Re: [CentOS] shutdown -h doesn't

2015-01-16 Thread Kay Diederichs 
On 01/16/2015 05:05 AM, Devin Reade wrote:
> I've got a fresh CentOS 7 test machine, fully patched.  The command:
> 
>  shutdown -h now
> 
> surprisingly does not halt the machine.  Instead it reboots it.  WTF?
> 
> I found the following Debian discussion which seems to be the same
> issue: 
> 
> However, removing kexec-tools in this case did not solve the problem.
> Nor does "systemctl poweroff" work.
> 
> Does anyone else see this?   No, nothing is filed in bugzilla yet.
> 
> Devin
> 

same here, using a "ASUS All Series/H97M-PLUS, BIOS 2305 10/09/2014" (as
per dmesg|grep ASUS).

The workaround is a line

for i in /sys/bus/usb/devices/*/power/control ; do echo on > $i ; done

in /etc/rc.local . Unfortunately this prevents powersaving of all USB
ports/hubs.

What didn't work: I created /usr/lib/systemd/system/stopusb.service with

[Unit]
Description=Power-on USB in prep for shutdown

[Service]
Type=oneshot
ExecStart=/bin/sh -c "for i in /sys/bus/usb/devices/*/power/control ; do
echo on > \$i ; done"
ExecStop=/bin/sh -c "for i in /sys/bus/usb/devices/*/power/control ; do
echo on > \$i ; done"
RemainAfterExit=yes

[Install]
WantedBy=poweroff.target

but this seems to have no effect. Maybe the "poweroff" target does not
really exist. I think someone more experienced with systemd could fix this.

HTH,

Kay

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] shutdown -h doesn't

2015-01-16 Thread Kay Diederichs 
On 01/16/2015 09:51 AM, Kay Diederichs wrote:
> On 01/16/2015 05:05 AM, Devin Reade wrote:
>> I've got a fresh CentOS 7 test machine, fully patched.  The command:
>>
>>  shutdown -h now
>>
>> surprisingly does not halt the machine.  Instead it reboots it.  WTF?
>>
>> I found the following Debian discussion which seems to be the same
>> issue: 
>>
>> However, removing kexec-tools in this case did not solve the problem.
>> Nor does "systemctl poweroff" work.
>>
>> Does anyone else see this?   No, nothing is filed in bugzilla yet.
>>
>> Devin
>>
> 
> same here, using a "ASUS All Series/H97M-PLUS, BIOS 2305 10/09/2014" (as
> per dmesg|grep ASUS).
> 
> The workaround is a line
> 
> for i in /sys/bus/usb/devices/*/power/control ; do echo on > $i ; done
> 
> in /etc/rc.local . Unfortunately this prevents powersaving of all USB
> ports/hubs.
> 
> What didn't work: I created /usr/lib/systemd/system/stopusb.service with
> 
> [Unit]
> Description=Power-on USB in prep for shutdown
> 
> [Service]
> Type=oneshot
> ExecStart=/bin/sh -c "for i in /sys/bus/usb/devices/*/power/control ; do
> echo on > \$i ; done"
> ExecStop=/bin/sh -c "for i in /sys/bus/usb/devices/*/power/control ; do
> echo on > \$i ; done"
> RemainAfterExit=yes
> 
> [Install]
> WantedBy=poweroff.target
> 
> but this seems to have no effect. Maybe the "poweroff" target does not
> really exist. I think someone more experienced with systemd could fix this.
> 
> HTH,
> 
> Kay
> 

Forgot to say: the problem does not exist when "Wake on LAN" is disabled
in the BIOS (but I need wake-on-LAN).

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] gdbm update and GDBM_File

2015-01-16 Thread Stijn De Weirdt 

hi all,

i'm stuck debugging a problem that appeared after this update made it to 
our systems: 
http://lists.centos.org/pipermail/centos-announce/2015-January/020856.html


GDBM_File fails simple operation (which works with 1.8.0-36 of gdbm)





could someone with same perl and gdbm confirm the issue via simple 
script below? (would help me narrow down if this is something specific 
on our site or not)


> # rpm -q perl gdbm glibc
> perl-5.10.1-136.el6_6.1.x86_64
> gdbm-1.8.0-37.el6.x86_64
> glibc-2.12-1.149.el6_6.4.x86_64
> glibc-2.12-1.149.el6_6.4.i686


output of script with 1.8.0-37:

Adding data to tie
gdbm store returned -1, errno 0, key "1" at ./t.pl line 11.



thanks

stijn


>>> SCRIPT
#!/usr/bin/perl

use GDBM_File;

my $file = "/tmp/x.db";
my %out;
tie(%out, 'GDBM_File', $file, &GDBM_WRCREAT, 0644)
or print "can't tie $file DB: $!";

print "Adding data to tie\n";
$out{1}=2;

print "Going to untie\n";

untie(%out) or print "can't untie $file DB: $!";

 SCRIPT
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7 LDAP TLS

2015-01-16 Thread Günther J . Niederwimmer 
Hello,

have any a running ldap/TLS System.

On my system it is not possible to configure this correct.

I have a self signed CA and certificates.

All i found with google is not working :-(

Have any a hint to config this correct?

My CA and certificates works with a SUSE installation correct?

What is the difference to CentOS 7 ?

Thanks,
-- 
mit freundlichen Grüßen / best Regards,

  Günther J. Niederwimmer
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] shutdown -h doesn't

2015-01-16 Thread Dirk Deimeke 

Answering Devin Reade 
(Thu, 15 Jan 2015 21:05:12 -0700):

Hi!


I've got a fresh CentOS 7 test machine, fully patched.  The command:
 shutdown -h now
surprisingly does not halt the machine.  Instead it reboots it.  WTF?


Maybe it helps to poweroff explicitly?

shutdown -hP now

I had the same problem on SUSE machines.

Cheers

Dirk

--
http://d5e.org/ - http://taskwarrior.org/
http://bloonix.org/ - http://gelberhund.ch/
http://yawnrz.com/ - http://myown-it.com/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NTLM Authentication ISA Server

2015-01-16 Thread Kwan Lowe 
On Wed, Jan 14, 2015 at 3:53 PM, Tim  wrote:

> Hello list,
>
> how can I get CentOS 7 to authenticate against a Microsoft ISA server for
> package installations after the OS is installed.
>
> In Debian/Ubuntu apt.conf just needs to be edited and it works. How to do
> so in CentOS?
>

I use a program called cntlm. I don't know if an RPM is available but the
source is trivial to build. I believe it also includes a SPEC file.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Glenn Eychaner 
[I wish I knew how to get the mailing list to thread my replies properly in the
archives; I subscribe to the daily digest, and replying to that doesn't do it.]

Greg Lindahl wrote:
> On Thu, Jan 15, 2015 at 03:40:08PM -0300, Glenn Eychaner wrote:
> 
> > My only theory is that this has something to do with non-ephemeral ports and
> > socket reuse, but I'm not sure what.
> 
> If you want a quick detection that the link is dead, have the server
> occasionally send bytes to the dos box. You will get an immediate
> error if the dos box is up and knows that connection is kaput.

What if I am sending bytes to the DOS box, but it never reads the socket?
(Let us assume, for the sake of argument, that I can't change the DOS box
software. In fact, I can, but it's more difficult than changing the Linux end.)
Won't that either result in my detecting the socket as "dead" when it is not,
or eventually overflowing the socket buffering?

> Given that the port numbers of the new connection are the same, I'm
> kind of surprised that the behavior changed from 6.5 to 6.6, but, I
> always use defensive programming (sending those extra bytes).

I was super-surprised by the change, in that I fully tested the upgrade on
my simulator system before deploying, and still got bit on deployment.
Of course, the simulator doesn't have a real DOS box, just a simulation
process that sends the images. [And, I also recently got bit by this
http://www.macstadium.com/blog/osx-10-9-mavericks-bugs/
after upgrading some Macs. Sigh, network issues.]

Alex from Germany wrote:
> Since you always use the same local port -
> maybe you need to set SO_REUSEADDR option.

I assume I would have to set that on the client (DOS) side (the box which is
using the same local port 1025 each time); setting it on the bound-listener
socket on the Linux side doesn't seem like it would do anything to resolve
the issue, based on my reading of SO_REUSEADDR on the net:
http://www.unixguide.net/network/socketfaq/4.5.shtml
http://stackoverflow.com/questions/14388706/

-G.
--
Glenn Eychaner (geycha...@lco.cl)
Telescope Systems Programmer, Las Campanas Observatory



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] favorite cheap VPS services

2015-01-16 Thread Always Learning 
> On 01/15/2015 06:24 PM, Tim Dunphy wrote:
> >
> > So I was wondering.. what are some really cheap VPS services that you like
> > to use for one off projects like this and why. I'm looking for dirt cheap
> > as possible.

Depends what you mean by 'cheap'.

In my experience good, fast, less than USD 100 annually, from Germany
(Hetzner, they have good English), Poland (Vibiznes, moderate English),
Czech Republic (gigaserver from Seonet, good English). The English ones
seem more expensive.  For your USD you will get an IP, rDNS and (within
reason) the Operating System of your choice.

In my experience all these have been reliable and never given me
problems.


-- 
Regards,

Paul.
England, EU.  Je suis Charlie.


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] favorite cheap VPS services

2015-01-16 Thread Steven Tardy 

> On Jan 15, 2015, at 8:24 PM, Tim Dunphy  wrote:
> 
> CassandraDB and Hadoop.

Some VPSs (virtuozzo/openvz) have problems with some workloads (java/tomcat) 
but not other workloads (mysql/apache). I'm not sure how cassandradb/hadoop 
would run on some of those cheap VPS technologies.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] restart after yum update (6.6)?

2015-01-16 Thread Mateusz Guz 
Someone have updated it without my knowledge, now i have to make a choice: 
-don’t reboot and wait for errors
-reboot (which im trying to avoid)

What about (g)libc package, anyone encountered similar situation ?


-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Nathan Duehr
Sent: Thursday, January 15, 2015 10:08 PM
To: CentOS mailing list
Subject: Re: [CentOS] restart after yum update (6.6)?



> On Jan 15, 2015, at 12:36, Mateusz Guz  wrote:

> according to this :
> 
> http://unix.stackexchange.com/questions/28144/after-yum-update-is-it-a-good-idea-to-restart-the-server
> 
> i should reboot my server after updating packages i.e: kernel, glibc, libc.
> Maybe it's a silly question, but Is it necessary if I don't use graphical 
> environment ? (and don't want to use the latest kernel yet)

If you don’t want the kernel to update, just use —exclude=kernel* on yum or 
whatever.  Why update it if you aren’t going to use it?

Might as well be deliberate and know you’re purposefully skipping something.

Nate
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] restart after yum update (6.6)?

2015-01-16 Thread Dennis Jacobfeuerborn 
Hi,
you don't *have* to reboot the server. If you don't there are two
factors you need to consider:

1. The updated component are not all active without a reboot

The kernel for example will obviously not not be running without a
reboot and the same may be true for other components. For most
applications you should be ok if you just restart the application so it
can load in the new libraries.

2. If you reboot later issues after the reboot might become more
difficult to debug

If you reboot e.g. 6 Months after you made an update and the system
doesn't boot properly you will most likely have forgotten that you
updated the system a long time ago and look for more recent reasons why
the system doesn't boot. If you reboot the system immediately and it
doesn't come back up you'll know that most likely the update has
something to do with it.

So if you don't reboot the system should still keep working normally but
for the above reasons you might want to reboot it anyway of not right
away then at least in the not too distant future.

Regards,
  Dennis

On 16.01.2015 14:25, Mateusz Guz wrote:
> Someone have updated it without my knowledge, now i have to make a choice: 
> -don’t reboot and wait for errors
> -reboot (which im trying to avoid)
> 
> What about (g)libc package, anyone encountered similar situation ?
> 
> 
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf 
> Of Nathan Duehr
> Sent: Thursday, January 15, 2015 10:08 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] restart after yum update (6.6)?
> 
> 
> 
>> On Jan 15, 2015, at 12:36, Mateusz Guz  wrote:
> 
>> according to this :
>>
>> http://unix.stackexchange.com/questions/28144/after-yum-update-is-it-a-good-idea-to-restart-the-server
>>
>> i should reboot my server after updating packages i.e: kernel, glibc, libc.
>> Maybe it's a silly question, but Is it necessary if I don't use graphical 
>> environment ? (and don't want to use the latest kernel yet)
> 
> If you don’t want the kernel to update, just use —exclude=kernel* on yum or 
> whatever.  Why update it if you aren’t going to use it?
> 
> Might as well be deliberate and know you’re purposefully skipping something.
> 
> Nate
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] restart after yum update (6.6)?

2015-01-16 Thread Mateusz Guz 
Nice explanation, i'll keep that in mind (hopefully :D )
thx

Matt
-Original Message-
From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of 
Dennis Jacobfeuerborn
Sent: Friday, January 16, 2015 2:49 PM
To: centos@centos.org
Subject: Re: [CentOS] restart after yum update (6.6)?

Hi,
you don't *have* to reboot the server. If you don't there are two
factors you need to consider:

1. The updated component are not all active without a reboot

The kernel for example will obviously not not be running without a
reboot and the same may be true for other components. For most
applications you should be ok if you just restart the application so it
can load in the new libraries.

2. If you reboot later issues after the reboot might become more
difficult to debug

If you reboot e.g. 6 Months after you made an update and the system
doesn't boot properly you will most likely have forgotten that you
updated the system a long time ago and look for more recent reasons why
the system doesn't boot. If you reboot the system immediately and it
doesn't come back up you'll know that most likely the update has
something to do with it.

So if you don't reboot the system should still keep working normally but
for the above reasons you might want to reboot it anyway of not right
away then at least in the not too distant future.

Regards,
  Dennis

On 16.01.2015 14:25, Mateusz Guz wrote:
> Someone have updated it without my knowledge, now i have to make a choice: 
> -don’t reboot and wait for errors
> -reboot (which im trying to avoid)
> 
> What about (g)libc package, anyone encountered similar situation ?
> 
> 
> -Original Message-
> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf 
> Of Nathan Duehr
> Sent: Thursday, January 15, 2015 10:08 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] restart after yum update (6.6)?
> 
> 
> 
>> On Jan 15, 2015, at 12:36, Mateusz Guz  wrote:
> 
>> according to this :
>>
>> http://unix.stackexchange.com/questions/28144/after-yum-update-is-it-a-good-idea-to-restart-the-server
>>
>> i should reboot my server after updating packages i.e: kernel, glibc, libc.
>> Maybe it's a silly question, but Is it necessary if I don't use graphical 
>> environment ? (and don't want to use the latest kernel yet)
> 
> If you don’t want the kernel to update, just use —exclude=kernel* on yum or 
> whatever.  Why update it if you aren’t going to use it?
> 
> Might as well be deliberate and know you’re purposefully skipping something.
> 
> Nate
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] [OT] MS-Windows question - user has remapped function keys.

2015-01-16 Thread James B. Byrne 
Forgive the out of band topic but I presume some of you here support
MS desktops on your CentOS based services as do we.  I am hoping that
maybe one of you have run into this at some point.  I am unable to
find an answer on other forums and my google fu seems to have left me
on this subject.

I have a user that has somehow managed to remap their function keys so
that they no longer work properly on a MS-Winv7pro workstation. 
Specifically, pressing the function key F4 results in the letter 'S'
being displayed. I have absolutely no idea how they managed this, they
have no memory of what they were doing when it first happened, and I
can find nothing on MS Technet or the usual support forums that
recognize this condition.  None of the other keys on the keyboard
appear affected by the change.

The remapping is specific to this user's DOMAIN profile.  As we use
roaming profiles the effect follows them from workstation to
workstation.  It does not affect other users that subsequently use the
same workstation with their own logons.

I believe that this situation is a result of some combination of
keystrokes whilst in normal use as it is doubtful that this user would
open anything other than their job related programs from desktop icon.
 I have verified that this issue is not application specific, it
affects all of that user's programs, so it must be a Windows
configuration issue and I suspect the accessibility functions.

Anyone with relevant information or links to appropriate references 
please reply off list.   I feel like I am on a wheel in a hamster cage
with this recurring WinBS.

Thank you for your forbearance.


-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Alexander Farber 
What about SO_LINGER at the Linux side, have you tried that?
http://stackoverflow.com/questions/3757289/tcp-option-so-linger-zero-when-its-required

On Fri, Jan 16, 2015 at 1:18 PM, Glenn Eychaner  wrote:
>> Since you always use the same local port -
>> maybe you need to set SO_REUSEADDR option.
>
> I assume I would have to set that on the client (DOS) side (the box which is
> using the same local port 1025 each time); setting it on the bound-listener
> socket on the Linux side doesn't seem like it would do anything to resolve
> the issue, based on my reading of SO_REUSEADDR on the net:
> http://www.unixguide.net/network/socketfaq/4.5.shtml
> http://stackoverflow.com/questions/14388706/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What happened to the default iptables rules on the minimal install of CentOS6 x86_64

2015-01-16 Thread Jim Perrin 


On 01/15/2015 01:04 PM, Jason Pyeron wrote:
> Sometime ago the minimal install stopped putting a default 
> /etc/sysconfig/iptables file which allowed only ssh, why the change?
> 

There was a thread on this shortly after 6.6 came out. The TL;DR version
of the mailing list thread is contained in the bugzilla entry and
comments linked below:

https://bugzilla.redhat.com/show_bug.cgi?id=1161682




-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Les Mikesell 
On Fri, Jan 16, 2015 at 6:18 AM, Glenn Eychaner  wrote:
>
> I was super-surprised by the change, in that I fully tested the upgrade on
> my simulator system before deploying, and still got bit on deployment.

I'm not sure I completely understand the scenario, but it seems wrong
for it to have worked before.  Why should a 'new' attempt at a
connection with different tcp sequence numbers have been able to have
any affect on the working socket that hasn't been closed yet at the
other end unless it is sending a RST packet. Might be interesting to
watch with wireshark to see if you are getting a RST that doesn't
close the old connection.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] bug#0008083: OS failed to update kernel after nss-softokn-freebl-3.14.3-19

2015-01-16 Thread Suse Shi 
https://rhn.redhat.com/errata/RHBA-2015-0048.html

http://bugs.centos.org/view.php?id=8083

Hi All,

  I would like to check if you are also able to see this issue.

  After nss-softokn-freebl upgraded to 3.14.3-19, it doesnt provide file:
/usr/lib64/libfreebl3.chk

  If we try to install/reinstall kernel, or try mkinitrd.  it will fail.

  I can reproduce this problem on EL 6.6,  I think it should be a serious
problem... since later yum update kernel will report success(tiny warning),
but os reboot will crash.

-- 
Regards,
-suse
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] bug#0008083: OS failed to update kernel after nss-softokn-freebl-3.14.3-19

2015-01-16 Thread Akemi Yagi 
On Fri, Jan 16, 2015 at 8:12 AM, Suse Shi  wrote:
> https://rhn.redhat.com/errata/RHBA-2015-0048.html
>
> http://bugs.centos.org/view.php?id=8083
>
> Hi All,
>
>   I would like to check if you are also able to see this issue.
>
>   After nss-softokn-freebl upgraded to 3.14.3-19, it doesnt provide file:
> /usr/lib64/libfreebl3.chk
>
>   If we try to install/reinstall kernel, or try mkinitrd.  it will fail.
>
>   I can reproduce this problem on EL 6.6,  I think it should be a serious
> problem... since later yum update kernel will report success(tiny warning),
> but os reboot will crash.

Hopefully the fixed version gets released soon:

https://bugzilla.redhat.com/show_bug.cgi?id=1182297

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Failure to start HTTPD after the most `yum update` on CentOS 7

2015-01-16 Thread Boris Derzhavets 
[root@juno1 ~(keystone_admin)]# /usr/sbin/httpd -D FOREGROUND
AH00548: NameVirtualHost has no effect and will be removed in the next release 
/etc/httpd/conf/ports.conf:7
AH00526: Syntax error on line 18 of /etc/httpd/conf.d/ssl.conf:
Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a 
module not included in the server configuration

Current version installed  . Issue raised up as `yum update` on  01/16/2014
[root@juno1 ~(keystone_admin)]# rpm -qa | grep httpd
httpd-manual-2.4.6-19.el7.centos.noarch
httpd-2.4.6-19.el7.centos.x86_64
libmicrohttpd-0.9.33-2.el7.x86_64
httpd-tools-2.4.6-19.el7.centos.x86_64

RDO Juno installed on CentOS 7 is affected as well

== Horizon service ==
openstack-dashboard:uncontactable
== neutron services ==

Thanks.
Boris.


  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] analog web log analyzer

2015-01-16 Thread Les Mikesell 
Analog (a) no longer seems to be maintained and (b) rebuilding the old
source rpm on CentOS7 ends up with a conflict with a file named
/usr/bin/analog that is owned by anaconda.

So, taking a step back: is there a better tool for apache log analysis
now?   One feature of analog that I haven't been able to match with
anything else is that you can rsync a tree of log files from a farm of
servers into one place and invoke analog with a wild-card to expand
all of their names on the command line and it will digest them all
without the need to pre-sort in timestamp order.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Warren Young 
On Jan 15, 2015, at 11:40 AM, Glenn Eychaner  wrote:

> When the DOS box exits, crashes, or is rebooted, it fails to shut down the
> socket properly.

Yes, that’s what happens when you use an OS that doesn’t implement sockets in 
kernel space: there is no program still running that can send the RST packet 
for the dead socket.

> Under CentOS 6.5, upon reboot, when the DOS box would attempt
> to reconnect, the original accepted server socket would (after a couple of
> connection attempts from the DOS box) see a 0-length recv and close, allowing
> the server to accept a new connection and resume receiving images.

You’re relying on undocumented behavior here.

I don’t know exactly what was going on before [*] but the new behavior is at 
least legal, and probably better.  It is preventing a bogus reconnection, which 
could be used for nefarious purposes.  (Connection hijacking, etc.)


[*] Your “flailing about” diagnosis is somewhat lacking in its level of rigor. 
:)  I think if you look more deeply into it, you’ll be shocked at how thin the 
ice you’ve been dancing on is.

> Possibly relevant facts:

Oh, yeah.  Relevant like rashes are to a diagnosis of chicken pox.

> - The DOS box uses the same local port (1025) every time it tries to connect.

That’s legal only if you allow the previous connection to die first, via the 
TIME_WAIT delay.  Until that delay expires, the connection’s 5-tuple [**] is 
still in use, and the kernel is right to refuse to accept another SYN using the 
same 5-tuple.

Another poster recommended SO_REUSEADDR, but that’s just a hack around the 
TIME_WAIT delay.

The correct fix is to change the DOS app to use an ephemeral port number.  That 
won’t 100% fix it, because you’ll still have a 1:16,383 chance [***] of causing 
the same problem as you’ve run into now, but that sounds live-able to me.  If 
you reboot only once a week, you’d have to be Yoda to have much reason to be 
worried about running into this again during the balance of your tenure with 
this company.

If you’re really worried about it, write the prior port to a text file on 
program startup and avoid that one on the next run.

Oh, let me guess the objection: old binary-only DOS app, no source code 
available, programmers long since vanished, right?


[**] Transport protocol, local port, local IP, remote port, remote IP.  At 
least one must be different for a new connection to be allowed.

[***] The IANA ephemeral port range 
(https://en.wikipedia.org/wiki/Ephemeral_port) has about 16k ports.  I spent 
some time puzzling over the probabilities, and I’m pretty sure you don’t count 
two “draws” here: you’re only concerned with the chance that the *next* port 
you pick will be equal to the preceding one.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Warren Young 
A couple more thoughts...

On Jan 16, 2015, at 10:42 AM, Warren Young  wrote:

> On Jan 15, 2015, at 11:40 AM, Glenn Eychaner  wrote:
> 
>> When the DOS box exits, crashes, or is rebooted, it fails to shut down the
>> socket properly.
> 
> Yes, that’s what happens when you use an OS that doesn’t implement sockets in 
> kernel space: there is no program still running that can send the RST packet 
> for the dead socket.

That said, your Linux/Python side code shouldn’t be relying on the RST anyway.  
A power blip that unceremoniously reboots the DOS box will also skip the RST.  
That happens with *all* TCP stacks, even in-kernel ones.

True war story, seen on devices from multiple vendors: 

The setup: An embedded system has a TCP listener.  Some network problem [*] 
causes packet loss for an extended period, causing an established peer to time 
out and drop its conn.  The packet loss also prevents the RST/FIN from getting 
to the embedded device, so it thinks it’s still connected.  Because the 
embedded device’s programmer is counting every processor cycle, he makes it so 
it only handles a single TCP connection at a time.

The result: The embedded box is now unreachable until boots on the ground walk 
over and power-cycle it.

The fix: Make the embedded TCP listener either a) allow multiple TCP 
connections; or b) drop the prior TCP conn when a new one comes in.

The lesson: If your TCP/IP program was easy to write, it isn’t robust.  You’ve 
missed *something*.


[*] It could be a misconfiguration, broken cable, firmware update, power-cycled 
wiring closet, etc.

> The correct fix is to change the DOS app to use an ephemeral port number.

That also fixes the “missing RST” problem I’ve described above.  If by some bad 
bit of luck the DOS box happens to pick the same ephemeral port number after a 
reboot that it was using before, it will get RST.  The DOS app will then retry, 
causing the DOS TCP stack to pick a different ephemeral port, so it will 
succeed.

A different fix is to exploit the real-time nature of video camera imagery: if 
your Python app goes more than a second without receiving an image frame, it 
can presume that the DOS box has disappeared again, and drop its conn.  By the 
time the DOS box reboots, TIME_WAIT may have expired, so the DOS box might 
reconnect without a problem.

You may wish to reduce tcp_fin_timeout to ensure that TIME_WAIT does indeed 
expire before the DOS box reboots, per http://goo.gl/zQCzqK
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] favorite cheap VPS services

2015-01-16 Thread Warren Young 
On Jan 15, 2015, at 6:24 PM, Tim Dunphy  wrote:

> what are some really cheap VPS services that you like
> to use for one off projects like this and why. I'm looking for dirt cheap
> as possible.

1. Choose a virtual machine technology: Xen, KVM, VirtualBox, VMware, whatever.

2. Spin up as many VMs as you need to test your next idea, within the 
constraints of available RAM.  If you need more VMs, drag a disused PC out of 
the closet and put some of them on it.  If you run out of disused PCs, buy more 
RAM; it’s a lot cheaper than a VPS.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Les Mikesell 
On Fri, Jan 16, 2015 at 12:21 PM, Warren Young  wrote:
>
> A different fix is to exploit the real-time nature of video camera imagery: 
> if your Python app goes more than a second without receiving an image frame, 
> it can presume that the DOS box has disappeared again, and drop its conn.  By 
> the time the DOS box reboots, TIME_WAIT may have expired, so the DOS box 
> might reconnect without a problem.
>

Normally if you care about knowing if the other end of a connection is
gone you could enable keepalives on the socket, but I think you still
don't find out until you try to write to it.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Warren Young 
On Jan 16, 2015, at 11:29 AM, Les Mikesell  wrote:

> On Fri, Jan 16, 2015 at 12:21 PM, Warren Young  wrote:
>> 
>> A different fix is to exploit the real-time nature of video camera imagery
> 
> Normally if you care about knowing if the other end of a connection is
> gone you could enable keepalives on the socket

That’s also an appropriate fix, especially when the protocol inherently has 
long periods of idle time, like SSH.

In this particular case, I can’t see the need, unless the camera simply doesn’t 
transmit continuously.  (Motion detection, intermittent activation, etc.)
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Fred Smith 
On Fri, Jan 16, 2015 at 11:34:28AM -0700, Warren Young wrote:
> On Jan 16, 2015, at 11:29 AM, Les Mikesell  wrote:
> 
> > On Fri, Jan 16, 2015 at 12:21 PM, Warren Young  wrote:
> >> 
> >> A different fix is to exploit the real-time nature of video camera imagery
> > 
> > Normally if you care about knowing if the other end of a connection is
> > gone you could enable keepalives on the socket
> 
> That’s also an appropriate fix, especially when the protocol inherently has 
> long periods of idle time, like SSH.
> 

It's been some time since I've dealt with that sort of problem, but My
recollection is that even keepalives won't really work, because they
occur only every hour or two.

What is needed is as described earlier: allow multiple connection attempts,
if you're busy listening for traffic and another connection attempt occurs,
especially if it's from the same IP address (but this isn't always the
right way, as some senders use a rotating pool of addresses), then accept
the new one and close the old one.

I suppose this kludge would work too: try sending something on that port,
and if the connection is broken, it'll error. then you could open a new
one.


-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
   Show me your ways, O LORD, teach me your paths;
 Guide me in your truth and teach me,
 for you are God my Savior,
And my hope is in you all day long.
-- Psalm 25:4-5 (NIV) 
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Les Mikesell 
On Fri, Jan 16, 2015 at 1:13 PM, Fred Smith
 wrote:
>> >
>> > Normally if you care about knowing if the other end of a connection is
>> > gone you could enable keepalives on the socket
>>
>> That’s also an appropriate fix, especially when the protocol inherently has 
>> long periods of idle time, like SSH.
>>
>
> It's been some time since I've dealt with that sort of problem, but My
> recollection is that even keepalives won't really work, because they
> occur only every hour or two.

You can control the frequency - and they are sometimes useful to keep
otherwise idle connections established through firewalls and NAT
gateways that would time out and drop them.

> I suppose this kludge would work too: try sending something on that port,
> and if the connection is broken, it'll error. then you could open a new
> one.

The problem here is that if the other end isn't reading from the
socket - and a camera probably wouldn't - the writes will just queue
up until some buffer is filled.And, without keepalives enabled,
you still won't get an error on the write.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] favorite cheap VPS services

2015-01-16 Thread Fran Garcia 
On 16 January 2015 at 02:24, Tim Dunphy <> wrote:
> Hey all,
>
>  I'm trying to learn how to use some of the big data stores. Specifically I
> want to learn how to use CassandraDB and Hadoop. Originally I'd had the
> idea of trying to setup a cassandra ring on the Amazon AWS free tier.
> However it seems that neither will run on a t2.micro instance.

Google Cloud are now offering $300 worth of compute in their cloud
trial. If you manage to test everything you need under $300, you'd be
ok :-) .

http://cloud.google.com

HTH

~f.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Zone file not written to slave DNS server [SOLVED]

2015-01-16 Thread Emmett Culley 
On 01/14/2015 04:46 AM, Tris Hoar wrote:
> On 14/01/2015 03:56, Emmett Culley wrote:
>> On 01/13/2015 12:10 PM, Mateusz Guz wrote:
>>> Have you found a solution?
>>>
>>> Did u allow master dns server to update the slave in /etc/named.conf ?
>>>
>>>
>>>
>>> -Original Message-
>>> From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On 
>>> Behalf Of John R Pierce
>>> Sent: Monday, January 12, 2015 7:02 AM
>>> To: centos@centos.org
>>> Subject: Re: [CentOS] Zone file not written to slave DNS server
>>>
>>> On 1/11/2015 9:28 PM, Emmett Culley wrote:
 I have mostly succeeded in getting master and slave DNS servers 
 operational.  Mostly, because the zone file is not written when a zone is 
 updated on the master server when the notify and transfer process happens.

 The slave DNS server gets the changes to the modified zone, but the slave 
 zone file remains as before. I've found a few tutorials and lots of 
 discussions, many of which talk about the slave's zone file getting 
 written upon transfer, but none mention what configuration option would 
 cause the slave's files to get updated.

 The master is on a Cantos 6 server and the slave is on a Cantos 7 machine.
>>>
>>> does the named service have write access to the slave directory ? chown
>>> named.named /path-to-named/slave
>>>
>>> oh, is your slave chrooted?  are you looking in the right directory, eg,
>>> /var/named/chroot/var/named/slave ?
>>>
>>>
>> I am seeing the following in the log:
>>
>> Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.792 general: info: 
>> zone mydomain.com/IN: Transfer started.
>> Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.885 xfer-in: info: 
>> transfer of 'mydomain.com/IN' from xx.xx.xxx.xxx#53: connected using 
>> 66.208.208.151#40226
>> Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.948 general: info: 
>> zone mydomain.com/IN: transferred serial 112
>> Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.948 xfer-in: info: 
>> transfer of 'mydomain.com/IN' from xx.xx.xxx.xxx#53: Transfer completed: 1 
>> messages, 38 records, 898 bytes, 0.063 secs (14253 bytes/sec)
>> Jan 13 12:08:44 g1 named[16370]: 13-Jan-2015 12:08:44.949 notify: info: zone 
>> mydomain.com/IN: sending notifies (serial 112)
>>
>> Yet the slaves/mydomain.com.db file does not get updated.  There must be an 
>> option I am not setting correctly.
>>
>> Slave config:
>>
>> Global:
>> options {
>> allow-notify { mas.ter.IPa.ddr; };
>> allow-transfer { mas.ter.IPa.ddr; };
> 
> Neither of these are needed on slave servers.
> 
>> .
>> .
>> .
>> };
>>
>> Per zone:
>> zone "mydomain.com." IN {
>> type slave;
>> file "slaves/mydomain.com.db";
>> masters { mas.ter.IPa.ddr; };
>> };
>>
>>
>> Master config:
>>
>> Global:
>> options {
>> allow-transfer { sla.ve.IP.net/28; 127.0.0.1; };
>> also-notify { sla.ve.IPa.ddr; };
> 
> This is not needed on the master server, unless the slave is not listed in 
> the zone, or if the salve is on a different IP to the on defined in the zone 
> (e.g. if the slave is behind a NAT and DNS lists it's NAT IP)
> 
>> allow-update { none; };
>> notify explicit;
>> .
>> .
>> .
>> };
>>
>> I also tried it with allow-update set to slaves IP address, even though I 
>> was sure that option was about dynamic DNS, not zone transfer to a slave.  
>> Of course that didn't work either.
>>
>> Emmett
>>
> 
> You should check the permissions on the slaves folder to make sure named can 
> write to it, also you should check if you have SElinux enabled, and if so 
> check that the slaves folder is labelled as named_cache_t
> 
> For example:
> [root@ns5 ~]# ll -Zd /var/named/slaves
> drwxrwx---. named named system_u:object_r:named_cache_t:s0 /var/named/slaves
> [root@ns5 ~]# ll -d /var/named/slaves
> drwxrwx---. 2 named named 4096 Jan 14 10:47 /var/named/slaves
> 
> Tris
> 
Turns out I was working in, and expecting updates to, directories under 
/var/named/chroot, but was starting named.service instead of 
named-chroot.service.

After starting named-chroot.service I see that the slave files are getting 
updated as expected.

I also removed the allow-notify and allow-transfer options from the slave 
configuration (thanks Tris).

Now to work on DNSSEC.

Emmett


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] NTLM Authentication ISA Server

2015-01-16 Thread Tim 
I read sth. about cntlm, but it is not installed by default.

I will give the mentioned solutions a try.

Any other suggestions are welcome.

Am 16. Januar 2015 13:08:51 MEZ, schrieb Kwan Lowe :
>On Wed, Jan 14, 2015 at 3:53 PM, Tim  wrote:
>
>> Hello list,
>>
>> how can I get CentOS 7 to authenticate against a Microsoft ISA server
>for
>> package installations after the OS is installed.
>>
>> In Debian/Ubuntu apt.conf just needs to be edited and it works. How
>to do
>> so in CentOS?
>>
>
>I use a program called cntlm. I don't know if an RPM is available but
>the
>source is trivial to build. I believe it also includes a SPEC file.
>___
>CentOS mailing list
>CentOS@centos.org
>http://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] favorite cheap VPS services

2015-01-16 Thread Mihai T. Lazarescu 
On 01/15/2015 06:24 PM, Tim Dunphy wrote:
>
> So I was wondering.. what are some really cheap VPS services 
> that you like to use for one off projects like this and why. 
> I'm looking for dirt cheap as possible.

You can check the offers that show up on LowEndTalk:

http://www.lowendtalk.com/categories/offers

Mihai
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] What's up with Firefox/Thundrebird(Solved)

2015-01-16 Thread Mark LaPierre 
On 11/24/14 21:03, Mark LaPierre wrote:
> Hey All,
> 
> Has anyone had trouble with Firefox/Thunderbird?
> 
> When I log on if I start Thunderbird first then I can't start Firefox.
> Clicking on a link in an email fails to start Firefox.
> 
> If I start Firefox before Thunderbird then hyperlinks in emails open a
> page in the existing Firefox instance.
> 
> Other users on this same machine are having the same problems.
> 
> This has been happening for that last several days.
> 
> CentOS release 6.6 (Final)
> 
> Linux mushroom.patch 2.6.32-504.1.3.el6.i686 #1 SMP Tue Nov 11 16:30:09
> UTC 2014 i686 i686 i386 GNU/Linux
> 
> Thunderbird 31.2.0
> Firefox 31.2.0
> 

The latest update to Firefox and Thunderbird appears to have fixed the
issue.  I don't know what the cause was but the cure was just to wait
for an update.

Thank you all for your input.

-- 
_
   °v°
  /(_)\
   ^ ^  Mark LaPierre
Registered Linux user No #267004
https://linuxcounter.net/

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Socket behavior change from 6.5 to 6.6

2015-01-16 Thread Greg Lindahl 
On Fri, Jan 16, 2015 at 01:23:56PM -0600, Les Mikesell wrote:

> And, without keepalives enabled,
> you still won't get an error on the write.

No, if the other end is up after a reboot, you'll get an immediate
error and socket close.

That's assuming the window isn't full; if it is, you'll have to wait
until a zero-window probe.

App level ping-ponging is the way to make sure TCP connections are
actually alive. I've never seen a portable system use keepalives for
that, due to the >= 2 hour default and the lack of a portable way to
configure the time.

There sure are a lot of mutually-conflicting opinions flying in this
thread. I learned this stuff by studying how IRC uses
application-level ping-pong, and have encountered and used this info
repeatedly in the years since.

-- greg


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] shutdown -h doesn't

2015-01-16 Thread Devin Reade 
--On Friday, January 16, 2015 09:54:01 AM +0100 Kay Diederichs
 wrote:

> Forgot to say: the problem does not exist when "Wake on LAN" is disabled
> in the BIOS (but I need wake-on-LAN).

That did the trick.  I was able to disable WOL and it no longer exhibits
the problem, including being able to reinstall kexec-tools.  A packet 
sniffer doesn't actually show up any WOL packets, though. It makes one
wonder.

Thanks.

For the record, the motherboard is a Gigabyte Z87X-D3H.

Devin

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos