date:20130217

Re: [CentOS] CentOS Bugtracker: how to give up on an issue?

2013-02-17 Thread Tilman Schmidt

Am 16.02.2013 19:19, schrieb Johnny Hughes:
> On 02/15/2013 06:07 PM, Tilman Schmidt wrote:
[...]
>> That was of course my own fault for not looking in the right
>> places. But all this is long past. Today I just want to get
>> rid of these old reports.
> 
> I do not see any way that a user can do that ... if you insist, I will
> mark them closed.  We don't delete them and I am not entirely sure what
> making them closed would do for you in particular.
> 
> I understand that you are not happy that it took so long to get updated,
> but these are now actually valid items.  If you would like me to close
> them, then let me know ... however, I have just actually reported them
> upstream so they should probably stay open.

It's really just psychological, a constant reminder of a mistake I
made. It didn't seem to serve any purpose so I would have liked to
get rid of it. But I understand now that there is a valid reason
for keeping them open. So that's ok. I'll live with my fault. :-)

Thanks,
Tilman



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] cheap cloud providors

2013-02-17 Thread Arun Khan

On Sun, Feb 17, 2013 at 2:10 AM, Tim Dunphy  wrote:
> Hey guys,
>
>  Apologies in advance if this question is in poor taste. But I've really
> fallen in love with learning about the cassanrdra database. The only
> problem is that it doesn't run very well on an t1.micro instance at amazon
> and the larger sizes are quite expensive. An m1.small can do the trick,
> while still not optimal. So I was wonder if there was any real value in the
> cloud or even VPS world where I could setup a small Cassandra ring and go
> to town learning the ins and outs of how it operates.

A quick look for Cassandra system requirements:

recommends a L instance on AWS.

Alternately, you could do it with a bunch of guest VMs in LKVM.

A desktop with a Phenom II (4 or 6 cores) or Intel i5 with 16 GB and a
HDD to match your Cassandra db could be a starting point.

You can manage the VMs with virt-manager.

-- Arun Khan
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Nagios NRPE IPv6

2013-02-17 Thread Tilman Schmidt

Am 15.02.2013 19:27, schrieb Keith Keller:
> On 2013-02-15, Tilman Schmidt  wrote:
>> On my network management server I have
>>
>> Name: nagios-plugins-nrpe
>> Arch: x86_64
>> Version : 2.13
>> Release : 1.el6
>> Size: 38 k
>> Repo: installed
>> From repo   : epel
>>
>> To my dismay I noticed that this doesn't seem to support IPv6:
> 
> Since it comes from EPEL, you might have better luck asking them what
> the issue is.  But a quick web search turns up that NRPE may not
> natively support IPv6, so you may need to jump through extra hoops in
> order to provide it.

Sorry I didn't clarify the research I had already done:

- The non-support of IPv6 in the NRPE plugin is indeed a flaw
  in the Nagios source. It's not just a question of rebuilding
  with --with-ipv6 or something like that.

- There seem to have been several efforts to fix that.

- There's a patch floating around in the Debian universe which
  is said to add the missing IPv6 support to the Nagios NRPE
  plugin, but also reported to have some flaws. See
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484575

- There's an effort titled NRPE "3.0" which looks promising
  but hasn't shown any activity for two years, so it's unclear
  to me whether it's fit for production use. See
  https://github.com/KristianLyng/nrpe

- Icinga also has a NRPE plugin which is reported to
  (a) support IPv6 and (b) work with Nagios as well.

The aim of my question was to hear how others are dealing with
that situation. Is there someone who has successfully applied the
Debian patch, deployed Kritian Lyng's 3.0 version of NRPE, or
used Icinga's check_nrpe with Nagios on CentOS? Are there other
approaches? Which one appears the most sensible? Or is there just
nobody using Nagios on CentOS in an IPv6 enabled network?

aTdHvAaNnKcSe
Tilman



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] IPV6 auto configuration cannot be disabled from if script.

2013-02-17 Thread Eliezer Croitoru

I want to configure IPV6 on the system and not use some auto ipv6 config.
I have tried to use IPV6_AUTOCONF=no in interface script dose not affect 
anything.

ifcfg-eth0:
GATEWAY=192.168.1.254
IPV6INIT=no
IPV6_AUTOCONF=no
BROADCAST=192.168.1.255
BOOTPROTO=none
NAME=""
NM_CONTROLLED=yes
MACADDR=""
TYPE=Ethernet
DEVICE=eth0
NETMASK=255.255.255.0
MTU="1500"
IPADDR=192.168.11.1
NETWORK=192.168.11.0
ONBOOT=yes

The above file should have resulted an interface with only inet address 
but the result is:
eth0  Link encap:Ethernet  HWaddr XX
   inet addr:192.168.11.1  Bcast:192.168.1.255  Mask:255.255.255.0
   inet6 addr: fe80::7271:bcff:febd:c46b/64 Scope:Link
   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
   RX packets:24452216 errors:0 dropped:0 overruns:0 frame:0
   TX packets:38068314 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:6777513704 (6.3 GiB)  TX bytes:21817051849 (20.3 GiB)
   Interrupt:29 Base address:0xc000

Thanks,
Eliezer Croitoru
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

2013-02-17 Thread Tilman Schmidt

Am 17.02.2013 14:36, schrieb Eliezer Croitoru:
> I want to configure IPV6 on the system and not use some auto ipv6 config.
> I have tried to use IPV6_AUTOCONF=no in interface script dose not affect 
> anything.
> 
> ifcfg-eth0:
> GATEWAY=192.168.1.254
> IPV6INIT=no
> IPV6_AUTOCONF=no
> BROADCAST=192.168.1.255
> BOOTPROTO=none
> NAME=""
> NM_CONTROLLED=yes
> MACADDR=""
> TYPE=Ethernet
> DEVICE=eth0
> NETMASK=255.255.255.0
> MTU="1500"
> IPADDR=192.168.11.1
> NETWORK=192.168.11.0
> ONBOOT=yes
> 
> The above file should have resulted an interface with only inet address 
> but the result is:
> eth0  Link encap:Ethernet  HWaddr XX
>inet addr:192.168.11.1  Bcast:192.168.1.255  Mask:255.255.255.0
>inet6 addr: fe80::7271:bcff:febd:c46b/64 Scope:Link
>UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>RX packets:24452216 errors:0 dropped:0 overruns:0 frame:0
>TX packets:38068314 errors:0 dropped:0 overruns:0 carrier:0
>collisions:0 txqueuelen:1000
>RX bytes:6777513704 (6.3 GiB)  TX bytes:21817051849 (20.3 GiB)
>Interrupt:29 Base address:0xc000

This looks correct. The interface does not have an autoconfigured IPv6
address. So the parameter IPV6_AUTOCONF=no has been applied correctly.

Perhaps you are confused by the link local address (Prefix fe80::) which
is always present on an IPv6 enabled interface.

HTH
T.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

2013-02-17 Thread Robert Moskowitz


On 02/17/2013 08:36 AM, Eliezer Croitoru wrote:
> I want to configure IPV6 on the system and not use some auto ipv6 config.
> I have tried to use IPV6_AUTOCONF=no in interface script dose not affect
> anything.

If you want to turn off IPv6 for all interfaces, make the needed changes 
to /etc/sysconfig/network as well.

>
> ifcfg-eth0:
> GATEWAY=192.168.1.254
> IPV6INIT=no
> IPV6_AUTOCONF=no
> BROADCAST=192.168.1.255
> BOOTPROTO=none
> NAME=""
> NM_CONTROLLED=yes
> MACADDR=""
> TYPE=Ethernet
> DEVICE=eth0
> NETMASK=255.255.255.0
> MTU="1500"
> IPADDR=192.168.11.1
> NETWORK=192.168.11.0
> ONBOOT=yes
>
> The above file should have resulted an interface with only inet address
> but the result is:
> eth0  Link encap:Ethernet  HWaddr XX
> inet addr:192.168.11.1  Bcast:192.168.1.255  Mask:255.255.255.0
> inet6 addr: fe80::7271:bcff:febd:c46b/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> RX packets:24452216 errors:0 dropped:0 overruns:0 frame:0
> TX packets:38068314 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:6777513704 (6.3 GiB)  TX bytes:21817051849 (20.3 GiB)
> Interrupt:29 Base address:0xc000
>
> Thanks,
> Eliezer Croitoru
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

2013-02-17 Thread Eliezer Croitoru

On 2/17/2013 3:45 PM, Tilman Schmidt wrote:
> Perhaps you are confused by the link local address (Prefix fe80::) which
> is always present on an IPv6 enabled interface.
>
> HTH
> T.
Sorry This is what I was aiming for.
The link local address..
But it's also the autoconf:
#sysctl -a |grep net.ipv6.conf|grep auto
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.eth1.autoconf = 1
net.ipv6.conf.sit0.autoconf = 1
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.sit1.autoconf = 1

I could have written a script to remove IPV6 link local address but 
there should be a basic option for that.

-- 
Eliezer Croitoru
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

2013-02-17 Thread Florian La Roche

> I could have written a script to remove IPV6 link local address but 
> there should be a basic option for that.

You can set: echo "options ipv6 disable=1" > /etc/modprobe.d/noipv6.conf

But more and more apps then log problems or get confused if ipv6 is
completely disabled, so keeping the link local address should be
"the general case" for most installs.

Best regards,

Florian La Roche

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

2013-02-17 Thread James Hogarth

> I could have written a script to remove IPV6 link local address but
> there should be a basic option for that.
>
>
>
Just to emphasise this as I guess it hasn't been clear enough yet...

An IPv6 config with no FE80:: address is a broken config.

This address should always be on an IPv6 enabled interface, being generated
automatically, and is not the same thing as IPv6 auto configuration
(SLAAC).
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] add CA to centos clients

2013-02-17 Thread Natxo Asenjo

hi,

I need to deploy an internal CA to our hosts. Fedora is planning
something I could use now
http://fedoraproject.org/wiki/Features/SharedSystemCertificates but it
is not there yet ;-)

I already have a deploying infrastructure (cfengine), so my question
is: what files do I need to move around for a systemwide installation?

The obvious start point will be /etc/PKI/ but in there in a random
client I already see some problems:

ls -l /etc/pki/
total 28
drwxr-xr-x. 6 root root 4096 Aug 23 06:55 CA
drwxr-xr-x. 4 root root 4096 Mar 13  2012 dovecot
drwxr-xr-x. 2 root root 4096 Mar 11  2012 java
drwxr-xr-x. 2 root root 4096 Feb  8 10:46 nssdb
drwxr-xr-x. 2 root root 4096 Oct 25 23:06 rpm-gpg
drwx--. 2 root root 4096 Jun 22  2012 rsyslog
drwxr-xr-x. 5 root root 4096 Oct 25 23:07 tls

For ldap queries, I need to add it in /etc/openldap/certs and run
cacertdir_rehash.

But there are lots of other apps that have their own configuration.

I guess I am not the first to have to do this, but google found little
info about this. Have you guys gone through such a project and would
you care sharing your solutions?

Thanks!
--
Groeten,
natxo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

2013-02-17 Thread Eliezer Croitoru

On 2/17/2013 8:10 PM, James Hogarth wrote:
> Just to emphasise this as I guess it hasn't been clear enough yet...
>
> An IPv6 config with no FE80:: address is a broken config.
>
> This address should always be on an IPv6 enabled interface, being generated
> automatically, and is not the same thing as IPv6 auto configuration
> (SLAAC).
So the issue is more like:
IPV6INIT=no

is not working...
The design should be linux interface IPV6 option.
I have seen the problem before but in most systems that don't use IPV6.
On a system that has IPV6 enabled for a specific interface *only* there 
is a problem with the FE80:: .. on a disabled interface.

ETH0 - no ipv6
ETH1 - no ipv6
ETH2 - IPV6 + IPV4

should 0 and 1 interfaces have any IPV6 address??

-- 
Eliezer Croitoru
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] add CA to centos clients

2013-02-17 Thread John R Pierce

On 2/17/2013 11:00 AM, Natxo Asenjo wrote:
> I need to deploy an internal CA to our hosts.

you say a CA, then you talk about PKI, and finally LDAP which is a 
Directory Server.   these things are all interrelated, but remain three 
separate entities.

For a fullblown LDAP directory server, you might want to look at the 389 
project, http://port389.org/wiki/Main_Page ... this is available for 
CentOS6 via the EPEL repository.389 started as a fork of the old 
Netscape Directory Server.

389 has been integrated with the "Dogtag" CA system as FreeIPA but I 
believe this is more focused towards being a Windows Active Directory 
replacement.



-- 
john r pierce  37N 122W
somewhere on the middle of the left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] add CA to centos clients

2013-02-17 Thread Natxo Asenjo

On Sun, Feb 17, 2013 at 10:13 PM, John R Pierce  wrote:
> On 2/17/2013 11:00 AM, Natxo Asenjo wrote:
>> I need to deploy an internal CA to our hosts.
>
> you say a CA, then you talk about PKI, and finally LDAP which is a
> Directory Server.   these things are all interrelated, but remain three
> separate entities.

sure, still to use stuff all the apps need to have the right CA cert info.

> For a fullblown LDAP directory server, you might want to look at the 389
> project, http://port389.org/wiki/Main_Page ... this is available for
> CentOS6 via the EPEL repository.389 started as a fork of the old
> Netscape Directory Server.
>
> 389 has been integrated with the "Dogtag" CA system as FreeIPA but I
> believe this is more focused towards being a Windows Active Directory
> replacement.

thanks, I think I did not express myself well enough.

We already have a ipa realm for our centos hosts and it indeed has a
built-in CA (dogtag).

The problem is we have other hosts *not* in the realm and they need to
use services with this internal CA. And they need to use them without
warnings about how unsafe this unknown CA is.

So for ldap clients, you drop the ca-cert in a directory and the ldap
tools do not complain. The same goes for java tools,
mozilla/thunderbird, chrome, ...

So the question is: where do you add the CA information in
centos/redhat servers for those kinds of applications?

-- 
natxo
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] add CA to centos clients

2013-02-17 Thread John R Pierce

On 2/17/2013 2:29 PM, Natxo Asenjo wrote:
> So the question is: where do you add the CA information in
> centos/redhat servers for those kinds of applications?

sadly, just about everywhere.   each application tends to have its own 
store.   apps written in Java (tomcat, etc) can't use the same store as 
something using openssl, for instance, as their SSL libraries are 
implemented differently.

its a real mess.

-- 
john r pierce  37N 122W
somewhere on the middle of the left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] [OT] how does ELF record file scope things?

2013-02-17 Thread Michael Hennebry

fred.c:
static void sfunc(int *p) { *p=1; }
static int x;

void fred(void)
{
... sfunc(&x); ...
}


greg.c:
static void sfunc(int *p) { *p=2; }
static int x;

void greg(void)
{
... sfunc(&x); ...
}

Once the object files from fred.c and greg.c are linked,
how does ELF distinguish the sfunc's and the x's?
I've been trying to RTFM, but it hasn't helped?

-- 
Michael   henne...@web.cs.ndsu.nodak.edu
"On Monday, I'm gonna have to tell my kindergarten class,
whom I teach not to run with scissors,
that my fiance ran me through with a broadsword."  --  Lily
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] suricata-ids for centos 5 ?

2013-02-17 Thread Eero Volotinen

Hi List,

Is there any rpms for centos 5 available?

--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Bugtracker: how to give up on an issue?

Re: [CentOS] cheap cloud providors

Re: [CentOS] Nagios NRPE IPv6

[CentOS] IPV6 auto configuration cannot be disabled from if script.

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

[CentOS] add CA to centos clients

Re: [CentOS] IPV6 auto configuration cannot be disabled from if script.

Re: [CentOS] add CA to centos clients

Re: [CentOS] add CA to centos clients

Re: [CentOS] add CA to centos clients

[CentOS] [OT] how does ELF record file scope things?

[CentOS] suricata-ids for centos 5 ?

16 matches

Site Navigation

Mail list logo

Footer information