DevHeads.net

Postings by Robert Moskowitz

How do I remove a kernel

I have 4 kernels in /boot, leaving on 20MB which is not enough for the
next one.

I had installonly_limit= set at 5, as there were some kernel problems. 
After I got the error that there was not enough room for another kernel,
I set installonly_limit= to 3 and did the update with --exclude=kernel*

That worked to update everything else, but not remove the oldest kernel.

How can I remove the oldest kernel to make room for the new one?

thanks

Running a command at startup

On a support forum, I was told that to turn off my board's blue led run:

echo none | sudo tee /sys/class/leds/blue\:heartbeat/trigger

Well, this does not survive a system reboot.  So I was told:

Add the off bit to

    /etc/rc.local

Add it above "exit 0"

So of course, CentOS is past using rc.local and recommends:

# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this fi

So can someone point me to how to make this into a simple systemd service?

thanks

Upping my game on web work

Until now, I have been satisfied with hand coding my html for simple,
but effective web pages (see <a href="http://www.htt-consult.com/" title="http://www.htt-consult.com/">http://www.htt-consult.com/</a>).

But I want to offer one of our small synagogues some web pages and need
a few tools for them to use to compose their pages and upload content.

What 'simple' web support tools do we have here?

Of course I will be doing this on armhfp,,,

Testing for apache open relaying

My mail server is being blocked by barracuda and spamexperts.

I have tested my mail port via mxtoolbox.com and I came out clean and no
relaying.

So I suspect my apache server as a proxy relay.

Is there a similar site to mxtoolbox that will test apache for improper
relaying?

thanks

I thought I had it blocked for this:

# cat 01-allow.conf
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order deny,allow
    allow from 192.168.96.0/255.255.255.0
    allow from 50.253.254.0/255.255.255.240
    deny from all
</Directory>

# more roundcubemail.c

TLS 1.3 and openSSL 1.1.1 support

TLS 1.3 RFC has 'shipped':  RFC 8446.  Don't yet know all that will have
to be updated to support it, but I am working on openSSL 1.1.1 beta
which is available in the Fedora 29 beta.  The openSSL team is looking
at one more beta release (I had challenges with ED25519 certs, I will
soon have an Internet Draft out on them).

So general heads up.  TLS 1.3 is claimed to be the cat's meow for
security (I see it as a kitchen sink).  There will be questions asking
for when it will be available (wait until they start thinking about
creating EDDSA pkis).

Yet another thing for our hard working C

Back to Xfce

Now that the basic server is up and running.  With Gnome via VNC (yuck),
it is time to go back and figure out howto install Xfce without an Xfce
group script.  So I am asking those with X64 Centos for some pointers. 
Like where are the group scripts so maybe I can modify them for armhfp.

I was reading:
<a href="https://www.rootusers.com/how-to-install-xfce-gui-in-centos-7-linux/" title="https://www.rootusers.com/how-to-install-xfce-gui-in-centos-7-linux/">https://www.rootusers.com/how-to-install-xfce-gui-in-centos-7-linux/</a>

Where the author talks about doing a minimal install then running:

yum groupinstall "Server with GUI"

But notes that this installs Gnome (which I don't want) and that instead to

yum groupinstall “X Window System”

But

rsync versioning problem

I seem to have an rsync versioning problem.

The sender is an old ClearOS6 server with rsynv 3.0.6
The receiver is a brand new Centos7-armv7 server with rsync 3.1.2

I am running rsync over ssh

Got the error:

rsync error: error in rsync protocol data stream (code 12) at io.c(600)
[sender=3.0.6]

And researching this it comes down to a versioning issue.  But all I
have found was to upgrade the 3.0.6 system!  That will happen when I
migrate to ClearOS7!

Is there some option to specify to get this to work?

rsync -ah --stats --delete -e "ssh" /var/flexshare/shares
x.htt-consult.com:/media/

How to set macaddr with nmcli

I see my problem.  I mis-read what

nmcli con mod eth0 mac "02:67:15:00:81:0B"

does.  It sets HWADDR; which interface to link to, not MACADDR, what MAC
address you want for your interface.

So I have read the nmcli pages and googled a bit.  I cannot find a way
to set MACADDR.  I suppose I can set HWADDR then use sed to change it to
MACADDR, but this seems a real hack.

ARM boards do not have assigned MAC addresses.  Uboot uses various
information to generate a local MAC address.  I want finer control of my
MAC address for my servers.  In the past, I just edited ifcfg-eth0.  I
am trying

How to set macaddr with nmcli

I see my problem.  I mis-read what

nmcli con mod eth0 mac "02:67:15:00:81:0B"

does.  It sets HWADDR; which interface to link to, not MACADDR, what MAC
address you want for your interface.

So I have read the nmcli pages and googled a bit.  I cannot find a way
to set MACADDR.  I suppose I can set HWADDR then use sed to change it to
MACADDR, but this seems a real hack.

ARM boards do not have assigned MAC addresses.  Uboot uses various
information to generate a local MAC address.  I want finer control of my
MAC address for my servers.  In the past, I just edited ifcfg-eth0.  I
am trying

ifcfg-link?

This is happening with the Centos7-armv7 image 1804, but I was wondering
if it is a broader C7 issue.

My image has only 2 ifcfg files:  ifcfg-l0 and -link.  'ip a' is listing
the ethernet as eth0.  ifcfg-link has contains:

DEVICE=link
BOOTPROTO=dhcp
ONBOOT=on

I then used nmcli to create my ifcfg-eth0

nmcli con delete eth0
nmcli con add type ethernet con-name eth0 ifname eth0 ip4
192.168.129.11/25 gw4 192.168.129.1
nmcli con mod eth0 ipv4.dns "50.253.254.2 192.168.129.1"
nmcli con mod eth0 mac "02:67:15:00:81:0B"

I moved the cable to the 192.168.129.1 vlan (which does not have a dhcp
s

Strange vncserver behavior

I got vncserver working per:

<a href="https://www.tecmint.com/install-and-configure-vnc-server-in-centos-7/" title="https://www.tecmint.com/install-and-configure-vnc-server-in-centos-7/">https://www.tecmint.com/install-and-configure-vnc-server-in-centos-7/</a>

Then I went to set up a second instance, and have that for logging on to
root:

==========

cp /lib/systemd/system/vncserver@.service
/etc/systemd/system/vncserver@:2.service

vi /etc/systemd/system/vncserver@\:2.service

replace <USER> with root

systemctl daemon-reload
systemctl start vncserver@:2

==========

I got the message:

Job for vncserver@:2.service failed because a configured resource limit
was exceeded.
See "systemctl status vncserver@:2.service" and "journalctl -xe" for
detail

C7 Xfce group

I am working with Centos-arm which right now only has the gnome and kde
desktops.

I am spoiled with using Xfce on all my Fedora systems (MUCH longer
battery life on my notebook, for example).  I like its simplicity.

I see from messages here that mainline C7 does have the Xfce desktop.

Can someone give me a list of rpms that make up the group, so I can try
starting with the minimal image and see if I can build an Xfce desktop?

Meanwhile I am going to put in a request for Xfce on the centos-arm list.

thanks

Errors on an SSD drive

I am building a new system using an Kingston 240GB SSD drive I pulled
from my notebook (when I had to upgrade to a 500GB SSD drive). Centos
install went fine and ran for a couple days then got errors on the
console.

Cloud and php

I am looking at cloud software. On Centos7-armv7hl, of course.

I was pointed to Nextcloud, but v11 CAN work with php 5.4 in Centos7,
but recommends at least 5.5 for security updates and performance
(important on arm), but recommends php 7.

vncserver died

I get back from two weeks on the road, and try to VNC to my server and
it fails. I ssh in and see that, yes vncserver is dead.

Low random entropy

I am use to low random entropy on my arm boards, not an intel.

On my Lenovo x120e,

cat /proc/sys/kernel/random/entropy_avail

reports 3190 bits of entropy.

On my armv7 with Centos7 I would get 130 unless I installed rng-tools
and then I get ~1300. SSH into one and it drops back to 30! for a few
minutes. Sigh.

Anyway on my new Zotac nano ad12 with an AMD E-1800 duo core, I am
seeing 180.

I installed rng-tools and no change.

startx on console 2

I seem to recall that there is some special option to run X11 on <Alt-F2>

On this ClearOS system, their console sits on the default console. You
have to <Alt-F2> (etc.) to get a text login. Now that I have Xfce kind
of installed, I want to see it on the system console, and I thought that
just running startx would work.

It doesn't. Got some errors. And then I remembered years back where
there was some extra options used to run startx on one of the other
consoles.

But it has been too many years and I can't find any notes on it.

Centos7 Cant start vncserver

OK, first time configuring vncserver on Centos7. I have read through a
bunch of old messages here on vncserver and thought I had it.

What is in a yum group

I want to install Xfce on a ClearOS server. They have not defined any
desktop groups (actually no groups other than minimal). But lots of
Xfce rpms are in their repos.

How can I see what rpms Centos would install with a 'yum group install'?

Then I get to install vnc server and set up the client right...

thanks

Mini PCs

I have been working, for the past few years, with armv7 SOCs and have a
number of servers working.

Intel, etal are catching up with ARM and I have seen ones like:

<a href="https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with-celeron-J1900-quad-core-4-usb-VGA/32785346279.html" title="https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with-celeron-J1900-quad-core-4-usb-VGA/32785346279.html">https://www.aliexpress.com/item/NEW-Mini-pc-X86-4-Lan-Qotom-Q190G4N-with...</a>

I am looking for a low power (this is 10W) x86_64 board that has at
least 2 core and 2GB memory.

cannot access file: Input/output error

I have a file on a backup usb drive that I get the following error:

# ls -ls P*
ls: cannot access Power usage.xls: Input/output error

How can I delete this file so that the nightly backup will write out the
current version to the backup drive?

I tried:

# rm -f Power\ usage.xls
rm: cannot remove `Power usage.xls': Input/output error

Which you can see did not work.

thanks

tabs ignored in here document

I thought this worked. Many web pages tell you it works. But bash is
ignoring tabs in my here docs. Worst, where there are two tabs, it is
functioning as a command expand in bash, where all files in the current
directory are listed to complete the command.

The following is the here doc I am using. Most likely the tabs will be
converted to spaces in this email.

Samba active domain controller guide for Centos 7

Is there a good guide for setting up a Samba active domain controller?

I am currently running ClearOS, but it does more than what I want, even
that I had to modify to suit my needs. Only a few systems. Currently
still XP, but I will migrate to Win7 with this move.

Of course I will be doing the install on a Cubietruck armv7.

thanks for any pointers.

enabling xforward in ehlo

Postfix 2.10.1

I have spent some time today searching postfix documentation for
enabling xforward in smtpd. I am not seeing it in the response to the
EHLO when I telnet into localhost 25. I cannot find any reference to
what to put in master.cf (or main.cf) to do this.

I THINK I need this to deal with amavis's policy bank of MYNET so that
hosts within my network list will not get flagged as Open Relay.

systemd override.conf question

Does the override.conf file need the section headers?

For example:

# cat /etc/systemd/system/postfix.service.d/override.conf
[Unit]
After=syslog.target network.target time-sync.target

Will it work with just the After line, or is the [Unit] line needed to
control the merge function.

thanks

What besides Postfix should not start until system time set?

So I have learned that Postfix should delay until Chronyd has moved the
system time from 0 to current.

What other services need to be delayed?

Apache?
Bind?

Of course if this is a nameserver, Chronyd will probably not be able to
resolve the NTP server addresses until Bind is running!

thanks

Does Apache need to delay startup until system time set?

This is for Centos7 on an armv7 SOC with no clock battery.

On startup, Centos runs Chronyd which eventually sets the system clock.
This can happen really fast, or not depending. I have learned that it
is NOT a good thing for postfix to start when the system time is earlier
than the build date of postfix.

startup process that rebuilds aliases.db?

My Centos7 system does not have a battery for the clock (like most armv7
SOCs), thus I rely on that at some point in boot time, chronyd sets the
time. If a file is updated prior to chronyd accomplishing its task (or
network connectivity is down), the file ends up with a timestamp of "Dec
31 1969".

I notice that occasionally, after a reboot, /etc/aliases.db reverts to
this time, and I have to run newaliases to fix it. I suppose I could
run touch as well.

What process could be rebuilding aliases.db?

startup process that rebuilds aliases.db?

My system does not have a battery for the clock (like most armv7 SOCs),
thus I rely on that at some point in boot time, chronyd sets the time.
If a file is updated prior to chronyd accomplishing its task (or network
connectivity is down), the file ends up with a timestamp of "Dec 31 1969".

I notice that occasionally, after a reboot, /etc/aliases.db reverts to
this time, and I have to run newaliases to fix it. I suppose I could
run touch as well.

So is postfix startup rebuilding aliases.db, perhaps?

gmgr and content_filter

This is for a test system on Centos7

In main.cf I have:

content_filter = amavis:[127.0.0.1]:10024

Then in master.cf, I have an

-o content_filter =

For those services (like pickup) that I have figured out should not feed
into amavis.

I am looking at maillog at an email generated by logwatch and see gmgr
calling amavis a few times.