DevHeads.net

Postings by m.roth

C 7, selinux, and rpc.gssd

Folks,

As systems are upgraded, we're getting a ton of complaints
(fortunately, we're in permissive mode) that would break everything.
All of them involve rpc.gssd, and I see a number of bugs listed when I
search.

Note that I first saw this on a RHEL system, but now I'm seeing it on
CentOS 7.

The right way to deal with in-house development

Ok, what's the "correct" way to deal with systems developed in-house, that
have their own sets up subdirectories.

And why, for that matter, does running sealert give me the full path to
the executable, like openjdk... but *not* the full path to the file it's
trying to operate on, and I'm left going "ok, where was the file it
deleted?

could not resolve mirrorlist.centos.org

Hi, folks,

I've got managers on me, I'm rebuilding this system as C 7... and I'm
getting the above. No idea. It pings, but pointing a browser to there
gives me "invalid release".

Anyone else having trouble?

mark

Yum-cron

Ok, I've just had issues this morning, and went and *looked*. I can see a
yum-cron running monthly, sure. Running weekly, I guess. Running daily?
Why?

And there is *NO* reason whatever for a "yum-hourly*. None. This is
CentOS, not ubuntu-snapshot-of-the-moment.

I don't know if this is from upstream or not, but it's wrong. I mean, even
Redmond only pushes out patches once or twice a month, except for critical
fixes.,,,.

OT: hardware: sanitizing a dead SSD?

Anyone have any clues about how to sanitize a dead SSD? We haven't had it
yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
dead disk gets deGaussed, but what the hell do you do with a SSD?

Re: [CentOS] More oddities...

On Tue, May 01, 2018 at 03:28:29PM -0400, <a href="mailto:m.roth@5-cent.us">m.roth@5-cent.us</a> wrote:

More oddities...

My manager's workstation is C 7.4, and it started screaming yesterday
about issues with ata5.

Except that he has one internal and one external drive, and a DVD. Anyone
have clues as to what could be causing this, or where to start looking?

He's rebooted it, and before that, I tried rescan-scsi-bus.sh, with no joy.

mark

OT: hardware, odd PSU issue

We have an HP blade enclosure for SL230s Gen 8. Went to replace the four
PSUs in it, 1500W. Got them from one vendor, "refurbished"... and *none*
worked. Returned them, and got them from another vendor, and *none*
worked.

Something odd here. For one, the LED doesn't light up when I'm holding the
PSU and plug it in. Then there's something I just noticed late yesterday:
in the socket of the PSU, on the shorter side of the trapezoid, there are
four copper strips, running from the inside out.

Anyone run into this before?

OT: thunderbird annoyance

Does anyone know if it's even possible to NOT cc myself when I hit reply all?

Geez, that's what's in the sent folder....

mark

motion

Got a CentOS 7 box running motion. Selinux is complaining that one of the
scripts motion runs is mislabeled. Here's what it is.
system_u:object_r:nfs_t:s0 /home/motion/bin/on_move_end

Now, ~motion is NFS mounted, and we've got use_nfs_home_dirs --> on, so
what *would* the proper label be, or do I really need to create a policy
for this?

mark

Semi-OT: install python package in userspace

CentOS 7 box. As there's no package in any of the repos, we're trying to
install scikit-learn in the user's space. It refuses.

An selinux issue

CentUS 7.4

From sealert:
SELinux is preventing /usr/sbin/sshd from read access on the file
/etc/ssh/moduli.

***** Plugin restorecon (94.8 confidence) suggests
************************

If you want to fix the label.
/etc/ssh/moduli default label should be etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/ssh/moduli
<...>
Additional Information:
Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context system_u:object_r:unlabeled_t:s0
Target Objects /etc/ssh/moduli [ file ]
Source sshd
Source Pat

A question about smb.conf between C6 and c7

Are there any? Will a C 6 conf work under C 7?

A pointer to a README would be appreciated on configuration differences,
if any.

Thanks in advance.

mark

Two MACs for one IP

The reason I want to assign one IP to two MAC addresses is that I have one
(and only one) user for whom I have to spoof the MAC address (it's a case
of stupid software licensing). But... his system is encrypted. Now, we're
using clevis to allow reboots without someone being at the keyboard to
type in the password. Those of you who've looked at clevis see where this
is going: clevis uses the *real* firmware MAC address to get the key from
the latchset server...

OT: configuring xming to know putty's not in a std. location

Is there some way to do this? I've got the current putty (actually,
putty-cac), pageant, and plink in my user's Downlods directory - neither
he nor I have admin authority on his laptop, and Desktop support's
teleworking today - but I can't seem to find a way to configure xming to
look there for putty.

Or is it start putty, *then* start xming?

mark

logging in

This is.... odd.

We're seeing a *lot* of
sshd[8400]: Timeout, client not responding.
So I'm trying to find out whose client is having issues. Trying to figure
that, after processes are gone, I tried looking in lastlog, which is where
it gets odd. lastlog shows root coming in, and it shows a security account
coming in... years ago.

I see one of our users logging in a goodly number of times... but lastlog
doesn't show him.

An rpm specfile quesstion

I've built an rpm package to distribute an executable and datafiles, but I
need to link to the executable, with the symlink with a different name,
into /usr/sbin/

If I make the symlink in the %post, it doesn't show if you do rpm -ql, and
/usr/sbin/link gives "not owned by any package".

CentOS 7 autofs flakyness

I have a user who couldn't get in via WinSCP to a server. Got him to log
in via putty, and that was fine. But he still couldn't get in the other
way. At my manager's suggestion, I restarted autofs... and everything
worked.

Note that his home director5y was already automounted via NFS, after he
logged in via putty. We've seen other, similar oddities with NFS.

An rpmbuild spec question

I'm trying to build a package to create a directory and install some
files. My rpmbuild keeps failing, unable to cd into the directory, "no
such". Now, in the tmpfile, I *see* it cd'ing into BUILD/opt, and the
source was unzipped and untared into BUILD/opt/smipmicfg-1.27.0. In the
spec file, I've even added a cd $RPM_BUILD_ROOT/opt, and I see it cd to
there... and then it says it fails cd'ing into the directory under it.

I've been doing a lot of googling, but nothing seems to fix this.

Re: [CentOS] C7 and docker storage

Gianluca Cecchi <gianluca. ... at gmail dot com> wrote:

C 7, docker, and storage

I may have missed some overnight replies to my question from yesterday -
if so, sorry.

From my googling, it looks like I should change from the loopback device
to overlayFS (with overlay2).

C7 and docker storage

Was working on docker on a server, and on startup, I see
Nov 29 10:58:27 <servername> dockerd-current:
time="2017-11-29T10:58:27.612849959-05:00" level=warning msg="devmapper:
Usage of loopback devices is strongly discouraged for production use.
Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to
dm.thinpooldev section."
Nov 29 10:58:27 <servername> dockerd-current:
time="2017-11-29T10:58:27.655600686-05:00" level=warning msg="devmapper:
Base device already exists and has filesystem xfs on it.

C 7, lockd issue

I thnk I posted this last week, but to refresh your minds (for Americans,
after all the turkey): two C7 boxes, updated. box 1 is exporting
directories; box 2 is not running nfs. From box 1, every minute, I get
<...> kernel: lockd: server fred.local not responding, timed out

Now, on box 2, fred is eth0:fred, and is one of five secondaries on eth0.
When I do an ip a, it shows as the last one.

semi-OT:apcupsd

I can't seem to find apcupsd for C 6. Just went to epel's website, and not
visible. Anyone have a clue?

mark

C6 and xfce

Hi, folks,

So I installed xfce on my Netbook. While I was in Chicago, I worked out
how to tell it to bring it up. It came up.

As root. With no obvious way to tell it to show a login screen first.

Did I miss something?

mark

yum-cron

Hi, folks,

Has anyone else seen the issue of having an excludes= in /etc/yum.conf,
but yum-cron appears to be ignoring it?

This may have been the case earlier this year, where it seemed to
partly install a new kernel, then not done the post-install.

C6, lightweight window managers - opinions?

So, on my old Netbook, now happily running C6.9, I'm looking for opinions
for a lightweight window manager. Gnome surely ain't it....

Years back, I used to like IceWM, but not sure it's been kept up.

So, opinions?

mark

Semi-OT: a docker log question

Hi, folks,

Is there *any* way, other than writing my own logging driver, to get
the docker daemon to write to its very own file, like, say,
/var/log/docker, so that it doesn't spew crap into /var/log/messages?

Thanks in advance.

mark

C7, docker, logging

Hi, folks,

Well my user had errors, so I got to restart the docker daemon with
--log-level=warn.

Docker log level

Hi, folks,

Just installed and fired up docker for a user, and the default log
level is stupidly noisy. Now, doing some googling, I see that I can set
the log level on the command line. What I'd *like* to do is set the log
level in the appropriate config file, which I gather is
/etc/docker/daemon.json.