DevHeads.net

Postings by m.roth

C7, NetworkMangler, and IPv6

Hi, folks,

Freshly built box... but does not get its IPv6 address. Gets its IPv4
with no trouble, and if I *manually* run dhclient -v -N eno1, it gets
the correct IPv6, but after that, nope. And INITIPV^=yes in
/etc/sysconfig/network-scripts/ifcfg-eno1. I even tried adding
NETWORKING_IPV6=yes to an otherwise empty /etc/sysconfig/network.

What am I missing?

mark

C 7 installation annoyances

In the disk partitioner, I can't
1) choose to make the LVM with root and swap be on a RAID 1. Is there
some way to do that, rather than two separate partitions RAIDed?
2) They don't align, so I can't clone /dev/sda to /dev/sdb as a
failover (for /boot and /boot/efi). I've created those two, manually,
and nope, it wiped them out, so I can't clone those two.

Any solutions for either of these?

Enable FIPS mode for apache?

Here's a question that I have3n't found the answer to yet: does anyone
know the effect of enabling FIPS mode for apache? Will it break existing
websites? Does code need changing? Configuration, other than enabling it?

mark

C7 and python 2.7 and jupityr notebook

Anyone familiar with this? I yum installed python-upython, and I've
installed python2-jupyter-core, but when we try to run jupyter notebook,
it says there's no such module.

C7, system-auth-ac, and authconfig

I read the clear-as-mud docs, and it appears that if we want to modify
system-auth-ac, we can create a local, and point system-auth to it.

Howver.. in the default, I see
auth [success=3 default=ignore] pam_succeed_if.so service notin
login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet
use_uid

Now, we'd like to add sudo to that list. Does anyone know *where*
authconfig gets that list in the first place?

Very odd: /proc/sys/net/ipv6/conf/all/disable_ipv6

CentOS 7.5, and on one system, I'm getting:
setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from
read access on the file disable_ipv6

ll -Z shows
-rw-r--r--. root root system_u:object_r:sysctl_net_t:s0
/proc/sys/net/ipv6/conf/all/disable_ipv6

I find this peculiar. Anyone have a resolution, or is this a bug?

mark

xfs quota question

Can I go to an existing xfs file system, and apply a soft quota to each
user on it? If I do, can I then run a report, and see who's using how
much, or does it only apply to files created after the quotas are applied?

mark

Okular

Does anyone know what Magical configuration file determines whether okular
give measurements, in the properties of a .pdf, in millimeters, rather
than, say, inches or cm or furlongs?

mark

Finding user's files

This is among the things we need to do when a user leaves, and it's a
larger question than it sounds. Our Office has many servers, with a good
number of fileservers for projects, with large filesystems (i.e. 10's of
TB).

C7, ipmi, NIC2, still fighting

This is that system with the missing management port, and I'm still
fighting it.

C7, just updated firefox, bugs

I just updated the "critical" firefox update, and it is *seriously* buggy.

1. I killed my old session, and started a new. Many (all?) tabs show
*nothing* until I put my cursor in the URL bar and hit <enter>
2. I cannot open a link in an email in thunderbird. I click the link, and
after a bit (30 sec? more?) a small windows tells me that firefox is
running, but not responding, which it certainly responds when I focus on
firefox.

mark

FYI: Useful to know on pdf printing

This is just an FYI, folks.

We've got this large poster printer. We had some, er, environmental
issues, let us say, and first I had to recreate the .ppd (HP "doesn't
support printing from Linux, and the one a former coworker extracted from
the Mac package... was for a 23", not this 44"). Then... I was trying to
print from a 6.9 box.

Semi-OT: LSI raid card sorta....

I've got a box running C7, just updated (yesterday). It had an onboard
RAID controller, and an HBA. I just installed a new, additional RAID card,
all LSI.

MegaCli64 only sees one controller. I can't seem to find the magic to see
the others. I *know* the new card is a MegaRAID - the box it came in says
so.

Samba issues with Win 10

Hi, folks,

Just ran into a problem: someone with a new laptop, running Win 10,
version 1709, tried to map their home directory (served from a CentOS
6.9 box, and it fails, with Windows complaining that it no longer
supports SMBv1, and if you go to their site, you can install support
for that manually....

The server running samba can *not* be updated to 7 - we have a lot of
stuff based off it, and most of our users use it, one way or another,
so it's a major thing when we do finally upgrade (or, more likely,
replace the server).

Has anyone run into this, and if so, any workarounds o

Semi-OT: ipmitool or ipmicfg: set BMC to use NIC 2

The man page isn't helping, nor have I been able to find examples that work.

For example, the man page claims I can do ipmitool lan get active, and I
try, and it says, "invaling lan command, get".

Do I set the MAC address for the lan to NIC 2? Anyone have a clue - I do
*not* want martians on the real network.

mark

C 7: smpboot: CPU 16 is now offline

Current kernel, and I just booted, and dmesg shows, of the 32 cores, 0, 2,
4 and 6 ok, and *all* other show "is now offline.

What's happening here?

mark

Generic linux question: sysctl and swiotlb

Anyone know if I can increase the size of swiotlb using sysctl, rather
than waiting to reboot?

mark

C7, kernel oops, sllub.c

Anyone else seeing this: I've seen it with different line # as an upstream
bug: kernel BUG at mm/slub.c:3601.

When I look for slub.c, I think I found a slightly different version,
since that's a blank line, but it's in the function slab_memory_callbac.

On a possibly related note, one of my users who runs debian has been
getting a ton of radeon errors...

C7, encryption, and clevis

We've been required to encrypt h/ds, and so have been rolling that out
over the last year or so. Thing is, you need to put in a password, of
course, to boot the system. My manager found a way to allow us to reboot
without being at the system's keyboard, a package called clevis. Works
fine...

A touch conused on context

Ok, we've got a set of directories bind mounted on our standard mount
point for the web. The directory tree's been set with semanage fcontext -t
-e /var/www <ourmountpoint>. In one of the websites under there is
<site>/cgi-bin, and under *there are a couple of subdirectories, and a
.dat file that is written to (I thihnk it's a counter, or whatever).

Trying to print...

Well... we've got this poster printer. Been printing for years. There was
an, um, incident at work, and long story short, the .ppd that I had had to
create was lost. I've pretty much recreated it, and cupstestppd only gives
a few warnings...

C 7, selinux, and rpc.gssd

Folks,

As systems are upgraded, we're getting a ton of complaints
(fortunately, we're in permissive mode) that would break everything.
All of them involve rpc.gssd, and I see a number of bugs listed when I
search.

Note that I first saw this on a RHEL system, but now I'm seeing it on
CentOS 7.

The right way to deal with in-house development

Ok, what's the "correct" way to deal with systems developed in-house, that
have their own sets up subdirectories.

And why, for that matter, does running sealert give me the full path to
the executable, like openjdk... but *not* the full path to the file it's
trying to operate on, and I'm left going "ok, where was the file it
deleted?

could not resolve mirrorlist.centos.org

Hi, folks,

I've got managers on me, I'm rebuilding this system as C 7... and I'm
getting the above. No idea. It pings, but pointing a browser to there
gives me "invalid release".

Anyone else having trouble?

mark

Yum-cron

Ok, I've just had issues this morning, and went and *looked*. I can see a
yum-cron running monthly, sure. Running weekly, I guess. Running daily?
Why?

And there is *NO* reason whatever for a "yum-hourly*. None. This is
CentOS, not ubuntu-snapshot-of-the-moment.

I don't know if this is from upstream or not, but it's wrong. I mean, even
Redmond only pushes out patches once or twice a month, except for critical
fixes.,,,.

OT: hardware: sanitizing a dead SSD?

Anyone have any clues about how to sanitize a dead SSD? We haven't had it
yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
dead disk gets deGaussed, but what the hell do you do with a SSD?

Re: [CentOS] More oddities...

On Tue, May 01, 2018 at 03:28:29PM -0400, <a href="mailto:m.roth@5-cent.us">m.roth@5-cent.us</a> wrote:

More oddities...

My manager's workstation is C 7.4, and it started screaming yesterday
about issues with ata5.

Except that he has one internal and one external drive, and a DVD. Anyone
have clues as to what could be causing this, or where to start looking?

He's rebooted it, and before that, I tried rescan-scsi-bus.sh, with no joy.

mark

OT: hardware, odd PSU issue

We have an HP blade enclosure for SL230s Gen 8. Went to replace the four
PSUs in it, 1500W. Got them from one vendor, "refurbished"... and *none*
worked. Returned them, and got them from another vendor, and *none*
worked.

Something odd here. For one, the LED doesn't light up when I'm holding the
PSU and plug it in. Then there's something I just noticed late yesterday:
in the socket of the PSU, on the shorter side of the trapezoid, there are
four copper strips, running from the inside out.

Anyone run into this before?

OT: thunderbird annoyance

Does anyone know if it's even possible to NOT cc myself when I hit reply all?

Geez, that's what's in the sent folder....

mark