Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-15 Thread Jose_De_La_Rosa 
A new Dockerfile for OMSA has been pushed, new Docker image created using 
CentOS 7.2. Preliminary testing looks good, but not thoroughly tested.

https://github.com/jose-delarosa/docker-images/tree/master/openmanage81
https://hub.docker.com/r/jdelaros1/openmanage/

Report any issues directly to me or in github.

Jose De la Rosa
Linux Engineering
Dell | Enterprise Solutions Group

From: linux-poweredge-bounces-Lists On Behalf Of De La Rosa, Jose
Sent: Tuesday, December 15, 2015 2:03 PM
To: jean-daniel.tis...@univ-fcomte.fr; bd...@cam.ac.uk; linux-poweredge-Lists
Subject: Re: [Linux-PowerEdge] Debian Jessie repo

Jean-Daniel,

It's not the SSL certificate that's causing the issue but rather some of the 
ciphers that the web server supports in 
/opt/dell/srvadmin/lib64/openmanage/apache-tomcat/conf/server.xml. Removing the 
weak DHE ciphers addresses the issue in Chrome, but need to verify it doesn't 
affect overall functionality, and also testing with stronger ECDHE ciphers.

Jose De la Rosa
Linux Engineering
Dell | Enterprise Solutions Group

From: Jean-Daniel TISSOT [mailto:jean-daniel.tis...@univ-fcomte.fr]
Sent: Tuesday, December 15, 2015 11:33 AM
To: Ben; linux-poweredge-Lists; De La Rosa, Jose
Subject: Re: [Linux-PowerEdge] Debian Jessie repo

All my browsers reject certificates too weak. How can I install a stronger one.
Could Jose De la Rosa make a docker file with a stronger certificate ?
It will be nice.

Thanks.
Le 15. 12. 15 16:50, Ben a écrit :

On Tue, 15 Dec 2015, josh_mo...@dell.com<mailto:josh_mo...@dell.com> wrote:



The default certificate included with OMSA is a self-signed certificate

with a weaker hashing algorithm. It is a best practice to replace the

default certificate with your own stronger signed certificate.

[...]



Here's an idea: how about Dell change the self-signed certificate to use a

stronger/supported hashing algorithm?  That benefits everyone on all kinds

of levels.



Ben

--
Bien cordialement, Jean-Daniel 
TISSOT<http://chrono-environnement.univ-fcomte.fr/spip.php?article457>
Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement<http://chrono-environnement.univ-fcomte.fr/>
16, Route de Gray
25030 BESANÇON Cédex

Plan et 
Accès<https://mapsengine.google.com/map/viewer?mid=zjsxW4ZzZPLY.kp2qPHUBD45c>
___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-15 Thread Jose_De_La_Rosa 
Jean-Daniel,

It's not the SSL certificate that's causing the issue but rather some of the 
ciphers that the web server supports in 
/opt/dell/srvadmin/lib64/openmanage/apache-tomcat/conf/server.xml. Removing the 
weak DHE ciphers addresses the issue in Chrome, but need to verify it doesn't 
affect overall functionality, and also testing with stronger ECDHE ciphers.

Jose De la Rosa
Linux Engineering
Dell | Enterprise Solutions Group

From: Jean-Daniel TISSOT [mailto:jean-daniel.tis...@univ-fcomte.fr]
Sent: Tuesday, December 15, 2015 11:33 AM
To: Ben; linux-poweredge-Lists; De La Rosa, Jose
Subject: Re: [Linux-PowerEdge] Debian Jessie repo

All my browsers reject certificates too weak. How can I install a stronger one.
Could Jose De la Rosa make a docker file with a stronger certificate ?
It will be nice.

Thanks.

Le 15. 12. 15 16:50, Ben a écrit :

On Tue, 15 Dec 2015, josh_mo...@dell.com<mailto:josh_mo...@dell.com> wrote:



The default certificate included with OMSA is a self-signed certificate

with a weaker hashing algorithm. It is a best practice to replace the

default certificate with your own stronger signed certificate.

[...]



Here's an idea: how about Dell change the self-signed certificate to use a

stronger/supported hashing algorithm?  That benefits everyone on all kinds

of levels.



Ben

--
Bien cordialement, Jean-Daniel 
TISSOT<http://chrono-environnement.univ-fcomte.fr/spip.php?article457>
Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement<http://chrono-environnement.univ-fcomte.fr/>
16, Route de Gray
25030 BESANÇON Cédex

Plan et 
Accès<https://mapsengine.google.com/map/viewer?mid=zjsxW4ZzZPLY.kp2qPHUBD45c>
___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-15 Thread Jean-Daniel TISSOT 
All my browsers reject certificates too weak. How can I install a stronger one.
Could Jose De la Rosa make a docker file with a stronger certificate ?
It will be nice.

Thanks.


Le 15. 12. 15 16:50, Ben a écrit :
> On Tue, 15 Dec 2015, josh_mo...@dell.com wrote:
>
>> The default certificate included with OMSA is a self-signed certificate 
>> with a weaker hashing algorithm. It is a best practice to replace the 
>> default certificate with your own stronger signed certificate.
>> [...]
> Here's an idea: how about Dell change the self-signed certificate to use a 
> stronger/supported hashing algorithm?  That benefits everyone on all kinds 
> of levels.
>
> Ben

-- 
Bien cordialement, Jean-Daniel TISSOT 

Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement 
16, Route de Gray
25030 BESANÇON Cédex

Plan et Accès 



smime.p7s
Description: Signature cryptographique S/MIME
___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-15 Thread Ben 
On Tue, 15 Dec 2015, josh_mo...@dell.com wrote:

> The default certificate included with OMSA is a self-signed certificate 
> with a weaker hashing algorithm. It is a best practice to replace the 
> default certificate with your own stronger signed certificate.
> [...]

Here's an idea: how about Dell change the self-signed certificate to use a 
stronger/supported hashing algorithm?  That benefits everyone on all kinds 
of levels.

Ben
-- 
Unix Support, UIS, University of Cambridge, England

___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-15 Thread Josh_Moore 
Dell - Internal Use - Confidential
The default certificate included with OMSA is a self-signed certificate with a 
weaker hashing algorithm.
It is a best practice to replace the default certificate with your own stronger 
signed certificate.

Not all browsers block these keys outright, but you can override the behavior 
of your browser to block this certificate, if only long enough to replace the 
default certificate.

Josh Moore
Enterprise Master Engineer - Server Solutions, HPC/Cloud
RHCE, RHCSA-RHOS 
(120-095-146<https://www.redhat.com/wapps/training/certification/verify.html;jsessionid=zuu-TS5+X5t7hqSpWRrrJsRI.b2a6cea7?certNumber=120-095-146&isSearch=False&verify=Verify>)
 | LPIC-3 Core + Security
Dell | Support Services
office +1 512 723-5108
josh_mo...@dell.com<mailto:josh_mo...@dell.com>

How am I doing? Please e-mail my manager Brian 
Olson<mailto:brian_ol...@dell.com> with any feedback

From: Jean-Daniel TISSOT [mailto:jean-daniel.tis...@univ-fcomte.fr]
Sent: Tuesday, December 15, 2015 9:27 AM
To: Moore, Josh ; linux-poweredge-Lists 

Subject: Re: [Linux-PowerEdge] Debian Jessie repo

Hi,

Got an error about ssl : ssl_error_weak_server_ephemeral_dh_key

Is it my configuration or ssl security weak on docker image ?
Le 14. 12. 15 19:22, josh_mo...@dell.com<mailto:josh_mo...@dell.com> a écrit :

Dell - Internal Use - Confidential
You would not want the OMSA services running at the same time as the docker 
image omsa services. I would expect that stopping the srvadmin services would 
be sufficient.
At least while you were testing the docker image.

Josh Moore
Enterprise Master Engineer - Server Solutions, HPC/Cloud
RHCE, RHCSA-RHOS 
(120-095-146<https://www.redhat.com/wapps/training/certification/verify.html;jsessionid=zuu-TS5+X5t7hqSpWRrrJsRI.b2a6cea7?certNumber=120-095-146&isSearch=False&verify=Verify>)
 | LPIC-3 Core + Security
Dell | Support Services
office +1 512 723-5108
josh_mo...@dell.com<mailto:josh_mo...@dell.com>

How am I doing? Please e-mail my manager Brian 
Olson<mailto:brian_ol...@dell.com> with any feedback

From: Jean-Daniel TISSOT [mailto:jean-daniel.tis...@univ-fcomte.fr]
Sent: Monday, December 14, 2015 12:01 PM
To: Moore, Josh <mailto:josh_mo...@dell.com>; 
chu...@gmail.com<mailto:chu...@gmail.com>; linux-poweredge-Lists 
<mailto:linux-powere...@lists.us.dell.com>
Subject: Re: [Linux-PowerEdge] Debian Jessie repo

Hi,

Many Thanks.

Does srvadmin-all must be uninstalled before running Docker file ?
I'm a newbie in Docker.
Le 14. 12. 15 18:39, josh_mo...@dell.com<mailto:josh_mo...@dell.com> a écrit :

Dell - Internal Use - Confidential
I did not see whether anyone has provided an answer to this, I cannot answer it 
myself.
However, if that repo is no longer being updated this other project may 
interest you.

http://en.community.dell.com/techcenter/b/techcenter/archive/2015/08/10/running-openmanage-server-administrator-in-a-docker-container


Josh Moore
Enterprise Master Engineer
RHCE, RHCSA-RHOS 
(120-095-146<https://www.redhat.com/wapps/training/certification/verify.html;jsessionid=zuu-TS5+X5t7hqSpWRrrJsRI.b2a6cea7?certNumber=120-095-146&isSearch=False&verify=Verify>)
 | LPIC-3 Core + Security
Dell | Support Services


From: linux-poweredge-bounces-Lists On Behalf Of ch urnd
Sent: Friday, December 11, 2015 9:47 AM
To: linux-poweredge-Lists 
<mailto:linux-powere...@lists.us.dell.com>
Subject: [Linux-PowerEdge] Debian Jessie repo

I tried installing the debian jessie repo as outlined here:  
http://linux.dell.com/repo/community/ubuntu/

However, apt-get update then apt-cache search srvadmin returns nothing.  Are 
those repos still working?





___

Linux-PowerEdge mailing list

Linux-PowerEdge@dell.com<mailto:Linux-PowerEdge@dell.com>

https://lists.us.dell.com/mailman/listinfo/linux-poweredge

--
Bien cordialement, Jean-Daniel 
TISSOT<http://chrono-environnement.univ-fcomte.fr/spip.php?article457>
Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement<http://chrono-environnement.univ-fcomte.fr/>
16, Route de Gray
25030 BESANÇON Cédex

Plan et 
Accès<https://mapsengine.google.com/map/viewer?mid=zjsxW4ZzZPLY.kp2qPHUBD45c>

--
Bien cordialement, Jean-Daniel 
TISSOT<http://chrono-environnement.univ-fcomte.fr/spip.php?article457>
Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement<http://chrono-environnement.univ-fcomte.fr/>
16, Route de Gray
25030 BESANÇON Cédex

Plan et 
Accès<https://mapsengine.google.com/map/viewer?mid=zjsxW4ZzZPLY.kp2qPHUBD45c>
___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-15 Thread Jean-Daniel TISSOT 
Hi,

Got an error about ssl : ssl_error_weak_server_ephemeral_dh_key

Is it my configuration or ssl security weak on docker image ?

Le 14. 12. 15 19:22, josh_mo...@dell.com a écrit :
>
> *Dell - Internal Use - Confidential *
>
> You would not want the OMSA services running at the same time as the docker 
> image omsa services. I would expect that stopping the srvadmin services would 
> be sufficient.
>
> At least while you were testing the docker image.
>
>  
>
> *Josh Moore*
>
> *Enterprise Master Engineer*- Server Solutions, HPC/Cloud
>
> RHCE, RHCSA-RHOS (120-095-146 
> <https://www.redhat.com/wapps/training/certification/verify.html;jsessionid=zuu-TS5+X5t7hqSpWRrrJsRI.b2a6cea7?certNumber=120-095-146&isSearch=False&verify=Verify>)
>  | LPIC-3 Core + Security
>
> *Dell*| Support Services**
>
> *office*+1 512 723-5108
>
> josh_mo...@dell.com <mailto:josh_mo...@dell.com>
>
>
> How am I doing? Please e-mail my manager Brian Olson 
> <mailto:brian_ol...@dell.com>with any feedback
>
>  
>
> *From:*Jean-Daniel TISSOT [mailto:jean-daniel.tis...@univ-fcomte.fr]
> *Sent:* Monday, December 14, 2015 12:01 PM
> *To:* Moore, Josh ; chu...@gmail.com; 
> linux-poweredge-Lists 
> *Subject:* Re: [Linux-PowerEdge] Debian Jessie repo
>
>  
>
> Hi,
>
> Many Thanks.
>
> Does srvadmin-all must be uninstalled before running Docker file ?
> I'm a newbie in Docker.
>
> Le 14. 12. 15 18:39, josh_mo...@dell.com <mailto:josh_mo...@dell.com> a écrit 
> :
>
> *Dell - Internal Use - Confidential *
>
> I did not see whether anyone has provided an answer to this, I cannot 
> answer it myself.
>
> However, if that repo is no longer being updated this other project may 
> interest you.
>
>  
>
> 
> http://en.community.dell.com/techcenter/b/techcenter/archive/2015/08/10/running-openmanage-server-administrator-in-a-docker-container
>  
>
>  
>
>  
>
> *Josh Moore*
>
> Enterprise Master Engineer
>
> RHCE, RHCSA-RHOS (120-095-146 
> <https://www.redhat.com/wapps/training/certification/verify.html;jsessionid=zuu-TS5+X5t7hqSpWRrrJsRI.b2a6cea7?certNumber=120-095-146&isSearch=False&verify=Verify>)
>  | LPIC-3 Core + Security
>
> *Dell*| Support Services
>
>  
>
>  
>
> *From:*linux-poweredge-bounces-Lists *On Behalf Of *ch urnd
> *Sent:* Friday, December 11, 2015 9:47 AM
> *To:* linux-poweredge-Lists  
> <mailto:linux-powere...@lists.us.dell.com>
> *Subject:* [Linux-PowerEdge] Debian Jessie repo
>
>  
>
> I tried installing the debian jessie repo as outlined here:  
> http://linux.dell.com/repo/community/ubuntu/
>
> However, apt-get update then apt-cache search srvadmin returns nothing.  
> Are those repos still working?
>
>
>
>
> ___
>
> Linux-PowerEdge mailing list
>
> Linux-PowerEdge@dell.com <mailto:Linux-PowerEdge@dell.com>
>
> https://lists.us.dell.com/mailman/listinfo/linux-poweredge
>
>  
>
> -- 
> Bien cordialement, Jean-Daniel TISSOT 
> <http://chrono-environnement.univ-fcomte.fr/spip.php?article457>
> Administrateur Systèmes et Réseaux
> Tel: +33 3 81 666 440 Fax: +33 3 81 666 568
>
> Laboratoire Chrono-environnement <http://chrono-environnement.univ-fcomte.fr/>
> 16, Route de Gray
> 25030 BESANÇON Cédex
>
> Plan et Accès 
> <https://mapsengine.google.com/map/viewer?mid=zjsxW4ZzZPLY.kp2qPHUBD45c>
>

-- 
Bien cordialement, Jean-Daniel TISSOT 
<http://chrono-environnement.univ-fcomte.fr/spip.php?article457>
Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement <http://chrono-environnement.univ-fcomte.fr/>
16, Route de Gray
25030 BESANÇON Cédex

Plan et Accès 
<https://mapsengine.google.com/map/viewer?mid=zjsxW4ZzZPLY.kp2qPHUBD45c>


smime.p7s
Description: Signature cryptographique S/MIME
___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-14 Thread Josh_Moore 
Dell - Internal Use - Confidential
You would not want the OMSA services running at the same time as the docker 
image omsa services. I would expect that stopping the srvadmin services would 
be sufficient.
At least while you were testing the docker image.

Josh Moore
Enterprise Master Engineer - Server Solutions, HPC/Cloud
RHCE, RHCSA-RHOS 
(120-095-146<https://www.redhat.com/wapps/training/certification/verify.html;jsessionid=zuu-TS5+X5t7hqSpWRrrJsRI.b2a6cea7?certNumber=120-095-146&isSearch=False&verify=Verify>)
 | LPIC-3 Core + Security
Dell | Support Services
office +1 512 723-5108
josh_mo...@dell.com<mailto:josh_mo...@dell.com>

How am I doing? Please e-mail my manager Brian 
Olson<mailto:brian_ol...@dell.com> with any feedback

From: Jean-Daniel TISSOT [mailto:jean-daniel.tis...@univ-fcomte.fr]
Sent: Monday, December 14, 2015 12:01 PM
To: Moore, Josh ; chu...@gmail.com; linux-poweredge-Lists 

Subject: Re: [Linux-PowerEdge] Debian Jessie repo

Hi,

Many Thanks.

Does srvadmin-all must be uninstalled before running Docker file ?
I'm a newbie in Docker.
Le 14. 12. 15 18:39, josh_mo...@dell.com<mailto:josh_mo...@dell.com> a écrit :

Dell - Internal Use - Confidential
I did not see whether anyone has provided an answer to this, I cannot answer it 
myself.
However, if that repo is no longer being updated this other project may 
interest you.

http://en.community.dell.com/techcenter/b/techcenter/archive/2015/08/10/running-openmanage-server-administrator-in-a-docker-container


Josh Moore
Enterprise Master Engineer
RHCE, RHCSA-RHOS 
(120-095-146<https://www.redhat.com/wapps/training/certification/verify.html;jsessionid=zuu-TS5+X5t7hqSpWRrrJsRI.b2a6cea7?certNumber=120-095-146&isSearch=False&verify=Verify>)
 | LPIC-3 Core + Security
Dell | Support Services


From: linux-poweredge-bounces-Lists On Behalf Of ch urnd
Sent: Friday, December 11, 2015 9:47 AM
To: linux-poweredge-Lists 
<mailto:linux-powere...@lists.us.dell.com>
Subject: [Linux-PowerEdge] Debian Jessie repo

I tried installing the debian jessie repo as outlined here:  
http://linux.dell.com/repo/community/ubuntu/

However, apt-get update then apt-cache search srvadmin returns nothing.  Are 
those repos still working?




___

Linux-PowerEdge mailing list

Linux-PowerEdge@dell.com<mailto:Linux-PowerEdge@dell.com>

https://lists.us.dell.com/mailman/listinfo/linux-poweredge

--
Bien cordialement, Jean-Daniel 
TISSOT<http://chrono-environnement.univ-fcomte.fr/spip.php?article457>
Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement<http://chrono-environnement.univ-fcomte.fr/>
16, Route de Gray
25030 BESANÇON Cédex

Plan et 
Accès<https://mapsengine.google.com/map/viewer?mid=zjsxW4ZzZPLY.kp2qPHUBD45c>
___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-14 Thread Jean-Daniel TISSOT 
Hi,

Many Thanks.

Does srvadmin-all must be uninstalled before running Docker file ?
I'm a newbie in Docker.

Le 14. 12. 15 18:39, josh_mo...@dell.com a écrit :
>
> *Dell - Internal Use - Confidential *
>
> I did not see whether anyone has provided an answer to this, I cannot answer 
> it myself.
>
> However, if that repo is no longer being updated this other project may 
> interest you.
>
>  
>
> http://en.community.dell.com/techcenter/b/techcenter/archive/2015/08/10/running-openmanage-server-administrator-in-a-docker-container
>  
>
>  
>
>  
>
> *Josh Moore*
>
> Enterprise Master Engineer
>
> RHCE, RHCSA-RHOS(120-095-146 
> )
>  | LPIC-3 Core + Security
>
> *Dell*| Support Services**
>
>  
>
>  
>
> *From:*linux-poweredge-bounces-Lists *On Behalf Of *ch urnd
> *Sent:* Friday, December 11, 2015 9:47 AM
> *To:* linux-poweredge-Lists 
> *Subject:* [Linux-PowerEdge] Debian Jessie repo
>
>  
>
> I tried installing the debian jessie repo as outlined here:  
> http://linux.dell.com/repo/community/ubuntu/
>
> However, apt-get update then apt-cache search srvadmin returns nothing.  Are 
> those repos still working?
>
>
>
> ___
> Linux-PowerEdge mailing list
> Linux-PowerEdge@dell.com
> https://lists.us.dell.com/mailman/listinfo/linux-poweredge

-- 
Bien cordialement, Jean-Daniel TISSOT 

Administrateur Systèmes et Réseaux
Tel: +33 3 81 666 440 Fax: +33 3 81 666 568

Laboratoire Chrono-environnement 
16, Route de Gray
25030 BESANÇON Cédex

Plan et Accès 



smime.p7s
Description: Signature cryptographique S/MIME
___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge

Re: [Linux-PowerEdge] Debian Jessie repo

2015-12-14 Thread Josh_Moore 
Dell - Internal Use - Confidential
I did not see whether anyone has provided an answer to this, I cannot answer it 
myself.
However, if that repo is no longer being updated this other project may 
interest you.

http://en.community.dell.com/techcenter/b/techcenter/archive/2015/08/10/running-openmanage-server-administrator-in-a-docker-container


Josh Moore
Enterprise Master Engineer
RHCE, RHCSA-RHOS 
(120-095-146)
 | LPIC-3 Core + Security
Dell | Support Services


From: linux-poweredge-bounces-Lists On Behalf Of ch urnd
Sent: Friday, December 11, 2015 9:47 AM
To: linux-poweredge-Lists 
Subject: [Linux-PowerEdge] Debian Jessie repo

I tried installing the debian jessie repo as outlined here:  
http://linux.dell.com/repo/community/ubuntu/

However, apt-get update then apt-cache search srvadmin returns nothing.  Are 
those repos still working?
___
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge