DevHeads.net

Postings by m.roth

C7, ipmi, NIC2, still fighting

This is that system with the missing management port, and I'm still
fighting it.

C7, just updated firefox, bugs

I just updated the "critical" firefox update, and it is *seriously* buggy.

1. I killed my old session, and started a new. Many (all?) tabs show
*nothing* until I put my cursor in the URL bar and hit <enter>
2. I cannot open a link in an email in thunderbird. I click the link, and
after a bit (30 sec? more?) a small windows tells me that firefox is
running, but not responding, which it certainly responds when I focus on
firefox.

mark

FYI: Useful to know on pdf printing

This is just an FYI, folks.

We've got this large poster printer. We had some, er, environmental
issues, let us say, and first I had to recreate the .ppd (HP "doesn't
support printing from Linux, and the one a former coworker extracted from
the Mac package... was for a 23", not this 44"). Then... I was trying to
print from a 6.9 box.

Semi-OT: LSI raid card sorta....

I've got a box running C7, just updated (yesterday). It had an onboard
RAID controller, and an HBA. I just installed a new, additional RAID card,
all LSI.

MegaCli64 only sees one controller. I can't seem to find the magic to see
the others. I *know* the new card is a MegaRAID - the box it came in says
so.

Samba issues with Win 10

Hi, folks,

Just ran into a problem: someone with a new laptop, running Win 10,
version 1709, tried to map their home directory (served from a CentOS
6.9 box, and it fails, with Windows complaining that it no longer
supports SMBv1, and if you go to their site, you can install support
for that manually....

The server running samba can *not* be updated to 7 - we have a lot of
stuff based off it, and most of our users use it, one way or another,
so it's a major thing when we do finally upgrade (or, more likely,
replace the server).

Has anyone run into this, and if so, any workarounds o

Semi-OT: ipmitool or ipmicfg: set BMC to use NIC 2

The man page isn't helping, nor have I been able to find examples that work.

For example, the man page claims I can do ipmitool lan get active, and I
try, and it says, "invaling lan command, get".

Do I set the MAC address for the lan to NIC 2? Anyone have a clue - I do
*not* want martians on the real network.

mark

C 7: smpboot: CPU 16 is now offline

Current kernel, and I just booted, and dmesg shows, of the 32 cores, 0, 2,
4 and 6 ok, and *all* other show "is now offline.

What's happening here?

mark

Generic linux question: sysctl and swiotlb

Anyone know if I can increase the size of swiotlb using sysctl, rather
than waiting to reboot?

mark

C7, kernel oops, sllub.c

Anyone else seeing this: I've seen it with different line # as an upstream
bug: kernel BUG at mm/slub.c:3601.

When I look for slub.c, I think I found a slightly different version,
since that's a blank line, but it's in the function slab_memory_callbac.

On a possibly related note, one of my users who runs debian has been
getting a ton of radeon errors...

C7, encryption, and clevis

We've been required to encrypt h/ds, and so have been rolling that out
over the last year or so. Thing is, you need to put in a password, of
course, to boot the system. My manager found a way to allow us to reboot
without being at the system's keyboard, a package called clevis. Works
fine...

A touch conused on context

Ok, we've got a set of directories bind mounted on our standard mount
point for the web. The directory tree's been set with semanage fcontext -t
-e /var/www <ourmountpoint>. In one of the websites under there is
<site>/cgi-bin, and under *there are a couple of subdirectories, and a
.dat file that is written to (I thihnk it's a counter, or whatever).

Trying to print...

Well... we've got this poster printer. Been printing for years. There was
an, um, incident at work, and long story short, the .ppd that I had had to
create was lost. I've pretty much recreated it, and cupstestppd only gives
a few warnings...

C 7, selinux, and rpc.gssd

Folks,

As systems are upgraded, we're getting a ton of complaints
(fortunately, we're in permissive mode) that would break everything.
All of them involve rpc.gssd, and I see a number of bugs listed when I
search.

Note that I first saw this on a RHEL system, but now I'm seeing it on
CentOS 7.

The right way to deal with in-house development

Ok, what's the "correct" way to deal with systems developed in-house, that
have their own sets up subdirectories.

And why, for that matter, does running sealert give me the full path to
the executable, like openjdk... but *not* the full path to the file it's
trying to operate on, and I'm left going "ok, where was the file it
deleted?

could not resolve mirrorlist.centos.org

Hi, folks,

I've got managers on me, I'm rebuilding this system as C 7... and I'm
getting the above. No idea. It pings, but pointing a browser to there
gives me "invalid release".

Anyone else having trouble?

mark

Yum-cron

Ok, I've just had issues this morning, and went and *looked*. I can see a
yum-cron running monthly, sure. Running weekly, I guess. Running daily?
Why?

And there is *NO* reason whatever for a "yum-hourly*. None. This is
CentOS, not ubuntu-snapshot-of-the-moment.

I don't know if this is from upstream or not, but it's wrong. I mean, even
Redmond only pushes out patches once or twice a month, except for critical
fixes.,,,.

OT: hardware: sanitizing a dead SSD?

Anyone have any clues about how to sanitize a dead SSD? We haven't had it
yet, but we're sure it's coming. Esp. since I'm a federal contractor, a
dead disk gets deGaussed, but what the hell do you do with a SSD?

Re: [CentOS] More oddities...

On Tue, May 01, 2018 at 03:28:29PM -0400, <a href="mailto:m.roth@5-cent.us">m.roth@5-cent.us</a> wrote:

More oddities...

My manager's workstation is C 7.4, and it started screaming yesterday
about issues with ata5.

Except that he has one internal and one external drive, and a DVD. Anyone
have clues as to what could be causing this, or where to start looking?

He's rebooted it, and before that, I tried rescan-scsi-bus.sh, with no joy.

mark

OT: hardware, odd PSU issue

We have an HP blade enclosure for SL230s Gen 8. Went to replace the four
PSUs in it, 1500W. Got them from one vendor, "refurbished"... and *none*
worked. Returned them, and got them from another vendor, and *none*
worked.

Something odd here. For one, the LED doesn't light up when I'm holding the
PSU and plug it in. Then there's something I just noticed late yesterday:
in the socket of the PSU, on the shorter side of the trapezoid, there are
four copper strips, running from the inside out.

Anyone run into this before?

OT: thunderbird annoyance

Does anyone know if it's even possible to NOT cc myself when I hit reply all?

Geez, that's what's in the sent folder....

mark

motion

Got a CentOS 7 box running motion. Selinux is complaining that one of the
scripts motion runs is mislabeled. Here's what it is.
system_u:object_r:nfs_t:s0 /home/motion/bin/on_move_end

Now, ~motion is NFS mounted, and we've got use_nfs_home_dirs --> on, so
what *would* the proper label be, or do I really need to create a policy
for this?

mark

Semi-OT: install python package in userspace

CentOS 7 box. As there's no package in any of the repos, we're trying to
install scikit-learn in the user's space. It refuses.

An selinux issue

CentUS 7.4

From sealert:
SELinux is preventing /usr/sbin/sshd from read access on the file
/etc/ssh/moduli.

***** Plugin restorecon (94.8 confidence) suggests
************************

If you want to fix the label.
/etc/ssh/moduli default label should be etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/ssh/moduli
<...>
Additional Information:
Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context system_u:object_r:unlabeled_t:s0
Target Objects /etc/ssh/moduli [ file ]
Source sshd
Source Pat

A question about smb.conf between C6 and c7

Are there any? Will a C 6 conf work under C 7?

A pointer to a README would be appreciated on configuration differences,
if any.

Thanks in advance.

mark

Two MACs for one IP

The reason I want to assign one IP to two MAC addresses is that I have one
(and only one) user for whom I have to spoof the MAC address (it's a case
of stupid software licensing). But... his system is encrypted. Now, we're
using clevis to allow reboots without someone being at the keyboard to
type in the password. Those of you who've looked at clevis see where this
is going: clevis uses the *real* firmware MAC address to get the key from
the latchset server...

OT: configuring xming to know putty's not in a std. location

Is there some way to do this? I've got the current putty (actually,
putty-cac), pageant, and plink in my user's Downlods directory - neither
he nor I have admin authority on his laptop, and Desktop support's
teleworking today - but I can't seem to find a way to configure xming to
look there for putty.

Or is it start putty, *then* start xming?

mark

logging in

This is.... odd.

We're seeing a *lot* of
sshd[8400]: Timeout, client not responding.
So I'm trying to find out whose client is having issues. Trying to figure
that, after processes are gone, I tried looking in lastlog, which is where
it gets odd. lastlog shows root coming in, and it shows a security account
coming in... years ago.

I see one of our users logging in a goodly number of times... but lastlog
doesn't show him.

An rpm specfile quesstion

I've built an rpm package to distribute an executable and datafiles, but I
need to link to the executable, with the symlink with a different name,
into /usr/sbin/

If I make the symlink in the %post, it doesn't show if you do rpm -ql, and
/usr/sbin/link gives "not owned by any package".

CentOS 7 autofs flakyness

I have a user who couldn't get in via WinSCP to a server. Got him to log
in via putty, and that was fine. But he still couldn't get in the other
way. At my manager's suggestion, I restarted autofs... and everything
worked.

Note that his home director5y was already automounted via NFS, after he
logged in via putty. We've seen other, similar oddities with NFS.