Discuss May 2015

discuss@lists.centos.org

140 participants
129 discussions

Re: [CentOS] [CentOS-announce] CESA-2015:0988 Critical CentOS 7 firefox Security Update --this breaks language settings
by johan.vermeulen7＠telenet.be 16 May '15

16 May '15

----- Oorspronkelijk bericht ----- Van: "Johnny Hughes" <johnny(a)centos.org> Aan: centos-announce(a)centos.org Verzonden: Woensdag 13 mei 2015 03:01:32 Onderwerp: [CentOS-announce] CESA-2015:0988 Critical CentOS 7 firefox Security Update CentOS Errata and Security Advisory 2015:0988 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0988.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 0515534be7270e32c574f9d869fa86afacb9285285c394d7b5a3d0a50c7a8838 firefox-38.0-3.el7.centos.i686.rpm 3b0c44ed663e3270058f9dc19f088b34380cc854a3632dd41db4ec2ba2551c67 firefox-38.0-3.el7.centos.x86_64.rpm Source: 4d106e031fffbf2c7c19f8f9fbc8f9253d5dc8aa5c8d0e97facb8f22db84e27b firefox-38.0-3.el7.centos.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos(a)irc.freenode.net _______________________________________________ CentOS-announce mailing list CentOS-announce(a)centos.org http://lists.centos.org/mailman/listinfo/centos-announce Hello All, I am very happy with this update, but it breaks language settings. My machines are installed in Dutch, so I had Bestand Bewerken Beeld in the Menu Bar. After the update We have File Edit View so the entire Preferences menu is in English as well. Is there an easy way to get this back? greetings, Johan

5 9

Re: [CentOS] Strange network failure on C6
by James B. Byrne 16 May '15

16 May '15

On Thu, May 14, 2015 16:09, Fred Smith wrote: > Hi all! > > I'm running C6 (up to date) on x86-64. have been running on the same > system for over a year. > > a couple of times lately access to the outside network has suddenly > stopped working for reasons that I didn't figure out until it happened > again yesterday. > > I had the time to fool with it, yesterday, so after quite a bit of > head-banging I found that it had no default route set up (to make this > story less long...). > On CentOs-6 you can set the default route using GATEWAY=aaa.bbb.ccc.ddd either in /etc/sysconfig/network or /etc/sysconfig/network-scripts/ifcfg-X where X is the network interface that you wish to use for default routing, usually eth0. Setting the GATEWAY value in the ifcfg-X file puts it in a place that you are likely to see far more often than /etc/sysconfig/network so the ifcfg-X file is where I usually place it. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

2 1

Condor cluster setup advice (pointers) needed
by Valeri Galtsev 15 May '15

15 May '15

Dear Experts, Could someone recommend some "quick and dirty" HOWTO on condor based cluster? A did a bunch of cluster setups, I always used PBS (or torque lately). But my professor wants his to be Condor. I started reading Condor documentation, and it is vast. And quick route, like: architecture chart, and parameters I need to configure on master/submit, and compute nodes - somehow manages to escape me. I'm at a real loss now. All works well on a single machine (for quite some time already), but I am clueless about how to add compute nodes. And my web search abilities seem to have left me just on this one: all I'm able to find (together with a heap of how to submit jobs to existing thing) are a couple of "./install" based setups - whereas mine is rpm based - from their yum repository (for which they say: DO NOT USE condor_configure script, but go ahead and edit config files ... - as opposed to "./install") Any pointers anybody? Thanks a lot in advance! Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++

2 1

ldap host attribute is ignored
by Ulrich Hiller 15 May '15

15 May '15

Dear list members, i have installed a CentOS 7 x86_64 system. I want to let users authenticate over our ldap server. This seems to be working. ldap-username and ldap-passwords are accepted for the users configured in the ldap server. No problem. Now i want to restrict the access to users who have my centos-machine in their ldap host attribute. My problem is, that this host attribute seems to be ignored. Any ldap user, independent from the host attribute, still can login in. What could be the reason? (googling around did not lead me to a solution). The cache is already flushed. Here is my configuration: /etc/openldap/ldap.conf contains the line: ------------------------------------------ pam_check_host_attr yes /etc/sssd/sssd.conf: -------------------- [sssd] config_file_version = 2 services = nss, pam, autofs domains = default # SSSD will not start if you do not configure any domains. # Add new domain configurations as [domain/<NAME>] sections, and # then add the list of domains (in the order you want them to be # queried) to the "domains" attribute below and uncomment it. # domains = LDAP [nss] filter_groups = root filter_users = root [pam] [domain/default] ldap_uri = ldap://myldapserver.mydomain ldap_search_base = o=XXXX ldap_schema = rfc2307bis id_provider = ldap ldap_user_uuid = entryuuid ldap_group_uuid = entryuuid ldap_id_use_start_tls = True enumerate = False cache_credentials = False ldap_tls_cacertdir = /etc/openldap/cacerts/ chpass_provider = ldap auth_provider = ldap ldap_tls_reqcert = never ldap_user_search_base = ou=YYYY,o=XXXX ldap_group_search_base = ou=YYYY,o=XXXX access_provider = ldap ldap_access_filter = memberOf=ou=YYYY,o=XXXX ldap_access_order = host /etc/pam.d/system-auth: ----------------------- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 200 quiet_success #auth sufficient pam_sss.so use_first_pass auth required pam_sss.so use_first_pass auth required pam_deny.so auth sufficient pam_unix.so try_first_pass account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 2000 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so in /etc/nscd.conf: ------------------ enable-cache passwd no enable-cache group no enable-cache hosts no enable-cache services no enable-cache netgroup no /etc/nsswitch.conf: ................... passwd: files sss ldap shadow: files sss ldap group: files sss ldap #initgroups: files #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc: nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files sss netgroup: files sss ldap publickey: nisplus automount: files sss ldap aliases: files nisplus The ldap attributes of the user who can login, but should not: -------------------------------------------------------------- dn: uid=USER1,ou=XXXX,o=YYYY accountStatus: active objectClass: posixAccount objectClass: top objectClass: inetOrgPerson objectClass: shadowAccount objectClass: ibm-auxAccount objectClass: qmailUser objectClass: sambaSamAccount uid: USER1 uidNumber: **** shadowFlag: 0 shadowInactive: -1 gidNumber: *** shadowMin: -1 shadowMax: 999999 homeDirectory: /home/USER1 sn: USER1 mail: USER1 at my.doma.in mailHost: lmtp:unix:/var/lib/imap/socket/lmtp shadowWarning: 7 sambaSID: ***************************************** shadowExpire: -1 mailAlternateAddress: USER1a cn: surname lastname gecos: surname lastname loginShell: /bin/bash host: another-node What information is still missing? Any hint is welcome. Thank you in advance, ulrich

7 36

Re: [CentOS] [CentOS-announce] CentOS-7 disk images for AArch64 Platforms
by Always Learning 15 May '15

15 May '15

On Thu, 2015-05-14 at 14:25 -0500, Jim Perrin wrote: > We've produced a disk image intended to help hardware vendors and > enthusiasts who are interested in bringing CentOS to their AArch64 based > platform. This allows a vendor to bypass the installer or to edit the > disk image before booting in order to test kernel modules or options. It > is intended for development purposes only, and will only continue > through the alpha and beta test phases. Does this mean it may be possible to run basic version of C5, C6 and C7 on Arm64* CPU systems ? Presumably this will include the Raspberry Pi ? * Acorn Research machines; manufacturers of the BBC Models A, B, B+, Master 128 etc - those were the days. -- Regards, Paul. England, EU. Je suis Charlie.

5 8

CentOS-announce Digest, Vol 123, Issue 5
by centos-announce-request＠centos.org 15 May '15

15 May '15

Send CentOS-announce mailing list submissions to centos-announce(a)centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request(a)centos.org You can reach the person managing the list at centos-announce-owner(a)centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CentOS-7 disk images for AArch64 Platforms (Jim Perrin) ---------------------------------------------------------------------- Message: 1 Date: Thu, 14 May 2015 14:25:01 -0500 From: Jim Perrin <jperrin(a)centos.org> To: centos-announce(a)centos.org Subject: [CentOS-announce] CentOS-7 disk images for AArch64 Platforms Message-ID: <5554F68D.6010105(a)centos.org> Content-Type: text/plain; charset=utf-8 We've produced a disk image intended to help hardware vendors and enthusiasts who are interested in bringing CentOS to their AArch64 based platform. This allows a vendor to bypass the installer or to edit the disk image before booting in order to test kernel modules or options. It is intended for development purposes only, and will only continue through the alpha and beta test phases. ## Download http://buildlogs.centos.org/centos/7/isos/aarch64/ ## Considerations * This image is 12GB when uncompressed. Please ensure you have enough free space * The default root password is 'centos'. Please see the readme in the above directory for the kickstart used to create the image. * You will need to add the appropriate boot information in a UEFI entry after using this image, since the installer traditionally handles this. ## Burning the image to disk You may simply dd this image to disk, however for the sake of ensuring that it is written correctly, we recommend the following command. Please replace the image-name and target device with the appropriate values for your environment. ``` dd if=<image-name.img> of=/dev/sdX bs=2m conv=fsync && sync; ``` ## Growing the disk image. The root partition of this image was intentionally placed at the end of the image so that it could be easily grown. A simple command for growing the image is listed below ``` sudo sgdisk -e -d4 -n4:0:0 /dev/<your-device> ``` ## Examining and editing the image The kpartx tool is very handy for manipulating disk images. Some example commands are below. Please read the documentation for kpartx before you modify the disk image. * kpartx -l CentOS-7-1503-aarch64.img # List partitions in the image * kpartx -a -v CentOS-7-1503-aarch64.img # Add partition mappings * mount /dev/mapper/loop1p1 /mnt # mount the first partition to /mnt * umount /mnt # unmount /mnt, obviously. * kpartx -d -v CentOS-7-1503-aarch64.img # remove partition mappings -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce(a)centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 123, Issue 5 ***********************************************

1 0

Strange network failure on C6
by Fred Smith 15 May '15

15 May '15

Hi all! I'm running C6 (up to date) on x86-64. have been running on the same system for over a year. a couple of times lately access to the outside network has suddenly stopped working for reasons that I didn't figure out until it happened again yesterday. I had the time to fool with it, yesterday, so after quite a bit of head-banging I found that it had no default route set up (to make this story less long...). An appropriate route command "fixed" it and all was well, but... I had rebooted several times, among other drastic actions, such as rebooting the router and cable modem, and none of those things helped. so whatever it was that lost the default route was persistent across boots, while the manual route command to re-add it was NOT persistent across boots. At some point in fooling with it, I did something--and right now I have no idea what it was--that suddenly caused routes to persist across boots. I know I did not change any of /etc/sysconfig/network*, but I did look at them and saw that ifcfg-eth0 DID contain a line for default route, even though the route command did not reflect it. So, if anyone has any good guesses on what the heck happened here, I'd like to hear them. thanks in advance! -- ---- Fred Smith -- fredex(a)fcshome.stoneham.ma.us ----------------------------- But God demonstrates his own love for us in this: While we were still sinners, Christ died for us. ------------------------------- Romans 5:8 (niv) ------------------------------

2 1

OT: Avoiding redirection loops with iptables tproxy
by C.L. Martinez 15 May '15

15 May '15

Hi all, I have a hard trouble with my iptables rules. I need to create a netfilter config so that it does not redirect connections from a daemon (like for example a squid proxy) to the original destinations. Searching info about that, some ways to do that include to limit the redirection rules to the incoming traffic interface, another to limit it to a certain range of source IPs or to explicitly exclude connections originating on localhost (CentOS 6 x86_64 fully patched). Any help or sample please??

1 0

C7 and fstab
by Alessandro Baggi 15 May '15

15 May '15

Hi List, I've installed C7.1 and today configuring fstab for another disk I get this: UUID=d5ff30df-9e1d-4fc8-99b6-845ffa6509db / xfs defaults 0 0 UUID=052f75bc-0513-45e0-a01f-06c9a698469f /mnt/data xfs defaults 0 0 UUID=732dafbd-2f14-4dd6-8513-1504b13302f1 swap swap defaults 0 0 Fields fs_freq and fs_passno are all set to 0. This fstab was generated by the installer and not yet modified. To reproduce this, I've installed a minimal centos on a VM and the same problem persists. I don't know if this is a bug or if there is a new system that does not require the last two field on C7 REL 1503. Someone has the same problem? THanks in advance.

3 4

Back to eth shuffling ...
by Ashley M. Kirchner 15 May '15

15 May '15

So I'm back to this problem. A quick run down of what the original problem was: I have a machine that I'm configuring to use kickstart to setup. It has two builtin ethernet ports (labeled ports 1 and 2) and I'm adding a third one on its PCIe bus. Originally I was using an r8169 clone a default kickstart always put it as eth0 with the builtin ones as eth1 and eth2 respectively. After some fiddling with blacklisting the driver during the kickstart process, I was able to get the machine to boot up with the r8169 as eth3 (!!!) while the other two were correctly identified as eth0 and eth1 (this is what I want except the PCIe card should've been eth2 but it never came up that way) However I ran into other issues with the r8169 driver and ultimately replaced it for an IntelPRO, which happens to use the same e1000e module as the builtin ones. Great. Except ... Now when I kickstart the machine, I get this: builtin port1 -> eth0 PCIe card -> eth1 builtin port2 -> eth2 What I want is: builtin port1 -> eth0 builtin port2 -> eth1 PCIe card -> eth2 I should also point out here that when PXE kicks in on this machine, the machine correctly enumerates the ethernet devices as port1, port2 and then the PCIe card. So somewhere in the kickstart process things change. So I'm back to trying to figure out how to achieve this.

2 8

← Newer
1
...
4
5
6
7
8
9
10
...
13
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss May 2015