from:"Orion Poplawski"

[CentOS] chrome/chromium crashing on CS9

2024-01-30 Thread Orion Poplawski

Is anyone else seeing Chrome/Chromium crash on on CS9?  It's unusable for me,
crashes on loading any web page.  Most coredumps seem corrupted.  The most
usable I've seen is this:

Core was generated by `/usr/lib64/chromium-browser/chromium-browser
--type=renderer --crashpad-handler'.
Program terminated with signal SIGSEGV, Segmentation fault.

warning: Section `.reg-xstate/3' in core file too small.
#0  0x555abfb91cdd in
v8::internal::ThreadIsolation::RegisterJitPage(unsigned long, unsigned long) ()
[Current thread is 1 (Thread 0x7f707f3fe640 (LWP 3))]
(gdb) bt
#0  0x555abfb91cdd in
v8::internal::ThreadIsolation::RegisterJitPage(unsigned long, unsigned long) ()
#1  0x555abfcec796 in
v8::internal::MemoryAllocator::AllocateUninitializedChunkAt(v8::internal::BaseSpace*,
unsigned long, v8::internal::Executability, unsigned long, 
v8::internal::PageSize)
()
#2  0x555abfced882 in
v8::internal::MemoryAllocator::AllocatePage(v8::internal::MemoryAllocator::AllocationMode,
v8::internal::Space*, v8::internal::Executability) ()
#3  0x555abfd0480c in
v8::internal::PagedSpaceBase::TryExpand(v8::internal::LocalHeap*,
v8::internal::AllocationOrigin) ()
#4  0x555abfcbdb32 in
v8::internal::PagedSpaceAllocatorPolicy::TryExpandAndAllocate(unsigned long,
v8::internal::AllocationOrigin) ()
#5  0x555abfcbd02c in
v8::internal::PagedSpaceAllocatorPolicy::EnsureAllocation(int,
v8::internal::AllocationAlignment, v8::internal::AllocationOrigin) ()
#6  0x555abfcbc0a8 in
v8::internal::MainAllocator::AllocateRawSlowUnaligned(int,
v8::internal::AllocationOrigin) ()
#7  0x555abfc3a098 in v8::internal::LocalHeap::AllocateRaw(int,
v8::internal::AllocationType, v8::internal::AllocationOrigin,
v8::internal::AllocationAlignment) ()
#8  0x555abfc685b0 in
v8::internal::Factory::CodeBuilder::BuildInternal(bool) ()
#9  0x555ac00c3375 in
v8::internal::baseline::BaselineCompiler::Build(v8::internal::LocalIsolate*) ()
#10 0x555ac00b4a83 in
v8::internal::baseline::ConcurrentBaselineCompiler::JobDispatcher::Run(v8::JobDelegate*)
()
#11 0x555ac5be9a67 in
base::internal::Invoker >,
v8::SourceLocation const&)::$_0, std::__Cr::unique_ptr > >, void (base::JobDelegate*)>::Run ()
#12 0x555ac38463a7 in
base::internal::Invoker, base::RepeatingCallback,
base::internal::PooledTaskRunnerDelegate*)::$_0,
base::internal::UnretainedWrapper >, void ()>::Run ()
#13 0x555ac381d5ab in base::TaskAnnotator::RunTaskImpl(base::PendingTask&) 
()
#14 0x555ac3848363 in
base::internal::TaskTracker::RunSkipOnShutdown(base::internal::Task&,
base::TaskTraits const&, base::internal::TaskSource*, base::SequenceToken
const&) ()
#15 0x555ac3847ef5 in
base::internal::TaskTracker::RunTask(base::internal::Task,
base::internal::TaskSource*, base::TaskTraits const&) ()
#16 0x555ac38479c8 in
base::internal::TaskTracker::RunAndPopNextTask(base::internal::RegisteredTaskSource)
()
#17 0x555ac385a662 in base::internal::WorkerThread::RunWorker() ()
#18 0x555ac385a14a in base::internal::WorkerThread::RunPooledWorker() ()
#19 0x555ac3859f78 in base::internal::WorkerThread::ThreadMain() ()
#20 0x555ac3879d73 in base::(anonymous namespace)::ThreadFunc ()
#21 0x7f70998a1912 in start_thread (arg=) at
pthread_create.c:443
#22 0x7f709983f314 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:100


-- 
Orion Poplawski
he/him/his  - surely the least important thing about me
Manager of IT Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS7 and NFS

2020-05-12 Thread Orion Poplawski


On 5/12/20 2:46 AM, Patrick Bégou wrote:

Hi,

I need some help with NFSv4 setup/tuning. I have a dedicated nfs server
(2 x E5-2620  8cores/16 threads each, 64GB RAM, 1x10Gb ethernet and 16x
8TB HDD) used by two servers and a small cluster (400 cores). All the
servers are running CentOS 7, the cluster is running CentOS6.

Time to time on the server I get:

  kernel: NFSD: client xxx.xxx.xxx.xxx testing state ID with
 incorrect client ID

And the client xxx.xxx.xxx.xxx freeze whith:

  kernel: nfs: server x.legi.grenoble-inp.fr not responding,
 still trying
  kernel: nfs: server x.legi.grenoble-inp.fr OK
  kernel: nfs: server x.legi.grenoble-inp.fr not responding,
 still trying
  kernel: nfs: server x.legi.grenoble-inp.fr OK

There is a discussion on RedHat7 support about this but only open to
subscribers. Other searches with google do not provide  useful information.


FYI - you can get access to such info with a free RHEL developers account.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] xvidtune powertools CentOS 8

2020-05-12 Thread Orion Poplawski


On 5/12/20 7:45 AM, Jerry Geis wrote:

Hi All - I was looking all over for xvidtune on Centos 8.
could not find it.
tried yum provides "*/xvidtune"
tried yum search xvidtune

Google pointed me to:
https://centos.pkgs.org/8/centos-powertools-x86_64/xorg-x11-apps-7.7-21.el8.x86_64.rpm.html


So I installed the apps and of course xvidtune is part of that.
However just curious why the provides or search did not point me there ?
Should it have?


If you had enabled the PowerTools repo the yum provides call would have.

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 8 Client to Windows file share SSO Active Directory

2020-05-14 Thread Orion Poplawski


On 5/14/20 11:01 AM, dhils...@performair.com wrote:

All;

My Google foo is failing me, and searching through the last 10 months on this 
mailing list hasn't helped either.

We have an existing Active Directory domain set up, and I'd like to add a 
CentOS 8 Workstation to it.

I have experience using both realmd and manual configuration to allow local 
login with AD accounts to various Linux distribution, and have this working on 
my test system.  I used realmd this time, and it configured sssd.

I have one problem that I've never been able to solve; when I attempt to 
connect to a remote file server, while logged on to the CentOS 8 system using a 
domain account, it asks for credentials.  Theoretically, this should work as 
it's just Kerberos.  Can anyone point me at resources on what is needed for SSO 
to domain resources to work properly?


Well, check the usual kerberos stuff:

- Do you have a ticket (klist)?
- Is /etc/krb5.conf(.d) looking good?
- How are you connecting to the remote file server?  Is that software 
configured to use Kerberos/GSSAPI to authenticate?  Do it have debug 
options to show you the authentication steps?

- What does the remote server report about the connection attempts?


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how does autofs deal with stuck NFS mounts and suspending to RAM?

2020-05-20 Thread Orion Poplawski


On 5/18/20 5:13 AM, hw wrote:

Hi,

after trying sshfs to mount a remote file system on a server with the result
that sshfs will sooner or later get stuck and require a reboot of the client,
I'm fed up with it and am looking for alternatives.

So next I would like to use NFS over a VPN connection instead.  To minimize
the instances of the NFS mount getting stuck, it might be helpful to use
autofs.

What happens when the mount is stuck because the connection is down and autofs
figures the idle timeout has expired and tries to unmount the remote file
system?


Nothing good, and bad things happen before this.


What happens when I put the client to sleep by suspending to RAM?  Will autofs
automatically unmount first, or will the server have to deal with a client
that has apparently gone away and might re-appear later in unexpected ways?


This is the mechanism that I use to try to mitigate this on our systems:

This triggers on suspend type events:

# cat /etc/systemd/system/suspend.target.wants/offnet.service
[Unit]
Description=Unmount all NFS mounts before disconnecting from network
Before=systemd-hibernate.service
Before=systemd-shutdown.service
Before=systemd-suspend.service

[Service]
ExecStart=/usr/local/sbin/offnet
Type=oneshot

[Install]
WantedBy=hibernate.target
WantedBy=shutdown.target
WantedBy=suspend.target



This triggers when you bring down a vpn connection with NetworkManager:

# cat /etc/NetworkManager/dispatcher.d/pre-down.d/autofs
#!/bin/bash

if [ -x /usr/bin/logger ]; then
  LOGGER="/usr/bin/logger -s -p user.notice -t $0"
else
  LOGGER=echo
fi

[ -z "${DEVICE_IP_IFACE}" ] && exit

# Unmount NFS and shutdown autofs if we are shutting down the last 
ethernet device or exiting vpn
if [ "$(/usr/bin/nmcli --terse --fields 'device,type' c show --active | 
grep -v "^${DEVICE_IP_IFACE}:" | grep -c :802-)" -eq 0 -o \

 "${DEVICE_IP_IFACE}" = tun0 ]; then
  $LOGGER "Unmounting NFS/CIFS directories"
  /usr/local/sbin/offnet
  $LOGGER "Performing autofs pre-down stop"
  systemctl stop autofs.service
fi



# cat /usr/local/sbin/offnet
#!/bin/bash
. /etc/init.d/functions

# __umount_loop awk_program fstab_file first_msg retry_msg retry_umount_args
# awk_program should process fstab_file and return a list of fstab-encoded
# paths; it doesn't have to handle comments in fstab_file.
__umount_loop() {
local remaining sig=
local retry=3 count

remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r)
while [ -n "$remaining" -a "$retry" -gt 0 ]; do
if [ "$retry" -eq 3 ]; then
action "$3" umount $remaining
else
action "$4" umount $5 $remaining
fi
count=4
remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r)
while [ "$count" -gt 0 ]; do
[ -z "$remaining" ] && break
count=$(($count-1))
usleep 50
remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" 
| sort -r)

done
[ -z "$remaining" ] && break
kill $sig $(/sbin/fuser -m $remaining 2>/dev/null  | 
sed -e "s/\b$$\b//g") > /dev/null

sleep 3
retry=$(($retry -1))
sig=-9
done
}

__umount_loop '$3 ~ /^nfs/ && $3 != "nfsd" && $2 != "/" {print $2}' \
/proc/mounts \
$"Unmounting NFS filesystems: " \
$"Unmounting NFS filesystems (retry): " \
"-f -l"

__umount_loop '$3 ~ /^cifs/ && $2 != "/" {print $2}' \
/proc/mounts \
$"Unmounting CIFS filesystems: " \
$"Unmounting CIFS filesystems (retry): " \
    "-f -l"


Is there a way to tell NFS to retry an operation _now_ after the connection
went down and came back, rather than having to wait for a possibly rather long
time?


Not that I'm aware of.


Is there a better alternative for mounting remote file systems over unreliable
connections?


I would second the recommendation for SMBv3/CIFS for a fault tolerant 
remote file system.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] HW/MAC addr vs client id vs ...

2020-05-22 Thread Orion Poplawski


On 5/22/20 10:04 AM, R C wrote:

Hello,


when booting using dhcp, some OS-es use their MAC addr, some, when 
getting an IP with DHCP use a client id, sometimes  it's 01M+MAC, 
sometimes it is a quite long string, similar to UUIDs.


For example some Ubuntu version  sends out their DHCP client id as 
01+MAC, similar to windows machines.


Is there a way in Centos/RHEL, to 'configure' that?  (Cisco equipment is 
kind of particlat about that), so that for example when requesting


an IP using DHCP,  the  client-id used is 01+MAC  instead of just the 
MAC address?


(it becomes a hassle when machines are dual boot for example).


In your ifcfg file set:

DHCP_CLIENT_ID=

to whatever you want.  I don't know of a way to automatically use the 
01+MAC scheme.



--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bridge network for virt-manager

2020-06-02 Thread Orion Poplawski


On 6/2/20 8:53 AM, Jerry Geis wrote:

Ok so I have used virt-manager to create the name NET100
This is what shows.


   NET100
   1ba45e54-93c2-f291-8b35-a7fe8cae9ac1
   
 
   
   
   
   
 
   
 
   


I DO get a DHCP on my network  - but the client cannot connect to the host
machine. Has access to internet - but just not the host.


This isn't a real bridged network.  This is a NATed local network.

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Bridge network for virt-manager

2020-06-05 Thread Orion Poplawski


On 6/3/20 6:34 PM, Gordon Messmer wrote:

On 6/2/20 3:38 AM, Jerry Geis wrote:

Hello. I desire to get bridge network working using virt-manager.



The easiest way to set up bridged networking on CentOS 7 is:

     virsh iface-bridge eth0 br0 --no-stp

This command will create a new bridge interface, br0.  The existing 
interface, eth0, will be added to the bridge, and its current IP 
configuration will be migrated to the new interface.


This is likely the coolest thing I've learned all week.  Thanks!


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS7 and NFS

2020-07-02 Thread Orion Poplawski


On 6/1/20 3:08 AM, Patrick Bégou wrote:

Le 13/05/2020 à 02:13, Orion Poplawski a écrit :

On 5/12/20 2:46 AM, Patrick Bégou wrote:

Hi,

I need some help with NFSv4 setup/tuning. I have a dedicated nfs server
(2 x E5-2620  8cores/16 threads each, 64GB RAM, 1x10Gb ethernet and 16x
8TB HDD) used by two servers and a small cluster (400 cores). All the
servers are running CentOS 7, the cluster is running CentOS6.

Time to time on the server I get:

   kernel: NFSD: client xxx.xxx.xxx.xxx testing state ID with
  incorrect client ID

And the client xxx.xxx.xxx.xxx freeze whith:

   kernel: nfs: server x.legi.grenoble-inp.fr not responding,
  still trying
   kernel: nfs: server x.legi.grenoble-inp.fr OK
   kernel: nfs: server x.legi.grenoble-inp.fr not responding,
  still trying
   kernel: nfs: server x.legi.grenoble-inp.fr OK

There is a discussion on RedHat7 support about this but only open to
subscribers. Other searches with google do not provide  useful
information.


FYI - you can get access to such info with a free RHEL developers
account.



Thanks for your suggestion. As the problem is back I've subscribed to
reach the full content of this discussion.

The answer was "do not use antivirus" :-(. I do not use antivirus as I
am CentOS only.

Patrick



Just curious to see if you have had any luck resolving these issues? 
I'm afraid that NFS on EL 7 has become much less stable for us recently 
as well with lots more client access hangs.


Orion

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 rsyslog and ELK

2020-07-18 Thread Orion Poplawski


On 7/10/20 3:51 PM, Pete Biggs wrote:

On Fri, 2020-07-10 at 16:44 -0400, Jason Edgecombe wrote:

I don't use ELK at the moment, but is this helpful?

% journalctl -f --output=json

The above command prints the continuous output of the systemd journal in
json format.


Thanks. The problem is getting that into logstash.  But it's actually
quite useful anyway as it's another method of monitoring what is
supposed to be logged.

P.


Along this line there is journalbeat.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install OpenVAS on CentOS Linux release 8.2.2004 (Core)

2020-08-11 Thread Orion Poplawski


On 8/11/20 11:35 AM, Kaushal Shriyan wrote:

On Tue, Aug 11, 2020 at 9:24 PM Ralf Prengel 
wrote:


Hallo,
not direkt a solution but I m using a kali rolling release installation on
hard disk.
Works fine here.

Ralf



Hi,

I am facing the below mentioned issue.

#wget -q -O - http://www.atomicorp.com/installers/atomic |sh
[root@openvas8 ~]# yum -y install openvas
Last metadata expiration check: 1:40:48 ago on Tue 11 Aug 2020 11:53:08 AM
EDT.
Error:
  Problem: conflicting requests
   - package greenbone-vulnerability-manager-11.0.0-9461.el8.art.noarch
requires openvas-manager, but none of the providers can be installed
   - package gvm-11.0.0-14318.el8.art.noarch requires gvmd, but none of the
providers can be installed
   - package gvm-11.0.0-14324.el8.art.noarch requires gvmd, but none of the
providers can be installed
   - package gvm-11.0.0-14325.el8.art.noarch requires gvmd, but none of the
providers can be installed
   - package gvm-11.0.0-14327.el8.art.noarch requires gvmd, but none of the
providers can be installed
   - package gvm-11.0.0-14328.el8.art.noarch requires gvmd, but none of the
providers can be installed
   - nothing provides alien needed by
greenbone-vulnerability-manager-11.0.0-9458.el8.art.noarch
   - nothing provides dirb needed by
greenbone-vulnerability-manager-11.0.0-9458.el8.art.noarch
   - nothing provides nikto needed by
greenbone-vulnerability-manager-11.0.0-9458.el8.art.noarch
   - nothing provides perl-XML-Twig needed by gvmd-9.0.1-14218.el8.art.x86_64
   - nothing provides perl-XML-Twig needed by gvmd-9.0.1-14220.el8.art.x86_64
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to
use not only best candidate packages)
[root@openvas8 ~]#


perl-XML-Twig at least is in the PowerTools repo, which is disabled by 
default.  nikto and dirb look to be harder to come by.





--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C8 - Register with Red Hat

2020-08-17 Thread Orion Poplawski


On 8/17/20 4:49 PM, Gregory P. Ennis wrote:


On Mon, 17 Aug 2020 17:03:24 -0500
Gregory P. Ennis wrote:


I downloaded a Centos 8 image file :

CentOS-8.1.1911-x86_64-dvd1.iso

then I installed it as a kvm guest on a Centos 7 host machine.

I installed a lot of the software; gui and server to give it a test drive.

Nothing unusual about what I did  that I can identify.


And the message came up when you what?  What action do you take immediately 
prior to
this message appearing?

The message appears on the desktop?  Login screen?  When you open a terminal 
window?

I have cleaned up a lot of stuff on my C8 machines that I don't need, but on my 
main
computer (this one) "rpm -qa | grep subscription" gives me no output, so you 
might want to
"dnf remove *subscription* and see what happens.
-
Frank,

It appears every time I do a dnf update.  I was trying to install kvm to see if 
I could put
a guest inside of guest.  I wanted to test kvm on Centos 8 before I put it into 
production.

I tried to remove subscription as above but decided to answer the question to 
the negative.
What appears is below.

Greg

[root@Post ~]# dnf remove *subscription*


You should be able to remove everything except for:

subscription-manager-rhsm-certificates-1.26.17-1.el8_2.x86_64
python3-subscription-manager-rhsm-1.26.17-1.el8_2.x86_64

if you want to keep the hard dependencies (virt-who, abrt-*).  You can 
add --noautoremove to avoid removing much of the other stuff.



--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Systemd service unit file needs to wait until a specific interface is up

2020-09-23 Thread Orion Poplawski

On 9/23/20 7:07 AM, Stephen John Smoogen wrote:

On Wed, 23 Sep 2020 at 04:33, Carlos Lopez wrote:

Hi all,

With SystemD, how can I make certain service dependent on certain network
interfaces being up?

For example, I have an 802.1ad bond interface I need to wait on for being
up (this interface has no ip address assigned, it is used to capture
networks packets with a tcpdump’s script). Every time this service fails
because bond interface is not up.

I have configured the service as:

[Unit]

Description=tcpdump capture script

After=network.target

Wants=network-online.target

But it doesn’t work …. Any tip or trick?

So the network just calls the scripts and exits so they can take a while to
get working. I think this website covers what you want to do

https://unix.stackexchange.com/questions/257888/systemd-wait-for-network-interface-to-be-up-before-running-service

systemctl list-units --no-pager | grep subsystem-net

Then look for the device which matches the one you are listening to. Change
the After=network.target to

BindsTo=sys-devices-virtual-net-.device
After=sys-devices-virtual-net-.device

where is the interface you found (aka eth2, br9, bond0 etc)

Hmm, there seems to be several layers here.

I think sys-devices-.device is "started" when appears
in the kernel:

Sep 23 19:37:25 kernel: virtio_net virtio0 ens3: renamed from eth0

# systemctl status sys-subsystem-net-devices-ens3.device
● sys-subsystem-net-devices-ens3.device - Virtio network device
Loaded: loaded
Active: active (plugged) since Wed 2020-09-23 19:37:25 MDT

This is not what most people would consider "up" - i.e. have an IP
address. ens3 doesn't get it's IP address until much later.

This works for Carlos though because he doesn't need an IP address -
just the device existing.

I have no idea how it worked for the stackexchange poster. Apparently
because "lan0" is a virtual device as well
("sys-devices-virtual-net-lan0") that they need, not a more "physical"
device like "net-devices-ens3", and it gets an IP address at the same
time as creation.

I've been dealing with issues like this for a while - systems with
multiple interfaces, some of which do not come up for quite a while, and
I need to wait for all to be up before running certain tasks. Still
haven't found anything very satisfactory.

--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Chromium 85 does not load any pages

2020-09-23 Thread Orion Poplawski

On 9/23/20 7:28 AM, Simon Matter wrote:

Date: Wednesday, September 23, 2020 08:37:01 -0400
From: H 

On 09/23/2020 08:28 AM, Simon Matter wrote:

I just upgraded chromium on my CentOS 7 system and ended up with
nothing loading. I tried to downgrade using yum downgrade
chromium but there does not seem to be an older version on my
system, nor does EPEL seem to have version 84 which is what I ran
before.

First, does anyone know why chromium 85 does not load /anything/?
Firefox runs fine.

Do you run chromium locally or remote? I've seen the same behavior
but we're running on remote desktops which means we have to 3D
support. Once in the past this was a problem with chromium so I
thought maybe it's the same now.

Second, why is chromium 84 not available in EPEL?

EPEL doesn't provide old versions, they are removed when a new
release comes in. You can get the older chromium here:

https://kojipkgs.fedoraproject.org//packages/chromium/84.0.4147.89
/1.el7/x86_64/chromium-84.0.4147.89-1.el7.x86_64.rpm
https://kojipkgs.fedoraproject.org//packages/chromium/84.0.4147.89
/1.el7/x86_64/chromium-common-84.0.4147.89-1.el7.x86_64.rpm

I run chromium locally. Version 84 ran just fine...

It's hard to debug "does not load /anything/" without more specifics.

It's exactly what the OP said, chromium starts, presents its main window
and this one stays white whatever URL you try to load.

https://bugzilla.redhat.com/show_bug.cgi?id=1881142

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] guidance on enabling 2FA at Linux GUI level

2020-10-11 Thread Orion Poplawski


On 10/9/20 2:33 PM, Erick Perez - Quadrian Enterprises wrote:

Hi all,
running a machine with Centos 7.6 that already has a 2FA PAM- enabled
module for SSH logins.

Is there a document that talks about configuring Centos 7.6 default GUI
(Gnome) to use 2fa with PAM?

thanks,



There are many kinds of 2FA - what exactly are you looking to use?

For smartcards I think this is what you want:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/smartcards

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] I'm looking forward to the future of CentOS Stream

2020-12-13 Thread Orion Poplawski


On 12/13/20 1:25 PM, Dave Stevens wrote:

On Sun, 13 Dec 2020 21:05:42 +0100
Rainer Duffner  wrote:


It’s also not often the case that you can split this kind of work
into a thousand work-packages and have everybody just work 1/2 hour a
day on it.


not like Debian for instance

d


The workflow is very different.  For a primary distribution, updates to 
different packages happen at different times.  Contributors can do that 
work when they have the time.


For a rebuild, work must happen as fast as possible after RHEL has 
released an update.  Much harder for volunteers to contribute to.


There are other support roles that volunteers can hopefully do, but the 
core mission doesn't really align well with that.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Recommendation for 10 gigabit NICs on CentOS8

2021-02-08 Thread Orion Poplawski


On 2/7/21 3:55 AM, Strahil Nikolov via CentOS wrote:

Hi All,


can you share what kind of old NICs do you use on CentOS 8 (Stream or
not , it doesn't matter) without any issues?
I was looking at ebay and I found some pretty old Mellanox  "ConnectX"
or "ConnectX-2" but I seriously doubt they will work on CentOS 8.

Any proposals are also welcome. I don't care of the brand as long as it
is PCIe and is supported by the vanilla kernel.


I'm using a number of HP branded MT27520 Family [ConnectX-3 Pro] 
InfiniBand FDR/Ethernet 10Gb/40Gb 2-port 544+FLR-QSFP Adapters without 
any issue. Not sure if that is old enough for you.


HTH,
  Orion

--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] "System error" when trying to logon via SSH to CentOS 8 joined to AD

2021-04-04 Thread Orion Poplawski


On 3/23/21 12:09 AM, Konstantin Boyandin via CentOS wrote:

Hello,

I joined a CentOS 8 box to an AD, using the below document as general 
guide:


https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/connecting-rhel-systems-directly-to-ad-using-sssd_integrating-rhel-systems-directly-with-active-directory 
(section 14.1)


A problem: after I tried to log on via SSH (as an AD user) to the box, 
the journalctl gets the below records:


March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:auth): 
authentication success; logname= uid=0 euid=0 tty=ssh ruser= 
rhost=10.10.0.55 user=username
March 23 12:41:01 sandbox.lan sshd[2262]: pam_sss(sshd:account): Access 



denied for user username: 4 (System error)
March 23 12:41:01 sandbox.lan sshd[2262]: Failed password for username 
from 10.10.0.55 port 57610 ssh2
March 23 12:41:01 sandbox.lan sshd[2262]: fatal: Access denied for user 



username by PAM account configuration [preauth]


"System error" generally means an error internally to sssd.  I would 
turn up sssd debugging and check the sssd logs in /var/log/sssd.  Also, 
you'll probably get better support on the sssd list.


--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Trouble with CentOS-Stream-GenericCloud-9-20211208.0.x86_64.qcow2

2021-12-09 Thread Orion Poplawski

I'm trying to test out the CentOS Stream 9 GenericCloud images.  I'm 
installing with:


VM_NAME="centos-stream9"
USER_DATA="user-data"
DISK="CentOS-Stream-GenericCloud-9.x86_64.qcow2"


virt-install \
--name "${VM_NAME}" \
--memory 2048 \
--vcpus 2 \
--import \
--cloud-init user-data="${USER_DATA}" \
--os-variant centos-stream9 \
--disk "${DISK}" \
--network network=default,model=virtio \
--graphics none \
--virt-type kvm

But I'm ending up with a corrupted disk image, e.g.:

# ls -l /var/lib
ls: cannot access '/var/lib/unbound': Permission denied
ls: cannot access '/var/lib/systemd': Permission denied
ls: cannot access '/var/lib/logrotate': Permission denied
ls: cannot access '/var/lib/rpcbind': Permission denied
ls: cannot access '/var/lib/os-prober': Permission denied
ls: cannot access '/var/lib/setroubleshoot': Permission denied
ls: cannot access '/var/lib/rsyslog': Permission denied
ls: cannot access '/var/lib/dhclient': Permission denied
ls: cannot access '/var/lib/kdump': Permission denied
ls: cannot access '/var/lib/cloud': Permission denied
ls: cannot access '/var/lib/nfs': Permission denied
ls: cannot access '/var/lib/chrony': Permission denied
total 4
drwxr-xr-x. 2 root root  84 Dec  7 10:24 alternatives
drwxr-xr-x. 3 root root4096 Dec  7 10:23 authselect
d?? ? ??  ?? chrony
d?? ? ??  ?? cloud
d?? ? ??  ?? dhclient
drwxr-xr-x. 2 root root  80 Dec  7 10:24 dnf
drwxr-xr-x. 2 root root   6 Aug  9 16:40 games
drwxr-xr-x. 4 root root  55 Dec  9 22:59 gssproxy
drwxr-xr-x. 2 root root   6 Aug 24 10:22 initramfs
d?? ? ??  ?? kdump
d?? ? ??  ?? logrotate
drwxr-xr-x. 2 root root   6 Aug  9 16:40 misc
drwx--. 2 root root 122 Dec  9 22:59 NetworkManager
d?? ? ??  ?? nfs
d?? ? ??  ?? os-prober
drwxr-xr-x. 2 root root   6 Aug  9 22:08 PackageKit
drwxr-x---. 3 root polkitd   28 Dec  7 10:22 polkit-1
drwx--. 2 root root   6 Dec  7 10:22 private
d?? ? ??  ?? rpcbind
drwxr-xr-x. 2 root root  91 Aug 19 10:39 rpm
drwxr-xr-x. 2 root root   6 Dec  7 10:22 rpm-state
d?? ? ??  ?? rsyslog
drwxr-xr-x. 5 root root  46 Dec  7 10:22 selinux
d?? ? ??  ?? setroubleshoot
drwxr-xr-x. 9 root root 105 Dec  7 10:22 sss
d?? ? ??  ?? systemd
drwxr-xr-x. 3 root root      20 Dec  7 10:22 tpm2-tss
d?? ? ??  ?? unbound

Is anyone else seeing this?  Anything I'm doing wrong?

I'm not seeing any error in the boot messages.

--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Trouble with CentOS-Stream-GenericCloud-9-20211208.0.x86_64.qcow2

2021-12-21 Thread Orion Poplawski


On 12/9/21 21:10, centos@centos.org wrote:
I'm trying to test out the CentOS Stream 9 GenericCloud images.  I'm 
installing with:


VM_NAME="centos-stream9"
USER_DATA="user-data"
DISK="CentOS-Stream-GenericCloud-9.x86_64.qcow2"


virt-install \
--name "${VM_NAME}" \
--memory 2048 \
--vcpus 2 \
--import \
--cloud-init user-data="${USER_DATA}" \
--os-variant centos-stream9 \
--disk "${DISK}" \
--network network=default,model=virtio \
--graphics none \
--virt-type kvm

But I'm ending up with a corrupted disk image, e.g.:

# ls -l /var/lib
ls: cannot access '/var/lib/unbound': Permission denied
ls: cannot access '/var/lib/systemd': Permission denied
ls: cannot access '/var/lib/logrotate': Permission denied
ls: cannot access '/var/lib/rpcbind': Permission denied
ls: cannot access '/var/lib/os-prober': Permission denied
ls: cannot access '/var/lib/setroubleshoot': Permission denied
ls: cannot access '/var/lib/rsyslog': Permission denied
ls: cannot access '/var/lib/dhclient': Permission denied
ls: cannot access '/var/lib/kdump': Permission denied
ls: cannot access '/var/lib/cloud': Permission denied
ls: cannot access '/var/lib/nfs': Permission denied
ls: cannot access '/var/lib/chrony': Permission denied
total 4
drwxr-xr-x. 2 root root  84 Dec  7 10:24 alternatives
drwxr-xr-x. 3 root root    4096 Dec  7 10:23 authselect
d?? ? ?    ?  ?    ? chrony
d?? ? ?    ?  ?    ? cloud
d?? ? ?    ?  ?    ? dhclient
drwxr-xr-x. 2 root root  80 Dec  7 10:24 dnf
drwxr-xr-x. 2 root root   6 Aug  9 16:40 games
drwxr-xr-x. 4 root root  55 Dec  9 22:59 gssproxy
drwxr-xr-x. 2 root root   6 Aug 24 10:22 initramfs
d?? ? ?    ?  ?    ? kdump
d?? ? ?    ?  ?    ? logrotate
drwxr-xr-x. 2 root root   6 Aug  9 16:40 misc
drwx--. 2 root root 122 Dec  9 22:59 NetworkManager
d?? ? ?    ?  ?    ? nfs
d?? ? ?    ?  ?    ? os-prober
drwxr-xr-x. 2 root root   6 Aug  9 22:08 PackageKit
drwxr-x---. 3 root polkitd   28 Dec  7 10:22 polkit-1
drwx--. 2 root root   6 Dec  7 10:22 private
d?? ? ?    ?  ?    ? rpcbind
drwxr-xr-x. 2 root root  91 Aug 19 10:39 rpm
drwxr-xr-x. 2 root root   6 Dec  7 10:22 rpm-state
d?? ? ?    ?  ?    ? rsyslog
drwxr-xr-x. 5 root root  46 Dec  7 10:22 selinux
d?? ? ?    ?  ?    ? setroubleshoot
drwxr-xr-x. 9 root root 105 Dec  7 10:22 sss
d?? ? ?    ?  ?    ? systemd
drwxr-xr-x. 3 root root  20 Dec  7 10:22 tpm2-tss
d?? ? ?    ?  ?    ? unbound

Is anyone else seeing this?  Anything I'm doing wrong?

I'm not seeing any error in the boot messages.



I still get this consistently with the GenericCloud images.  Is there 
something wrong with them or with my system?


--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] possible issue with CS8 kernel-4.18.0-358.el8.x86_64

2022-01-15 Thread Orion Poplawski


Is anyone else having any issues with CS8 kernel-4.18.0-358.el8.x86_64?

The symptom I'm seeing is not getting the kde screen locker password 
prompt to show so I can't unlock my screen.


I have already rolled back the recent qt5 and xorg updates.

Booting into the previous kernel - 4.18.0-348.7.1.el8_5.x86_64 fixes it.

No idea what might actually be causing it.

--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Assitance with perl

2022-01-30 Thread Orion Poplawski


On 1/30/22 18:12, H wrote:

I am writing a long bash script under CentOS 7 where perl is used for 
manipulating some external files. So far I am using perl one-liners to do so 
but ran into a problem when I need to append text to an external file.

Here is a simplified example in the bash script where txt is a bash variable 
which I built containing a longish text with multiple newlines:

txt="a b$'\n'cd ef$'\n'g h$'\n'ij kl"

A simplified perl one-liner to append the text in the variable above to some 
file in the bash script would be:

perl -pe 'eof && do{print $_'"${txt}"'; exit}' someexternalfile.txt

This works when fine when $txt does /not/ contain any spaces but falls apart 
when it does.

I would like to keep the above structure, ie using bash variables to build text strings 
and one-liners to do the text manipulation. Hopefully there is a "simple" 
solution to do this, I have tried many variations and failed miserably... Note that I 
also want to use a similar pattern to do substitutions in external files, I would thus 
like to use the same code pattern.


I don't understand why:

echo -e $txt >> someexternalfile.txt

doesn't do what you want, or if perl is absolutely what you need:

perl -e "print \"${txt}\";" >> someexternalfile.txt

I have no idea if you are trying to output literal $'s or 's or not.

--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] possible issue with CS8 kernel-4.18.0-358.el8.x86_64

2022-01-30 Thread Orion Poplawski


On 1/28/22 10:27, Turing Eret wrote:

I'd like to echo this. `kscreenlocker_greet` doesn't show a password prompt
and can't be unlocked, `loginctl unlock-session` just doesn't work, sddm
just stops at a black screen and never displays the login prompt. Backed up
to 348 and everything works fine.


Looks like some bugs have been filed:

https://bugzilla.redhat.com/show_bug.cgi?id=2043771
https://bugzilla.redhat.com/show_bug.cgi?id=2043322

--
Orion Poplawski
he/him/his - surely the least important thing about me
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Update RPM GPG key for EL9

2022-06-01 Thread Orion Poplawski

Looks like the GPG key we use to sign our RPMs is not longer good with EL9:

# rpm --import RPM-GPG-KEY-nwra
error: RPM-GPG-KEY-nwra: key 1 import failed

gpg key info:

sec  rsa2048/35DDB0B86218AC2F
 created: 2017-08-16  expires: never   usage: SC
 trust: ultimate  validity: ultimate
ssb  rsa2048/6A7FBC1E9DB22E8E
 created: 2017-08-16  expires: never   usage: E

Can someone explain what I need to do to make things compatible with EL9?

Thank you!

-- 
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Update RPM GPG key for EL9

2022-06-01 Thread Orion Poplawski

On 6/1/22 13:43, Fabian Arrotin wrote:
> On 01/06/2022 19:51, Orion Poplawski wrote:
>> Looks like the GPG key we use to sign our RPMs is not longer good with EL9:
>>
>> # rpm --import RPM-GPG-KEY-nwra
>> error: RPM-GPG-KEY-nwra: key 1 import failed
>>
>> gpg key info:
>>
>> sec  rsa2048/35DDB0B86218AC2F
>>   created: 2017-08-16  expires: never   usage: SC
>>   trust: ultimate  validity: ultimate
>> ssb  rsa2048/6A7FBC1E9DB22E8E
>>   created: 2017-08-16  expires: never   usage: E
>>
>> Can someone explain what I need to do to make things compatible with EL9?
>>
>> Thank you!
>>
> 
> Just ensure that it's not using SHA1, which was deprecated, reason why the
> CentOS keys had to be re-signed with newer algo too
> 
> See this thread :
> https://lists.centos.org/pipermail/centos-devel/2022-March/120263.html

Thanks - but I don't know how to check if it is using SHA1 or how to
regenerate it with SHA512.


-- 
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Update RPM GPG key for EL9

2022-06-02 Thread Orion Poplawski

On 6/1/22 23:40, Fabian Arrotin wrote:
> On 02/06/2022 00:22, Orion Poplawski wrote:
>> On 6/1/22 13:43, Fabian Arrotin wrote:
>>> On 01/06/2022 19:51, Orion Poplawski wrote:
>>>> Looks like the GPG key we use to sign our RPMs is not longer good with EL9:
>>>>
>>>> # rpm --import RPM-GPG-KEY-nwra
>>>> error: RPM-GPG-KEY-nwra: key 1 import failed
>>>>
>>>> gpg key info:
>>>>
>>>> sec  rsa2048/35DDB0B86218AC2F
>>>>    created: 2017-08-16  expires: never   usage: SC
>>>>    trust: ultimate  validity: ultimate
>>>> ssb  rsa2048/6A7FBC1E9DB22E8E
>>>>    created: 2017-08-16  expires: never   usage: E
>>>>
>>>> Can someone explain what I need to do to make things compatible with EL9?
>>>>
>>>> Thank you!
>>>>
>>>
>>> Just ensure that it's not using SHA1, which was deprecated, reason why the
>>> CentOS keys had to be re-signed with newer algo too
>>>
>>> See this thread :
>>> https://lists.centos.org/pipermail/centos-devel/2022-March/120263.html
>>
>> Thanks - but I don't know how to check if it is using SHA1 or how to
>> regenerate it with SHA512.
>>
> 
> You can always check the digest algo on existing public keys with 
> --list-packets
> 
> Example for the older Cloud SIG pub key (but same for other keys) :
> 
> curl --silent
> https://git.centos.org/centos/centos.org/raw/26a8f19095de699769b00109a1d69b37474ec388/f/keys/RPM-GPG-KEY-CentOS-SIG-Cloud|gpg
> --list-packets|grep "digest algo"
> digest algo 2, begin of digest 01 35
> 
> digest algo 2 is the problem , as it's SHA1, which is now deprecated
> 
> So you don't need to create new key, but just re-sign with better algo
> Just ensure that you have 'cert-digest-algo SHA512' in ~/.gnupg/gpg.conf and
> re-signing existing gpg key[s] would work
> The easiest way to have these re-signed is to 'gpg --edit-key ` , then
> edit both primary and sub, setting different expiration date (even if already
> set to never), save and then export with 'gpg --export --armor' again
> 
> You can see the difference on the public key:
> curl --silent
> https://git.centos.org/centos/centos.org/raw/main/f/keys/RPM-GPG-KEY-CentOS-SIG-Cloud|gpg
> --list-packets|grep "digest algo"
> digest algo 10, begin of digest 73 02
> 
> Which shows a better signature algo and it can be imported now on
> RHEL9/Stream9 and others

Thank you!  Exactly what I needed.


-- 
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Trouble with kernel-3.10.0-1160.80.1.el7.x86_64

2022-11-08 Thread Orion Poplawski

Is anyone else experiencing trouble with kernel-3.10.0-1160.80.1.el7.x86_64?
I'm seeing a kernel panics in the kvm module on one of our VM hosts with it.

I did notice a new libvirt update as well, but it seems to work fine with the
older kernel (.76.1).

-- 
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Trouble with kernel-3.10.0-1160.80.1.el7.x86_64

2022-11-08 Thread Orion Poplawski

On 11/8/22 13:12, Simon Matter wrote:
>> Is anyone else experiencing trouble with
>> kernel-3.10.0-1160.80.1.el7.x86_64?
>> I'm seeing a kernel panics in the kvm module on one of our VM hosts with
>> it.
>>
>> I did notice a new libvirt update as well, but it seems to work fine with
>> the
>> older kernel (.76.1).
> 
> Where did you get the .80.1 kernel from? I'm a bit confused because I can
> only see .76.1 on my systems.
> 
> Simon

I'm actually running Scientific Linux, which seems to be a little ahead here.

-- 
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install PHP 8.1.12 on CentOS Linux release 7.9.2009 (Core).

2022-11-18 Thread Orion Poplawski


On 11/12/22 11:30, Kaushal Shriyan wrote:


I have always used EPEL and IUS repositories which have never given me any
issues related to any packages either in dev, qa, staging and prod
environment. Can I still go ahead and use the remi repository for
production environment?

Please suggest and guide me. Thanks in advance.


Remi is the primary maintainer of PHP in RHEL, so yeah, you can trust 
his repos.


--
Orion Poplawski
he/him/his  - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream 8 sssd.service failing part of sssd-common-2.8.1-1.el8.x86_64 baseos package

2023-01-02 Thread Orion Poplawski


On 12/30/22 04:06, Jelle de Jong wrote:

On 12/27/22 22:55, Gordon Messmer wrote:

On 2022-12-25 07:44, Jelle de Jong wrote:
A recent update of the sssd-common-2.8.1-1.el8.x86_64 package is 
causing sssd.service systemctl failures all over my CentosOS machines.

...
[sssd] [confdb_expand_app_domains] (0x0010): No domains configured, 
fatal error! 



Were you previously using sssd?  Or is the problem merely that it is 
now reporting an error starting a service that you don't use?


Are there any files in /etc/sssd/conf.d, or does /etc/sssd/sssd.conf 
exist?  If so, what are the contents of those files?


What are the contents of /usr/lib/systemd/system/sssd.service?

If you run "journalctl -u sssd.service", are there any log entries 
older than the package update?


I got a monitoring system for failing services and I sudenly started 
getting dozens of notifications for all my CentOS systems that sssd was 
failing. This is after the sssd package updates, causing this 
regression. SSSD services where not really in use but some of the common 
libraries are used.


# systemctl status sssd
● sssd.service - System Security Services Daemon
    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; 
vendor preset: enabled)
    Active: failed (Result: exit-code) since Sat 2022-12-24 06:14:10 
UTC; 6 days ago

Condition: start condition failed at Fri 2022-12-30 11:02:01 UTC; 4s ago
    ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met
    └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met
  Main PID: 3953157 (code=exited, status=4)

Warning: Journal has been rotated since unit was started. Log output is 
incomplete or unavailable.




# ls -halZ /etc/sssd/sssd.conf
ls: cannot access '/etc/sssd/sssd.conf': No such file or directory


Looks like you need to figure out what happened to your 
/etc/sssd/sssd.conf file.  FWIW - I've updated my one CS8 machine to 
2.8.1-1 and it seems to be fine.



--
Orion Poplawski
he/him/his  - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Stream 8 sssd.service failing part of sssd-common-2.8.1-1.el8.x86_64 baseos package

2023-01-12 Thread Orion Poplawski


On 12/30/22 04:06, Jelle de Jong wrote:

On 12/27/22 22:55, Gordon Messmer wrote:

On 2022-12-25 07:44, Jelle de Jong wrote:
A recent update of the sssd-common-2.8.1-1.el8.x86_64 package is 
causing sssd.service systemctl failures all over my CentosOS machines.

...
[sssd] [confdb_expand_app_domains] (0x0010): No domains configured, 
fatal error! 



Were you previously using sssd?  Or is the problem merely that it is 
now reporting an error starting a service that you don't use?


Are there any files in /etc/sssd/conf.d, or does /etc/sssd/sssd.conf 
exist?  If so, what are the contents of those files?


What are the contents of /usr/lib/systemd/system/sssd.service?

If you run "journalctl -u sssd.service", are there any log entries 
older than the package update?


I got a monitoring system for failing services and I sudenly started 
getting dozens of notifications for all my CentOS systems that sssd was 
failing. This is after the sssd package updates, causing this 
regression. SSSD services where not really in use but some of the common 
libraries are used.


# systemctl status sssd
● sssd.service - System Security Services Daemon
    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; 
vendor preset: enabled)
    Active: failed (Result: exit-code) since Sat 2022-12-24 06:14:10 
UTC; 6 days ago

Condition: start condition failed at Fri 2022-12-30 11:02:01 UTC; 4s ago
    ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met
    └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met
  Main PID: 3953157 (code=exited, status=4)

Warning: Journal has been rotated since unit was started. Log output is 
incomplete or unavailable.

# ls -halt /etc/sssd/conf.d/
total 8.0K
drwx--x--x. 2 sssd sssd 4.0K Dec  8 13:08 .
drwx--. 4 sssd sssd 4.0K Dec  8 13:08 ..
# ls -halZ /etc/sssd/conf.d/
total 8.0K
drwx--x--x. 2 sssd sssd system_u:object_r:sssd_conf_t:s0 4.0K Dec  8 
13:08 .
drwx--. 4 sssd sssd system_u:object_r:sssd_conf_t:s0 4.0K Dec  8 
13:08 ..

# ls -halZ /etc/sssd/sssd.conf
ls: cannot access '/etc/sssd/sssd.conf': No such file or directory

# journalctl -u sssd.service --lines 10
-- Logs begin at Mon 2022-12-26 22:15:31 UTC, end at Fri 2022-12-30 
11:05:26 UTC. --

-- No entries --

Kind regards,

Jelle de Jong


I don't quite understand where this:
   Main PID: 3953157 (code=exited, status=4)

came from.  As it seems like sssd was started at some point and failed. 
But that shouldn't have happened because:


Condition: start condition failed at Fri 2022-12-30 11:02:01 UTC; 4s ago
├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met
└─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met

It's telling you that because /etc/sssd/sssd.conf does not exist and 
/etc/sssd/sssd.conf.d is not empty, the service was not started because 
the conditions were not met.  This is as expected in your case.


If you don't want it to even check, just disable the service:

systemctl disable sssd.service

I'm not sure which of these or both that your service monitoring is 
keying off of.  And perhaps by disabling it your monitoring system will 
be quiet about it.


--
Orion Poplawski
he/him/his  - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] thunderbird-102.7.1-1.el8 breaks OAuth authentication

2023-01-29 Thread Orion Poplawski

It seems that thunderbird-102.7.1-1.el8 (at least on CentOS Stream) 
broke OAuth authentication with outlook.office365.com.  Downgrading to 
102.4.0-1.el8 resolved the issue.


Error console reports:

XHR POST https://login.microsoftonline.com/common/oauth2/v2.0/token
[HTTP/1.1 400 Bad Request 293ms]

Is anyone else seeing this?

--
Orion Poplawski
he/him/his  - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] thunderbird-102.7.1-1.el8 breaks OAuth authentication

2023-01-30 Thread Orion Poplawski

On 1/30/23 02:26, ccsgac via CentOS wrote:
> On 29/01/2023 18:24, Orion Poplawski wrote:
>> It seems that thunderbird-102.7.1-1.el8 (at least on CentOS Stream) broke
>> OAuth authentication with outlook.office365.com.  Downgrading to
>> 102.4.0-1.el8 resolved the issue.
>>
>> Error console reports:
>>
>> XHR POST https://login.microsoftonline.com/common/oauth2/v2.0/token
>> [HTTP/1.1 400 Bad Request 293ms]
>>
>> Is anyone else seeing this?
>>
> 
> Yes, on EL9.  Downgrading to thunderbird-102.6.0-2.el9_1 fixes the issue.  It
> looks like the exchange/outlook server need reconfiguring
> https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/
> 

Thanks for the pointer!

-- 
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] thunderbird-102.7.1-1.el8 breaks OAuth authentication

2023-02-14 Thread Orion Poplawski


On 1/29/23 11:24, Orion Poplawski wrote:
It seems that thunderbird-102.7.1-1.el8 (at least on CentOS Stream) 
broke OAuth authentication with outlook.office365.com.  Downgrading to 
102.4.0-1.el8 resolved the issue.


Error console reports:

XHR POST https://login.microsoftonline.com/common/oauth2/v2.0/token
[HTTP/1.1 400 Bad Request 293ms]


This has been fixed in RHEL8 with 102.7.1-2, but this has not yet made 
it to CentOS Stream 8.  When can we expect to see that?


Thanks.

--
Orion Poplawski
he/him/his  - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] thunderbird-102.7.1-1.el8 breaks OAuth authentication

2023-02-15 Thread Orion Poplawski

On 2/14/23 08:49, Orion Poplawski wrote:
> On 1/29/23 11:24, Orion Poplawski wrote:
>> It seems that thunderbird-102.7.1-1.el8 (at least on CentOS Stream) broke
>> OAuth authentication with outlook.office365.com.  Downgrading to
>> 102.4.0-1.el8 resolved the issue.
>>
>> Error console reports:
>>
>> XHR POST https://login.microsoftonline.com/common/oauth2/v2.0/token
>> [HTTP/1.1 400 Bad Request 293ms]
> 
> This has been fixed in RHEL8 with 102.7.1-2, but this has not yet made it to
> CentOS Stream 8.  When can we expect to see that?

It also does not appear to have made it to CentOS 7 yet either.

-- 
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] thunderbird-102.7.1-1.el8 breaks OAuth authentication

2023-04-03 Thread Orion Poplawski

On 2/15/23 08:31, Josh Boyer wrote:
> On Wed, Feb 15, 2023 at 10:26 AM Orion Poplawski  wrote:
>>
>> On 2/14/23 08:49, Orion Poplawski wrote:
>>> On 1/29/23 11:24, Orion Poplawski wrote:
>>>> It seems that thunderbird-102.7.1-1.el8 (at least on CentOS Stream) broke
>>>> OAuth authentication with outlook.office365.com.  Downgrading to
>>>> 102.4.0-1.el8 resolved the issue.
>>>>
>>>> Error console reports:
>>>>
>>>> XHR POST https://login.microsoftonline.com/common/oauth2/v2.0/token
>>>> [HTTP/1.1 400 Bad Request 293ms]
>>>
>>> This has been fixed in RHEL8 with 102.7.1-2, but this has not yet made it to
>>> CentOS Stream 8.  When can we expect to see that?
>>
>> It also does not appear to have made it to CentOS 7 yet either.
> 
> The team is working on some other issues at the moment.  Your patience
> is appreciated.
> 
> josh

102.7.1-2 (or later - 102.9.0-1 is in EL8) still hasn't made it to CentOS
Stream 8.

I've also filed https://bugzilla.redhat.com/show_bug.cgi?id=2184197 in case
that helps raise awareness.


-- 
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C8 regression / tmp on tmpfs

2019-10-21 Thread Orion Poplawski


On 10/21/19 3:42 PM, Leon Fauster via CentOS wrote:

Does someone have a working tmp on tmpfs via

systemctl enable tmp.mount

under CentOS8/RHEL8? This seems to work straight in EL7 ...


# LANG=C systemctl enable tmp.mount
The unit files have no installation config (WantedBy, RequiredBy, Also, 
Alias

settings in the [Install] section, and DefaultInstance for template units).


Looks like a known issue:

https://bugzilla.redhat.com/show_bug.cgi?id=1667065

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C8 regression / tmp on tmpfs

2019-10-22 Thread Orion Poplawski


On 10/22/19 7:04 AM, Leon Fauster via CentOS wrote:

Am 22.10.19 um 04:52 schrieb Orion Poplawski:

On 10/21/19 3:42 PM, Leon Fauster via CentOS wrote:

Does someone have a working tmp on tmpfs via

systemctl enable tmp.mount

under CentOS8/RHEL8? This seems to work straight in EL7 ...


# LANG=C systemctl enable tmp.mount
The unit files have no installation config (WantedBy, RequiredBy, 
Also, Alias
settings in the [Install] section, and DefaultInstance for template 
units).


Looks like a known issue:

https://bugzilla.redhat.com/show_bug.cgi?id=1667065



It works in EL7 and F30. In EL8 it seems to be intentional :

$ rpm -q --changelog systemd |grep tmp.mount

- unit: don't add Requires for tmp.mount (#1619292)

$ grep -E 'tmpfs|tmp.mount' systemd.spec |grep -v devpts

Patch0004: 0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
Patch0059: 0059-unit-don-t-add-Requires-for-tmp.mount.patch
# No tmp-on-tmpfs by default in RHEL. bz#876122 bz#1578772
rm -f 
%{buildroot}%{_prefix}/lib/systemd/system/local-fs.target.wants/tmp.mount

- unit: don't add Requires for tmp.mount (#1619292)
- avoid /tmp being mounted as tmpfs without the user's will (#1578772)
- do not mount /tmp as tmpfs (#1578772)
- Enable /var/run and /var/lock on tmpfs


The "remove" stanza leads to the missing "WantedBy".

Unfortunately all bz# are private ... so why they remove this 
functionality? We then at least known what impact it has when

enabled.



I'm not quite sure why you don't appear to have read the bug I pointed 
to.  It has been fix in git (c8-beta branch) and will either be out with 
8.1 or with an errata earlier if it is judged to be worth it.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] can't login as subsequent FreeIPA users

2019-11-18 Thread Orion Poplawski


On 11/18/19 12:05 PM, Carson Chittom wrote:

When I set up a machine with CentOS 8, I used the "Enterprise Login" in
the initial setup wizard to authenticate against my FreeIPA server.
This worked fine, and I have no issues logging in with that initial user.

However, I am unable to use GDM or the console to login as any *other*
valid user from FreeIPA. From GDM I get something like "Sorry, that
didn't work" and "Permission denied" on the console.  I've verified that
the credentials are correct, and that I am able to manually get a ticket
via kinit for one of those other users from this machine.  With
CentOS 7, I didn't have to do any additional configuration in this
regard after the initial wizard.

Not sure whether this is a CentOS configuration issue or a FreeIPA one,
but I figured I'd start here.  I'm also not terribly familiar with
FreeIPA, so I could be missing something obvious; but this worked
without issue when the machine in question ran CentOS 7.

Can somebody point me in the right direction?


Check out the pam* errors in the journal and bump debugging in sssd.conf 
and check out /var/log/sss/sssd_pam.log and sssd_.log. 
Hopefully that will get you pointed in the right direction.  Did your 
initial user get added to /etc/passwd?



--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing Maven with OpenJDK 11, without pulling OpenJDK 1.8

2019-11-23 Thread Orion Poplawski


On 11/23/19 12:24 AM, Mathieu Baudier wrote:

Hello,

I am trying to create a container image which will build Java software with
Maven and Java 11 (rather focussing on CentOS 8 here).

When installing 'maven' with yum, 'java-1.8.0-openjdk-devel' is installed
as a dependency. If one then installs 'java-11-openjdk-devel', and use the
update-alternatives command for java and javac, everything works fine and
Maven uses Java 11 for the build.

But I would like to avoid shipping OpenJDK 1.8 with the image, since it
would uselessly double its size. An approach would be to install Maven
manually, but it feels better to use the provided package.

Looking at the spec file, I understand that the 'maven' package requires
'java-devel' without explicitly specifying a version.
Is there some way (configuration, yum option, alternative, etc.) to make
OpenJDK 11 satisfying this dependency?
Could the new modules / app stream approach of CentOS 8 help here?

This is of course a more general RPM / yum question, but I suspect that the
Java use case is a recurring one, as many of us are currently upgrading
from 1.8 to 11.

Thanks in advance for hints, or telling me that there is no way to achieve
this,


Well, java-11-openjdk-devel only provides 'java-11-devel', so it can't 
satisfy the 'java-devel' dependency.  It does seem like it would be 
possible to produce a maven module and/or stream that was built with 
Java 11 and requires it.  You could also create a shim rpm that required 
java-11-devel and provided java-devel.


I'll also note that maven.spec has:

# Theoretically Maven might be usable with just JRE, but typical Maven
# workflow requires full JDK, so we recommend it here.
%{?fedora:Recommends}%{!?fedora:Requires}: java-devel

Which wasn't updated for RHEL8 (which support weak dependencies).  I 
would suggest filing a bug against RHEL8 to get them to fix that.  Then 
you could simply disable installing "recommends" by default.



--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help with dracut install CentOS 8

2019-11-29 Thread Orion Poplawski


On 11/29/19 6:55 AM, Jerry Geis wrote:

I am trying to specify a static IP on the new dracut format. I was using
this:
http://man7.org/linux/man-pages/man7/dracut.cmdline.7.html

So my grub entry consists
menuentry "Install CentOS 8"  {
linux /boot/vmlinuz noverifyssl ks=https://something
  ip=192.168.1.3::192.168.1.1:255.255.255.0::eth0:on:192.168.1.1
  biosdevname=0 net.ifnames=0 ksdevice=eth0 inst.sshd sshd=1
initrd /boot/initrd.img
}


This seems OK to me. But rebooting to start the install for CentOS 8 it
just stops and says
"system halted". the lines above that have no errors.
.3 is the IP I want to use
.1 is the GW and the Nameserver in this case.


I'm guessing something with your kernel and/or initrd.img is incorrect. 
If it was just the interface not getting configured properly you should 
eventually get a bunch to dracut timeouts and then get dropped into the 
emergency shell where you could poke around, not "system halted".



--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Help with dracut install CentOS 8

2019-11-29 Thread Orion Poplawski


On 11/29/19 1:08 PM, Jerry Geis wrote:

I found this format:
|ip=|/||/:[/||/ 
]:/||/:/||/:/||/:/||/:/|{none|off}|/ 



What is "none" : off I assume means do not start the ethernet network. 
But what is none.     When I have it set to "on" my installation halts 
with "system halted" and I cannot see a visible error.  I have not tried 
none yet. Next week perhaps.

Jerry


"none" is the autoconfig method - so none = static.  Or it could be 
auto/dhcp I think.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS Net Install

2019-12-14 Thread Orion Poplawski


On 12/13/19 8:12 PM, Mark LaPierre wrote:

Hey all,

Is a Network Install ISO planed any time in the near future for CentOS 
8?  I don't see it in the mirrors, but that might be a function of my 
poor searching abilities.




Beware of https://bugs.centos.org/view.php?id=16456

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] log4j12 package in CentOS 8

2019-12-14 Thread Orion Poplawski


On 12/12/19 1:04 PM, Richard G wrote:

According to the RHEL docs, package log4j was replaced with package
log4j12 in RHEL 8.0. However, when I attempt to install the package in
CentOS 8, dnf cannot find it.  I have the Base, AppStream, Extras and
PowerTools repos enabled. What am I doing wrong?

Thanks!
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



Well, according to 
https://dnf.readthedocs.io/en/latest/command_ref.html#module-command-label 
you are supposed to be able to do:


# dnf module provides log4j12
Updating Subscription Management repositories.
Last metadata expiration check: 0:04:20 ago on Sat 14 Dec 2019 01:25:00 
PM EST.

log4j12-1.2.17-22.module+el8+2598+06babf2e.noarch
Module  : javapackages-tools:201801:820181217165704:dca7b4a4:x86_64
Repo: codeready-builder-for-rhel-8-x86_64-rpms
Summary : Tools and macros for Java packaging support

But on EL8.1 and earlier this only works if the module is already 
enabled, which isn't much help.


So for this package you need to do:

# dnf module enable javapackages-tools
# dnf install log4j12


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] pdftotext latest version for CentOS 7

2019-12-15 Thread Orion Poplawski


On 12/14/19 7:28 PM, H wrote:

I have pdftotext 0.26.5, the current version for CentOS 7 and the Mate desktop 
as far as I can ascertain. The page 
https://www.xpdfreader.com/pdftotext-man.html seems to suggest that the latest 
version is 4.02 which seems a gigantic leap ahead.

Since I have a Chinese text PDF which I am unable to extract any text from 
using pdftotext, instead I end up with a collection of garbage Latin 
characters, I am curious how to get a later version? Copying and pasting from 
Atril 1.16.1 (seems to be part of the Mate desktop I am running) also makes me 
end up with garbage... Not surprising since it also seems to use pdftotext 
0.26.5...

Any suggestions? Later version of pdftotext? If so, wherefrom? Another 
PDF-viewer?


pdftotext is distributed as part of the poppler package, which as you 
suggest is at 0.26.5.  However, the latest version of poppler is 0.83.0. 
 And the man page for pdftotext on EL7 suggests it is at version 3.03, 
which is not quite so dramatic a difference.


In any case, welcome to the joys of running an enterprise distribution. 
You'll find newer versions in EL8 or Fedora.  It's an integral core 
component of the system so generally not updated lightly.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] looking for rpms in CentOS 8

2019-12-28 Thread Orion Poplawski


On 12/27/19 11:51 AM, Patrick Rael wrote:

Hi,
I can't find 3 rpms (for now, maybe more later) in centos 8,
which are available for centos 7 and 6.

perl-Crypt-SSLeay


See https://bugzilla.redhat.com/show_bug.cgi?id=1744782  Apparently it's 
been superseded by perl-Net-SSLeay.



perl-Data-Validate-IP


I don't even see this in EL7 proper - 
https://pkgs.org/download/perl-Data-Validate-IP



ndisc6


It's been requested in EPEL: 
https://bugzilla.redhat.com/show_bug.cgi?id=1779134 but no response yet.





   Any ideas why these aren't in the repos yet?
I'm using these repos below and I've browsed repos searching for these.


All of the above was found by fairly straightforward google and bugzilla 
searches.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Using shared printers in CentOS 8

2020-01-09 Thread Orion Poplawski

On 1/6/20 2:44 PM, Robert Nichols wrote:
> How do I let a CentOS 8 client make use of the shared printers advertised by
> CUPS on the network? In CentOS 6, this was just a matter in a checkbox "Show
> printers shared by other systems" on the CUPS Admin page. Is this function
> still available somehow? Manually adding all the shared printers on every
> client would be painful.
> 

Look into running cups-browsed and setting:

BrowseRemoteProtocols dnssd cups

in /etc/cups/cups-browsed.conf.

-- 
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Problems with firewalld-0.7.0

2020-01-13 Thread Orion Poplawski

After upgrading one of our systems to CentOS 8 CR and
firewalld-0.7.0-5.el8.noarch it no longer accepts connections allowed in one
of the two active zones.  I've reported the issue here:

https://bugzilla.redhat.com/show_bug.cgi?id=1790681

but wondered if anyone else was seeing problems with multi-zone firewalld
configurations.

- Orion

-- 
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Centos 8: change desktop at display manager

2020-01-19 Thread Orion Poplawski


On 1/19/20 12:21 PM, Paul Johnson wrote:

In a new install of Centos 8, I installed the xfce4 packages from EPEL.
Here's what dnf says I have

[pauljohn32@localhost ~]$ dnf list *xfce4*
Last metadata expiration check: 0:25:19 ago
Installed Packages
libxfce4ui.x86_64
libxfce4ui-devel.x86_64
libxfce4util.x86_64
libxfce4util-devel.x86_64
xfce4-about.x86_64
xfce4-battery-plugin.x86_64
xfce4-panel.x86_64
xfce4-panel-devel.x86_64
xfce4-places-plugin.x86_64
xfce4-screenshooter.x86_64
xfce4-screenshooter-plugin.x86_64
xfce4-session.x86_64
xfce4-settings.x86_64
xfce4-systemload-plugin.x86_64
xfce4-terminal.x86_64

I log out and try to use XFCE4 at log in. I cannot find a way to choose
it.  I was guessing this would be like Centos 7.  On the display manager,
after I put in my user name, there is the little * by the password. When I
do that, I see choices with names like

Wayland
Classic
X11

but I don't see XFCE4 session or similar.

I am guessing I missed an XFCE4 package from EPEL?

pj




What appears in that list is controlled by .desktop files dropped into 
/usr/share/xsessions.  For XFCE this is:


/usr/share/xsessions/xfce.desktop

provided by xfce4-session - which you have.  So, I'm not sure what is 
up.  Perhaps need a reboot?  I presume this is with gdm?


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] C8 Question

2020-01-24 Thread Orion Poplawski

On 1/24/20 4:38 AM, Alessandro Baggi wrote:
> Hi list,
> 
> I installed on my workstation C8.1 (1911) and performed a minimal install and
> then installed XFCE from EPEL.
> 
> I noticed a strange behaviour (don't know if this is the wanted default). If I
> try ,from normal user shell, to run command like "reboot" or "shutdown -h now"
> system will reboot/shutdown. This happens on tty console, on xfce terminal and
> ssh session.
> 
> My user is not in wheel and during install I have not enabled checkbox to give
> that user administration permission. I tried to create a new user with adduser
> but got the same problem.
> 
> To solve this I modified polkit login1 policy on
> /usr/share/polkit-1/actions/org.freedesktop.login1.policy setting
> no for statement that concern reboot and
> shutdown/poweroff.
> 
> Why on CentOS a normal user can shutdown the system without root privileges? I
> think that on any server normal user should not be able to shutdown the system
> without privileges.
> 
> This is a bug or a wanted default?

So, as you figured out from the polkit setting - "active" user's (i.e. with a
"seat") have access to shut a machine down.  Now to figure out who has a seat
- and you use "loginctl" to see that.  For e.g. from my non-privileged user
logged into my CentOS 8.1 VM via ssh:

$ loginctl
SESSION   UID USER  SEAT TTY
  1 # user

it shows that I don't have a "seat" and so:

$ shutdown -h now
Failed to set wall message, ignoring: Connection timed out
Failed to power off system via logind: Interactive authentication required.
Failed to open initctl fifo: Permission denied
Failed to talk to init daemon.

as expected.  Perhaps you can start tracking down with loginctl who has a seat
and why.

-- 
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Installing KDE on C8?

2020-01-25 Thread Orion Poplawski


On 1/25/20 9:53 AM, Jeffrey Layton wrote:

Good morning,

I'm try to install KDE on C8. I can see the grouplist for KDE:





Any suggestions? I don't see an xmessage package or group any where.


I think you need to enable epel-testing, that enabled it to work for me.

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 : SELinux trouble with Fail2ban

2020-02-26 Thread Orion Poplawski


On 2/26/20 12:15 PM, Stephen John Smoogen wrote:

On Wed, 26 Feb 2020 at 14:06, Jonathan Billings  wrote:


On Feb 26, 2020, at 08:52, Nicolas Kovacs  wrote:



Le 26/02/2020 à 11:51, Nicolas Kovacs a écrit :
SELinux is preventing /usr/bin/python2.7 from read access on the file

disable.

*  Plugin catchall (100. confidence) suggests   *
If you believe that python2.7 should be allowed read access on the

disable file by default.

Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver
# semodule -i my-f2bserver.pp
Weirdly enough, when I follow this suggestion and then empty audit.log

and restart my server, I still get the exact same error again.


I reinstalled this server from scratch and took some notes. This time I

was successful, though I don't know exactly what I did differently this
time.


Usually I work as non-root user and call sudo whenever I need root

permissions.


But is this OK when enabling SELinux modules? Let's consider the example

given above:


# ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver
# semodule -i my-f2bserver.pp

Can I also perform it like this?

$ sudo ausearch -c 'f2b/server' --raw | sudo audit2allow -M my-f2bserver
$ sudo semodule -i my-f2bserver.pp

I'm not sure with SELinux.


https://bugzilla.redhat.com/show_bug.cgi?id=1777562
  This bug was posted earlier. Sadly, it was closed WONTFIX, but the policy
you need is:

allow fail2ban_t sysfs_t:file { getattr open read };
allow fail2ban_t sysctl_net_t:dir { search };
allow fail2ban_t sysctl_net_t:file { getattr open read };
Honestly, if this really affects all users of fail2ban, I’ll probably push
back on the ticket to get it updated. I’ve successfully had the policy
updated to handle issues with popular non-RHEL/CentOS packages.



So I am thinking that packages are probably going to start having to carry
around their own policies to fix things like this. Nagios had to start
doing this a couple of years ago and it might be occurring on all branches.


This is certainly the plan for fail2ban - but the bundled SELinux 
packaging guidelines currently make use of conditional dependencies so 
that's not going to fly for EL7.  And unfortunately since RHEL7 is in 
maintenance the selinux-policy package isn't going to be updated either.



--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] mingw compiler for x84_64 CentOS 7

2020-02-27 Thread Orion Poplawski


On 2/27/20 1:47 AM, wwp wrote:

Hello there,

it seems that EPEL only provides mingw cross-compiler packages for
aarch64. Aren't there x64_64 ones for CentOS 7, as there were for
CentOS 6?


Not quite sure why you are asking questions about EPEL on the CentOS 
list, but here is your answer:


https://lists.fedoraproject.org/archives/list/epel-de...@lists.fedoraproject.org/message/ABVQCDXIZXVWK2AGXQS3P5HPEW6XMVLS/

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7 : SELinux trouble with Fail2ban

2020-02-28 Thread Orion Poplawski


On 2/26/20 9:52 AM, Nicolas Kovacs wrote:

Le 26/02/2020 à 11:51, Nicolas Kovacs a écrit :
SELinux is preventing /usr/bin/python2.7 from read access on the file 
disable.


*  Plugin catchall (100. confidence) suggests   *

If you believe that python2.7 should be allowed read access on the 
disable file by default.

Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver
# semodule -i my-f2bserver.pp

Weirdly enough, when I follow this suggestion and then empty audit.log 
and restart my server, I still get the exact same error again.


I reinstalled this server from scratch and took some notes. This time I 
was successful, though I don't know exactly what I did differently this 
time.


Usually I work as non-root user and call sudo whenever I need root 
permissions.


But is this OK when enabling SELinux modules? Let's consider the example 
given above:


# ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver
# semodule -i my-f2bserver.pp

Can I also perform it like this?

$ sudo ausearch -c 'f2b/server' --raw | sudo audit2allow -M my-f2bserver
$ sudo semodule -i my-f2bserver.pp


This should work.  Likely the reason that it didn't resolve in one go is 
that there were multiple denials - but the first time it just failed on 
the first one.  Someone else mentioned running in non-enforcing mode to 
allow the audit log to collect all of the denials and then generating 
the module - this is a good practice.



--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] EPEL Package update?

2020-03-15 Thread Orion Poplawski


On 3/15/20 1:51 PM, Chris Boyd wrote:

We run RANCID at the day job to back up switch and router configs.
Version 3.11 adds some support for devices we need.  The current EPEL
version is 3.9.  I filed a request at Fedora to get it updated, which
they have completed (version 3.11), but it still hasn't made it into the EPEL 
for
CentOS.

What's the right place/process to get the update into EPEL for CentOS?
All pointers appreciated.


The "Fedora EPEL" product in bugzilla.redhat.com.


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Running amanda on CentOS 7: "amanda-udp.service failed."

2020-03-17 Thread Orion Poplawski


On 3/17/20 7:03 AM, Robert Heller wrote:

I am trying to get amanda backup going on a CentOS 7 system and things are not
working:

sharky4.deepsoft.com% sudo systemctl start amanda-udp
[sudo] password for heller:
Job for amanda-udp.service failed because a configured resource limit was exceeded. See 
"systemctl status amanda-udp.service" and "journalctl -xe" for details.
sharky4.deepsoft.com% sudo systemctl status -l amanda-udp
Ã¢Â—Â� amanda-udp.service - Amanda Backup System
Loaded: loaded (/usr/lib/systemd/system/amanda-udp.service; static; vendor 
preset: disabled)
Active: failed (Result: resources)



You don't start the service directly.   Start and enable the socket and 
then it will start the service when a connection is made.


systemctl enable amanda-udp.socket
systemctl start amanda-udp.socket


--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] fail2ban firewalld problems with current CentOS 7

2020-04-12 Thread Orion Poplawski


On 4/9/20 6:31 AM, Andreas Haumer wrote:
...

I'm neither a fail2ban nor a SELinux expert, but it seems the
standard fail2ban SELinux policy as provided by CentOS 7 is not
sufficient anymore and the recent updates did not correctly
update the required SELinux policies.

I could report this as bug, but where does such a bugreport belong to
in the first place?

- andreas




See https://bugzilla.redhat.com/show_bug.cgi?id=1777562
We're a bit stalled at the moment I'm afradi

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] rpm command option

2020-05-05 Thread Orion Poplawski


On 5/5/20 6:00 PM, Chris Olson via CentOS wrote:

We located an application recommended by one of customers
for sharing certain data.  It was available for installation
using a few different methods.  Using yum was also recommended
for the installation.  The install instructions began with
what appeared to be a fairly typical command as indicated
below (with the URL slightly altered).

sudo rpm --import https://rpm.x.com/rpmrepo.key

To our junior employee assigned to perform the install
on a test system, it seemed like a good idea to do some
checking on the rpm option --import indicated in those
instructions.  They did not find the --import in any of
the 14 pages of the CentOS 7 man page for rpm.

Some Google searches indicated that the --import option
does exist.  The repo setup and application installation
all went well and took only about three minutes. The app
is also working as intended.

Is there some good reason for --import being left out of
the manual page?


That's a really interesting question, but probably better directed at 
rpm directly:


http://lists.rpm.org/mailman/listinfo/rpm-list
or
https://github.com/rpm-software-management/rpm/issues

--
Orion Poplawski
Manager of NWRA Technical Systems  720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane   or...@nwra.com
Boulder, CO 80301 https://www.nwra.com/

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

58 matches

Mail list logo