disk
W dniu 14.12.2017 o 23:06, Nizar Armansyah pisze: > If the data is important to you, don't mess around and contact a > reputable professional data recovery expert or company. If the data is important to you, you will get it back from your backups, won't you? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] SCL python3 and supervisor
Hi all Is there a possibility to run python3 application (python taken from SCL) under supervisor? I already have one python2 application, and want to add python3 (it's Django app if that matters). A was trying to add LD_LIBRARY_PATH as taken from "enable" script, but it doesn't seems to work (in log i have still python 2.7.5). Is it possible? -- Marcin Trendota ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Squashfs as root filesystem
W dniu 01.02.2017 o 13:37, Marcin Trendota pisze: > I have squashfs file i want use as root filesystem for diskless machines > (PXE boot). I can't figure out how to configure it. OK, i did it MoonWolf's way(TM). I wrote dracut module to deal with squashfs root. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Squashfs as root filesystem
Hello all I have squashfs file i want use as root filesystem for diskless machines (PXE boot). I can't figure out how to configure it. I was able to embed this file in initrd (builded by dracut) - but i don't know how to mount it in /sysroot automatically, and what put in 'kernel=' commandline option. Maybe there is another way to achieve this? TIA -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
W dniu 19.01.2017 o 14:54, Johnny Hughes pisze: >> So, it looks like something with docker-selinux and container-selinux... > Right, I wanted to mention that docker-selinux was replaced with > container-selinux in the lasest version. Shouldn't be docker-selinux automatically removed then? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux upgrade
W dniu 19.01.2017 o 10:17, Hal Wigoda pisze: > I have experienced this myself. It is very upsetting. It happened on servers with docker installed. I got error message there: # semanage port -a -t ssh_port_t -p tcp Re-declaration of type docker_t Failed to create node Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 OSError: Error After uninstalling: # yum remove docker* Wczytane wtyczki: fastestmirror, langpacks, priorities, versionlock Rozwiązywanie zależności --> Wykonywanie sprawdzania transakcji ---> Pakiet docker.x86_64 2:1.10.3-59.el7.centos zostanie usunięty ---> Pakiet docker-common.x86_64 2:1.10.3-59.el7.centos zostanie usunięty ---> Pakiet docker-forward-journald.x86_64 0:1.10.3-44.el7.centos zostanie usunięty ---> Pakiet docker-registry.x86_64 0:0.9.1-7.el7 zostanie usunięty ---> Pakiet docker-selinux.x86_64 0:1.10.3-46.el7.centos.14 zostanie usunięty --> Ukończono rozwiązywanie zależności [...] And then: # semanage port -a -t ssh_port_t -p tcp Re-declaration of type docker_t Failed to create node Bad type declaration at /etc/selinux/targeted/tmp/modules/100/docker/cil:1 OSError: Error # yum remove docker-selinux Wczytane wtyczki: fastestmirror, langpacks, priorities, versionlock Rozwiązywanie zależności --> Wykonywanie sprawdzania transakcji ---> Pakiet container-selinux.x86_64 2:1.10.3-59.el7.centos zostanie usunięty --> Ukończono rozwiązywanie zależności [...] # semanage port -a -t ssh_port_t -p tcp ValueError: Port tcp/ został już określony # semanage port -l | grep ssh ssh_port_t tcp , 22 So, it looks like something with docker-selinux and container-selinux... -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux upgrade
Hello All After recent system upgrade (this night) i lost access to two servers through SSH, because of change in SELinux policy - i have ssh there on different port and now it's gone. Thanks to puppet i was able to change SSH port back to default and log in, but is this expected behavior? I thought minor upgrade shouldn't break up things? Or maybe "semanage port -a -t ssh_port_t -p tcp port" isn't enough to ensure persistency? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] FirewallD and FTP passive mode
Howdy I'm trying to run FTP server behind firewall. And i can't enable passive mode from the Internet. There are plenty howtos but there aren't many with my combination. For now i have configured port forwarding and ftp server itself. On the router: # firewall-cmd --list-all --zone=external external (active) interfaces: enp3s1 sources: services: openvpn ssh ports: 1194/tcp 2666/tcp 88/tcp masquerade: yes forward-ports: port=21:proto=tcp:toport=:toaddr=10.0.32.7 port=10090-10100:proto=tcp:toport=:toaddr=10.0.32.7 port=88:proto=tcp:toport=80:toaddr=10.0.32.23 icmp-blocks: rich rules: I also did: # modprobe ip_conntrack_ftp ports=10090,10100 excerpt form vsftpd.conf on the FTP server: pasv_enable=Yes pasv_min_port=10090 pasv_max_port=10100 pasv_addr_resolve=Yes >From LAN or through VPN it works. But on the public address i can only log in, cannot turn into passive mode: Connected to ftp1.domain.com (xxx.xxx.xxx.xxx). 220 (vsFTPd 2.2.2) Name (ftp1.domain.com:root): user 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (10,0,32,7,39,111). ftp: connect: Connection timed out Also this IP looks weird - shouldn't it be public IP? What am i doing wrong? TIA. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] openocd
Does anybody have openocd-0.9.0 RPM for CentOS6 x86_64? I was able to compile F23's SRPM (along with two libraries - hidapi-0.7.0 from F19 and libusbx-1.0.14 from F19) but it gives me only "Segmentation fault". Unfortunately i'm too inexperienced to debug it by my own (gdb and strace didn't help me). -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron
After many hours of struggling with it, i did "crontab -u nobody -e" and put the same line in private nobody's crontab. Looks like it's working. Don't know why and how. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron
On Friday 22 of April 2016 8:10:04 PM Steven Ford wrote: > Seemed strange is all. Can the nobody user read down into > /var/www/html/osticket/api? If it works in tmp, maybe permissions are > the issue. As i said. sudo works as a charm. Cron rebels... -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron
On Saturday 23 of April 2016 10:08:54 AM Kahlil Hodgson wrote: > Anything interesting in the logs? > > sudo journalctl -xf _SYSTEMD_UNIT=crond.service Don't know. [root@kohrin cron.d]# sudo journalctl -xf _SYSTEMD_UNIT=crond.service -- Logs begin at śro 2015-12-02 22:34:16 CET. -- kwi 22 23:11:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:13:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:15:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:17:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:18:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:23:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:28:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:30:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:32:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) kwi 22 23:34:01 vz471 crond[30534]: (*system*) RELOAD (/etc/cron.d/osticket-cron) -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron
On Friday 22 of April 2016 5:58:39 PM Steven Ford wrote: > Why bother with */1? Wouldn't that be the same as just *? That's for debugging. It'll be */5 for production purposes. Anyway. It still doesn't work. Why? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cron
On Friday 22 of April 2016 11:40:33 PM Marcin Trendota wrote: > What the heck is wrong with cron? > > */1 * * * * nobody /usr/bin/php /var/www/html/osticket/api/cron.php > > in /etc/cron.d doesn't get executed at all (ran from console works of > course!). But the SAME file in /tmp runs flawlessly: Just to be clear: [root@kohrin cron.d]# sudo -u nobody /usr/bin/php /var/www/html/osticket/api/cron.php Works as expected. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] cron
What the heck is wrong with cron? */1 * * * * nobody /usr/bin/php /var/www/html/osticket/api/cron.php in /etc/cron.d doesn't get executed at all (ran from console works of course!). But the SAME file in /tmp runs flawlessly: */1 * * * * nobody /usr/bin/php /tmp/cron.php It's CentOS7 on VPS with no SELinux. I've noticed similiar behavior before (on bare metal server with SELinux). -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FirewallD issue
On Thursday 21 of April 2016 2:37:49 PM Gordon Messmer wrote: > On 04/21/2016 01:33 PM, Marcin Trendota wrote: > > It's OpenVPN on chamber. > What port is it using? I don't see the standard port listed in your > firewalld rules in either zone. 1194/udp. I added service openvpn and port 1194/udp (just to be sure) to both zones - no change. [root@chamber openvpn]# firewall-cmd --list-all home (default, active) interfaces: enp3s0 tun0 vbr0 virbr0 vnet0 vnet1 sources: services: dhcp dhcpv6-client dns http https imaps ipp-client mdns nfs openvpn samba samba-client vnc-server ports: 143/tcp 2/tcp 1194/udp masquerade: no forward-ports: icmp-blocks: rich rules: [root@chamber openvpn]# firewall-cmd --list-all --zone=external external (active) interfaces: enp1s0 sources: services: openvpn ports: 2/tcp 1194/udp masquerade: yes forward-ports: icmp-blocks: rich rules: > Also, you probably should specify tun+ instead of tun0, even if you > think there will only be one tunnel up at any given time. Specify where? Despite the fact than i can't scan their ports, i'm able to ping those hosts. Maybe it's not firewalld related? I can scan ports from chamber (home router). I'll try tcpdump maybe, to see what is going on with packets? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] FirewallD issue
On Thursday 21 of April 2016 9:08:09 AM Gordon Messmer wrote:
> On 04/21/2016 03:11 AM, Marcin Trendota wrote:
> > But from host in another location (connected through VPN):
> What host serves the VPN? If it's another host, how is that host
> connected to the router? If it's "chamber," what type of VPN is it?
It's OpenVPN on chamber.
I've just noticed that it's similiar from home to the other location.
To clear things: 10.0.49.0/26 it's my home network
10.0.32.0/22 is one of VLANs in work ("the other location").
>From chamber:
[root@chamber ~]# nmap 10.0.32.7
Starting Nmap 6.40 ( http://nmap.org ) at 2016-04-21 22:12 CEST
Nmap scan report for 10.0.32.7
Host is up (0.053s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
389/tcp open ldap
[CentOS] FirewallD issue
Hello everybody. Recently i moved external interface to zone "external" on my home server/router. And something strange is hapening. From my router (chamber, CentOS7) everything is fine: [root@chamber ~]# firewall-cmd --list-all home (default, active) interfaces: enp3s0 tun0 virbr0 sources: services: dhcp dhcpv6-client dns http https imaps ipp-client mdns nfs samba samba-client vnc-server ports: 143/tcp 2/tcp masquerade: no forward-ports: icmp-blocks: rich rules: [root@chamber ~]# firewall-cmd --list-all --zone=external external (active) interfaces: enp1s0 sources: services: ports: 2/tcp masquerade: yes forward-ports: icmp-blocks: rich rules: [root@chamber ~]# nmap 10.0.49.14 Starting Nmap 6.40 ( http://nmap.org ) at 2016-04-21 11:57 CEST Nmap scan report for 10.0.49.14 Host is up (0.00045s latency). Not shown: 997 closed ports PORTSTATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https MAC Address: 52:54:00:D6:6D:4A (QEMU Virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds But from host in another location (connected through VPN): moonwolf ~ nmap 10.0.49.14 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 11:59 CEST Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.06 seconds moonwolf ~ nmap 10.0.49.14 -Pn -p22 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-21 11:59 CEST Nmap scan report for svn.karakkhaz.dwarfs (10.0.49.14) Host is up (0.015s latency). PORT STATESERVICE 22/tcp filtered ssh Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds moonwolf ~ ping 10.0.49.14 PING 10.0.49.14 (10.0.49.14) 56(84) bytes of data. 64 bytes from 10.0.49.14: icmp_seq=1 ttl=62 time=9.45 ms 64 bytes from 10.0.49.14: icmp_seq=2 ttl=62 time=26.0 ms ^C --- 10.0.49.14 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 9.459/17.754/26.050/8.296 ms What could cause this behavior? Before interface move everything was working as expected. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow authentication on C7
W dniu 12.04.2016 o 18:56, David Nelson pisze: > On 04/12/2016 09:51 AM, James Hogarth wrote: >> To the OP enumerate is always painful, I'd remove that for a start. > This was my experience too, for what it's worth. When I first set up a > new system pointed at LDAP it was absurdly slow to authenticate. Setting > Enumerate to False in /etc/sssd/sssd.conf made all the difference. At the beginning it was off. I've turned it on hoping it will eventually speed up authentication. With no success. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow authentication on C7
W dniu 12.04.2016 o 09:45, Marcin Trendota pisze: > DNS works fine. I think that sssd communicates with LDAP server with > every authentication - i have tons of following entries in log: > http://pastebin.com/rZVjk0gW > And it repeats for same user over and over again. Is this correct behavior? authconfig --enableforcelegacy --disablesssd --disablesssdauth --updateall Did the trick - so it looks like it's problem with SSSD. I would like not to remove it, but it's production server and must works flawlessly. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Slow authentication on C7
W dniu 11.04.2016 o 20:07, Scott Robbins pisze: >>> Any ideas? >> DNS? > Is LDAP listed in the /etc/nsswitch.conf? In nsswitch.conf i have: passwd: files sss shadow: files sss group: files sss DNS works fine. I think that sssd communicates with LDAP server with every authentication - i have tons of following entries in log: http://pastebin.com/rZVjk0gW And it repeats for same user over and over again. Is this correct behavior? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Slow authentication on C7
Recently i've migrated our SVN server (virtual machine) from C6 to C7
(more precisely - migrated data to freshly installed virtual machine).
And we have problem with very slow authentication. Server is configured
with SSSD, user data are fetching from our LDAP server. SVN is
configured with apache (pwauth for authentication + LDAP search for
Require ldap-group).
It takes pwauth even 10 seconds to authenticate. Whet it comes to svn's
externals it could take as long as 9 minutes to _svn up_ project (when
there are no commits to fetch). Every external may take even 15 seconds
(and sometimes even more).
SSSD was configured at first with authconfig / authconfig-tui.
I was struggling with SSSD configuration but with no success. I'm not
sure where to look (SSSD, apache?). How can i debug this issue?
sssd.conf:
[domain/default]
autofs_provider = ldap
cache_credentials = True
krb5_realm = #
ldap_search_base = ou=Main,o=company
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldap://ldap.our.domain/
ldap_group_search_base = ou=Group,ou=Main,o=company
ldap_user_search_base = ou=People,ou=Main,o=company
ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = allow
#debug_level = 4
refresh_expired_interval = 120
enumerate = True
ldap_referrals = False
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
homedir_substring = /home
entry_cache_timeout = 5400
[pam]
pam_id_timeout=20
apache:
LDAPCacheTTL 30
ErrorLog logs/svn_http_error_log
CustomLog logs/svn_http_access_log "%t %u %{SVN-ACTION}e" env=SVN-ACTION
ServerName svn.our.domain
DirectoryIndex none
DefineExternalAuth pwauth pipe /usr/bin/pwauth
#AddExternalGroup unixgroup /usr/sbin/unixgroup
#SetExternalGroupMethod unixgroup environment
SVNPathAuthz off
DAV svn
SVNPath /home/repos/subversion_free_avr
AuthBasicAuthoritative off
AuthBasicProvider socache external
AuthExternal pwauth
AuthnCacheProvideFor external
AuthType Basic
AuthName "Subversion repository"
AuthLDAPURL ldap://ldap.our.domain/ou=Main,o=company
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=programmers,ou=group,ou=main,o=company
#GroupExternal unixgroup
#Require group programmers
#Require valid-user
#AuthzSVNAccessFile /home/repos/svn.access
On same server we have redmine (with database on separate server and
LDAP auth) and git repositories (with gitbucket as frontend, also LDAP
auth) but those repos aren't extensively used right now. Redmine works
not-so-bad, so i guess it is not overall server performance issue.
Disks performance (measured under normal workload):
[root@luah pam.d]# hdparm -tT /dev/vda
/dev/vda: (system)
Timing cached reads: 11412 MB in 2.00 seconds = 5710.28 MB/sec
Timing buffered disk reads: 522 MB in 3.63 seconds = 143.79 MB/sec
[root@luah pam.d]# hdparm -tT /dev/vdd
/dev/vdd: (/home where all data resides)
Timing cached reads: 10020 MB in 2.00 seconds = 5013.17 MB/sec
Timing buffered disk reads: 172 MB in 3.20 seconds = 53.73 MB/sec
It's comparable with other our VMs.
Any ideas?
--
Over And Out
MoonWolf
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Screen
W dniu 30.10.2015 o 10:53, Andrew Holway pisze: > Hey > > I like to use Ctrl+A and Ctrl+E a lot to navigate my insane big bash one > liners but this is incompatible with Screen which has a binding to Ctrl-A. > Is it possible to move the screen binding so I can have the best of both > worlds? Of course you can send CTRL+a to application in screen by pressing "CTRL+a a" -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new laptop: DVD or Blu-ray
Dnia czwartek, 20 sierpnia 2015 9:50:48 AM Valeri Galtsev pisze: > > capacity became a problem. Recently we have switched to RDX. > Which RDX? This: > https://en.wikipedia.org/wiki/RDX > ? This one: https://en.wikipedia.org/wiki/RDX_Technology (:) -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new laptop: DVD or Blu-ray
W dniu 20.08.2015 o 13:52, Mauricio Tavares pisze: > On Thu, Aug 20, 2015 at 7:34 AM, Marcin Trendota > wrote: >> W dniu 20.08.2015 o 13:26, Mauricio Tavares pisze: >>> On Aug 20, 2015 6:54 AM, "ken" wrote: >>>> >>>> One of the build options for a laptop I'm looking at buying is DVD vs >>> Blu-Ray. I've never used Blue-ray before, so is there some compelling >>> reason, as a Linux guy, to want to get Blu-ray? >>>First of all, is this going to be your desktop or a server? If the >>> later, can't see the point for blueray. One of the compelling reasons >>> against is that only movies use it. Second, it has dmr crap in it that >> I used to use Blu-Ray as backup device. > In that case, the concern about drm is null and void. That said, > how did that work out for you? I thought about doing that because of > the sheer capacity but my experience using DL DVDs for backup was not > as good as the original claims. Retention was not good after a year or > so, which led me to use hard drives instead with a slow rotation > policy and keeping hardware to read it (poor man's futureproofing). Well, retention was not an issue in my case (that were monthly backups, we didn't need to keep old backups). But eventually capacity became a problem. Recently we have switched to RDX. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] new laptop: DVD or Blu-ray
W dniu 20.08.2015 o 13:26, Mauricio Tavares pisze: > On Aug 20, 2015 6:54 AM, "ken" wrote: >> >> One of the build options for a laptop I'm looking at buying is DVD vs > Blu-Ray. I've never used Blue-ray before, so is there some compelling > reason, as a Linux guy, to want to get Blu-ray? >First of all, is this going to be your desktop or a server? If the > later, can't see the point for blueray. One of the compelling reasons > against is that only movies use it. Second, it has dmr crap in it that I used to use Blu-Ray as backup device. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backup PC or other solution
W dniu 07.05.2015 o 11:46, Alessandro Baggi pisze: > I don't know why and don't know if in previous CentOS releases was > included. It is in EPEL. > BackupPC is available for C7 from nux repo, but this is an external repo. Good enough, thanks for info. -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backup PC or other solution
W dniu 06.05.2015 o 21:21, Alessandro Baggi pisze: > What do you mean about Backup PC? > Any experiences? > What solution do you use? BackupPC is good, howewer it's a pity you can't search for a file in GUI. But it works well, i'm backing up 32 hosts (servers, desktops). Can somebody tell me why it's not available for CentOS7? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NFS Stale file handle drives me crazy (Centos 6)
Dnia czwartek, 2 kwietnia 2015 3:03:53 PM Götz Reinicke - IT Koordinator pisze: > Hi folks, > I have a Centos 6 NFS server, which dirves me crazy. > The directory I try to export cant be accessed by different clients. > I tried a centos 7, centos 6 and a pool of vmware esxi 5.5 systems. > At the client side I get errors like: > mount.nfs: Stale file handle [...] > I use xfs on all shared filesystems. > Googling for VMWARE and native NFS suggestions did not help so far :-/ > Any hint or suggestion is very very welcome! Regard & thanks . Götz I had similar problem: https://www.centos.org/forums/viewtopic.php?f=13&t=49422 Is your C6 server 32 or 64bit? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Something like apt-cacher for CentOS/RHEL?
Dnia sobota, 7 marca 2015 12:16:14 AM John R Pierce pisze: > I maintain a local mirror of the centos repository with a simple lftp > script, and configure my clients to get updates from this mirror via > the /etc/yum.repos.d files And why not rsync? -- Over And Out MoonWolf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
