logs archiveIRC Archive / Freenode / #centos / 2015 / July / 13 / 1
dan_j
Hi. I am moving datacentres and want to add some redundancy. I'm using two centos servers to act as redundant firewalls. They will then both connect to two switches (server 1 connected to switch 1+2) (server 2 connected to switch 1+2). All internal servers will be connected to both these switches, so that if a switch goes down, the other switch can send the
packets.
Regarding the centos firewall servers, am I correct in saying that I'll need to set up a bridge with the two NICs that each server will have? (one connected to each switch)
TrevorH
bonding would be more what you want, especially if your switches can do LACP across them both
dan_j
Ah. Bonding. Couldnt remember the word! Can centos do bonding, or do I need network cards that offer bonding within the card?
never mind. think google answered the first part of my question
Is there any point in purchasing network cards that support bonding? Performance improvement maybe?
TrevorH
didn't even know you could and they probably require driver support anyway
dan_j
OK. Im going to try the software approach. Final question, do bonded NICs need to be connected to the same switch?
or can I set them up as above?
Like this. http://imgbin.org/index.php?page=image&id=24721
TrevorH
that depends on your switches and if they can do lacp across switch boxes
dan_j
Ok. Thanks. Ill check. Bought one. Just need to be the second or replace the first.
roberth1990
how can I see what privileges a group has?
kexmex_
hi. i need something that keeps a certain amount of workers up, even when they die, what can i use?
         

mdittmeier
any kickstart guru's on?
TrevorH
@ask mdittmeier
centbot
Instead of asking to ask, just state your problem clearly and concisely. If someone is available to assist you they will.
TrevorH
roberth1990: a group doesn't have privileges as such, you can look in sudoers to see if it's listed otherwise it just has access to things that are owned by the gorup
mdittmeier
i am unable to disable the initial_setup screen in cents 7 using kickstart. I am using the "firstboot --disable" parameter. what am I missing?
TrevorH
have you used eula --agreed
mdittmeier
@TrevorH yes
i have tried both --disable and --disabled
kexmex_
can launchd keep like 10 of workers up and bounce them when they die or become unresponsive?
jsharper
Hello. I'm trying to learn the el7 way of doing things (ie. no /etc/rc.local). Can anyone give me a suggestion for setting /sys/block/mdx/md/stripe_cache_size to eg 8192 at boot? i tried creating a udev rule but ive never used udev and it isnt working :)
TrevorH
jsharper: /etc/rc.local still works in el7
mdittmeier: I believe there were changes and bug reports in 7.1 for this area
mdittmeier
@TrevorH figures, I am trying to setup desktops with LDAP auth, and no local accounts
jsharper
@TrevorH: hm. thx. i guess that will get me by until i can learn udev or systemd..
TrevorH
mdittmeier: how about http://seven.centos.org/2013/12/preventing-gnome3s-initial-setup/
mdittmeier
@TrevorH OH! I will try now. very nice find
TrevorH
mdittmeier: that post predates 7.1 though
mdittmeier
@TrevorH I'll let you know if it still works
knob
Hello everyone. I am having a bit of a problem getting apache up and running.
This is my first CentOS install... trying to move away from Ubuntu. The server is a small VPS with 1GB ram.
mdittmeier
what version of cents?
knob
I installed via sudo yum install httpd
mdittmeier, 7
Here is the tail of the error_log http://pastebin.centos.org/29926/
TrevorH
systemctl start httpd.service
         

knob
I then did that... (systemctl start httpd.service) yet, .... still no dice?
btw, this is a "Minimal Install" image
TrevorH
there is no error in that log
did you open the firewall to allow connections from outside?
knob
So, I don't know if I am missing something basic in the install. I tried to make a clean server without un-necessary things... don't know if I missed something basic!
mdittmeier
try "firewall-cmd --permanent --add-service=http"
knob
btw, thanks for the help! I know it must be something simple, yet... nothing online when I load up http://server's.ip.address/
mdittmeier
try "firewall-cmd --permanent --add-service=https"
TrevorH
is the service running? systemctl status httpd.service
knob
checking that now mdittmeier
TrevorH
yes, you will need to open the ports in the firewall if accessing from other than localhost
knob
the systemctl status httpd.service returns Active: active (running)
mdittmeier
@knob http showed running with POD 30433 in log, so more than likely firewall
knob
running firewall-cmd --permanent --add-service=https now...
TrevorH
you need to run it twice, once with --permanent and once without
mdittmeier
default firewall rules only allow ssh
or with "firewall-cmd --reload"
@TrevorH gome-initial-setup still runs. I'll keep digging, but at least I know it is not a kickstart issue
knob
Hmm... so firewall-cmd --permanent --add-service=https returns success. Then I ran: firewall-cmd --add-service=https also returns success
Then I did systemctl restart httpd.service yet, still getting the "unable to connect" page on a browser.
mdittmeier
the permanent switch will require you to restart the firewall service to apply the changes
run "firewall-cmd --add-service=http" to make realtime changes
then run again with "https"
knob
This is a side-question, and a n00b question: With CentOS' firewall, do I have/need/should install something like fail2ban?
mdittmeier
is the server on the internet?
knob
Yes.
=)
mdittmeier
have not used with cents 7 yet, but might be worth looking into
*centos
knob
Alright! Working mostly!! w00t!
Page loads after firewall-cmd --add-service=http and then https....
mdittmeier
nice work
knob
Are those changes saved with reboots? Or do I have to do something for future re-loading of these settings?
Thanks to both mdittmeier and TrevorH
mdittmeier
the --permanent will survive a reboot
knob
Ahh ok ok.
Awesome-tastic!
Hey guys, another n00b question... it is regarding the systemctl... CentOS... does it "consolidate" all the start/stop of services and such under systemctl?
I mean, the reason for systemctl is to make this control more uniform? instead of calling to /bin?
pj
knob: the reason for systemctl is because that is what RedHat is using now so that is what CentOS has to use as a result. If you want RedHat's reasoning you would have to ask them.
knob
pj, ok... I do understand that CentOS will follow RedHat's lead. Just wondering the why behind the way.
pj
knob: you can still use the service command if you prefer, it just is a wrapper around systemctl now.
knob
Good to know... thank you!
cyberjorge
Hi there, I have vSphere 5.1 and trying to create a new CentOS 7 VM. I only have CentOS 4/5/6 64bit in my option so I selected that, is this good with CentOS 7?
Sokel
cyberjorge: Just pick centos 6. However, I'm going to recommend you get to 5.5
evil_steve
where '5.5' means "esx 5.5'
cyberjorge
yes, we have an scheduled upgrade to esx 6 actually but need to create this Centos vm first
fenrus02
hm. i'm not sure c7 will even boot under esx 5.1. might actually be required to have 5.5 for that.
cyberjorge
So there should be no issue with the older centos template right?
hmmm...
fenrus02
c6 is old enough, it should work
cyberjorge
glad to know
fenrus02
esx 5.1 was around 2012 iirc
cyberjorge
just one more, the c6 offer the LSI Logic Parallel for the SCSI controller. Shall I go with this or Vmware paravirtual? Which is betteR?
i know right
fenrus02
likely better to ask in #vmware
cyberjorge
i thought so, thanks
ecksit
hey, is there a way to skip a rpm install if it's already installed on the system?
fenrus02
erm, using yum already does that.
ecksit
i'm using rpm to install a package
« prev 1 2 3 4 5 6 7 8 next »