Re: [SCIENTIFIC-LINUX-USERS] XFS vs Ext4

2023-12-05 Thread Jose Marques 
We use EXT4 mostly. We find it to be more robust for lab machines, and more 
efficient for VMs. XFS is limited to cases where its more advanced features are 
useful. We treat our user facing systems as being "disposable", if they develop 
a software/filesystem issue we usually wipe and reinstall rather than try to 
fix same. Important storage is mounted from separate storage servers.

Re: [SCIENTIFIC-LINUX-USERS] Fermilab/CERN recommendation for Linux distribution

2022-12-08 Thread Jose Marques 
We moved to Centos 8 for user facing servers, from Fedora, during the pandemic. 
We needed more stability. We switched to AlmaLinux 8 a few months before the 
Centos 8 went EoL (using the AlmaLinux migration script). We now use AlmaLinux 
9 and have no regrets.

On the topic of dnf vs. yum. From the admin PoV they're basically the same. 
Building RPMs works the same way, creating repos works the same way. I had to 
update our kickstart scripts. Most of our Puppet config was the same. The only 
problem was with older protocols being deprecated so we had to change the way 
we manage GPG keys. EL9 does not like older GPG keys, unless you switch to 
legacy crypto policies, but that only postpones the problem. We had keys on a 
per repository basis, with some repositories being shared across major 
versions. For EL9 we switch to having one key per major distribution version, 
with a separate set of repositories for each major version. We now use podman 
for building RPMs and creating repos, so it's not extra effort.

We also use Ubuntu, mostly because machine learning setups tend to be better 
supported on same. I've experimented with PXE autoinstall. It does the job but 
its nowhere near as powerful as kickstart. I have kickstart files that can 
generate a completely configured service VM just using the %post script. We 
only need Puppet for the ongoing management of systems. On Ubuntu I've not had 
much luck trying to get custom configuration to work in its YAML based config. 
I suspect we'll look at a push based system like Ansible for ongoing management 
on Ubuntu. We use Puppet because our EL9 clients are dual boot with Windows 11, 
and an agent works better in that setup.

I am grateful for Scientific Linux, but I'm not looking for further support for 
somebody else's distribution from its developers. There aren't the spare 
resources around any more to allow for that. They've got their own users and 
use cases to support now.

Re: [SCIENTIFIC-LINUX-USERS] perfect chick / egg problem

2022-01-15 Thread Jose Marques 
Back in the day, using Xorg. If you login to the console as a user, and then 
run an X app as root, then root can't talk to the X server because it doesn't 
have the shared secret in the user's ~/.Xauthority file. For non-NFS user home 
directories you can get around this by setting the XAUTHORITY environment for 
root to point at the user's ~/.Xauthority file, or just copy the user's 
~/.Xauthority to root's home directory. I don't know what happens with Weyland, 
but one can disable, take care though as some Xorg drivers are in bit-rot mode.

IIRC, YMMV, etc.

The University of St Andrews is a charity registered in Scotland, No: SC013532

On 15/01/2022, 20:25, "Mailing list for Scientific Linux users worldwide on 
behalf of Nico Kadel-Garcia"  wrote:

"su -" won't work, nor will "sudo" for X applications. "ssh -X -l
root" normally will, might try that to run root applications as a
non-root GUI user.

Re: [SCIENTIFIC-LINUX-USERS] perfect chick / egg problem

2022-01-15 Thread Jose Marques 
Did you use the DVD image? If you want a self-contained install, then the DVD 
ISO is a must. You need an 8GB or larger flash drive. The minimal and boot ISO 
are for use with things like Packer where you just need to run the installer 
and get the rest of the install over the network. Having said that it's been 
ages since we've used physical media.

I don't understand why you say Gnome can't run scripts to start apps. We do it 
all the time, usually to customise the app environment before invoking the 
vendor script. We're more into development tools but large complex scientific 
packages like MATLAB work fine once you work around dependency issues. e.g., 
the 2021a Linux installer shipped with an openssl library that was the same 
version as the system library but depended on another library that wasn't 
available in the exact minor version required, moving it out of the way let the 
installer run. MATLAB 2019a needed different command line arguments to run on 
machines with older Intel integrated graphics. Both had runtime dependencies 
that were not documented. This is common for commercial software which supports 
only specific Linux distributions, specific versions, and specific hardware, 
and one is not using same. For custom software like this we repackage as RPM so 
we don't have to repeat the same work for each install.

Gnome can be customised. When we moved to Fedora we used 
"gnome-classic-session" to bring back some EL6/EL7 features like the app bar at 
the bottom. We now use the same Puppet config on EL8. We were using Fedora 
before EL8 and were trying to emulate the former. I don't think I've seen what 
the EL8 UI looks like un-customised as all our workstation settings get laid 
down by kickstart and puppet. It was a lot of work to set up but that only 
needs to be done once. Now we can have a machine running with whatever setup we 
need in a very short time. If our user facing servers have a software issue, we 
find it easier to wipe and re-install than trying to fix them. We customise 
storage in the kickstart, so we only replace the boot volume. We use puppet to 
configure mounting other filesystems.

We're a small department. A couple hundred clients, a couple dozen servers. 
Mostly it's just me doing "Linux" with occasional help from others. We invested 
huge amounts of time and effort in kickstart, configuration management, and 
software packaging. The result is that we don't see the problems you describe. 
All the software was free, which is amazing. It wasn't without cost though.

The University of St Andrews is a charity registered in Scotland, No: SC013532

Re: [SCIENTIFIC-LINUX-USERS] Fix Linux Login Loop

2021-12-07 Thread Jose Marques 
Get at text console, pressing Control-Alt-F6 works on a test system I have here 
(other function keys may work). If you still can't login there may be more 
messages pointing at the cause. If you can login then it may be the disk or 
quota is full. It may also be that you added a command to you bash profile that 
doesn't exit (most common case we see is people doing 'exec other-shell') if so 
remove that and try the GUI login again, use Control-Alt-F1 to switch. The next 
major cause tends to be corrupt Gnome config or faulty extensions. The quick 
fix for that is to either delete or move your current Gnome config. This will 
be in ~/.gnome* ~/.gconf* ~/.local ~/.config and maybe elsewhere depending on 
the age of your distribution. These tend to get messed up if you try and use 
them on multiple machines either concurrently (via NFS) or with different Linux 
versions.

On 07/12/2021, 05:38, "Mailing list for Scientific Linux users worldwide on 
behalf of Khaled Ali"  wrote:

My linux is stuck in a login loop when trying to enter my desktop. 
When I login, the screen gets black and soon after that the login screen 
comes back.

Re: [SCIENTIFIC-LINUX-USERS] Fermilab/CERN recommendation for Linux distribution

2021-10-26 Thread Jose Marques 
We (small CS department) went with AlmaLinux. It too came out with 8.4 in a 
very short time frame. On Centos it usually took a few weeks, so I was 
unprepared for it to be so quick. I only noticed when our clients reported a 
different version. New installs are now AlmaLinux and existing Centos8 servers 
and VMs were re-installed in place using their excellent migration script[1]. 
Our existing kickstart files and puppet config only required very minor 
changes. It's so good I worry they'll be bought by some big tech company. :-)

I tried Stream shortly after the Centos8 announcement was made. My testing 
suggested it wasn't suitable for production. Stuff we used was broken and 
didn't get fixed for weeks. CERN have a bigger and more skilled IT team that 
allow them to manage this.

[1]: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_AlmaLinux_almalinux-2Ddeploy=DwIGaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=zqwrVpjrVs8gXzNgn6eyvhYUFuM6bT6v-N8WRajUjMZKLBq4cB_AZ_76z28Ah8lT=eUj3V2c_ysMkVwkE6LsbZ0gIIo-NDO6kYstpHsoexGw=
 

The University of St Andrews is a charity registered in Scotland, No: SC013532

On 26/10/2021, 15:09, "Mailing list for Scientific Linux users worldwide on 
behalf of Vinícius Ferrão"  wrote:

When RHEL 8.4 landed, the Oracle guys had OL 8.4 in a single day released.

Re: [SCIENTIFIC-LINUX-USERS] google-chrome

2021-10-24 Thread Jose Marques 
Somebody has reported the issue to the Chromium project:

  
https://urldefense.proofpoint.com/v2/url?u=https-3A__bugs.chromium.org_p_chromium_issues_detail-3Fid-3D1261617=DwIGaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=jMp6t8Rxbp2JjDBwHInruaIXYHTXHs01gK0rGSv28qhrDaBTlxvZf__y9cfdNxBf=5apCcSZDXA4zQHBZ6C02tCjXHvSgLU4BpYIY8YaT5r4=
 

The University of St Andrews is a charity registered in Scotland, No: SC013532

On 23/10/2021, 17:11, "Mailing list for Scientific Linux users worldwide on 
behalf of Götz Waschk"  wrote:

I have seen this. The solution was rpm -e google-chrome-stable . You 
could try to run Google Chrome in an EL8 singularity container, e.g. 
based on CentOS8, AlmaLinux8 or Rocky Linux 8.

Re: [SCIENTIFIC-LINUX-USERS] customize Xsetup_0 , file is not executed

2021-08-05 Thread Jose Marques 
Don't have SL6 UI machines anymore but I think they use GDM.

Look under /etc/gdm/, /etc/xdg/autostart/ and /usr/share/gdm/greeter/autostart. 
The firdt has scripts that run pre/post session and most closely replicate the 
xdm scripts.. The second can be used to run scripts or start apps when the user 
logs in. The third runs as the GDM user in the context of the login screen. 
Can't recall which bits are SL6 or SL7 so YMMV.

I used to run xdm on a FreeBSD laptop but that was in the previous century.

The University of St Andrews is a charity registered in Scotland, No: SC013532

On 03/08/2021, 08:38, "Mailing list for Scientific Linux users worldwide on 
behalf of Ekkard Gerlach"  wrote:

/etc/X11/xdm/Xsetup_0 in  is NOT executed, what could be the reason? I 
inserted on top of file

Re: [SCIENTIFIC-LINUX-USERS] [SL-Users] Re: any update on CERN Linux and CentOS-8 situation?

2021-05-04 Thread Jose Marques 
When the Centos 8 news came out, I tried out Centos Stream against our 
configuration. Kickstart and Puppet config needed very little change and I was 
able to bring up a VM in our lab config quite easily.

I have two observations:

1) Updates are sparse, none for ages then a large batch of version updates.
2) Stuff can be broken and remain so for a long while. We use Podman rootless. 
That was broken in the version of Stream I initially installed and remained 
broken for a few weeks until the next chunk of updates. I looked up the issue 
in the RHEL tracker and it had been fixed quickly in Fedora etc. but this did 
not make it to Stream on the same timescale.

My view is that Stream is exactly what RHEL say it is, a development 
distribution to which 3rd parties can contribute to RHEL development and from 
which 3rd parties can base their own distributions. It's not for end users, or 
small organisations that need timely security updates and other fixes and can't 
produce same themselves.

The University of St Andrews is a charity registered in Scotland, No: SC013532

On 03/05/2021, 22:14, "Mailing list for Scientific Linux users worldwide on 
behalf of Dave Dykstra"  wrote:

The presentation lists a whole bunch of options and
basically says that they're sticking with something related to RHEL,
will decide later which one, and in the meanwhile we can use CentOS 8
until the end of this year or CentOS 8 stream.

Re: [SCIENTIFIC-LINUX-USERS] Rhel 8

2021-01-22 Thread Jose Marques 
> On 22 Jan 2021, at 16:30, Larry Linder 
> <0dea520dd180-dmarc-requ...@listserv.fnal.gov> wrote:
> 
> So that leaves the Mac, Win 10, and maybe BSD which is under the hood of a 
> Mac.

As a Mac user (managing Linux) I would say that you really don't want to be 
considering macOS if long term stability is your goal. The OS is on a yearly 
release cycle with major breaking changes each year (10.14 to 10.15 dropped 
32-bit support for example). This year the hardware architecture changed from 
Intel to Apple Silicon (ARM). Intel Macs will probably stop being made in one 
or two years. Intel software runs in translation but that will probably be 
removed a few years later. Under the hood macOS uses Mach and the user land was 
based on BSD. It's still unix(TM) but Apple prefers developers to use its APIs 
and its programming language (Swift) for GUI apps. The way Macs are managed has 
changed completely to a mobile device model with MDM servers and enrolment 
programs. Apple expects developers and admins to keep up. Old style developers 
that take half a year to "certify" an OS release before they support it are 
going to have real problems. As a user I love the new hardware, as an admin I'm 
happy to let somebody else manage the Macs at work.

Centos8 does exactly what RedHat and IBM want it to do, i.e. providing hybrid 
cloud tools and a Linux distribution IBM can use in its cloud offerings, and a 
platform for running Linux workloads on mainframes. That's where IBM sees its 
future.

My own opinions and not that of my employer etc.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] RedHat have broken Grub again

2020-10-16 Thread Jose Marques 
> On 16 Oct 2020, at 22:06, Jon Pruente  wrote:
> 
> That article is from July. It's been fixed. Is there another issue you are 
> having?

Thank deity for that. :-)

The other issue I was having is upgrading my RSS reader and having it show old 
articles as unread. Apologies for the wasted bandwidth.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

RedHat have broken Grub again

2020-10-16 Thread Jose Marques 
Another security fix has broken booting on RHEL derived systems.

See:

  
https://urldefense.proofpoint.com/v2/url?u=https-3A__arstechnica.com_gadgets_2020_07_red-2Dhat-2Dand-2Dcentos-2Dsystems-2Darent-2Dbooting-2Ddue-2Dto-2Dboothole-2Dpatches_=DwIFAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=TJWjp-avGU8vMQ-Cz7puFhJksH9yHPSeP-7LsyDXGVw=3GlI5YOjeFJVMA9ExwJIF7vixHz3hEwoVbLJn9J4i9Q=
 

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] new user

2020-08-26 Thread Jose Marques 
> On 26 Aug 2020, at 15:51, 1024f7089807-dmarc-requ...@listserv.fnal.gov 
> <1024f7089807-dmarc-requ...@listserv.fnal.gov> wrote:
> 
> Can you recommend a few good books for me, an intermediate Linux user? I want 
> to learn Scientific Linux.

Scientific Linux is derived from RedHat so their documentation is relevant.

See: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2Dus_red-5Fhat-5Fenterprise-5Flinux_7_=DwIFAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=fkBozYX7RcIVchRoPu548KWpXo03YWahEur-lhPQePM=bXFZPrtDnDh-YRuS84BFB3lkAECZwxJvgduWqThuMNY=
 

Having said that the upgrade from Scientific Linux 7 will be Centos 8[1] so you 
might want to consider learning that instead. If you're not specifically 
looking for the longer term stability that RedHat (and Centos) provide then 
it's also worth looking at Fedora. It's very up to date and modern and the 
expense of long term compatibility.

[1]: 

[2]: 


The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] new user

2020-08-26 Thread Jose Marques 
> On 26 Aug 2020, at 15:22, 1024f7089807-dmarc-requ...@listserv.fnal.gov 
> <1024f7089807-dmarc-requ...@listserv.fnal.gov> wrote:
> 
> I just joined and have a question: is there a website where I can browse this 
> list archives?

See: https://listserv.fnal.gov/scripts/wa.exe?A0=SCIENTIFIC-LINUX-USERS

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: {Suspected Spam} [SCIENTIFIC-LINUX-ERRATA] Security ERRATA Moderate: grub2 on SL7.x x86_64

2020-07-31 Thread Jose Marques 
> On 31 Jul 2020, at 14:04, Farhan Ahmed  wrote:
> 
> Synopsis:  Moderate: grub2 security and bug fix update
> Advisory ID:   SLSA-2020:3217-1
> Issue Date:2020-07-29
> CVE Numbers:   None

Ars Technica is reporting that the grub2 patch is breaking the boot process on 
updated servers.

See: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__arstechnica.com_gadgets_2020_07_red-2Dhat-2Dand-2Dcentos-2Dsystems-2Darent-2Dbooting-2Ddue-2Dto-2Dboothole-2Dpatches_=DwIFAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=ZJFLG-LZXHbZaOOov5YYtDvNbEGgJLbZ-4qfeU8texw=IJoGo8uh2FpBogxuemlmB1gOAOfqHhBmhPrrDgTb0-8=
 

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Mate for CentOS 8

2020-05-21 Thread Jose Marques 
> On 21 May 2020, at 20:45, Larry Linder 
> <0dea520dd180-dmarc-requ...@listserv.fnal.gov> wrote:
> 
> We are going to upgrade servers to 6.9 and a workstations to 7.6 and
> hold our breath for the next 4 years.

6.10 and 7.8 are out. I suspect the 6.* is going to cause real problems from 
the PoV of TLS versions. We have a few Dell servers with embedded RAID hardware 
not supported by 8.x so they will likely remain on 7.* for their lifetime. We 
deploy SL7, Centos 7/8, and Fedora but I suspect the current crisis is going to 
focus our minds on reducing that variety.

> Our current leap back is to BSD !!!

FreeBSD? That's on a 6 month update cycle now. I think support is n+1. When out 
of support the package system starts to break really soon. We use FreeBSD 12 
for our storage servers. Now that FreeBSD is using ZFS on Linux upstream I'm 
wondering about just using Linux.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Why /tmp is bound in /tmp ? How can I remove this bound

2020-04-29 Thread Jose Marques 
> On 29 Apr 2020, at 18:09, Francesco Alfano  wrote:
> 
> Now I don't have access to the pc and therefore I can't try, so I had to wait 
> until tomorrow.
> To permanently remove the mount of / tmp on / tmp, is it sufficient to avoid 
> starting the "sandbox" init script?

>From memory:

  chkconfig sandbox off

Then reboot.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Why /tmp is bound in /tmp ? How can I remove this bound

2020-04-29 Thread Jose Marques 
> On 29 Apr 2020, at 15:49, Francesco Alfano 
> <0bdf64e162f4-dmarc-requ...@listserv.fnal.gov> wrote:
> 
> Why /tmp is bound on /tmp ? (also /home on /home, /var/tmp on /var/tmp)

Interesting, one of the last SL6 VMs we have doesn't do this.

The "sandbox" init script (/etc/init.d/sandbox) has mount commands that setup 
bind mounts for /tmp etc. The comments in the script say:

# description: sandbox, xguest and other apps that want to use pam_namespace \
#  require this script be run at boot.  This service script does \
#  not actually run any service but sets up: \
#  /var/tmp, /tmp and home directories to be used by these tools.\
#  If you do not use sandbox, xguest or pam_namespace you can turn \
#  this service off.\
#

No idea if this is related.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Revisiting Cent 8

2020-03-17 Thread Jose Marques 
> On 17 Mar 2020, at 16:38, Larry Linder 
> <0dea520dd180-dmarc-requ...@listserv.fnal.gov> wrote:
> 
> When
> you run ifconfig -a you see the configuration and no eth0 or eth1 but
> you find enp3s0:

This has been the case since well before Centos 8 came out. The eth* devices 
were replaced by device specific names years ago. If you add "net.ifnames=0 
biosdevname=0" to the kernel arguments for the install (we do this for the 
kickstart/pxe menus) then you can get eth* names back. We tend to do that on 
VMs as we don't care what the actual emulated device is on those.

All the Centos 8 VMs I've kickstarted have ifcfg-* files in 
/etc/sysconfig/network-scripts. The important thing is that they have UUIDs 
that link them to NetworkManager. I think it was only in Fedora 30 (or maybe 
29) when these scripts actually went away or stopped working). On Centos 7 the 
trick was to add "NM_CONTROLLED=no" and "HWADDR=" to these scripts to stop 
NetworkManager managing them. I've not had the need to set a static IP yet on a 
Centos 8 system yet (most of our managed switch ports require DHCP).

We are starting to use Centos 8 for our production VMs (puppet servers, 
blog/web hosts) and it's fine for us. We use Fedora for teaching desktops and 
servers, SL7/Centos 7 and Centos 8 for infrastructure servers and VMs. We have 
legacy issues too, we are only just getting rid of some core SL6 servers). We 
have a single set of RPM specs to make the custom packages we need, and a 
single (rather messy) puppet config to configure them. YMMV.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] centOS 8

2019-10-07 Thread Jose Marques 
> On 7 Oct 2019, at 16:43, Fait, James F. 
> <0c6019404d64-dmarc-requ...@listserv.fnal.gov> wrote:
> 
> I tend to ignore ANY distribution with a .0 suffix.

I'm going through the process of updating our kickstart scripts, repos, and 
puppet config for Centos8. We (CS at St Andrews) have been using SL7 but we 
also deploy Fedora 30. Centos8 is a lot more like the latter. The only thing 
concerning me so far is the lack of packages in EPEL. There are things we use 
from EPEL on SL7 that are not present in EPEL on Centos8. Maybe it's still 
being built out but if not then that may delay us deploying it (more things we 
have to package).

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Kickstart for uEFI boot

2019-08-19 Thread Jose Marques 
> On 15 Aug 2019, at 00:24, Orion Poplawski  wrote:
> 
> It sounds like you are not even at the point of running a "kickstart"
> configuration, but rather still at the PXE boot step.

We use syslinux. I have experimented with EFI kickstarts.

Our dhcp config has:

next-server ; 
option arch code 93 = unsigned integer 16;
if option arch = 00:07 {
  filename "efi64/syslinux.efi";
} else {
  filename "pxelinux.0";
}

I obtained the syslinux.efi from Fedora. I installed the package syslinux-efi64 
and copied over the necessary c32 and efi files to /var/lib/tftpboot/efi64. On 
legacy machines we use PXE for both kickstart installs and to provide a boot 
menu. IIRC the same syslinux config worked for both, we sym-linked pxelinux.cfg 
to the one we use for legacy boot. One issue we've found syslinux EFI is that 
it can't re-boot the system from disk (e.g. to implement a boot menu for dual 
boot systems). We need that so we didn't investigate further.

For the kickstart files themselves we just needed to add:

part /boot/efi --fstype vfat --ondisk=... --size=500

to the disk setup. We use EFI kickstart installs with HyperV and it seems to 
work fine.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Planning for hypothetical RHEL/CentOS cancellation

2019-01-07 Thread Jose Marques 
> On 7 Jan 2019, at 12:16, MAH Maccallum  wrote:
> 
> For example I cannot currently use Dropbox under SL
> although I have manually re-partitioned and re-formatted
> to use ext4 rather than xfs, since Dropbox insists on ext4.
> The error message tells me I do not have glibc 2.19, and
> advises I should update to Ubuntu 14.04+ or Fedora 21+

I would say that DropBox and other software vendors are at fault. They are 
putting their developer convenience above that of their users. Having said that 
the desktop Linux market is so small that it does not make commercial sense to 
do otherwise. The whole point of SL/Centos is that it is stable and doesn't 
change. This has the side-effect of making the later point releases quite out 
of date. I believe RHEL8 is in beta so this will reset the clock.

I can't speak to Ubuntu except to say that 14 is quite old. For Fedora you 
really want to be on the latest release. We upgraded our labs to Fedora 28 late 
last year and are already having to update to Fedora 29 due to serious issues 
in updates to the former release. Even when there are no problems we find that 
more packages break with time. Previous releases may still be under "support" 
but they get less developer love than the latest release.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Samba security update for SL7 broke AD authentication

2018-12-10 Thread Jose Marques 
> On 6 Dec 2018, at 15:45, Gilbert E. Detillieux  
> wrote:
> 
> What I'm now trying to set up is a working winbindd-based configuration to 
> essentially do what smbd used to do directly (communicating with the AD 
> server) before they took that functionality away, with as little fuss (and 
> opportunity for breakage) as possible.

We run Samba 4.7 on FreeBSD on our storage servers and hit the same issue with 
the winbind requirement when testing 4.8. The problem is that not all AD setups 
are alike. We store unix attributes in AD because we mix Samba and NFS. The 
following works in our setup. YMMV.

  idmap config * : backend = tdb
  idmap config * : range = 9000-
  winbind enum users = yes 
  winbind enum groups = yes 
  winbind use default domain = yes 
  winbind nss info = rfc2307
  winbind expand groups = 3 
  idmap config :default = yes
  idmap config :backend = ad
  idmap config :range = 1-6
  idmap config :schema_mode = rfc2307

Change  to your AD domain and change the range to the uid range of the 
unix attributes given to your AD accounts. This must not overlap with the range 
used by the tdb backend (which as I understand it should not overlap local 
accounts). You then need to run "net ads join -U " where "" has 
rights to join a machine to the domain. You can test using "wbinfo -u" which 
should list all your users. The command "wbinfo -i " will show info for a 
user. We found that we needed to give the "Domain Users" group unix attributes 
or winbind will fail to do lookups properly. We also find that winbind uses 
pre-w2k group names. Our AD domain was an add-on to our setup (and we didn't 
really know what we were doing) so these names can differ on our AD.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Samba security update for SL7 broke AD authentication

2018-12-06 Thread Jose Marques 
> On 5 Dec 2018, at 17:07, Gilbert E. Detillieux  
> wrote:
> 
> I looked up a few tutorials online, all of which focused on configuring NSS 
> and PAM (with dire warnings about how getting this wrong will break your 
> system authentication

What are you trying to setup? A samba server that uses a domain controller to 
authenticate clients only, or a client that uses AD for users and groups?

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] kickstart & kdump

2018-11-01 Thread Jose Marques 
> On 1 Nov 2018, at 16:41, Stephen Berg (Code 7309) 
>  wrote:
> 
> Is there an option to disable kdump from within a kickstart file during a 
> pxeboot install? I'd like to default to kdump being disabled but haven't 
> found the right option in kickstart to disable it automatically.

To be honest I've not checked if it works but I have:

%addon com_redhat_kdump --disable --reserve-mb='auto'
%end

after %packages ... %end and before %pre in my kickstart files.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] systemd tftp xinetd

2018-09-11 Thread Jose Marques 
> On 11 Sep 2018, at 15:30, Ken Teh  wrote:
> 
> Manually, I can start the service and everything works. But enabling the 
> service stays disabled or indirect. Enabling the socket does not start the 
> service on reboot. Do I need xinetd or does systemd deprecate xinetd?

I re-installed out TFTP server last week in a new Scientific Linux 7.5 VM on 
HyperV (semi-minimal custom kickstart install).

I installed TFTP as follows:

 yum install tftp-server
 systemctl enable tftp
 systemctl start tftp

I also ran:

 firewall-cmd --add-port=69/udp --permanent 
 firewall-cmd --reload

You may need to run:

  restorecon -R -v /var/lib/tftpboot/

If you have SELinux enabled and have added files to that outside of packages.

it restarts on reboots etc.

Run:

  journalctl -t in.tftpd -f

to see what its logging.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] SL signing keys

2017-10-12 Thread Jose Marques 
> On 12 Oct 2017, at 14:53, Ken Teh  wrote:
> 
> On the first update of a newly installed system, there is SL signing keys 
> that have to be installed. Yum prompts for confirmation.
> 
> Is there a way to install the keys before the first yum update? Are they in 
> an rpm somewhere?

I do:

/usr/bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-sl
/usr/bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-sl7

in my kickstarts scripts, but using the '-y' option to 'yum update' or 'yum 
install' also works.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] davmail

2017-10-02 Thread Jose Marques 
> On 29 Sep 2017, at 02:34, Nico Kadel-Garcia  wrote:
> 
> Storing individual messages in individual files, sacrosanct and unedited, is 
> part of the basic IMAP specification.

UW IMAP written by the author of the IMAP RFC stored multiple messages in the 
same file (one file per mailbox). It also offered the option of an indexed 
(binary) mailbox format for better concurrent access (less whole file locking). 
The way messages are stored on the server is an implementation detail. Having 
said that Exchange and Office 365 are awful in this regard.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Gnome

2017-07-13 Thread Jose Marques 
Forgive me for I have sinned. I replaced the Applications menu in Gnome on our 
prototype SL7 config with the Activities view. Makes it works the same as our 
Fedora clients. I feel bad. :-(

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] RAID 6 array and failing harddrives

2017-04-11 Thread Jose Marques 
> On 10 Apr 2017, at 18:23, David Sommerseth  
> wrote:
> 
> But I'll give you that Oracle is probably a very different beast on the
> legal side and doesn't have a too good "open source karma".

ZFS on Linux is based on OpenZFS (). Oracle 
has no input into its development as far as I can tell.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Integration with Apple iPad 2 air

2017-01-21 Thread Jose Marques 
Apologies for my previous reply, missed the part about Thunderbird like UI. 
Apple’s mail does not have this.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] Integration with Apple iPad 2 air

2017-01-21 Thread Jose Marques 

> On 16 Jan 2017, at 03:30, Yasha Karant  wrote:
> 
> Are there any email apps, preferably licensed for free and not requiring an 
> additional service, that will connect to arbitrary MAP servers and provide 
> anything close to a Thunderbird email client end-user experience?

If by MAP you mean IMAP then the built-in iOS Mail app works quite well. Used 
it with Cyrus and Exim running on SL6 when we ran an in-house mail server. 
Currently using it with Fastmail (which uses Cyrus) without issues. It’s not so 
good with Exchange or Office 365 IMAP/SMTP servers but those seem to cause 
problems for lots of people.

The University of St Andrews is a charity registered in Scotland, No. SC013532.

Re: [SCIENTIFIC-LINUX-USERS] GPT?

2016-06-15 Thread Jose Marques 

> On 15 Jun 2016, at 13:33, Tom H  wrote:
> 
> For a journaled filesystem, if you have access to a Mac, you can disable the 
> journal before using the disk on SL 7.

Just to make things interesting Apple plans to move to a new filesystem, APFS.

The University of St Andrews is a charity registered in Scotland, No. SC013532.



smime.p7s
Description: S/MIME cryptographic signature

Re: [SCIENTIFIC-LINUX-USERS] GPT?

2016-06-15 Thread Jose Marques 

> On 14 Jun 2016, at 21:14, David Sommerseth  
> wrote:
> 
> That should be supported out-of-the box on most of the OSes you work with.  I 
> generally have had no interoperability issues with vfat for many years.

I format flash drives with MBR and ExFAT (Windows 8/8.1/10 doesn't seem to like 
the GPT partitions that OS X creates). ExFAT handles very large files. The only 
problem is that Microsoft has patents for ExFAT so on Linux you tend to have to 
install something to support it.

If your target is Linux and you don't want to install ExFAT support then OS X 
has tar and split to make your large files fit onto FAT.

The University of St Andrews is a charity registered in Scotland, No. SC013532.



smime.p7s
Description: S/MIME cryptographic signature

Autoupdate

2014-01-31 Thread Jose Marques 
We have a lot of machines running SL6.4. We have auto-update enabled. I just 
noticed that a bunch of them have updated themselves to 6.5. Is this supposed 
to happen? On previous releases we had to manually choose to update between 
releases[1].

[1]: https://www.scientificlinux.org/documentation/howto/upgrade.6x

The University of St Andrews is a charity registered in Scotland, No. SC013532.



smime.p7s
Description: S/MIME cryptographic signature