Discuss October 2018

discuss@lists.centos.org

114 participants
70 discussions

This weekend, Ohio LinuxFest
by Rich Bowen 08 Oct '18

08 Oct '18

This weekend, CentOS is sponsoring Ohio LinuxFest in Columbus. Please do stop by the booth for your CentOS bumper sticker and fridge magnets. If you have time and expertise, and would like to do a shift or two at the table, please indicate your availability here: https://docs.google.com/spreadsheets/d/1TqTqaLoswMYzyfvQCnzjkVazlQkP87CCKBS… See you in Columbus! --Rich -- Rich Bowen - rbowen(a)redhat.com @CentOSProject // @rbowen 859 351 9166

1 0

Are these instructions meant to be executed on CentOS 1804?
by Turritopsis Dohrnii Teo En Ming 08 Oct '18

08 Oct '18

Good afternoon from Singapore, I came across this Linux Journal article titled "DIY: Build a Custom Minimal Linux Distribution from Source", written by Petros Koutoupis. Link: <https://www.linuxjournal.com/content/diy-build-custom-minimal-linux-distrib…> https://www.linuxjournal.com/content/diy-build-custom-minimal-linux-distrib… Are the instructions in this article meant to be executed with ease on CentOS 1804 or perhaps easier on other Linux distros? Please advise. Thank you. ===BEGIN SIGNATURE=== Blogs: Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017 [1] https://tdtemcerts.wordpress.com/ <https://tdtemcerts.wordpress.com/>[2] http://tdtemcerts.blogspot.sg/ <http://tdtemcerts.blogspot.sg/>[3] https://www.scribd.com/user/270125049/Teo-En-Ming <https://www.scribd.com/user/270125049/Teo-En-Ming>===END SIGNATURE===

2 1

Upcoming changes to downloading AltArch .iso images
by Anssi Johansson 08 Oct '18

08 Oct '18

Hi, this notice is for those who employ some sort of an automation to download AltArch (ie. aarch64, armhfp, i386, power9, ppc64, ppc64le) CentOS 7 .iso/.raw.xz images from mirror.centos.org. Those using a regular browser to download these images are not particularly affected, and you can continue to the next message. Previously, only main architecture .iso image downloads from mirror.centos.org were redirected to isoredirect.centos.org, which then displayed the user a list of nearby external mirrors. We will shortly extend this configuration to cover AltArch image downloads as well, ie. direct AltArch image downloads from mirror.centos.org will no longer be possible. mirror.centos.org will still serve .rpm downloads for all architectures as before. There are two reasons for the change. First, to save bandwidth from mirror.centos.org nodes directly managed by the CentOS Project. Most of these mirror.centos.org hosts are also used for seeding the 600+ external mirrors we have. By directing some of that .iso download traffic to external mirrors we can offer faster sync speeds for those external mirrors, and for people downloading individual rpms from mirror.centos.org. Second, most of those external mirrors offer faster download speeds to end users than what could be achieved by downloading from mirror.centos.org, so the users will benefit from this change as well. The above change will be implemented some time between the releases of RHEL 7.6 and CentOS 7.6.18xx, so that external mirrors syncing CentOS 7.6.18xx content would not need to fight for bandwidth between AltArch .iso downloaders. The other change, which has already been implemented, is related to how isoredirect.centos.org behaves when accessed with curl or wget. If you now do a "wget http://isoredirect.centos.org/altarch/7/isos/i386/CentOS-7-i386-Everything-…", isoredirect will notice that you are trying to download the file and will redirect the request to the nearest external mirror. If you access the same URL with a regular browser, you will see a list of nearby mirrors from which you can pick your favourite mirror. wget will follow redirects by default, but curl needs a --location switch to follow redirects. If a filename is not specified, you will get a list of mirrors regardless of the browser used. So, combining the effects of the above two changes: If you currently use some sort of a script that downloads AltArch .iso images from mirror.centos.org, those requests will soon be served by external mirrors instead of mirror.centos.org. In the case of wget you will only see one additional request and you probably don't need to change anything, but if you use curl, you must add the --location switch to curl to follow the redirect issued by isoredirect.centos.org. If you want to eliminate one redirect, you can change mirror.centos.org to isoredirect.centos.org in your script. The rest of the URL is the same, ie. /altarch/<release>/isos/<arch>/<filename.iso or .raw.xz> As an aside, even though mirror.centos.org nodes are managed by the CentOS Project, those servers and their hosting are donations from various organizations. If you think your organization could donate an additional server to share the load and to give us better geographical coverage, please see https://wiki.centos.org/Donate If you have questions regarding this change, please let me know. Thanks!

1 0

Need help with Linux networking interfaces and NIC bonding
by Sean Son 08 Oct '18

08 Oct '18

Hello everyone I am running into some strange issues when configuring networking interfaces on my physical server running Centos 7.5. Let me give you an overview of what's going on: We have a physical server, running CentOS 7.5. This server has one 4 port NIC and one 2 port NIC and a Dell IDRAC port. The first port of the 4 port NIC, em1, is used for Management traffic. The first port of the 2 port NIC, is used for the second port in the NIC bond, device p6p2. The second port on the 4 port NIC, device em2 is the first, port on the NIC bond. These interfaces are using Static IPs. Here is my /etc/sysconfig/network-scripts/ifcfg-em1 file. Please keep in mind that I have changed the IPs and MAC addresses in the files for security reasons: ifcfg-em1: TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="em1" UUID="bbb2f9c2-141b-4a99-ab1e-328551aae612" DEVICE="em1" ONBOOT="yes" IPADDR="192.168.56.50" PREFIX="24" GATEWAY="192.168.56.1" DNS1="192.168.126.10" DNS2="192.168.220.10" IPV6_PRIVACY="no" NM_CONTROLLED=no as for the ifcfg-bond0 (the configuration file for the NIC bond, which is bond0): DEVICE=bond0 NAME=bond0 TYPE=Bond ONBOOT=yes BOOTPROTO=none IPADDR=192.168.56.70 PREFIX=24 BONDING_MASTER=yes BONDING_OPT="mode=1 miimon=100" TYPE=Ethernet and the ifcfg-slave1 configuration file, which is the first slave port for the NIC bond, this corresponds to em2: DEVICE=em2 HWADDR="c8:2f:87:fg:2a:31" ONBOOT=yes TYPE=Ethernet BOOTPROTO=none MASTER=bond0 SLAVE=yes and the ifcfg-slave2 configuration file , which corresponds to the second slave port for the NIC bond, which is interface p6p2: DEVICE=p6p2 HWADDR="00:6a:d7:7c:e8:09" BOOTPROTO=none ONBOOT=yes TYPE=Ethernet MASTER=bond0 SLAVE=yes I created a custom routing policy for the NIC bond, bond0. Here is the configuration for the routing policy: route-bond0: 192.168.56.0/24 dev bond0 src 192.168.56.70 table t1 default via 192.168.56.1 dev bond0 table t1 and the rule-bond0 file: table t1 from 192.168.56.70 as for the routing table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.56.1 0.0.0.0 UG 0 0 0 bond0 192.168.56.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0 192.168.56.0 0.0.0.0 255.255.255.0 U 0 0 0 em1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 em1 169.254.0.0 0.0.0.0 255.255.0.0 U 1008 0 0 bond0 now here is the scenario I am dealing with: This linux server is used for monitoring purposes. We have Nagios, Cacti and other tools installed on it. There are a few things I have noticed and I want help on: 1) Whenever I ping any of the devices on our network, from this server, the traffic goes out from the management port. I do not want the traffic to go out of the management port. I want it to go out through the active port of the NIC bond. How do I configure the networking so that all primary network traffic flows to and from the NIC bonded interfaces? I only want the management port to be used for SSH purposes and well, management of the server. 2) I have configured the NIC bond in active-backup mode. I notice that when I used another computer to do a continuous ping to the NIC bond, and then I disable one of the slave interfaces of the bond, the ping drops and it does not failover to the backup slave interface and turn into the active one. It also causes any pings to the management port to drop as well. Then when I disable slave2, and enable slave1, the traffic does not fail over to slave1 and the ping continuously fails. It is only when I enable both slave interfaces and then either restart the networking using systemctl restart network, or reboot the server, the networking resumes and the pings succeed again. What steps should I take to fix this issue? Should I even use active-backup mode with the NIC bond or is there a better mode I should use? 3) Ive tested the networking, by changing the VLAN of the NIC bonded ports, on the switch, to a different VLAN, and it caused the management port to stop responding to ping. Why is this and how do I fix that if I decide to one day use two different VLANs for Management and the NIC bond ports? Thank you for all of your help in advance! Sean

4 3

email Server for CentOS 7
by Bee.Lists 08 Oct '18

08 Oct '18

Hi folks. I’m looking for an email server. I have a C7 box already with nginx, PostgreSQL, Sinatra and Ruby. So I don’t want to install PHP, Apache, MySQL, etc. Are there any ways/tutorials to set up a mail server under those restrictions? It would serve multiple domains. Cheers, Bee

11 14

"WARNING: fdisk GPT support is currently new"
by Nicolas Kovacs 07 Oct '18

07 Oct '18

Hi, I'm currently teaching Linux system administration to a class at the local "chambre de commerce". The course is based mainly on a minimal CentOS 7 installation. Usually my preferred tool for handling manual GPT partitioning is gdisk, which is not installed on a minimal install. I just gave the good old fdisk a spin, which enables GPT partition table creation with the 'g' shortcut. Here's what I get when listing a GPT-partitioned drive with fdisk: # fdisk -l /dev/sdb WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion. Disk /dev/sdb: 21.5 GB, 21474836480 bytes, 41943040 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes ... Now my first reaction would be to install gdisk (yum install gdisk) and use this to handle GTP partitioning. But I'm curious. How "experimental" (e. g. prone to blow up in my face) is fdisk really? So far, I've only used it for MBR-style partitioning. Cheers from the sunny South of France, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info(a)microlinux.fr Tél. : 04 66 63 10 32

3 4

CentOS 7.5, Apache 2.4, Kerberos
by rebecca coleman 07 Oct '18

07 Oct '18

Hi List, My goal in sending this email is to get some direction on where to start looking to solve my problem. Thank you all in advance for reading through this and providing any guidance! I'm working on moving to new servers, upgrading from CentOS 6.7 to CentOS 7.5. In this move, we are also upgrading from Apache/2.2.15 to Apache/ 2.4.33. Our servers are all sitting behind a load balancer end point. ====System specifics==== CentOS Linux release 7.5.1804 (Core) Server version: Apache/2.4.33 (Unix) Server built: Jul 3 2018 11:33:42 On all of our CentOS 6.7 machines, kerberos works. On all of our 7.5 machines, it fails. I am looking, at this point, for direction on where to start looking. Here is some relevant information: ====Output from apache error log==== [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all granted: granted [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: granted [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all granted: granted [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: granted [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied (no authenticated user yet) [auth_kerb:debug] src/mod_auth_kerb.c(1643): kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [headers:debug] mod_headers.c(900): AH01503: headers: ap_headers_error_filter() [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: denied (no authenticated user yet) [auth_kerb:debug] src/mod_auth_kerb.c(1643): kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [auth_kerb:debug] src/mod_auth_kerb.c(1400): Verifying client data using KRB5 GSS-API [auth_kerb:debug] src/mod_auth_kerb.c(1416): Client didn't delegate us their credential [auth_kerb:debug] src/mod_auth_kerb.c(1444): Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. [auth_kerb:debug] src/mod_auth_kerb.c(1116): GSS-API major_status:00010000, minor_status:00000000 [auth_kerb:error] gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error) [headers:debug] mod_headers.c(900): AH01503: headers: ap_headers_error_filter() [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all granted: granted, referer: https://six.***********.com/sso [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: granted, referer: https://six.***********.com/sso [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all granted: granted, referer: https://six.***********.com/sso [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: granted, referer: https://six.***********.com/sso [headers:debug] mod_headers.c(900): AH01503: headers: ap_headers_error_filter() [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all granted: granted, referer: https://six.***********.com/sso [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: granted, referer: https://six.***********.com/sso [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of Require all granted: granted, referer: https://six.***********.com/sso [authz_core:debug] mod_authz_core.c(809): AH01626: authorization result of <RequireAny>: granted, referer: https://six.***********.com/sso ====apache vhost files==== ==site specific== <VirtualHost *:80> Define vhost_name siteName Define vhost_home /path/to/site/home Include conf/vhosts.d/template.inc </VirtualHost> ==conf/vhosts.d/template.inc contains== <Directory "${vhost_home}/sso"> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on KrbMethodK5Passwd off KrbAuthoritative off KrbAuthRealms [list of realms removed for security] Krb5Keytab "/etc/krb5.keytab" KrbServiceName Any require valid-user ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=/login/anonlogin.php\"></html>" </Directory> ====And some output from kinit and klist==== $ sudo kinit -V -t /etc/krb5.keytab HTTP/six.***********.com(a)EXT.**********.COM keytab specified, forcing -k Using default cache: /tmp/krb5cc_0 Using principal: HTTP/six.***********.com(a)EXT.**********.COM Using keytab: /etc/krb5.keytab kinit: Client 'HTTP/six.***********.com(a)EXT.**********.COM Kerberos database while getting initial credentials $ sudo klist -etk Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 3 09/27/2018 10:22:17 HTTP/one.***********.com(a)aaa.**********.COM (arcfour-hmac) 3 09/27/2018 10:22:17 HTTP/two.***********.com(a)aaa.**********.COM (arcfour-hmac) 3 09/27/2018 10:22:17 HTTP/three.***********.com(a)aaa.**********.COM (arcfour-hmac) 3 09/27/2018 10:22:17 HTTP/four.***********.com(a)aaa.**********.COM (arcfour-hmac) 3 09/27/2018 10:22:17 HTTP/five.***********.com(a)aaa.**********.COM (arcfour-hmac) 3 09/27/2018 10:22:17 HTTP/six.***********.com(a)aaa.**********.COM (arcfour-hmac)

3 2

NetworkManager, multiple IPs, and selinux...
by Sean 07 Oct '18

07 Oct '18

Hello, I was wondering if any one has seen issues with selinux name_bind denials that result from having IP:PORT bindings for services to specific IP addresses managed on an interface under NetworkManager's control? I do realize that people will probably say stop using NetworkManager, and I may, but the behavior is strange, and I'd like to have a better understanding of what's going on. The config is like so: # nmcli c mod eth0 ipv4.addresses 192.168.1.10/24,192.168.1.11/24 # nmcli c down eth0 # nmcli c up eth0 # getenforce Enforcing # systemctl start httpd <errors> permission denied binding to 192.168.1.10:443 Apache has two simple IP based VHosts, site1 and site2, with different (and correct dns records and ssl certs). I'm snipping the config because I know the Apache config works. Listen 443 <VirtualHost 192.168.1.10:443> ... <VirtualHost 192.168.1.11:443> ... I find the denial strange. I've done some testing such as removing one VHost's config and adding a NIC to the VM (eth1) and reconfigure to have 1 IP on each NIC and use both Vhosts. Either way, the selinux denial disappears and everything works. All the packaged selinux policy relating to httpd_t and access to port 443 is correct. I don't doubt that if I ditched NetworkManager and went for eth0:0 and eth0:1 for the IP interfaces, all would be well. I'd just like to see if anyone has some input on the issue. --Sean

3 2

Swap space and hibernation on Centos 7
by H 06 Oct '18

06 Oct '18

I just reinstalled Centos 7 on my Dell Inspiron 15 7570. This time I created a swap partitition that is 24 Gb in size since the machine has 16 Gb of memory. Still unable to hibernate with 'systemctl hibernate' which generates a message that a 'dependency on hibernate.target failed'. Typing swapon -s or cat /proc/swaps I see: /dev/dm-2 partititon 25161724 0 -1 free -m gives me: ... Swap 24571 0 24571 What am I missing? Suggestions what to check are appreciated.

1 0

How to install Banshee on CentOS 7?
by MRob 04 Oct '18

04 Oct '18

on centos 7 I tried to install banshee from EPEL yum install banshee gotting this error: Error: Package: banshee-2.6.2-11.el7.x86_64 (epel) Requires: libgpod-sharp >= 0.8.2 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest seems known problem but ignored to fix it in a year or more: https://bugzilla.redhat.com/show_bug.cgi?id=1406012 I tried "yum insall --skip-broken banshee" however this will skip banshee itself! lol what else can I do to install banshee?

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss October 2018