Discuss June 2023

discuss@lists.centos.org

9 participants
7 discussions

Mirror problems with elfutils-debuginfod-client
by Chris Adams 25 Jun '23

25 Jun '23

The package elfutils-debuginfod-client is needed for even a minimal install, but it is not available on most mirrors. I suspect some are excluding mirroring debuginfo packages with just a *debuginfo* pattern to rsync, where they should do something like *-debuginfo-*.rpm (which should be good for now as I don't see any package with just "debuginfo" in the name, even in Fedora). The following mirrors are affected: centos-stream-distro.1gservers.com dfw.mirror.rackspace.com forksystems.mm.fcix.net ftp-chi.osuosl.org ftp-nyc.osuosl.org ftp-osl.osuosl.org ftpmirror.your.org iad.mirror.rackspace.com mirror.datto.com mirror.facebook.net mirror.fcix.net mirror.rackspace.com mirror.servaxnet.com mirror.siena.edu mirror.team-cymru.com mirror.xenyth.net mirror2.sandyriver.net mirrors.ocf.berkeley.edu nocix.mm.fcix.net ohioix.mm.fcix.net ord.mirror.rackspace.com repos.eggycrew.com volico.mm.fcix.net -- Chris Adams <linux(a)cmadams.net>

2 2

Tomcat 7 in CentOS 7.9
by Andrea Grillini 21 Jun '23

21 Jun '23

I know Tomcat 7 has reached the EOL. Still it is available as the only option for Tomcat in the CentOS 7.9 repository. How can I know whether security backports are available in CentOS 7 for all packages related to Tomcat 7? Are those rpm packages still safe? Thanks in advance! Andrea Grillini

2 1

CentOS 7 EPEL rpms
by H 17 Jun '23

17 Jun '23

Running C7 and using geany 1.37 which is the latest version available for C7 in EPEL. geany-plugins in EPEL, however, are at 1.38 and there is a bug in one of the plugins that could conceivably be due to version mismatch. I have just spent two hours searching high and low to see if there might be a site where geany-plugins-1.37 could be found but to no avail. I have found 1.31 on several sites and, of course, 1.38 since many mirror EPEL. I have relied on cern.ch in the past and hoped they might have it but could not find geany at all searching their site. I should also add that I could not get the source code for 1.37 to compile on my system due to some tool that is too old so did not pursue that further. Is anyone running 1.37 under C 7 and can confirm that projectmanager plugin is at 1.37? Thanks.

1 0

Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND
by Kaushal Shriyan 13 Jun '23

13 Jun '23

Hi, I am running MySQL DB server 8.0.31 (mysql-community-server-8.0.31-1.el7.x86_64) on the CentOS Linux release 7.9.2009 (Core) operating system and have enabled replication between Master and Standby. I am currently encountering the error Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND as found in mysqld.log file on Standby server. cat mysqld.log file ################################################################################################################################## 2023-06-12T07:34:49.698300Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.31) starting as process 9942 2023-06-12T07:34:49.716114Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. 2023-06-12T07:34:50.203380Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. 2023-06-12T07:34:50.560267Z 0 [Warning] [MY-010068] [Server] CA certificate ca.pem is self signed. 2023-06-12T07:34:50.560375Z 0 [System] [MY-013602] [Server] Channel mysql_main configured to support TLS. Encrypted connections are now supported for this channel. 2023-06-12T07:34:50.565553Z 0 [Warning] [MY-011810] [Server] Insecure configuration for --pid-file: Location '/data' in the path is accessible to all OS users. Consider choosing a different directory. 2023-06-12T07:34:50.592935Z 0 [Warning] [MY-010604] [Repl] Neither --relay-log nor --relay-log-index were used; so replication may break when this MySQL server acts as a slave and has his hostname changed!! Please use '--relay-log=devportal2-relay-bin' to avoid this problem. 2023-06-12T07:34:50.608947Z 5 [Warning] [MY-010897] [Repl] Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information. 2023-06-12T07:34:50.611076Z 5 [System] [MY-010562] [Repl] Slave I/O thread for channel '': connected to master 'replicauser@10.1.12.4:3306',replication started in log 'mysql-bin.000007' at position 97065730 2023-06-12T07:34:50.618090Z 0 [System] [MY-010931] [Server] /usr/sbin/mysqld: ready for connections. Version: '8.0.31' socket: '/data/mysql/mysql.sock' port: 3306 MySQL Community Server - GPL. 2023-06-12T07:34:50.618355Z 0 [System] [MY-011323] [Server] X Plugin ready for connections. Bind-address: '::' port: 33060, socket: /var/run/mysqld/mysqlx.sock 2023-06-12T07:41:32.562350Z 8 [ERROR] [MY-010584] [Repl] Slave SQL for channel '': Worker 1 failed executing transaction 'ANONYMOUS' at master log mysql-bin.000007, end_log_pos 97155197; Could not execute Update_rows event on table mb.cache_apigee_edge_entity; Can't find record in 'cache_apigee_edge_entity', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event's master log mysql-bin.000007, end_log_pos 97155197, Error_code: MY-001032 2023-06-12T07:41:32.563449Z 6 [Warning] [MY-010584] [Repl] Slave SQL for channel '': ... The slave coordinator and worker threads are stopped, possibly leaving data in inconsistent state. A restart should restore consistency automatically, although using non-transactional storage for data or info tables or DDL queries could lead to problems. In such cases you have to examine your data (see documentation for details). Error_code: MY-001756 ################################################################################################################################## I am sharing the /etc/my.cnf file for both Master and Standby MySQL DB server. Master -> /etc/my.cnf file -------------------------------------------------------------------------------------------------------------- # For advice on how to change settings please see # http://dev.mysql.com/doc/refman/8.0/en/server-configuration-defaults.html [mysqld] # # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. # innodb_buffer_pool_size = 128M # # Remove the leading "# " to disable binary logging # Binary logging captures changes between backups and is enabled by # default. It's default setting is log_bin=binlog # disable_log_bin # # Remove leading # to set options mainly useful for reporting servers. # The server defaults are faster for transactions and fast SELECTs. # Adjust sizes as needed, experiment to find the optimal values. # join_buffer_size = 128M # sort_buffer_size = 2M # read_rnd_buffer_size = 2M # # Remove leading # to revert to previous value for default_authentication_plugin, # this will increase compatibility with older clients. For background, see: # https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar… # default-authentication-plugin=mysql_native_password bind-address=192.168.1.10 server-id=1 log_bin = /data/mysql/logs/mysql-bin.log datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock log-error=/data/mysql/logs/mysqld.log pid-file=/var/run/mysqld/mysqld.pid -------------------------------------------------------------------------------------------------------------- Standby -> /etc/my.cnf file -------------------------------------------------------------------------------------------------------------- # For advice on how to change settings please see # http://dev.mysql.com/doc/refman/8.0/en/server-configuration-defaults.html [mysqld] # # Remove leading # and set to the amount of RAM for the most important data # cache in MySQL. Start at 70% of total RAM for dedicated server, else 10%. # innodb_buffer_pool_size = 128M # # Remove the leading "# " to disable binary logging # Binary logging captures changes between backups and is enabled by # default. It's default setting is log_bin=binlog # disable_log_bin # # Remove leading # to set options mainly useful for reporting servers. # The server defaults are faster for transactions and fast SELECTs. # Adjust sizes as needed, experiment to find the optimal values. # join_buffer_size = 128M # sort_buffer_size = 2M # read_rnd_buffer_size = 2M # # Remove leading # to revert to previous value for default_authentication_plugin, # this will increase compatibility with older clients. For background, see: # https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar… # default-authentication-plugin=mysql_native_password server-id=2 read_only = 1 max_binlog_size = 500M log_bin = /data/mysql/logs/mysql-bin.log datadir=/data/mysql socket=/data/mysql/mysql.sock log-error=/data/mysql/logs/mysqld.log pid-file=/data/mysql/mysqld.pid -------------------------------------------------------------------------------------------------------------- Please guide me. Thanks in Advance. Best Regards, Kaushal

1 0

IP routing basics?
by lejeczek 12 Jun '23

12 Jun '23

Hi guys. I've always try to leave as mush as possible to the kernel but here I had to resort to source/rule based routing and I wonder why. Any expert cared to share some light on what is (not)happening here HOME -- tunnel --> public iface SHED gw A iface; B iface <-- to respectively --> SOME box A iface; B iface HOME can get to both A & B ifaces, (which are different subnets) all the way up to the SOME box Now, a DIFFERENT box runs/is behind/on that SOME box, which connects to A iface & B iface respectively (which SOME's A & B ifaces are linux bridges) need - so it appears - manual rules in order to have HOME get to DIFFERENT's iface B with IPs: 10.3.9.0/24 -> tunnel -> SHED's 10.1.1.254 & 10.3.1.254 -> SOME's 10.1.1.99 & 10.3.1.99 - all good! ---||--- -> DIFFERENT's 10.1.1.50 - works ---||--- -> DIFFERENT's 10.3.1.50 - for this one I need to set rules (on DIFFERENT only) so HOME can get to it All boxes have METRICs set the same way: iface on 10.1.1.0/24 runs with 111 & on 10.3.1.0/24 runs with 113 metrics. So I must(?) use these, so HOME can get to DIFFERENT's both ifaces: -> $ ip ro ls table 113 default via 10.3.1.254 dev enp0s3 -> $ ip ro ls table 114 default via 10.1.1.254 dev enp0s10 & rules: 32764: from 10.3.1.0/24 to 10.3.9.0/24 lookup 113 32765: from 10.1.1.0/24 to 10.3.9.0/24 lookup 114 I'd prefer to not to use human-set rules but if not possible, I'll be happy with an explanation. many tanks, L.

1 0

JOB | Sysadmin/Lead Platform Engineer (Singapore or London)
by James Tobin 10 Jun '23

10 Jun '23

Hello, I'm working with an employer that is looking to hire someone to be responsible for the modernisation of their on prem environment. There will be lots of VMware and traditional sysadmin work; moving into more of a Kubernetes/ Python/infra-as-code heavy role only once the migration project is completed (say 12 months). Consequently I had hoped that some members of this group may like to discuss. I can be reached using "JamesBTobin (at) Gmail (dot) Com". Kind regards, James

2 1

macsec - place inside the stack of ifaces ?
by lejeczek 05 Jun '23

05 Jun '23

Hi guys. Looking at macsec I've only started - so go easy on me with possibly trivial questions - and write here in hope, that some of you have expertise to tell... Having a bond device which is a slave to a bridge -> where must MACSEC go in order to - if feasible in NM at all that is - secure all the traffic going via the physical device(s)? Just to make it clear - though probably obvious - all traffic, say kernel VMs which use such bare-metal host's bridge iface for communication out/in of the host. Or even most basic of what I ponder over - macsec with 'bond' as parent? All & any thoughts shared are much appreciated. many thanks, L.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss June 2023