[CentOS] Missing devel packages?
Hello CentOS, After performing an update on July 23, on 9 stream, I did notice problems with egl-wayland. In the AppStream repository, the package: * egl-wayland-1.1.9-2.el9.x86_64.rpm is present, but it's "-devel" counterpart seems missing. So, if you have an older version of egl-wayland-devel installed, it complains that it cannot upgrade "egl-wayland". Same problem seems also to occurs with: * python3-greenlet-1.1.2-3.el9.x86_64.rpm Did I make a mistake or those "-devel" packages are really missing? Best, -- .-. J e a n - P a u l C h a p u t / Administrateur Systeme /v\ jean-paul.cha...@lip6.fr /(___)\ work: (33) 01.44.27.53.99 ^^ ^^cell: 06.66.25.35.55 home: 09.65.29.83.38 S U Sorbonne Université (former UPMC) L I P 6 Laboratoire d'Informatique de Paris VI C I A N Circuits Intégrés Analogiques & Numériques signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash script input password automatically.
On Fri, 22 Jul 2022, Kaushal Shriyan wrote: Hi, I have the below commands to generate keystore.pkcs12 and keystore.jks files on CentOS Linux release 7.9.2009 (Core) openssl pkcs12 -export -clcerts -in fullchain1.pem -inkey privkey1.pem -out keystore.pkcs12 -name javasso keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype jks -alias javasso I have created a small shell script to generate both keystore.pkcs12 and keystore.jks files. It prompts for a password. Is there a way to key in a password without prompt or non-interactive way? For example password is stored in a file and the bash script will source it instead of manually typing the password. Please suggest. Thanks in advance. See the "PASS PHRASE ARGUMENTS" section of the openssl(1) man page for the various ways openssl can get a password. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ceph beginner, how to initialize a new node on a blank system?
On Mon, 21 Feb 2022, Ralf Prengel wrote: Hallo, first steps in the ceph world. My question: Is there a way to initialise an empty system to be fully configured and active in a ceph cluster. My idea: Booting an empty system using an iso and everything is working some minutes later. Unsig for example pxe and kickstart surely works too but my idea is that an new node perfectly fits in every aspect. Do you mean something like ceph-ansible? https://docs.ceph.com/projects/ceph-ansible/en/latest/ -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [CentOS Stream 8] Update of IPA server broken - bind-dyndb-ldap needs to be rebuilt?
On Wed, 9 Feb 2022, Johnny Hughes wrote: Caused by a rebase of bind, but the new idm:DL1 module lagged behind a little bit. Was fixed with the push about 9 hours ago. Johnny, I see idm:DL1 (and idm:client) in Stream 9, but not Stream 8. I just refreshed the dnf cache in the latter, so I think I'm fully up to date. Am I missing something? -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Introducing CentOS Stream 9
On Fri, 3 Dec 2021, Josh Boyer wrote: Josh, Thank you for the reply! I'm still poking around Stream 9, trying to devise some site-specific configuration-management rules, so I appreciate all the information I can get. Of note: java, perl and ruby are entirely streams now, while python remains tied to the base OS. All RDBMS releases are streams. There is no Tomcat! libgcc is part of the base OS but is also a stream. I'm not sure how that will work. I can clarify that a bit. We have Application Streams and separately the AppStream repo. The AppStream repo contains the Application Streams, but it also contains things that are still part of the standard OS that aren't what we'd consider "Base" or "core". Ah! I hadn't understood that distinction. Thanks for the clarification. We'll have a similar page for RHEL 9 when that is released, but your list of languages and RDBMS in CentOS Stream 9 is a good start. Also, the python language stack will be slightly different in 9. We still have a system python (platform-python in RHEL8/CentOS Stream 8), which is python 3.9 but the packaging format is a more traditional RPM packaging. The same concept applies to the system level gcc, and therefore libgcc. Does that mean there might be, say, a python310 or gcc12 stream? RHEL 8 does not include Tomcat either, so that is not new. Heh. I guess I should have looked at that. None of our internal Tomcat users have yet moved to EL8. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Introducing CentOS Stream 9
On Fri, 3 Dec 2021, Johnny Hughes wrote: Rich Bowen has posted a blog entry "Introducing CentOS Stream 9" https://blog.centos.org/2021/12/introducing-centos-stream-9/ More details here: https://centos.org/stream9/ I installed CentOS 9 Stream on Nov 17 as a VM. (VMware note: to install from the DVD ISO, you must use UEFI boot and the "Secure" option must be deselected.) I did a quick summary of some of the packages that are important to us at work; obviously, our work priorities may not align with your needs, but you might find the list useful in case you're interested in CentOS itself or in what RHEL 9 or its clones (Oracle, Rocky, etc) is likely to resemble: Base OS: * glibc 2.34 * kernel 5.14.0 * openssh 8.7p1 * openssl 3.0.3 * python3 3.9.8 * samba 4.14.5 AppStream: * Bacula 11.0.1 * gcc 11.2.1 * httpd 2.4.48 * java 8, java 11, java 17 * mariadb 10.5.12 * mysql 8.0.22 * nginx 1.20.1 * openmpi 4.1.1 * perl 5.32.1 + all modules * php 8.0.6 * postgresql 13.3 * python3 modules Of note: java, perl and ruby are entirely streams now, while python remains tied to the base OS. All RDBMS releases are streams. There is no Tomcat! libgcc is part of the base OS but is also a stream. I'm not sure how that will work. As of yesterday, "dnf module list" is pretty sparse. I assume that will change over time. So far, my overall impression is that it behaves not too differently from EL8/CentOS 8. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running Centos 8 Stream: Do I need to remove any of the repos?
On Mon, 29 Nov 2021, Jay Hart wrote: Using the same command shows: # dnf repolist repo id repo name appstream CentOS Stream 8 - AppStream baseosCentOS Stream 8 - BaseOS epel Extra Packages for Enterprise Linux 8 - x86_64 epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 extrasCentOS Stream 8 - Extras remi-modular Remi's Modular repository for Enterprise Linux 8 - x86_64 remi-safe Safe Remi's RPM repository for Enterprise Linux 8 - x86_64 I'll assume you know what you're doing with the "Remi" repository, since it's an unknown to me. Otherwise, your repository list looks good to me. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Running Centos 8 Stream: Do I need to remove any of the repos?
On Sun, 28 Nov 2021, Jay Hart wrote: Here is a list of the repos I have. As I am now running Centos 8 Stream, should I remove any of the repos below to avoid package versioning issues? # ls -al /etc/yum.repos.d/ total 108 drwxr-xr-x. 2 root root 4096 Nov 15 16:18 . drwxr-xr-x. 152 root root 12288 Nov 28 10:17 .. -rw-r--r--. 1 root root 790 Jun 7 2020 CentOS-AppStream.repo.rpmsave -rw-r--r--. 1 root root 771 Jun 7 2020 CentOS-Base.repo.rpmsave -rw-r--r--. 1 root root 792 Jun 7 2020 CentOS-PowerTools.repo.rpmsave -rw-r--r--. 1 root root 713 Sep 14 21:11 CentOS-Stream-AppStream.repo -rw-r--r--. 1 root root 698 Sep 14 21:11 CentOS-Stream-BaseOS.repo -rw-r--r--. 1 root root 316 Sep 14 21:11 CentOS-Stream-Debuginfo.repo -rw-r--r--. 1 root root 698 Sep 14 21:11 CentOS-Stream-Extras.repo -rw-r--r--. 1 root root 734 Sep 14 21:11 CentOS-Stream-HighAvailability.repo -rw-r--r--. 1 root root 696 Sep 14 21:11 CentOS-Stream-Media.repo -rw-r--r--. 1 root root 718 Sep 14 21:11 CentOS-Stream-PowerTools.repo -rw-r--r--. 1 root root 690 Sep 14 21:11 CentOS-Stream-RealTime.repo -rw-r--r--. 1 root root 748 Sep 14 21:11 CentOS-Stream-ResilientStorage.repo -rw-r--r--. 1 root root 1568 Sep 14 21:11 CentOS-Stream-Sources.repo -rw-r--r--. 1 root root 1485 Sep 4 13:28 epel-modular.repo -rw-r--r--. 1 root root 1564 Sep 4 13:28 epel-playground.repo -rw-r--r--. 1 root root 1422 Sep 4 13:28 epel.repo -rw-r--r--. 1 root root 1584 Sep 4 13:28 epel-testing-modular.repo -rw-r--r--. 1 root root 1521 Sep 4 13:28 epel-testing.repo -rw-r--r--. 1 root root 358 Nov 15 16:18 redhat.repo -rw-r--r--. 1 root root 935 Jul 5 10:00 remi-modular.repo -rw-r--r--. 1 root root 1448 Jul 5 10:00 remi.repo -rw-r--r--. 1 root root 810 Jul 5 10:00 remi-safe.repo The file listing doesn't show which repositories are enabled or disabled. On my Stream 8 machine, which does light duty as a mail and web server, dnf reports only six active repos: [root@omega ~]# dnf repolist repo id repo name appstream CentOS Stream 8 - AppStream baseosCentOS Stream 8 - BaseOS epel Extra Packages for Enterprise Linux 8 - x86_64 epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 epel-next Extra Packages for Enterprise Linux 8 - Next - x86_64 extrasCentOS Stream 8 - Extras I don't know anything about the remi* repositories, so I can't speak to them. I suspect the redhat.repo file is nothing but comments, but you'd need to verify its contents. Otherwise, your *.repo list looks pretty functional. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos versions in the future?
On Thu, 8 Jul 2021, Jonathan Billings wrote: Long uptimes are a thing of the past. Build redundancy into your infrastructure so you can handle reboots. +1 Beyond building redundancy, I'd suggest building the culture that sees regular maintenance windows as a provider of, not a drag on, value. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating
On Mon, 5 Jul 2021, Adrian Jenzer wrote: Hi Paul Thanks, but how do you "skip the crypto-policy for Apache"? It seems like crypto-policies configuration is overwriting my values in httpd-configuration. How I enforce the values in httpd.conf ? I haven't taken the time necessary to figure out where exactly the 'PROFILE=SYSTEM' string gets parsed and replaced, so I can't answer your specific question. In my case, I don't use any Include or IncludeOptional statements in the main httpd.conf; it's all there in one file. Obviously, my solution won't work for everyone. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 8 crypto-policy to get SSL Labs A rating
On Wed, 30 Jun 2021, Adrian Jenzer wrote: Dear Community I try to get an SSL Labs A rating for my CentOS8 Apache-server. I'am sure it has to do with my lack of understanding the crypto-policies configuration, can anybody give me an advice where i am wrong? My understanding is that the configuration in the pmod-file will override the ssl.conf values if PROFILE=SYSTEM is active. I personally skip the crypto-policy for Apache, relying on a traditional httpd.conf stanza instead: # ... SSLCipherSuite "EECDH+AESGCM:EDH+AESGCM" SSLProtocol -all +TLSv1.3 +TLSv1.2 In conjunction with other TLS best practices, these settings seem to do the trick (read: Qualys likes them), albeit while excluding some older browsers. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync over ssh stalls after completing the job
On Wed, 14 Apr 2021, Leon Fauster via CentOS wrote: On 14.04.21 06:40, Frank Cox wrote: This doesn't work: Host * ForwardX11 yes host jeff ForwardX11 no IMHO - first win. It should be Host jeff ForwardX11 no Host * ForwardX11 yes I think that's right. My ssh config has what amounts to four sections: 1. Directives that should not be overridden, ever 2. Host-specific directives 3. Network-specific directives 4. Fall-through defaults For example: # = %< = # don't override StrictHostKeyChecking ask # host settings Host dev.my.net prod.my.net ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes # network settings Host *.my.net Compression yes IdentityFile ~/.ssh/id_ed25519 # defaults Host * Compression no ForwardAgent no ForwardX11 no ForwardX11Trusted no Protocol 2 # = %< = -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync over ssh stalls after completing the job
On Tue, 13 Apr 2021, Frank Cox wrote: Here's a weird one. I have two Centos 8 machines that use rsync-over-ssh to back up files between each other. (Each machine acts as a backup machine for the other one.) There's are nightly cronjobs that do the backing up, the commands look like this: rsync -av --delete /home/mydirectory jeff:/home/mydirectorybackup That command works fine when it's run through the cronjob. When I try to run a rsync command between mutt and jeff from the commandline, that's where the problem starts. It worked a few days ago but now when I log into jeff and do a rsync to or from mutt it works fine. When I log into mutt and do a rsync to or from jeff it works and does the job, but then it seems to stall afterward and I have to hit ctrl-c to get my cursor back. Is there any chance that your shell is configured to emit anything to stderr or stdout when you logout of jeff? It's fairly rare, but I've seen logout messages mess up rsync before. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XML parsing in shell script
On Thu, 18 Mar 2021, H wrote: I just checked and I cannot see that the organization publishing these data files offer any XSLT stylesheet. IOW, I am, perhaps incorrectly, assuming that the publisher of the data would be one with said stylesheet. (Although perhaps that is something an end-user could put together as well??) Some high-profile XML schemata (e.g., DocBook) have published stylesheets, but mostly I've written my own. I have a very trivial example in a blog post from several years ago: https://www.madboa.com/blog/2014/09/10/strip-rss/ (My site is completely non-commercial. I gain nothing by you visiting it -- or ignoring it.) -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] XML parsing in shell script
On Thu, 18 Mar 2021, H wrote: I have a challenge I am interested in getting feedback on. I will on a regular basis download a series of data files from the web where the data is in XML-format. The format is known in advance but is different between the various data files. I then plan to extract the various data items ("elements?") from each data file, do some light formatting and then save desired parts of each original data file as a formatted CSV-file for later importing into a database. As the plan is to use a bash shell script using curl to get the files, I have begun looking at external XML parsers that I can call from my script, perhaps specify which elements I want, get the data back in some kind of bash data structure and finally format and save as CSV-files. There seems to be a number of XML parsers available but perhaps someone on the list has a recommendation for which one might suit my needs best? I should add that I am running CentOS 7. Will you be using an XSLT stylesheet to do the work? There's a somewhat steep learning curve, but in my experience it's the most reliable method for parsing XML except in the very simplest of cases. In that case, the libxslt stuff may be what you want: http://xmlsoft.org/libxslt/ The command-line tool is xsltproc. Again, it's not easy to use, but once you've built a toolchain, it will be reliable and fairly easy to modify if the source XML schema change. -- Paul Heinlein heinl...@madboa.com 45.38° N, 122.59° W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] R730xd & SD card identfication
On Sun, 7 Mar 2021, Gregory P. Ennis wrote: Everyone, We have migrated a platform to a Centos 8 host using kvm guest machines Recently I tried to copy one of the guests to the external SD card on the back of the Dell R730xd, but I have not been able to get the Centos 8 host to recognize the SD card. I can use DRAC interface of the R730xd to see that the SD card is being recognized and the status of the external SD slot is turned from inactive to active when the card is inserted. On some of our machines (not Dell R730 series, so caveat emptor), I had to use the kmod-isci RPM from ELRepo.org to get EL8 hosts (both CentOS and RHEL) to recognize Intel SATA controllers. The same controller is recognized just fine by EL7 kernels, but the isci driver was removed in RHEL 8: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/considerations_in_adopting_rhel_8/index#removed-device-drivers_hardware-enablement My suggestion is that you try finding a driver at http://elrepo.org/. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] OpenStack Training Recommendations
Our team at work is looking for OpenStack training options. The training should cover * overview of widely used OpenStack services * network architecture * installation and configuration * ongoing administration, maintenance, and troubleshooting * upgrading We'd prefer workflows based around Puppet or Ansible, since we know those tools, but operational continuity is more important than the tools used. We'd likewise prefer solutions oriented toward CentOS or RHEL, but, again, it's just a preference. We've investigated kolla-ansible for deployment, but we're not adverse to changing toolsets if the upside is right. I'd characterize our team as journeymen to expert system administrators. We specialize in supporting research groups. The training would be to provide skills and knowledge for our team to support OpenStack as a long-term in-house virtualization option. I'd love to hear your first-hand experiences with any specific training offerings. Thanks! (Note: we have other virtualization solutions in place. OpenStack is specifically required by researchers whose wider scientific communities have built workflows for that environment. Suggestions to ditch OpenStack for OtherGreatSolution will be ignored.) -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Permission denied when updating CentOS 8 Streams
On Fri, 19 Feb 2021, Mathieu Baudier wrote: Hello, On a remote server (in an IPv6-only infrastructure) I am getting the following error when trying to update CentOS 8 Streams x86_64: $ sudo dnf upgrade --refresh Failed to set locale, defaulting to C.UTF-8 CentOS Stream 8 - AppStream 0.0 B/s | 0 B 00:16 Errors during downloading metadata for repository 'appstream': - Curl error (7): Couldn't connect to server for http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock [Failed to connect to mirrorlist.centos.org port 80: Permission denied] Error: Failed to download metadata for repo 'appstream': Cannot prepare internal mirrorlist: Curl error (7): Couldn't connect to server for http://mirrorlist.centos.org/?release=8-stream&arch=x86_64&repo=AppStream&infra=stock [Failed to connect to mirrorlist.centos.org port 80: Permission denied] Try using an https:// URL. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificate Authority (CA) in CentOS 7 to create digital certificates
On Tue, 16 Feb 2021, Jos Vos wrote: On Tue, Feb 16, 2021 at 11:03:14PM +0530, Kaushal Shriyan wrote: I am running CentOS Linux release 7.9.2009 (Core). Is there a way to configure a Certificate Authority (CA) in CentOS 7 to create digital certificates for servers on LAN or for VPN clients that need SSL Certificates? FWIW: I use the "easy-rsa" package for that (standard in Fedora, for RHEL/CentOS 7/8 it's in the EPEL 7/8 repository). I use the easyrsa package as well. It can be found in the OpenVPN source code, if you need to download it directly. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] dovecot option PROFILE=SYSTEM
On Wed, 6 Jan 2021, Kenneth Porter wrote: --On Tuesday, January 05, 2021 7:40 PM -0800 david wrote: In examining the file /etc/dovecot/conf.d/10-ssl.conf I see the text line: ssl_cipher_list = PROFILE=SYSTEM Yet, I cannot find any documentation that explains what that causes, where the values are stored. I ask because I don't see that text line in other installations of Dovecot 2.3 on other distros. Can anyone point me to an explanation? The value of ssl_cipher_list is passed directly to OpenSSL's SSL_CTX_set_cipher_list(): <https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_set_cipher_list.html> See here for the meaning of PROFILE=SYSTEM: <https://fedoraproject.org/wiki/Changes/CryptoPolicy#Scope> Additionally, on your local system, look at * the crypto-policies(7) man page * the update-crypto-policies(8) man page * the contents of the /etc/crypto-policies directory tree Several applications use these policies, so it's worthwhile to take a look around. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Software raid Oddity
I have a CentOS 7.9 system with a software raid 6 root partition. Today something very strange occurred. At 6:45AM the system crashed. I rebooted and when the system came up I had multiple emails indicating that 3 out of 6 drives had failed on the root partition. Strangely I was able to boot into the system and everything was working correctly despite > cat /proc/mdstat also indicating 3 out of 6 drives had failed. Since the system was up and running despite the fact more than 2 drives had failed in the root raid array I decided to reboot the system. Actually I shut it down, waited for the drives to spin down and then restarted. This time when it came back the 3 missing drives were back in the array and a cat /proc/mdstat indicated all 6 drives were again in the raid 6 array. So a few questions: 1.) If 3 our of 6 drives of a raid 6 array supposedly fail, how does the array still function? 2.) Why would a shutdown/restart sequence supposedly fix the array? 3.) My gut suggests that the raid array was never degraded and that my system (i.e. cat /proc/mdstat) was lying to me. Any Opinions? Has anybody else ever seen such strange behavior? -- Paul (ga...@nurdog.com) Cell: (303)257-5208 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update CentOS 6 one last time?
We resolved the issue by modifying the CentOS-Base.repo by adding the appropriate URL's to the various sections, for example: baseurl=http://vault.centos.org/6.10/os/$basearch/ Thank you, Paul On Tue, Dec 8, 2020 at 1:25 PM Paul Storck wrote: > Thank you for the response. I added (copied, edited, pasted from the C6.9 > section) the following to the /etc/yum.repos.d/CentOS-Vault.repo file but > I still get the same error message. > I'm thinking the paths are incorrect in my file because when I try to go > to directly to the URL (http://vault.centos.org/6.10/os/$basearch/) I get > a "404 Not Found" > > [C6.10-base] > name=CentOS-6.10 - Base > baseurl=http://vault.centos.org/6.10/os/$basearch/ > gpgcheck=1 > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 > enabled=1 > > [C6.10-updates] > name=CentOS-6.10 - Updates > baseurl=http://vault.centos.org/6.10/updates/$basearch/ > gpgcheck=1 > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 > enabled=1 > > [C6.10-extras] > name=CentOS-6.10 - Extras > baseurl=http://vault.centos.org/6.10/extras/$basearch/ > gpgcheck=1 > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 > enabled=1 > > [C6.10-contrib] > name=CentOS-6.10 - Contrib > baseurl=http://vault.centos.org/6.10/contrib/$basearch/ > gpgcheck=1 > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 > enabled=1 > > [C6.10-centosplus] > name=CentOS-6.10 - CentOSPlus > baseurl=http://vault.centos.org/6.10/centosplus/$basearch/ > gpgcheck=1 > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 > enabled=1 > > > On Tue, Dec 8, 2020 at 8:45 AM Subscriber wrote: > >> - On Dec 8, 2020, at 6:31 PM, Paul Storck via CentOS >> centos@centos.org wrote: >> >> > Hello, is it possible to install the final updates for CentOS 6? >> > I ran a yum update and I received this message "Error: Cannot find a >> valid >> > baseurl for repo: base" >> > I assume it's due to the EOL of CentOS 6? >> >> You can add 6.10 section to /etc/yum.repos.d/CentOS-Vault.repo and after >> that install all last updates for CentOS 6 >> > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Update CentOS 6 one last time?
Thank you for the response. I added (copied, edited, pasted from the C6.9 section) the following to the /etc/yum.repos.d/CentOS-Vault.repo file but I still get the same error message. I'm thinking the paths are incorrect in my file because when I try to go to directly to the URL (http://vault.centos.org/6.10/os/$basearch/) I get a "404 Not Found" [C6.10-base] name=CentOS-6.10 - Base baseurl=http://vault.centos.org/6.10/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 enabled=1 [C6.10-updates] name=CentOS-6.10 - Updates baseurl=http://vault.centos.org/6.10/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 enabled=1 [C6.10-extras] name=CentOS-6.10 - Extras baseurl=http://vault.centos.org/6.10/extras/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 enabled=1 [C6.10-contrib] name=CentOS-6.10 - Contrib baseurl=http://vault.centos.org/6.10/contrib/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 enabled=1 [C6.10-centosplus] name=CentOS-6.10 - CentOSPlus baseurl=http://vault.centos.org/6.10/centosplus/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 enabled=1 On Tue, Dec 8, 2020 at 8:45 AM Subscriber wrote: > - On Dec 8, 2020, at 6:31 PM, Paul Storck via CentOS centos@centos.org > wrote: > > > Hello, is it possible to install the final updates for CentOS 6? > > I ran a yum update and I received this message "Error: Cannot find a > valid > > baseurl for repo: base" > > I assume it's due to the EOL of CentOS 6? > > You can add 6.10 section to /etc/yum.repos.d/CentOS-Vault.repo and after > that install all last updates for CentOS 6 > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] https://blog.centos.org/2020/12/future-is-centos-stream/
On Tue, 8 Dec 2020, Rich Bowen wrote: The future of the CentOS Project is CentOS Stream, and over the next year we’ll be shifting focus from CentOS Linux, the rebuild of Red Hat Enterprise Linux (RHEL), to CentOS Stream, which tracks just ahead of a current RHEL release. CentOS Linux 8, as a rebuild of RHEL 8, will end at the end of 2021. CentOS Stream continues after that date, serving as the upstream (development) branch of Red Hat Enterprise Linux. I suppose I understand the negative feedback -- CentOS 8.x will no longer be a rebuild of RHEL 8.x but will instead be some version of RHEL 8.(x + 1) -- but I'm much more interested in empirical results than in suppositions. I've taken a couple test VMs and set them to CentOS 8 Stream and will keep an eye on them. They will either prove stable or not, but (observation > guessing) in my book. If history is any guide, they will prove very stable. If not, then I'll pour one out for CentOS and look elsewhere. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Update CentOS 6 one last time?
Hello, is it possible to install the final updates for CentOS 6? I ran a yum update and I received this message "Error: Cannot find a valid baseurl for repo: base" I assume it's due to the EOL of CentOS 6? Thank you, Paul ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] enp0s25 disconnect
On Tue, 3 Nov 2020, Michael Hennebry wrote: I tried to boot a Centos 8.2 install CD, one burned with Centos-8-2-2004-x86_64-boot . In the setup, it persisted in telling me that ethernet thing enp0s25 was disconnected. Nyet. 'Twas working several seconds previous and is working now. This is a showstopper. How do I debug it? I had the same thing happen in a VM. My interface was ens192, and this worked: # %< # get status of all network devices nmcli device status # look at all the settings for ens192 nmcli connection show ens192 # enable ens192 at boot time nmcli connection modify ens192 connection.autoconnect yes # start ens192 immediately nmcli connection up ens192 # = %< Hope that helps. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8.2 / missing libc++ (libcxx-devel)
On Mon, 12 Oct 2020, Alexandru Lazarev wrote: Hi community, In CentOS 7 there is such rpm (libcxx-devel - it seems from EPEL repository), but in CentOS 8 it isn't. How is it possible to have it there as RPM? because alternative to build it (libc++) from sources is a big headache (I need it in order to build v9 and plv8 projects) Do you mean the libstdc++-devel package? Or prehaps redhat-lsb-cxx? -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewall help request
On Tue, 16 Jun 2020, Leroy Tennison wrote: I have a gateway machine (currently Centos 7 with IPV4 only) with two NICs. One is connected to the internet, the other to an internal network (10.0.0.0/24) of mixed hardware (windows7, android tablets, android phones, linux boxes) using NAT. I wish to block all outgoing connects to any external IP address on port 22 (ssh) originating from any internal machine except one (which has a known internal IP address). I've tried some commands using 'iptables' to accomplish this, but so far have failed. If anyone has a suggestion, I'd really appreciate it. In addition, a suitable version for 'firewalld' could be useful, as an upgrade to Centos 8 is in plan. Examples of what I've tried, and then tested. None of them stopped an outgoing SSH from an internal system. iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP iptables -I INPUT -p tcp --dport 22 -s 10.0.0.0/24 -j DROP I'm not sure it's your INPUT table that needs that rule. I don't have any NAT machines for experimentation, but my initial hunch is that you'd want OUTPUT rules, e.g., iptables -A OUTPUT -p tcp --dport 22 -s ${GOODIP}/32 -j ACCEPT iptables -A OUTPUT -p tcp --dport 22 -s 10.0.0.0/24 -j REJECT -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to get CentOS 8 on AWS
On Tue, 12 May 2020, Thomas Stephen Lee wrote: Hi, I am user of CentOS 8. When can we expect an image on AWS? I am just learning AWS and would like to use CentOS 8 for that. I can't speak to AWS per se, but Digital Ocean has a CentOS 8 image, so it would surprise me if Amazon did not. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need help to fix bug in rsync
On Wed, 25 Mar 2020, Leroy Tennison wrote: Since you state that using -z is almost always a bad idea, could you provide the rationale for that? I must be missing something. I can't speak to that, but the obvious workaround is to use ssh's compression instead of rsync's: rsync -av -e 'ssh -C' remotehost:remote.file local.file -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 8: change desktop at display manager
In a new install of Centos 8, I installed the xfce4 packages from EPEL. Here's what dnf says I have [pauljohn32@localhost ~]$ dnf list *xfce4* Last metadata expiration check: 0:25:19 ago Installed Packages libxfce4ui.x86_64 libxfce4ui-devel.x86_64 libxfce4util.x86_64 libxfce4util-devel.x86_64 xfce4-about.x86_64 xfce4-battery-plugin.x86_64 xfce4-panel.x86_64 xfce4-panel-devel.x86_64 xfce4-places-plugin.x86_64 xfce4-screenshooter.x86_64 xfce4-screenshooter-plugin.x86_64 xfce4-session.x86_64 xfce4-settings.x86_64 xfce4-systemload-plugin.x86_64 xfce4-terminal.x86_64 I log out and try to use XFCE4 at log in. I cannot find a way to choose it. I was guessing this would be like Centos 7. On the display manager, after I put in my user name, there is the little * by the password. When I do that, I see choices with names like Wayland Classic X11 but I don't see XFCE4 session or similar. I am guessing I missed an XFCE4 package from EPEL? pj -- Paul E. Johnson http://pj.freefaculty.org To write to me directly, please address me at pauljohn at ku.edu. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can't boot after volume rename
I actually renamed it back to the original vg name after I passed Dracut and regenerated the initramfa img and it did the trick. I guess it doesn’t like “-“ on volume group names. Thank you, Paul From: Paul Amaral Sent: Tuesday, January 07, 2020 12:45 PM To: 'Strahil Nikolov' ; 'centos@centos.org' Subject: RE: [CentOS] can't boot after volume rename Strahil, thanks for your reply, I ended up getting the server to boot under Dracut only, it’s still not booting from the boot menu. It goes to Dracut where it complaints it can’t find any of the lvms. However, when I do lvm vgchange -ay it boots upon exit from Dracut. I did notice that the UUIDs from lvm lvdisplay and blkid are different. Could this be the cause of the problem? I did generate the intiramfs img various times. My volume is named volume-group-1 and I think having the the “-“ on the name is making things worse. Thank you for your reply. Paul From: Strahil Nikolov mailto:hunter86...@yahoo.com> > Sent: Tuesday, January 07, 2020 3:58 AM To: centos@centos.org <mailto:centos@centos.org> ; Paul Amaral mailto:ra...@meganet.net> > Subject: Re: [CentOS] can't boot after volume rename Get a CentOS Install media , boot from it and select troubleshoot. Then mount your root LV, boot lv , /proc/, /sys, /dev & /run (last 4 with "bind" mount option). Then chroot into the root LV's mount point and then change grub menu and run "dracut -f --regenerate-all" last step is to reboot and test. Best Regards, Strahil Nikolov В понеделник, 6 януари 2020 г., 17:05:54 ч. Гринуич-5, Paul Amaral via CentOS mailto:centos@centos.org> > написа: I renamed my volume with vgrename however I didn't complete the other steps. Mainly update fstab and intiramfs. Once I booted, I was dropped on the Dracut shell. From here I can see the newly rename VG and I can lvm lvscan as well as activate it, lvm vgchange -ay. However I can't figure out what to do next, I'm assuming I need to regenerate the initramfs and then boot to change grub? Could someone point me in the right direction to recovering a FS from Dracut, or other means, once the volume group name was changed. TIA, Paul ___ CentOS mailing list CentOS@centos.org <mailto:CentOS@centos.org> https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] can't boot after volume rename
Strahil, thanks for your reply, I ended up getting the server to boot under Dracut only, it’s still not booting from the boot menu. It goes to Dracut where it complaints it can’t find any of the lvms. However, when I do lvm vgchange -ay it boots upon exit from Dracut. I did notice that the UUIDs from lvm lvdisplay and blkid are different. Could this be the cause of the problem? I did generate the intiramfs img various times. My volume is named volume-group-1 and I think having the the “-“ on the name is making things worse. Thank you for your reply. Paul From: Strahil Nikolov Sent: Tuesday, January 07, 2020 3:58 AM To: centos@centos.org; Paul Amaral Subject: Re: [CentOS] can't boot after volume rename Get a CentOS Install media , boot from it and select troubleshoot. Then mount your root LV, boot lv , /proc/, /sys, /dev & /run (last 4 with "bind" mount option). Then chroot into the root LV's mount point and then change grub menu and run "dracut -f --regenerate-all" last step is to reboot and test. Best Regards, Strahil Nikolov В понеделник, 6 януари 2020 г., 17:05:54 ч. Гринуич-5, Paul Amaral via CentOS mailto:centos@centos.org> > написа: I renamed my volume with vgrename however I didn't complete the other steps. Mainly update fstab and intiramfs. Once I booted, I was dropped on the Dracut shell. From here I can see the newly rename VG and I can lvm lvscan as well as activate it, lvm vgchange -ay. However I can't figure out what to do next, I'm assuming I need to regenerate the initramfs and then boot to change grub? Could someone point me in the right direction to recovering a FS from Dracut, or other means, once the volume group name was changed. TIA, Paul ___ CentOS mailing list CentOS@centos.org <mailto:CentOS@centos.org> https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] can't boot after volume rename
I renamed my volume with vgrename however I didn't complete the other steps. Mainly update fstab and intiramfs. Once I booted, I was dropped on the Dracut shell. From here I can see the newly rename VG and I can lvm lvscan as well as activate it, lvm vgchange -ay. However I can't figure out what to do next, I'm assuming I need to regenerate the initramfs and then boot to change grub? Could someone point me in the right direction to recovering a FS from Dracut, or other means, once the volume group name was changed. TIA, Paul ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Nasty Fail2Ban update for Centos 7
On Wed, 1 Jan 2020, Allan wrote: På Tue, 31 Dec 2019 18:53:38 + John H Nyhuis skrev: Just a random stab in the dark, but CEntOS6 was iptables, and CentOS7 is firewalld. They take different fail2ban packages. CentOS6 = fail2ban CentOS7 = fail2ban-firewalld Are you sure you are running the correct fail2ban package for your firewall? (I screwed this up myself before I noticed and fixed it...) I do have the f2b-firewalld package installed yes. Since it was an update - it only replaced same installed packages. A standard install of F2B on Centos7 do also include the f2b-systemd package - which would seem logical. However, after I started using the recidive filter - which IMHO is one of the most important ones - it didn't work. Removing the f2b-systemd package fixed that - and didn't hurt anything else. I have no idea why that is - or if that could be part of the problem with the update here on my system. If it helps to have another data point, my C7 server has two fail2ban packages installed: * fail2ban-firewalld-0.10.4-1.el7.noarch * fail2ban-server-0.10.4-1.el7.noarch They were upgraded back on December 9 and have worked without any major hiccups. The fail2ban-server package provides the systemd unit file, /usr/lib/systemd/system/fail2ban.service, so I was curious to know what the the fail2ban-systemd package actually does. The description field for the fail2ban-systemd rpm says, This package configures Fail2Ban to use the systemd journal for its log input by default. All of the logpath entries in my fail2ban configuration point to ordinary /var/log/* files. I don't know how fail2ban-systemd repoints the logpath entries to use inputs from systemd-journald, but I suspect that's where the mismatch may be happening. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] cannot install Centos 8 Stream
I want to install Centos Stream on an older server. the Areca ARC-1680 RAID Controller is not supported anymore, so I tried to install on an external USB drive. i did a manual partitioning: sdc1 /boot/efi efi system partition sdc2 /boot ext4 sdc3 / lvm and the system cannot boot - hangs forever. new try: sdc1 /boot/efi, efi system partition sdc2 / xfs at end of install i see 'bootloader install failed'. debug shows 'NOTICE root:83haiku: debug: /dev/sdc1 is not a beFS partiotion: exiting' then i did an automatic partitioning and got no efi partition. and the system cannot boot - hangs forever. HOW do i install centos stream on external usb disk with efi boot? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum4 and dnf on CentOS 8
On Sat, 23 Nov 2019, Stephen John Smoogen wrote: On Sat, 23 Nov 2019 at 15:39, Sergio Belkin wrote: Hi, I was using yum for years on CentOS servers, and since a few years ago dnf on Fedora desktops. My question is: Is the same yum4 on CentOS 8 that dnf? What should I use? Thanks in advance yum4 is a thin wrapper on dnf mainly because Enterprise Linux users and scripts are used to the yum commands. You can use either dnf or yum4 on the command line and get the same results. You mentioned you're familiar with Fedora, so you're probably aware of Application Streams -- but for those reading this thread unfamiliar with AppStreams, I'll add the caveat that dnf behaves differently than yum in this regard. Here's some background: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/installing_managing_and_removing_user_space_components/using-appstream_using-appstream Right now, the only EL8 AppStream with multiple versions is postgresql, but it looks like several applications are setup for future multiple streams. To see the AppStream packages, run dnf module list If you squint carefully, you'll see that you can install either PostgreSQL 10 (the default) or 9.6. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DHCP server failover: advise is needed
On Fri, 22 Nov 2019, Valeri Galtsev wrote: Dear Experts, I was running ISC DHCP server for longer than I would care to remember. Now I decided to climb out of the cave and configure failover set (primary-secondary), and I seem to hit brick wall, which I need help with. I only need IP v4, no v6, which may simplify things. Could someone point to a description of working DHCP failover configuration? I wrote this article a long time ago: https://www.madboa.com/geek/dhcp-failover/ It worked for me at my last job. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] C8 Questions
On Fri, 15 Nov 2019, Steffan Cline wrote: I'm really curious how you were able to virtualize CentOS 8. What platform are you using? Xen, KVM or VMWare? PV or HVM? I can't speak for anyone earlier in this thread, but I've had VMWare-hosted VMs for both RHEL 8 (originally 8.0, now 8.1) and CentOS 8 running without difficulty. I simply made the installation ISO visible to the VM at start time; no special instructions were necessary to install and re-launch the VM. I did disable the ksmtuned service, since it does nothing but chew CPU on a VMWare hypervisor. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] No CentOS 8 Updates announced in Centos-announce email list
On Tue, 5 Nov 2019, Phelps, Matthew wrote: I learned from the Centos-devel email list that they aren't sending out email to centos-announce for updates to CentOS 8, but only updating an RSS feed. I think this is a bad idea since no one uses RSS anymore (ducks for cover). What do others here think of this? I usually rely on this list for all things CentOS, so I'd certainly prefer to see updates for all active CentOS releases published to this list. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Security Policies
On Tue, 29 Oct 2019, JEFFREY MC DANIELS wrote: Hello, I just started working with CentOS and I want to say it's a great OS. The only issue is that I no longer see the lists of Security polices during the installation and I would like to know how to install them in Centos 8 Do you mean "Crypto policies"? If so, the update-crypto-policies utility will probably get you where you want to go. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mix/match C8 crypto policies
On Fri, 4 Oct 2019, Paul Heinlein wrote: Is it possible to mix and match crypto policies using approved tools in CentOS 8? Our environment requires a LEGACY setting for OpenSSL so we can maintain connections with our LDAP servers (which we cannot update at this time), but I'd like especially the OpenSSH settings to use the DEFAULT policy (and maybe even FUTURE on a test host or two). I think it's possible to manually repoint the symbolic links in /etc/crypto-policies/back-ends to achieve that result, and I'll set up puppet rules if that's the only way to do so, but I'd prefer to use a more canonical approach if one exists. I received no replies to this query, so I hacked together a solution. In case someone needs to know, it was essentially something like this: # all operations run as root update-crypto-policies --set LEGACY systemctl reboot # after system comes back online... pushd /etc/crypto-policies/back-ends # reconfigure SSH client operations using DEFAULT policy rm openssh.config ln -s /usr/share/crypto-policies/DEFAULT/openssh.txt \ openssh.config # reconfigure sshd using DEFAULT policy and restart it rm opensshserver.config ln -s /usr/share/crypto-policies/DEFAULT/opensshserver.txt \ opensshserver.config systemctl restart sshd.service ### voila -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Mix/match C8 crypto policies
Is it possible to mix and match crypto policies using approved tools in CentOS 8? Our environment requires a LEGACY setting for OpenSSL so we can maintain connections with our LDAP servers (which we cannot update at this time), but I'd like especially the OpenSSH settings to use the DEFAULT policy (and maybe even FUTURE on a test host or two). I think it's possible to manually repoint the symbolic links in /etc/crypto-policies/back-ends to achieve that result, and I'll set up puppet rules if that's the only way to do so, but I'd prefer to use a more canonical approach if one exists. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 8 network-scripts
On Thu, 3 Oct 2019, Jerry Geis wrote: systemctl status network AT BOOT: ● network.service - LSB: Bring up/down networking Loaded: loaded (/etc/rc.d/init.d/network; generated) Active: inactive (dead) Docs: man:systemd-sysv-generator(8) After: service network restart ● network.service - LSB: Bring up/down networking Loaded: loaded (/etc/rc.d/init.d/network; generated) Active: active (running) since Thu 2019-10-03 15:12:05 EDT; 7s ago Docs: man:systemd-sysv-generator(8) Process: 7755 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS) Tasks: 1 (limit: 24034) Memory: 8.7M CGroup: /system.slice/network.service └─7940 /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient-6ada23ed-d1ad-4f37-935c-86163fe61e7b-eth0.lease -pf /run/dhclient-eth0.pid eth0 Oct 03 15:12:02 localhost.localdomain network[7755]: WARN : [network] 'network-scripts' will be removed in one of the next major releases of RHEL. Oct 03 15:12:02 localhost.localdomain network[7755]: WARN : [network] It is advised to switch to 'NetworkManager' instead for network management. Oct 03 15:12:02 localhost.localdomain network[7755]: [46B blob data] Oct 03 15:12:02 localhost.localdomain network[7755]: Bringing up interface eth0: Oct 03 15:12:02 localhost.localdomain dhclient[7907]: DHCPREQUEST on eth0 to 255.255.255.255 port 67 (xid=0x75ae6376) Oct 03 15:12:02 localhost.localdomain dhclient[7907]: DHCPACK from 10.0.2.2 (xid=0x75ae6376) Oct 03 15:12:04 localhost.localdomain dhclient[7907]: bound to 10.0.2.15 -- renewal in 34365 seconds. Oct 03 15:12:04 localhost.localdomain network[7755]: Determining IP information for eth0... done. Oct 03 15:12:04 localhost.localdomain network[7755]: [13B blob data] Oct 03 15:12:05 localhost.localdomain systemd[1]: Started LSB: Bring up/down networking. Contents of ifcfg-eth0 # Generated by parse-kickstart TYPE="Ethernet" DEVICE="eth0" UUID="6ada23ed-d1ad-4f37-935c-86163fe61e7b" ONBOOT="yes" BOOTPROTO="dhcp" IPV6INIT="yes" Why is it not starting at boot ? I'd take a look at what NetworkManager thinks about it: nmicli connection show eth0 | grep autoconnect: If it's not set to 'yes', then you'll want to do so: nmcli connection modify eth0 connection.autoconnect yes As to the 'why,' I don't know. Here's the official explanation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_and_managing_networking/index#configuring-an-interface-with-static-network-settings-using-ifcfg-files_configuring-ip-networking-with-ifcfg-files -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to dump/restore a CentOS 7 system
On Wed, 25 Sep 2019, Valeri Galtsev wrote: I guess it is very common for administrative purpose, to dump and restore a CentOS 7 system. Though I can not answer OP's question, I have question of my own. Is this really routine (often) task for Linux sysadmins? I used something like that to replicate cluster nodes in the past, but kickstart would be routine task for me. dump/restore sounds like routine from MS Windows world (I hear they "re-image" system if something goes wrong ;-) Am I wrong? Do we in Linux world do this routinely? I would not say routinely, but I would say crucially. The poster child for dump/restore is a machine with commercial software that is difficult to install or customize, especially one with an RDBMS system large enough to make dumping and restoring the data tables an onerous task. The usual workflow -- kickstart and puppet/ansible/etc -- doesn't work in that situation. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Replacing sendmail with postfix
On Sat, 21 Sep 2019, Kenneth Porter wrote: I've been doing sendmail -> MIMEDefang -> SpamAssassin/clamd and then sendmail -> procmail -> SpamAssassin. Yeah, SA gets run twice, once to reject scores > 10 by the milter and then again by each user to incorporate their Bayes scores. I'd love to run it only once but haven't invested time in figuring out how to do that. But I only have a few users so it hasn't been a big enough load to worry about it. Have you considered running the SpamAssassin Milter? https://savannah.nongnu.org/projects/spamass-milt/ It's available via EPEL. You can reject high-scoring spam during the SMTP transactions. It also allows per-user preferences/Bayes rules to run, with the caveat that a message addressed to multiple users can't take advantage of the per-user run. (Unlike a setup using mimedefang, spamass-milter can't resubmit a message for each addressee.) -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Need to update gcc to version >=6 on CentOS 7 ?
On Wed, 11 Sep 2019, John Chludzinski wrote: Ooops! for to: $ sudo yum install centos-release-scl-rh Ad-free, non-tracking blog post on using SCL packages: https://www.madboa.com/blog/2016/08/29/scl-intro/ -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to increase DNS reliability?
On Thu, 25 Jul 2019, hw wrote: On Linux systems, you can set the timeout in /etc/resolv.conf, e.g., # I think the default nameserver timeout is 5; use rotate # option if you prefer round-robin queries rather than # always using the first-listed first nameserver 10.11.12.13 timeout:2 rotate nameserver 10.11.12.14 timeout:2 rotate I'll admit that I'm not sure if those options are configurable on Mac and/or Windows workstations. It was those showing problems. Only 5 seconds isn't long enough that I would expect any problems. What do I need to put into the ifcf files or tell nmcli to set these options? If you're using dhclient to manage addresses, then you can add the RES_OPTIONS variable to /etc/sysconfig/network: # /etc/sysconfig/network RES_OPTIONS="timeout:2 rotate" Or, with even less patience: RES_OPTIONS="timeout:1 retries:1 rotate" Grep for RES_OPTIONS in /sbin/dhclient-script for the gory details. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to increase DNS reliability?
On Thu, 25 Jul 2019, hw wrote: On 7/25/19 3:28 PM, Leroy Tennison wrote: If you don't want multiple DNS server entries on the client I'm ok with them, only the problem is that the clients take their timeouts when a server is unreachable, and users panic. On Linux systems, you can set the timeout in /etc/resolv.conf, e.g., # I think the default nameserver timeout is 5; use rotate # option if you prefer round-robin queries rather than # always using the first-listed first nameserver 10.11.12.13 timeout:2 rotate nameserver 10.11.12.14 timeout:2 rotate I'll admit that I'm not sure if those options are configurable on Mac and/or Windows workstations. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install of CentOS 7.6 On Dell PowerEdge R830 Hangs
James, Actually we noticed that we've been running some old setup for our PXE boot/kickstart setup, so we're going to try just doing it with UEFI and see where that gets us. PEV From: James Peltier Sent: Wednesday, July 3, 2019 10:47 AM To: Virgo, Paul E. (GSFC-610.2)[ADNET SYSTEMS INC]; CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Install of CentOS 7.6 On Dell PowerEdge R830 Hangs From: CentOS on behalf of mark Sent: July 3, 2019 7:41 AM To: Virgo, Paul E. (GSFC-610.2)[ADNET SYSTEMS INC]; CentOS mailing list Subject: Re: [CentOS] Install of CentOS 7.6 On Dell PowerEdge R830 Hangs Virgo, Paul E. \(GSFC-610.2\)\[ADNET SYSTEMS INC\] via CentOS wrote: > All, > > Seems like the latest CentOS 7.6 and I are not playing well together, > these days. > > I'm attempting to use our pxeboot setup to install the latest CentOS 7 on > a Dell PowerEdge R830. The install starts then gets to a certain point and > hangs. That certain point is: FADT indicates ASPM is unsupported, using > BIOS configuration > > > Now I've tried to see where the Active Server Power Management setting is > in the BIOS, but have had no luck whatsoever. Any thoughts or ideas?? > Not that I'm enamored of it, but why BIOS and not UEFI? Dell's running newer m/b that like UEFI over BIOS. Also, have you looked in the BIOS to see what those settings are? mark Try updating the BIOS/UEFI image first. Dell has been notorious for requiring BIOS updates for things like video cards and microprocessor code updates. You may have to install a newer BIOS before you can get the OS on. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [EXTERNAL] Re: Install of CentOS 7.6 On Dell PowerEdge R830 Hangs
Mark, I did go into the BIOS to see if that made any difference, and didn't see anything to set/unset . That was the problem. PEV From: mark Sent: Wednesday, July 3, 2019 10:41 AM To: Virgo, Paul E. (GSFC-610.2)[ADNET SYSTEMS INC]; CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Install of CentOS 7.6 On Dell PowerEdge R830 Hangs Virgo, Paul E. \(GSFC-610.2\)\[ADNET SYSTEMS INC\] via CentOS wrote: > All, > > Seems like the latest CentOS 7.6 and I are not playing well together, > these days. > > I'm attempting to use our pxeboot setup to install the latest CentOS 7 on > a Dell PowerEdge R830. The install starts then gets to a certain point and > hangs. That certain point is: FADT indicates ASPM is unsupported, using > BIOS configuration > > > Now I've tried to see where the Active Server Power Management setting is > in the BIOS, but have had no luck whatsoever. Any thoughts or ideas?? > Not that I'm enamored of it, but why BIOS and not UEFI? Dell's running newer m/b that like UEFI over BIOS. Also, have you looked in the BIOS to see what those settings are? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Install of CentOS 7.6 On Dell PowerEdge R830 Hangs
All, Seems like the latest CentOS 7.6 and I are not playing well together, these days. I'm attempting to use our pxeboot setup to install the latest CentOS 7 on a Dell PowerEdge R830. The install starts then gets to a certain point and hangs. That certain point is: FADT indicates ASPM is unsupported, using BIOS configuration Now I've tried to see where the Active Server Power Management setting is in the BIOS, but have had no luck whatsoever. Any thoughts or ideas?? Thanks. PEV ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [EXTERNAL] Re: Strange Network Bug Locks Up CentOS 7 Laptop
Mark, I don't see any hardware errors on the Dell, as of yet, and I do plan to update the BIOS today. I'll go ahead and replace the cable, and ask the network guys to check the routers for any errors on the port. I did do some follow-up, and see that this problem persists across other platforms as well. Thanks for the follow-up PEV From: mark Sent: Monday, June 24, 2019 10:24 AM To: Virgo, Paul E. (GSFC-610.2)[ADNET SYSTEMS INC]; CentOS mailing list Subject: [EXTERNAL] Re: [CentOS] Strange Network Bug Locks Up CentOS 7 Laptop Virgo, Paul E. \(GSFC-610.2\)\[ADNET SYSTEMS INC\] via CentOS wrote: > All, > > > I have a user who has a Dell Precision 7520 laptop, and we're running > CentOS 7, latest kernel. > This morning he had two lockup incidents. Nothing in /var/log/messages > stands out so far, but did get this information when running 'abrt-cli > list --since 1560891312': > > id c48278a875c27dd4369d971bcfc7db4267766c6d reason: WARNING: CPU: > 0 PID: 0 at net/sched/sch_generic.c:356 dev_watchdog+0x248/0x260 time: > Thu 23 May 2019 07:12:57 PM EDT > cmdline:BOOT_IMAGE=/vmlinuz-3.10.0-957.12.1.el7.x86_64 > root=/dev/mapper/SysVG00-ROOT ro crashkernel=auto rd.lvm.lv=SysVG00/ROOT > rd.luks.uuid=luks-29590e52-c08e-4c11-a784-cf2f3ffd98b2 > rd.lvm.lv=SysVG00/SWAP rhgb quiet LANG=en_US.UTF-8 package:kernel > uid:0 (root) > count: 4 > Directory: /var/spool/abrt/oops-2019-05-23-19:12:57-28561-0 > Reported: cannot be reported > > Has anyone seen this behavior before or this message? Seems like > something related to network scheduling (?) or something. Any feedback > would be appreciated. Thanks. > Hi, Paul, I just searched on sch_generic.c:356, and found a number of things, intluding bugs from last year. I looked at the code - not sure if it's the same version, but it looks to me as though it may possibly be related to an issue with the network connection. If so, then it's check the cable, check the port on the router... or look for hardware errors on the laptop. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Strange Network Bug Locks Up CentOS 7 Laptop
All, I have a user who has a Dell Precision 7520 laptop, and we're running CentOS 7, latest kernel. This morning he had two lockup incidents. Nothing in /var/log/messages stands out so far, but did get this information when running 'abrt-cli list --since 1560891312': id c48278a875c27dd4369d971bcfc7db4267766c6d reason: WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:356 dev_watchdog+0x248/0x260 time: Thu 23 May 2019 07:12:57 PM EDT cmdline:BOOT_IMAGE=/vmlinuz-3.10.0-957.12.1.el7.x86_64 root=/dev/mapper/SysVG00-ROOT ro crashkernel=auto rd.lvm.lv=SysVG00/ROOT rd.luks.uuid=luks-29590e52-c08e-4c11-a784-cf2f3ffd98b2 rd.lvm.lv=SysVG00/SWAP rhgb quiet LANG=en_US.UTF-8 package:kernel uid:0 (root) count: 4 Directory: /var/spool/abrt/oops-2019-05-23-19:12:57-28561-0 Reported: cannot be reported Has anyone seen this behavior before or this message? Seems like something related to network scheduling (?) or something. Any feedback would be appreciated. Thanks. PE Virgo ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] df
On Thu, 23 May 2019, Stephen John Smoogen wrote: On Thu, 23 May 2019 at 16:43, Paul Heinlein wrote: On Thu, 23 May 2019, Stephen John Smoogen wrote: I might actually be able to have a workable answer: alias drf='/usr/bin/df -x tmpfs' /usr/bin/df \ -x autofs -x binfmt_misc -x cgroup -x configfs -x debugfs \ -x devpts -x devtmpfs -x efivarfs -x hugetlbfs -x mqueue \ -x nfsd -x proc -x pstore -x rpc_pipefs -x securityfs \ -x selinuxfs -x sysfs -x tmpfs I guess the opposite would also work /usr/bin/df -t ext3 -t ext4 -t xfs ? At $WORK, we'd have to add -t lustre -t nfs -t nfs4 -t vfat. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] df
On Thu, 23 May 2019, Stephen John Smoogen wrote: I might actually be able to have a workable answer: alias drf='/usr/bin/df -x tmpfs' /usr/bin/df \ -x autofs -x binfmt_misc -x cgroup -x configfs -x debugfs \ -x devpts -x devtmpfs -x efivarfs -x hugetlbfs -x mqueue \ -x nfsd -x proc -x pstore -x rpc_pipefs -x securityfs \ -x selinuxfs -x sysfs -x tmpfs :-) -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash off topic
On Thu, 16 May 2019, Jerry Geis wrote: I have a simple bash script it will take arguments from a file that has quotes. my file arg.txt would be this -lt "*.txt" my script file would be LS_ARG=`cat arg.txt` ls $LS_ARG it does not run properly: sh -x ./arg.sh ++ cat arg.txt + LS_ARG='-lt "*.txt"' + ls -lt '"*.txt"' ls: cannot access "*.txt": No such file or directory How do I resolve that ? If the quotes are not in my file it all works fine. I think its because it looks like the extra single quotes it puts around the "*.txt" - or - '"*.txt"' - how do I do this ? This is just a short example of my larger need. In general, shell utilities won't expand a wildcard within quotes (double or single). As I think you've discovered, this works fine: echo '-lt *.txt' > argfile ls $(< argfile) I think you're going to need to provide a test case where the quotes are actually required. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNSSEC Questions
On 2/13/19 3:51 AM, Alice Wonder wrote: I see you are using algorithm 7 - I would recommend switching to either algorithm 13 or at least to 8. Algorithm 7 uses a SHA1 hash. See https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update-04 That's a draft but soon will be an update to the standard. Algorithm 13 (ECDSAP256SHA256) results in much smaller keys and signatures and is equivalent to about RSA-3072 in strength, and it uses a SHA-256 hash. However note that changing algorithms will result in validation failure for few days unless done carefully. Okay thanks. What ever problems it might cause I think the Alaskan Malamute Assistance League can deal with for a day or two. Seeing as I already caused a problem last weekend I see no reason not to repeat this weekend! But at least I can give some warning :) As long as you don't change your KSK that information will not change. I kind of figured this out on my own this morning when I woke up around 7AM MST. I guess I wanted to turn a mole hill into a mountain. Thank you so much for your help Alice. -- Paul (ga...@nurdog.com) Cell: (303)257-5208 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] DNSSEC Questions
On 2/12/19 10:55 PM, Alice Wonder wrote: DNSSEC keys do not expire. Signatures do expire. How long a signature is good for depends upon the software generating the signature, some lets you specify. ldns I believe defaults to 60 days but I am not sure. The keys are in DNSSKEY records that are signed by your Key Signing Key and must be resigning before the signature expires or they will no longer validate. Likewise, the other records in the zone must be resigned by your Zone Signing Key before their signatures expire. It's not the keys that are the issue, but the RRSIG record that contains a start and expiration time for the records. If you upload signed zone files to godaddy, make sure to resign once a week or so so that the RRSIG gets updated. man ldns-signzone Okay so I misunderstood the message I was getting when I checked my DNSSEC setup via http://dnsviz.net/. What you are telling me is that all I had to do was re-sign the zone files but that it was not necessary to generate new keys. This point is definitely one that I missed. I too run my own authoritative nameservers. I was following the Digital Ocean procedure to setup DNSSEC: https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2 That site suggested the use of dnssec-signzone after key creation ala a command like (the stuff that follows has been sanitized): > dnssec-signzone -3 `head -c 1000 /dev/random | sha1sum | cut -b 1-16` -N INCREMENT -o domain.tld -t domain.tld.zone After resigning with that command a file named dsset-domain.tld. is created which contains 2 digests. > cat dsset-domain.tld. domain.tld. IN DS 20716 7 1 04E3E6C87CD4190F74DD0371A14AD5CC42B71521 domain.tld. IN DS 20716 7 2 FA6D0EF0100855E5C85C6CD5A33590681DD9D7D9F6C773785C53E865 E02FF572 It is the keytag (20716) and the digests (hex fields) that are supposed to be uploaded to the registrar according to the section entitled "Configure DS records with the registrar" in the Digital Ocean reference I previously mentioned. In my original message it was the uploading of these keytags and digests to Godaddy that I was referring in my point 1 and which seems to be accomplished only manually via the Godaddy web interface. So doesn't ldns-signzone create the same kind of digest that requires it be uploaded to the registrar? Isn't that essential information in order to tell the .tld that the domain.tld DNSSEC is valid and to maintain the DNSSEC authentication chain trust up to the root servers? You can go to the http://dnsviz.net/ site and can use nurdog.com as an example of what i mean. If I do not have to generate the keys every time the RRSIGs expire then the scripting or re-signing the zones is really trivial as I am in full control of my own DNS servers. It is even easier now if I don't have to generate new keys although that really isn't a difficult step. So maybe I asked the wrong question. Is there a way to re-sign the zone files without having to recreate the information found in that dsset-domain.tld. file and uploading it to the registrar? I suspect there is no way around that as I believe it is essential to maintaining the chain of trust. But if I can keep everything on my own nameservers that would be a big help ... maybe ldns-signzone is the answer? -- Paul (ga...@nurdog.com) Cell: (303)257-5208 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] DNSSEC Questions
Last weekend I had my DNSSEC keys expire. I discovered that they had expired the hard way... namely randomly websites could not be found and email did not get delivered. It seems that the keys were only valid for what I estimate was about 30 days. It is a real PITA to have update the keys, restart named and then update Godaddy with new digests. The first part of the problem is fairly manageable in the sense I already have a script that partially can do the job of updating the DNS server. However from what I can tell the only way I can update the DNSSEC of my 8 domains is via the Godaddy control panel GUI. So a couple of questions. 1.) Is anyone aware of anyway to update Godaddy DNSSEC data via a Centos 7 bash shell? I will contact Godaddy but I suspect I am SOL but thought I would ask here thinking somebody else may have already run into this issue. 2.) Assuming the answer to DNSSEC is no, can I at least have the keys last longer than they do by default. I am presently creating the keys via: > dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE zone > dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE zone It is very unclear to me given the dnssec-keygen man page how to set the date so that I could get 90 days or even more per key. The descriptions I found about constructing rolling keys was even more cryptic to me. For example, how do you use these switches: -A date/offset Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the -G option has not been used, the default is "now". -D date/offset Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.) -I date/offset Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it. -P date/offset Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it. If not set, and if the -G option has not been used, the default is "now". -R date/offset Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it. Is it as simple as setting the -I and -R switches to something like +90d At least if I can get the DNS server to update via a cron job even if the 1st item will always have to be done manually that would be help. Thanks for your help. -- Paul (ga...@nurdog.com) Cell: (303)257-5208 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] weird RPM dependency error; '/bin/sh' needed, but is provided
On Tue, 12 Feb 2019, Brian Reichert wrote: First off, I have to admit that I'm uncertain if this is the appropriate forum; I'd be happy for suggestions about where else to look. I'm doing this work on a stock install of CentOS-7-x86_64-Minimal-1810.iso, with no updates. I'm trying to create an RPM database from a custom set of RPMs. One RPM ('openldap-ltb' from the LDAP Tool Box project (ltb-project.org) has a dependency on '/bin/sh'. The bash RPM is demonstratedly present, yet the the 'rpm' utility thinks this dependency is not met. I'm open to any advice as to how to progress. I'm no expert on binary formats, but I think openldap-ltb-2.4.47-1.el7.x86_64.rpm is broken. Try this against a base rpm, e.g., rpm -q --requires -p ./cpio-2.11-27.el7.x86_64.rpm | od -c warning: ./cpio-2.11-27.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY 000 / b i n / s h \n / b i n / s h \n 020 / s b i n / i n s t a l l - i n 040 f o \n / s b i n / i n s t a l l 060 - i n f o \n l i b c . s o . 6 ( 100 ) ( 6 4 b i t ) \n l i b c . s o Then run the same thing against the openldap-ltb package: warning: ./openldap-ltb-2.4.47-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 6d45bfc5: NOKEY 000 / b i n / b a s h \n / b i n / s 020 h \n / b i n / s h \n / b i n / s * 060 h \n / s b i n / l d c o n f i g 100 \n b e r k e l e y d b - l t b That asterick where 040 (and its contents) should be is worrisome to me. To my eye, something is amiss. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Tools/mechanisms for the management of access permissions in big filebased datasets
On Wed, 28 Nov 2018, Warren Young wrote: Who here uses ACLs to good effect? Are you using more than just getfacl/setfacl to do it? We use NFSv4 ACLs on Lustre and Isilon filesystems, so we employ nfs4_getfacl and nfs4_setfacl -- but all of our work is done on the command line, not via a GUI and larger management tool. Our best practice is to script up the ACLs so they can be reapplied in case they get deleted or inappropriately changed. My current scripting logic usually writes the desired ACLs to temp files and deploys them in one swoop. Take the following case: owner: bob read-write group: boblab read-only group: alicelab target directory: /srv/group/boblab A skeleton version of the script would look something like this # define directory-level ACL and write to temp file cat <<__DIRACL__ > /tmp/diracl A::OWNER@:rwaDdxtTnNcCoy A::GROUP@:rwaDxtTnNcy A::EVERYONE@:tncy A:fdg:bob...@domain.com:RWX A:fdg:alice...@domain.com:RX __DIRACL__ # define file-level ACL and write to temp file cat <<__FILEACL__ > /tmp/fileacl A::OWNER@:rwaDdxtTnNcCoy A::GROUP@:rwaDxtTnNcy A::EVERYONE@:tncy A:g:bob...@domain.com:RWX A:g:alice...@domain.com:RX __FILEACL__ # apply ownership, perms, and ACLs. chown -R bob:boblab /srv/group/boblab chmod -R ug+rw,o-rwx /srv/group/boblab find /srv/group/boblab -type d \ -exec nfs4_setfacl -S /tmp/diracl {} \; find /srv/group/boblab -type f \ -exec nfs4_setfacl -S /tmp/fileacl {} \; Once the directory ACLs are applied, any new files created within those directories should inherit the proper ACLs. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What are the differences between systemd and non-systemd Linux distros?
On Fri, 19 Oct 2018, mark wrote: Yeah. I have trouble finding the actual startup configs - /etc/systemd/system? /var/lib? whereeverthehell they are, do a locate as opposed to /etc/init.d to find the damn name (nfs? nfsd? idmapd? nfs-idmapd? rpc-idmapd?) systemctl status <> E.g., [~]$ systemctl status ntpd ● ntpd.service - Network Time Service Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled) It shows the definition file. -- Paul Heinlein <> heinl...@madboa.com <> https://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Unknown NFSv4 ACL permission
Our new-to-us Isilon is handling NFSv4 ACLs differently than other NFS file servers we've had. In particular, something causes an 'O' to pop up in the permission field, but I cannot find any documentation of it. For example, [Linux]$ nfs4_getfacl TODO A::OWNER@:tTcCy A::GROUP@:tcy A::EVERYONE@:rwaxtTnNcy A:O:OWNER@:rwadxtTnNcCoy A:gO:adm...@madboa.com:rwadxtTnNcy A:gO:readonly@madboa:rxtnc A:O:EVERYONE@:tncy I'll note that when those 'O' perms get added, our OmniOS (Solaris-alike) hosts cannot read the ACLs: [SunOS]$ ls -v TODO ls: can't read ACL on TODO: Invalid argument -rwxrwx--- 1 heinlein wheel2488 Oct 2 15:13 TODO If, on the Linux side, I run nfs4_editfacl and do nothing but remove the 'O' permission symbols, then things clear up. Has anyone here seen anything like this? My google-fu has failed. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Failed to get to installer for CentOS 7 VM under CentOS 6...
On Thu, 27 Sep 2018, Robert Heller wrote: I just tried a CentOS 7 install to a laptop over PXE and it failed in just the same way as for the VM. So, is it not possible to install CentOS 7 via PXE? Or is there something missing? I just copied the images under os/x86_64/images/ to the tftpd directory (/var/lib/tftpboot/) and included in /var/lib/tftpboot/pxelinux.cfg/default this section: label centos75-64 MENU LABEL CentOS 7.5 x86_64 kernel centos75x86_64vmlinuz append initrd=centos75x86_64initrd.img Do I need anything more? Things seem to die/fail at some point after initializing the graphics frame buffer. Is there a way to do a non-graphical install? I have a keyboard and really know how to use it and don't need some silly ("friendly"?) GUI to install Linux (I don't need hand-holding). Yes, you can ask for a text installer by including "inst.text" (no quotes) on the APPEND line of pxe configuration file. That said, the text installer in EL7 is considerably less functional than the graphical installer. My suggestion, fwiw, is to write up a kickstart file and use that instead; it's easiest if you have a local web server that handles unauthenticated plain-text http. Your entry would would like this: label centos75-64 MENU LABEL CentOS 7.5 x86_64 kernel centos75x86_64vmlinuz append initrd=centos75x86_64initrd.img inst.ks=http://192.168.110.144/ks/el7.ks inst.text But you can try a the text installer and see where that gets you... -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sssd logs
On Tue, 21 Aug 2018, Ian Diddams wrote: We have sssd running on a centos 7 box... its logs of course (?!) go into /can't find any info on where this log directory is configured, or whether it is changeable. Anybody know differently? See the -d and -f options in the sssd(8) man page. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 7.5..and My GDM Greeter/GDM Don't Work Anymore
So, we've updated to 7.5, and for two machines--A Dell Precision M4800, and a Dell Precision 7510..both running Radeon cards--we no longer get the GDM Greeter login box NOR can we switch to virtual text login terminals. It's been driving me nuts. The systems do allow for SSH logins, so that's how we get to them, but I've checked the Xorg.0.log and nothing stands out. Did a systemctl status gdm.service and got this: Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-shell[2023]: g_array_unref: assertion 'array' failed Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-shell[2023]: g_array_unref: assertion 'array' failed Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-shell[2023]: g_array_unref: assertion 'array' failed Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-shell[2023]: g_array_unref: assertion 'array' failed Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-shell[2023]: g_array_unref: assertion 'array' failed Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-session-binary[1926]: WARNING: Could not get session path for session. Check that logind is properly installed and pam_systemd is getting used at login. Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-shell[2023]: g_array_unref: assertion 'array' failed Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-session[1926]: gnome-session-binary[1926]: WARNING: Could not get session path for session. Check that logind is properly installed and pam_systemd is...ed at login. Aug 07 16:23:31 gs6102dsclxpvirgo3 gnome-shell[2023]: g_array_unref: assertion 'array' failed Aug 07 16:23:32 gs6102dsclxpvirgo3 gnome-shell[2023]: JS ERROR: Exception in callback for signal: reset: Gio.DBusError: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: No session available LoginDialog<._resetGreeterProxy@resource:///org/gnome/shell/gdm/loginDialog.js:837:29 wrapper@resource:///org/gnome/gjs/modules/_legacy.js:82:22... Did the upgrade break something? Possibly. Any and all hints/ideas/etc. greatly welcomed. PEV -- Paul E Virgo Sr. System Administrator Code 610.2 SESDA III - DAAC/DISC Goddard Space Flight Ctr/NASA Greenbelt, MD Greenbelt, MD 20771 (301) 614-5751 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SSSD and cache persistence
On Mon, 6 Aug 2018, Pete Biggs wrote: I have a large number of CentOS machines (both 6 & 7) getting account information from an LDAP database using SSSD. It all works fine and is fairly reliable. However, I'm having problems with persuading the caching system to forget about users when they are deleted from LDAP. I know about sss_cache with either -E or -U options, but that doesn't delete anything, just invalidates the cache entry. If the cache is invalid SSS will, obviously, go back to the source and return the information there, however, bizarrely, if the original source doesn't have the information (like when a user is deleted) the cached information is still returned. That cached information is retained for ever it seems so my supposedly deleted user accounts still appear to be active on the machines. And it also seems you can't actually turn off caching - even though there are options in sssd.conf to do so. It looks like the "cache_credentials = False" option still caches things, but just acts like the entries are always invalid. I can of course do stop sssd delete the contents of /var/lib/sss/db start sssd and that's what I do when things become an issue. But surely there is a better way of SSSD actually realising that a user has been deleted from LDAP? Concerning a wedged cache, deleting the relevant *.ldb files from /var/lib/sss/db is the only solution that's worked for me, though I've had to resort to it only a couple time. I've never tried disabling the cache, so I'm no help there. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Finding user's files
On Wed, 1 Aug 2018, mark wrote: This is among the things we need to do when a user leaves, and it's a larger question than it sounds. Our Office has many servers, with a good number of fileservers for projects, with large filesystems (i.e. 10's of TB). Can anyone think of a way *other* than running what's probably a many-hour long find / -user on all our systems, which is really intensive, to find all the files own by a given user? Locate would be great, but from the man pages and what I can find online, it only stores filenames and paths. The only way I know is to keep an updated database of metadata, which may be a security vulnerability depending on its accessibility and the nature of your work. The Robinhood engine was written for this sort of purpose: https://github.com/cea-hpc/robinhood/wiki That said, we use Robinhood on a single lustre filesystem. I don't know how if you can set up a central instance across several file servers or if each filesystem would need its own engine. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Problem with definition of slist in CFEngine
winprogdir86 ... = $(sys.winprogdir86)", "sys.winsysdir .. = $(sys.winsysdir)", "sys.workdir = $(sys.workdir)", "... BEGIN big shit ...", # "sys.inet6 .. = $(sys.inet6)", # "sys.interfaces_data = $(sys.interfaces_data)", "... END big shit ...", }; reports: any:: "r1: $(info.info_list)"; "r2: sys.inet6 .. = $(sys.inet6)"; "r3: sys.interfaces_data = $(sys.interfaces_data)"; "r4: holleri di dudeldoe"; } The service cfengine3.service is inactive at the moment: # systemctl is-active cfengine3.service inactive I have a problem with the definition of the stringlist/slist "info_list". In some cases it becomes some kind of "undefined" or at least I'm not able to print it out in a report (in "r1:"). Two related questions: Is there any chance that some elements of your info_list become larger than 4K size limit cfengine places on scalar variables? Similarly, I wonder if the 4K size limit comes into play when a list is interpolated into a string, as in your r1 report. I'm merely speculating; I don't know one way or the other. Plus, I've never tried defining a slist with a comma after the final element. I assume that works for you, but I'll just note it for the record. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Firefix 60.10-5 ESR Install Problems For CentOS 6
Johnny/et al, Looks like we've run into some issues with incompatible libs for the new Firefox 60 ESR install: root@gs6102dsclxpub1:~# yum -y update firefox Loaded plugins: list-data, security Setting up Update Process group-centos-adobe | 2.9 kB 00:00 group-centos-bigfix | 2.9 kB 00:00 group-centos-epel | 3.0 kB 00:00 group-centos-extras | 2.9 kB 00:00 group-centos-gbase | 2.9 kB 00:00 group-centos-os | 3.6 kB 00:00 group-centos-salt | 2.9 kB 00:00 group-centos-updates | 3.4 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package firefox.x86_64 0:52.8.0-1.el6.centos will be updated ---> Package firefox.x86_64 0:60.1.0-5.el6.centos will be an update --> Processing Dependency: nss >= 3.36.0 for package: firefox-60.1.0-5.el6.centos.x86_64 --> Processing Dependency: nspr >= 4.19.0 for package: firefox-60.1.0-5.el6.centos.x86_64 --> Processing Dependency: libnss3.so(NSS_3.30)(64bit) for package: firefox-60.1.0-5.el6.centos.x86_64 --> Finished Dependency Resolution Error: Package: firefox-60.1.0-5.el6.centos.x86_64 (group-centos-updates) Requires: nspr >= 4.19.0 Installed: nspr-4.13.1-1.el6.x86_64 (@group-centos-os) nspr = 4.13.1-1.el6 Available: nspr-4.10.6-1.el6_5.i686 (group-centos-os) nspr = 4.10.6-1.el6_5 Available: nspr-4.10.8-1.el6_6.i686 (group-centos-os) nspr = 4.10.8-1.el6_6 Available: nspr-4.10.8-2.el6_7.i686 (group-centos-updates) nspr = 4.10.8-2.el6_7 Available: nspr-4.11.0-0.1.el6_7.i686 (group-centos-updates) nspr = 4.11.0-0.1.el6_7 Available: nspr-4.11.0-1.el6.i686 (group-centos-os) nspr = 4.11.0-1.el6 Error: Package: firefox-60.1.0-5.el6.centos.x86_64 (group-centos-updates) Requires: libnss3.so(NSS_3.30)(64bit) Error: Package: firefox-60.1.0-5.el6.centos.x86_64 (group-centos-updates) Requires: nss >= 3.36.0 Installed: nss-3.28.4-4.el6_9.x86_64 (@group-centos-updates) nss = 3.28.4-4.el6_9 Available: nss-3.16.1-14.el6.i686 (group-centos-os) nss = 3.16.1-14.el6 Available: nss-3.18.0-5.3.el6_6.i686 (group-centos-os) nss = 3.18.0-5.3.el6_6 Available: nss-3.21.0-8.el6.i686 (group-centos-os) nss = 3.21.0-8.el6 Available: nss-3.27.1-13.el6.i686 (group-centos-os) nss = 3.27.1-13.el6 Available: nss-3.28.3-3.el6_9.i686 (group-centos-updates) nss = 3.28.3-3.el6_9 Available: nss-3.28.4-1.el6_9.i686 (group-centos-updates) nss = 3.28.4-1.el6_9 Available: nss-3.28.4-3.el6_9.i686 (group-centos-updates) nss = 3.28.4-3.el6_9 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest root@gs6102dsclxpub1:~# This is occurring on all of our CentOS 6.9 workstations. Any advice? Thanks. PEV -- Paul E Virgo Sr. System Administrator Code 610.2 SESDA III - DAAC/DISC Goddard Space Flight Ctr/NASA Greenbelt, MD Greenbelt, MD 20771 (301) 614-5751 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Any Word On Updates For Security FIx For Firefox?
Just checking to see if we're either getting a Firefox 52.9 or Firefox 60.x for CentOS 6 to address the latest security fix. -- Paul E Virgo Sr. System Administrator Code 610.2 SESDA III - DAAC/DISC Goddard Space Flight Ctr/NASA Greenbelt, MD Greenbelt, MD 20771 (301) 614-5751 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS7: Setting up ldap over TLS in kickstart file
On Thu, 14 Jun 2018, Patrick Begou wrote: Hi, I'm facing a problem with setting up LDAP+TLS client authentication in a kickstart script on CentOS7 for several days. Setting up manualy the config with system-config-authentication works but I need to automate this in kickstart for deploying cluster nodes. This show that the server side is running fine. At this time the message is #systemctl status sssd | sssd[be[default]][2732]: Could not start TLS encryption. error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate)| In my kickstart file I use: auth --useshadow --enableldaptls --enablecache --passalgo=sha512 --enableldap --enableldapauth --ldapserver="ldaps://my.ldap.server.fr" --ldapbasedn=dc=my,dc=base,dc=dn Then in a post install script I download the server and ca certificates and stops nslcd that I do not use: echo "TLS_REQCERT allow">>/etc/openldap/ldap.conf cd /etc/openldap/cacerts/ && wget http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/ca-bundle.crt && ln -s ca-bundle.crt $(openssl x509 -hash -in ca-bundle.crt -noout).0 cd /etc/openldap/certs/ && wget http://xxx.xxx.xxx.xxx/Softwares7/LDAPCERTS/server.crt cd / systemctl disable nslcd I'm unable to see what system-config-authentication is doing more in it's setup. Thanks for your help I'm a bit stumped. My recipe was similar: authconfig --enableshadow --passalgo=sha512 --enablefingerprint --enableldap --enableldapauth --ldapserver=ldap.ourcompany.com --ldapbasedn=dc=ourcompany,dc=com --enablecache --enableldaptls then, in %post: curl http://www.ourcompany.com/ca/ca.crt \ -s -o /etc/openldap/cacerts/ca.ourcompany.com.pem /usr/sbin/cacertdir_rehash /etc/openldap/cacerts And that did the trick. The main difference is that you install a bundle of certifcates rather than a single one. There are two issues: 1. Hashing a certificate bundle does no good as far as I know. Hashes only work on a single cert, right? 2. Unless told otherwise, openssl looks in only one place for a cert bundle: ${OPENSSLDIR}/cert.pem (where the value of OPENSSLDIR can be discovered by running "openssl version -d"). You might take a peek at the ldap_tls_cacertdir discussion in the sssd-ldap(5) man page, which specifies that certificates should be in individual files. My suggestion would be to isolate the CA certificate used to sign your LDAP server certs, install that as a separate file in ldap_tls_cacertdir, and run cacertdir_rehash to get the hash correct. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] 'gnome-daemon-settings' Doesn't Start When Attempting To Make Changes
All, So here's the issue: The system - a Dell Precision M4800 The OS - CentOS 6.9, ver. 2.6.32-696.28.1 The problem - Whenever the user tries to make system changes (display, mouse orientation, etc.), the gnome-settings-daemon pops up and says it can't run, and the changes never occur. I've looked into the /var/log/messages, and have seen some weirdness from dbus-daemon such as: dbus-daemon: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.15" (uid=42 pid=5042 comm="gnome-power-manager) interface="org.freedesktop.Hal.Device.LaptopPanel" member="SetBrightness" error name="(unset)" requested_reply=0 destination=":1.1" (uid=68 pid=2920 comm="hald)) And.. dbus-daemon: [system] Rejected send message, 2 matched rules; type="method_return", sender=":1.1" (uid=0 pid=2912 comm="NetworkManager) interface="(unset)" member="(unset)" error name="(unset)" requested_reply=0 destination=":1.52" (uid=2290 pid=4122 comm="nm-applet)) Any ideas? PEV -- Paul E Virgo Sr. System Administrator Code 610.2 SESDA III - DAAC/DISC Goddard Space Flight Ctr/NASA Greenbelt, MD Greenbelt, MD 20771 (301) 614-5751 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] elrepo kmod-nvidia issue with update
On 04/30/2018 05:20 PM, Chuck Campbell wrote: when I do yum update, elrepo offers kmod-nvifdia, but yum does this: --> Processing Dependency: kernel(sme_me_mask) = 0x17fbce60 for package: kmod-nvidia-390.48-2.el7_5.elrepo.x86_64 --> Processing Dependency: kernel(reservation_object_add_excl_fence) = 0xea98efc0 for package: kmod-nvidia-390.48-2.el7_5.elrepo.x86_64 --> Processing Dependency: kernel(drm_vblank_init) = 0xdcd50a49 for package: kmod-nvidia-390.48-2.el7_5.elrepo.x86_64 repeatedly, then says: You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest Is there a problem on my end or theirs? I have the same problem. When I visited the elrepo archives there was a post about this problem. http://lists.elrepo.org/pipermail/elrepo/2018-April/004222.html It appears there is a kernel driver build incompatibility that will go away when RHEL 7.5 comes to CentOS. For the moment I am a just excluding this update. The post suggests there is a version in testing that fixes the problem but I did not see it there. It looked like it was removed. For the moment I suggest patience. -- Paul (ga...@nurdog.com) Cell: (303)257-5208 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Help with yum
On 04/12/2018 08:51 AM, Kay Diederichs wrote: I tried running: yum groups mark install "X Window system" and get the same message. I tried different permutations removing the "s" on groups. Nothing seems to bring back the yum "X Window system" group. Can anyone help me resolve this issue and tell me what I did wrong? First, thanks for everyone who tried to help me with this problem. At this point I will apologize to the list for what I think is just user error. Indeed I have convinced myself that there is no group package "X Window system" albeit one may have existed many years ago. For those who are interested in the full story continue reading other please accept my apology and many thanks for the list help. Second, here is the full story. I wanted to install Mate after doing a minimal install. All the documentation I found on the web indicated that after enabling the epel repository I should do this sequence of yum commands(or something equivalent): > sudo yum groupinstall "X Window system" -y > sudo yum groups install "MATE Desktop" -y Unfortunately I did things in opposite order and when I tried to do > startx X windows would not startup. I swear that the after doing the "yum groupinstall "X Window system" that packages were downloaded and installed. So I chalked up the X start failure to doing things in the incorrect order. So this morning I thought I would start with a clean slate and did: > yum groupremove "X Window system" "MATE Desktop" > yum groupinstall "X Window system" That is when I received the error message I did in my first post. So just now I went back to another CentoOS 7 system running Mate and re-produced the yum commands. It turns out the history contained everything I needed. In my case I just needed to install the elrepo to get the Nvidia drivers for my video card and first installed those: > yum install kmod-nvida nvidia-x11-drv Then it was just a matter of: > yum groupinstall "MATE Desktop" > systemctl set-default graphical.target > reboot Voila... I have a desktop running MATE! I think the web instructions I found are outdated (although one web page was dated 2/18/2018. There doesn't exist a "X Window system" yum group. Generally I tell people when stuff like this happens that digital computers can't lie... next time I will take my own advice. Again thanks to everyone who helped... Your time was appreciated. -- Paul (ga...@nurdog.com) Cell: (303)257-5208 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Help with yum
I just did a fresh minimal install of centos 7 on new hardware. While playing around with window systems I removed X windows like so: >yum remove "X Window system" and then tried to re install >yum group install "X Window system" which gives this error: Maybe run: yum groups mark install (see man yum) No packages in any requested group available to install or upgrade I tried running: >yum groups mark install "X Window system" and get the same message. I tried different permutations removing the "s" on groups. Nothing seems to bring back the yum "X Window system" group. Can anyone help me resolve this issue and tell me what I did wrong? Thanks for your help. -- Paul (ga...@nurdog.com) Cell: (303)257-5208 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Semi-OT: install python package in userspace
On Sat, 7 Apr 2018, Pete Biggs wrote: Does CentOS changed the package management? :-) Quite. This is not an Ubuntu dig, but when I challenge some of the users about the more dangerous sudo's they try, inevitably they say they got the command from the net, and by that they usually mean Ubuntu forums. Whether the instructions come from the Ubuntu forums or not, we regularly experience the same thing: users unthinkingly following instructions in a REAME or posted on a web page. My experience suggests these folks are just on autopilot. We don't even follow up any more on most of the alerts; they'll ask us if it's important. So we rarely give out sudo on shared systems and when we do there's some "extreme vetting" going on. Also, Python has such a mature virtual-environment setup that more publicly posted instructions are using that route anyway. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Ubiquiti Model UAP-AC-PRO
>Everyone, > >Have any of you installed ubiguiti wireless routers on your network? > >It looks like the setup requires the use of software; they have some >packages that are ready made for Ubuntu and Debian, but not RedHat > >https://www.ubnt.com/download/unifi/unifi-ap-ac-pro[1] _>_ >Have any of you tried or succeeded in installation this on Centos 7.4? > >Greg Ennis To install just the one access point, just download their app on your phone and configure it. Very easy. For a full Ubiquity network you can install the software on a Linux machine or buy the Cloud key, same software running on a small RaspberryPi like box (needs POE connection). Makes managing the components much much easier. Paul Schoonderwoerd Pollux IT [1] https://www.ubnt.com/download/unifi/unifi-ap-ac-pro ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Latest CVE's For MySQL
Johnny, Thanks. I needed this to present as 'ammo' for not using a 3rd-party MySQL repo to address these security issues. PEV On 01/25/2018 11:03 AM, Johnny Hughes wrote: On 01/25/2018 09:58 AM, Paul E. Virgo wrote: Looks like a series of vulnerability alerts for Oracle MySQL have been issued: CVE-2018-2562, CVE-2018-2647 (both high), CVE-2018-2645, CVE-2018-2646, CVE-2018-2665 (all three medium). This affects versions 5.7.20 and prior. I know CentOS/RedHat usually do backports--anybody know if this is the case, or do we have to go 'outside' now, and get the MySQL repository to use, for the latest and greatest? PEV Red Hat no longer uses mysql in EL7 .. it uses mariadb. They will backport any security updates for the mysql in EL6. -- Paul E Virgo Sr. System Administrator Code 610.2 SESDA III - DAAC/DISC Goddard Space Flight Ctr/NASA Greenbelt, MD Greenbelt, MD 20771 (301) 614-5751 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Latest CVE's For MySQL
Looks like a series of vulnerability alerts for Oracle MySQL have been issued: CVE-2018-2562, CVE-2018-2647 (both high), CVE-2018-2645, CVE-2018-2646, CVE-2018-2665 (all three medium). This affects versions 5.7.20 and prior. I know CentOS/RedHat usually do backports--anybody know if this is the case, or do we have to go 'outside' now, and get the MySQL repository to use, for the latest and greatest? PEV -- Paul E Virgo Sr. System Administrator Code 610.2 SESDA III - DAAC/DISC Goddard Space Flight Ctr/NASA Greenbelt, MD Greenbelt, MD 20771 (301) 614-5751 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] How to upgrade CentOS 6.9 KVM host to 7.4.1708 and not re-install guests
I have a Windows 7 KVM guest running on a Centos 6.9 KVM host. I would like to upgrade the host system to CentOS 7.4.1708 without having to re-install from scratch the KVM guest. What procedure should I use to move the guest off the host system, upgrade the CentOS version and then move the KVM Guest back to the host? For example, Is there a recommended way to move the KVM Guest to a USB stick and then move it back to the upgraded host? Thank you for your help. -- Paul (ga...@nurdog.com) Cell: (303)257-5208 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Identifying Official CentOS AWS AMIs
I'm trying to automate identification of CentOS AWS images. It appears that official CentOS AMIs have an OwnerID value of 410186602215, but I'm not sure if that value is transient or specific to one or more AWS regions. Is there a maintainer lurking here that can confirm or deny? Here's the base query I'm testing: aws ec2 describe-images \ --owners 410186602215 \ --output text \ --query 'reverse(sort_by(Images, &CreationDate))[?starts_with(Description, `CentOS Linux 7`)].[ImageId, CreationDate, Description]' -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] run bash from cron
On Wed, 15 Nov 2017, Mark Haney wrote: This might be a bit OT, but I've never had to do this before and what I've googled doesn't seem to be working. I have an ansible playbook that I'm working on that I want to run as a cronjob. One task I'm having trouble with is where I have a text file with lines like: rd.pl "blah blah" rd.pl "blah blah blah" This text file has to be 'executed' using 'bash filename.txt'. (Don't ask why, I'm working on code that isn't mine.) When I run the playbook in a console this bit works perfectly. However, when it's being run from cron, it dies with 'rd.pl: command not found'. My original thought is that cron's $PATH is missing the location to this rd.pl file (it's in /root/bin), so one suggestion from the Google was to add the path into /etc/crontab, but I'm still having the same problem. At this stage, I've no idea what to try next. Any ideas? In your crontab, try env PATH="$PATH:/root/bin" bash filename.txt -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Kickstart ksdevice question
On Fri, 3 Nov 2017, Mark Haney wrote: On 11/01/2017 05:02 PM, James A. Peltier wrote: Leaving ksdevice= off the command line will prompt you for the location of the kickstart file and the device you want to use to kickstart Well, things just got weird with this. The first couple of times I included the biosdevname etc, on the command line with ksdevice=eth0 it worked perfectly. Sometime yesterday (and I verified this a few minutes ago) that stopped working. It's the same hardware (in fact, the exact same hardware as I tested earlier, as it's the same box) and now, it's naming the interfaces eno1/eno2 again. Honestly, not that I care, since taking the ksdevice= bit off worked just fine, even with the interface names changed to eth0/eth1 in the kickstart file. I have no idea why this happened, and finding an answer isn't critical to getting these boxes kicked, though I would like to understand why the BIOSDEVNAME NET.IFRAMES options stopped working suddenly. It's the same boot image, and the exact same server that renamed the interfaces correctly yesterday. Granted, it's Friday and maybe anaconda is tired of my crap and has decided to throw a tantrum. I haven't been following this thread all that closely, so I'm unsure what system and firmware you have -- but we recently encountered a BIOS bug that has disrupted some local kickstarts. The short version is that our Intel SMBIOS reports duplicate names for onboard ethernet devices, which in our case are I350 1G cards: [root ~]# biosdevname -d | grep 'BIOS device' BIOS device: em1 BIOS device: em1 BIOS device: p785p1 Ideally, the second device would be em2. Since they report the same, systemd gets inconsistently confused and the devices' "Kernel name" entries bounce between enoX and ethX. Worse, if I log in via the console, disable the interfaces, use modprobe to remove the igb modules, and the re-load it -- the interfaces may end up with different designations than they had at boot time. Intel has released a BIOS update that supposedly fixes the problem, but I haven't been able yet to travel to the data center to apply and test the patch. (No RMM modules in this rack, so I can't attach virtual boot media. Sigh.) Anyway, that may not be your problem, but it might be worth looking into. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Auth failure messages
On Tue, 17 Oct 2017, david wrote: Folks I am using sendmail as my mail server. SELINUX is disabled. I observe messages in Centos 7 (and 6) in /var/log/messages, similar to: saslauthd[2765]: do_auth : auth failure: [user=bettie] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] I guess that this is because somebody tried to access one of the SMTP ports with a logon attempt. This is understandable; there are crackers out there. I'd like to block SMTP completely from the originating sender (by dropping the IP packets), but don't know how to figure out what the IP address is. I don't see anything in the "maillog" that, for example, has the name "bettie" or some other clue. The only thing I see is a message like sendmail[5452]: v9HIoBox005452: [xxx.xxx.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA with a close timestamp, but I'm reluctant to tie the two log entries together. Is there some log, or log setting that might enable me to tie the do_auth error to a specific IP address? I'm very reluctant to change mail servers to postfix or something like that. The default sendmail LogLevel is 9, but if you bump it to 10 sendmail will log the remote IP address associated with auth failures. In your sendmail.mc file, set define(`confLOG_LEVEL', `10') Or, if you manually edit sendmail.cf (), then add O LogLevel=10 You'll send up with mail log messages that correspond to the saslauthd failures you've noted: 2017-10-17T10:42:39.099125-04:00 mightymite sendmail[7240]: v9HEgTgp597220: AUTH failure (LOGIN): authentication failure (-13) SASL(-13): authentication failure: checkpass failed, relay=[nnn.nnn.nnn.nnn] -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] nfsvers and nfs-utils-1.3.0-0.48.el7
We encountered a weird problem today, and I thought some of you might like to hear the solution. The underlying change was listed in the 7.4 changelog, so it's not a bug, but it may drive you buggy. The majority of our HPC cluster nodes run CentOS 7, though the exact patch levels vary from node to node. None is older than 7.3, but a few newer nodes were kickstarted right to 7.4. The problem was that our mounts of Isilon NFS exports were failing randomly among the nodes. Routing was fine. Network connectivity was fine. The short answer is that the default in 7.4, and I think in the nfs-utils-1.3.0-0.48.el7 package in particular, has changed. While NFS v4.0 was the default up to 7.3, the 7.4 protocols are subtly different: 1. Try NFS v4.1 first 2. Fail down to NFS v3 3. Fail down to NFS v2 The problem is that our Isilon works with NFS v4.0, not 4.1, but 4.0 is not in the fail-down path. The short-term answer is to specify nfsvers=4.0 in our autofs configuration files, which works like a charm. Like I said, this was an announced change, but the implications escaped us until now. So this little writeup is just for the record. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] how to prevent files and directories from being deleted?
On Tue, 3 Oct 2017, hw wrote: Alexander Dalloz writes: Am 01.10.2017 um 17:21 schrieb hw: Hi, how can I prevent files/directories like /var/run/mariadb from being deleted on reboot? Lighttpd has the same problem. This breaks services and makes servers non-restartable by anyone else but the administrator who needs to re-create the needed files and directories every time and has to figure out what selinux labels they need. This causes unnecessary downtimes. This is entirely inacceptable. This totally sucks. On CentOS 7 machines, the /run mountpoint (available via symlink as /var/run) is a temporary filesystem. Try "df -h /run" to see for yourself. That whole directory lives in memory. Using systemd-tmpfiles is the most reliable method for ensuring your /run directories are created and given correct perms at boot. The syntax for /etc/tmpfiles.d/*.conf isn't terribly difficult, and the files there are easy to manage. See the tmpfiles.d(5) man page for details and examples. Once your file is in place, you can activate it without messing with other temp files: systemd-tmpfiles --create /etc/tmpfiles.d/your.conf -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] gtk3 update causing havoc
{ /* No stock image, or stock item not known. Try regular @@ -4878,7 +4627,12 @@ update_frame_tool_bar (struct frame *f) w = NULL; else if (stock_name) { + +#if GTK_CHECK_VERSION (3, 10, 0) + w = gtk_image_new_from_icon_name (stock_name, icon_size); +#else w = gtk_image_new_from_stock (stock_name, icon_size); +#endif g_object_set_data_full (G_OBJECT (w), XG_TOOL_BAR_STOCK_NAME, (gpointer) xstrdup (stock_name), (GDestroyNotify) xfree); @@ -4920,7 +4674,7 @@ update_frame_tool_bar (struct frame *f) { if (! x->toolbar_is_packed) xg_pack_tool_bar (f, f->tool_bar_position); - gtk_widget_show_all (TOOLBAR_TOP_WIDGET (x)); + gtk_widget_show_all (x->toolbar_widget); if (xg_update_tool_bar_sizes (f)) xg_height_or_width_changed (f); } @@ -4939,11 +4693,9 @@ free_frame_tool_bar (struct frame *f) if (x->toolbar_widget) { struct xg_frame_tb_info *tbinfo; - GtkWidget *top_widget = TOOLBAR_TOP_WIDGET (x); + GtkWidget *top_widget = x->toolbar_widget; block_input (); - /* We may have created the toolbar_widget in xg_create_tool_bar, but - not the x->handlebox_widget which is created in xg_pack_tool_bar. */ if (x->toolbar_is_packed) { if (x->toolbar_in_hbox) @@ -4957,7 +4709,7 @@ free_frame_tool_bar (struct frame *f) gtk_widget_destroy (x->toolbar_widget); x->toolbar_widget = 0; - TOOLBAR_TOP_WIDGET (x) = 0; + x->toolbar_widget = 0; x->toolbar_is_packed = false; FRAME_TOOLBAR_TOP_HEIGHT (f) = FRAME_TOOLBAR_BOTTOM_HEIGHT (f) = 0; FRAME_TOOLBAR_LEFT_WIDTH (f) = FRAME_TOOLBAR_RIGHT_WIDTH (f) = 0; @@ -4982,7 +4734,7 @@ void xg_change_toolbar_position (struct frame *f, Lisp_Object pos) { struct x_output *x = f->output_data.x; - GtkWidget *top_widget = TOOLBAR_TOP_WIDGET (x); + GtkWidget *top_widget = x->toolbar_widget; if (! x->toolbar_widget || ! top_widget) return; @@ -5026,9 +4778,6 @@ xg_initialize (void) gdpy_def = NULL; xg_ignore_gtk_scrollbar = 0; -#ifdef HAVE_GTK_TEAROFF_MENU_ITEM_NEW - xg_detached_menus = 0; -#endif xg_menu_cb_list.prev = xg_menu_cb_list.next = xg_menu_item_cb_list.prev = xg_menu_item_cb_list.next = 0; diff --git a/src/gtkutil.h b/src/gtkutil.h index 5176be6..37d2900 100644 --- a/src/gtkutil.h +++ b/src/gtkutil.h @@ -107,8 +107,6 @@ extern void xg_update_frame_menubar (struct frame *f); extern bool xg_event_is_for_menubar (struct frame *, const XEvent *); -extern bool xg_have_tear_offs (struct frame *f); - extern ptrdiff_t xg_get_scroll_id_for_window (Display *dpy, Window wid); extern void xg_create_scroll_bar (struct frame *f, diff --git a/src/xmenu.c b/src/xmenu.c index 53683c7..77fc4ef 100644 --- a/src/xmenu.c +++ b/src/xmenu.c @@ -793,12 +793,6 @@ set_frame_menubar (struct frame *f, bool first_time, bool deep_p) f->output_data.x->saved_menu_event->type = 0; } -#ifdef USE_GTK - /* If we have detached menus, we must update deep so detached menus - also gets updated. */ - deep_p = deep_p || xg_have_tear_offs (f); -#endif - if (deep_p) { /* Make a widget-value tree representing the entire menu trees. */ diff --git a/src/xterm.h b/src/xterm.h index 4683a4c..1fb3f0a 100644 --- a/src/xterm.h +++ b/src/xterm.h @@ -491,10 +491,6 @@ struct x_output GtkWidget *menubar_widget; /* The tool bar in this frame */ GtkWidget *toolbar_widget; -#ifdef HAVE_GTK_HANDLE_BOX_NEW -/* The handle box that makes the tool bar detachable. */ - GtkWidget *handlebox_widget; -#endif /* True if tool bar is packed into the hbox widget (i.e. vertical). */ bool_bf toolbar_in_hbox : 1; bool_bf toolbar_is_packed : 1; On Fri, Sep 22, 2017 at 5:31 PM, Frank Cox wrote: > On Fri, 22 Sep 2017 17:04:14 -0500 > Paul Johnson wrote: > >> The bad problem I see now is that Emacs and Chromium-browser, which >> rely on gtk3 don't work properly anymore. In Emacs, the symptom is >> that the ribbon of buttons under the pull down menu will no longer >> show. In Chromium, the buttons and other widget things on the top >> are an ugly yellow distortion. > > Un-intuitive as it may be, you may just need to start using either the > Adwaita or Clearlooks-phenix theme. > > One chap I know of that's using the CERN linux told me that solved a problem > similar to yours by using the clearlooks-phenix theme. > > I use clearlooks-phenix here to solve a different set of problems (menus on > Gnome-terminal and Geany), and I don't really like the way Adwaita looks. > > Here's the solution if you want to try it: > > yum install clearlooks-phenix-gtk2-theme clearlooks-phenix-gtk3-theme > > Go to the look and feel preferences setting on your desktop and select > Clearlooks-phenix from the list. > > And afterward you can > > yum remove mate-themes > > if you want because it's not needed any more (assuming that you're using > mate, that is). > > > -- > MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- Paul E. Johnson http://pj.freefaculty.org Director, Center for Research Methods and Data Analysis http://crmda.ku.edu To write to me directly, please address me at pauljohn at ku.edu. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] gtk3 update causing havoc
On my lab systems, the automatic updates were failing because of the problems with ipod libraries from EPEL being in the way. It turns out that was a good thing, because when I "fixed" it, a massive set of packages was updated, including the new gtk3. These packages are the ones causing problems, I think. gtk3-3.22.10-4.el7.x86_64 gtk3-devel-3.22.10-4.el7.x86_64 In the release notes, there is mention of the "giant icon" problem and how to fix that. We understand that part. The bad problem I see now is that Emacs and Chromium-browser, which rely on gtk3 don't work properly anymore. In Emacs, the symptom is that the ribbon of buttons under the pull down menu will no longer show. In Chromium, the buttons and other widget things on the top are an ugly yellow distortion. I've recompiled the Emacs that comes with EL7, as well as 24.5, and the Emacs behaves the same way, no buttons show. The buttons are invisible, but still there. If you click in there, you can get lucky. Do you see it too in Emacs? I see some posts that say the Gnome themes don't work any more with GTK and those themes should have been deprecated by the gtk3 packages. I don't think the theme is the cause because I see same problem in both Gnome and XFCE4 desktops. I see it also if I SSH into the machine and run emacs forwarded over X11. I just realized that on Ubuntu I'm running gtk-3.22.11 with Emacs 24.5 and the icons do show. Maybe there is a change in the compiler flag for Emacs that I'm missing. pj -- Paul E. Johnson http://pj.freefaculty.org Director, Center for Research Methods and Data Analysis http://crmda.ku.edu To write to me directly, please address me at pauljohn at ku.edu. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Installation on Knights Landing (KNL) machines failure
On Tue, 22 Aug 2017, m.r...@5-cent.us wrote: YES. I was unable to build my four nodes using PXEboot, because the damn thing won't take what it's given, and won't skip to the default target. It INSISTS (ok, it is in the RFC, but...) on trying its MAC, or maybe it's the UUID, I disremember, and spends *MINUTES - 4? 5? then tries again by shortening it by one char, and again, and again, and by the time it tries default, it's literally FIFTEEN MINUTES LATER, and the tftp/pxe has timed out. Mark, I haven't faced the slow iterations you're seeing, but I sometimes use a shell script I wrote for naming PXE configuration files on per-IPv4 bases: https://github.com/heinlein/pxehex I don't know if it will help in your case, but I thought I'd pass it along. -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Custom kickstart post section on usb thumbdrive
On Mon, 14 Aug 2017, Jerry Geis wrote: Hi All, I am attempting to create a custom USB drive for kickstart install. [... much snippage ...] But I would also like to create a custom directory on the ISO and put some files in there for a custom POST section. I was not able to find an example with a custom POST section on the ISO. Anyone have any examples? The trouble I think you'll encounter is that the %post section of the kickstart operation is chroot-ed into the new system. You won't be able to see the original ISO, as far as I know. The %pre section is *not* run in the chroot environment, but it's run prior to partitioning the system disk, so I don't know how you'd copy files unless you did all your partitioning in %pre, reserving one partition for your %post data. I think what I'd do is create and install a custom rpm with the data files you want available during %post. Of course, that means you'll have to hack the repo on your USB drive, so it's not really a lightweight solution. -- Paul Heinlein <> heinl...@madboa.com <> https://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7 specific cure for Spamassassin DNS lookup problem
On Thu, 10 Aug 2017, Gary Stainburn wrote: I have the following error message in my /var/log/spamd spf: lookup failed: available_nameservers: No DNS servers available! Having Googled the error message I've found a number of responses which involve patching Perl or Spamassassin or other cures. Before I start changing things I was wondering if there was a Centos 7 specific resolution. Where possible, on production machines I prefer to stay with RPM's rather than amending software directly. I run SpamAssassin on CentOS 7; the SPF plugin is loaded via /etc/mail/spamassassin/init.pre. I have no trouble with spf at all. Is it possible the problem is with local DNS resolution? -- Paul Heinlein <> heinl...@madboa.com <> https://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] E-invoicing to OpenPeppol with Oxalis on CentOS anyone ?
Hello list, I'm desperately trying to get the latest Oxalis software (https://github.com/difi/oxalis ) to run in Tomcat on CentOS 6.9 but I'm getting a obscure Java error. Something about a a method not found: Java.lang.NoSuchMethodError: sun.security.provider.certpath.OCSP.check(Ljava/security/cert/X509Certif Has anyone succesfully implemented this on CentOS 6.x ? Tomcat is running fine behind Apache. All software up to date. Tried many things already, also install Oxalis from source but that fails with different problems. I found that OSCP checking is default disabled in Java (true ?) and tried to enable it with by adding the commandline switches: java -Dcom.sun.security.enableCRLDP=true \ -Dcom.sun.net.ssl.checkRevocation=true but no luck I filed a bug report on github, details about the exact error: https://github.com/difi/oxalis/issues/297 Any help appreciated. -- Paul ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Thanks to every one
On Tue, 18 Jul 2017, Jonathan Billings wrote: Also, if your researchers can't write code that performs checkpoints, they're going to be awfully unhappy when a bug in their code makes it segfault 199 days into a 200 day run. +1 -- Paul Heinlein <> heinl...@madboa.com <> https://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.9, shredding a RAID
On Wed, 31 May 2017, m.r...@5-cent.us wrote: I've got an old RAID that I attached to a box. LSI card, and the RAID has 12 drives, for a total RAID size of 9.1TB, I think. I started shred /dev/sda the Friday before last... and it's still running. Is this reasonable for it to be taking this long...? Unless you specified non-default options, shred overwrites each file three times -- and writing 27 TB to an old RAID array will be extremely slow. Also, shred has a builtin PRNG, and I'm not really sure how speedy it is. Still, 12 days seems like a really long time... -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fix for the CVE-2017-7494?
On Fri, 26 May 2017, Christian, Mark wrote: On Fri, 2017-05-26 at 11:19 -0400, Bernard Fay wrote: Hi, Does a fix has already been made in the CenOS RPM repositories for this Samba remote execution code vulnerability, CVE-2017-7494? yes. samba-3.6.23-43.el6_9.x86_64.rpm And samba-*-4.4.4-14.el7_3.x86_64 -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] more recent perl version?
On Wed, 24 May 2017, hw wrote: Paul Heinlein schrieb: On Tue, 23 May 2017, m.r...@5-cent.us wrote: > hw wrote: > > > > are there packages replacing the ancient perl version in > > Centos 7 with a more recent one, like 5.24? At least the > > state feature is required. Perl 5.24 is available in SCL, in the centos-sclo-rh repository. Thanks, I tried rh-perl, and it worked for a test. It does not replace the existing perl installation. You have to explicitly use that version. Not replacing the existing system Perl is a feature, not a bug. It allows the 'Enterprise' side of CentOS to keep going with no unexpected surprises. I?m not sure if that?s possible for CGI. I do get 5.24 after running 'scl enable rh-perl524 bash'. Is there a way to get that for CGI? It all depends on how you launch your CGI, but in general there shouldn't be a problem beginning your script with #!/opt/rh/.../perl -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] more recent perl version?
On Tue, 23 May 2017, m.r...@5-cent.us wrote: hw wrote: are there packages replacing the ancient perl version in Centos 7 with a more recent one, like 5.24? At least the state feature is required. Perl 5.24 is available in SCL, in the centos-sclo-rh repository. [root ~]# yum info rh-perl524-perl Name: rh-perl524-perl Arch: x86_64 Epoch : 4 Version : 5.24.0 Release : 379.el7 Size: 6.0 M Repo: centos-sclo-rh/x86_64 Summary : Practical Extraction and Report Language -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] running tomcat as non-root user.. (/var/run pidfile issue)
On Thu, 4 May 2017, Alexander Dalloz wrote: Am 04.05.2017 um 18:35 schrieb Paul Heinlein: The second method is to add an ExecStartPre to /usr/lib/systemd/system/tomcat.service, e.g., Sorry, no. Better not touch the service files in /usr/lib/systemd/system which ship with the associated packages. You create user custom service files in /etc/systemd/system/. Easiest by "systemctl edit foo.service". Alexander is 100% correct here. Please excuse my oversight. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos