logs archiveIRC Archive / Freenode / #centos / 2015 / July / 18 / 1
nanga
Lamentation, I cannot set it. But maybe we can discuss this later. I'm leaving the keyboard too :)
Lamentation
not a problem
pm me next time ur online
nanga
Lamentation, :)
Nick_ZWG
On CentOS 6.6, curl 7.19.7, I'm getting unexpected SSL errors using the option 'ciphers = HIGH,!ADH' on https://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog. What is the correct cipher syntax for CentOS curl? 'ciphers = rsa_rc4_128_sha' ?
fenrus02
http://curl.haxx.se/docs/manpage.html
your syntax above is wrong.
Nick_ZWG
curl --ciphers 'rsa_rc4_128_sha' https://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog breaks
How can I tell which backend curl was compiled against?
deryni-work
In the --version output.
Nick_ZWG
Looks like NSS here, right? curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
fenrus02
wfm. $ curl --tlsv1.2 -vI --ciphers rsa_3des_sha https://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog
         

Nick_ZWG
Thanks, that works for me too. Not sure why 'rsa_rc4_128_sha' doesn't, though
fenrus02
the cipher above came from 'curl -v https://..' and seeing what it used. the output from verbose is in uppercase. use the lowercase names found on https://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives
as long as your ordered list of allowed ciphers includes what they're willing to accept - you should be able to connect.
Nick_ZWG
Thanks, that's very helpful. I didn't know of that workflow before, so now I know how to solve that problem.
fenrus02
Ex: * SSL connection using TLS_RSA_WITH_3DES_EDE_CBC_SHA
you really want to avoid using rc4 for anything
see also, https://www.ssllabs.com and https://www.feistyduck.com/library/bulletproof/
darius93
Just two quick question: do I need "HWADDR" within the ifcfg-ethX? If not, whats the best way to assign a IP to a virtual nic device within kvm without knowing the mac address and without having to issue commands on boot. These IPs will be static but i dont want one ip to be assigned to eth0 when it suppose to be eth1, etc
fenrus02
not required.
best? only give the vm a single vnic .. then there's no question what gets assigned
darius93
fenrus02, one vnic will be for public networking, the other for private networking.
fenrus02
inside a guest-vm?
deryni-work
You don't need HWADDR but without it, in theory, your NICs could get mapped to eth# names in "random" orders on boot.
pr0fess0r
anyone know of a working driver for a Linksys 5GHz USB NIC
i think it's an AC1200. I can't tell, the print on it is too small
i read on a forum that it may not be supported at all but i'm hoping someone may have found a way to make it work
fenrus02
"lsusb" will tell you more details about it if you want them.
pr0fess0r
13b1:0039 Linksys AE1200 802.11bgn Wireless Adapter [Broadcom BCM43235]
darius93
fenrus02, i believe so. I dont know if im making it clear but basically im assigning two interfaces to a guest, one for public and another for private, but the private networking will be disabled unless enabled on the frontend panel. And deryni-work I assume the only way to prevent that is to assign the address to the interface within the guest or would it be another way?
TrevorH
pr0fess0r: your best bet is to look at the ELRepo website and see if they have a driver for it
pr0fess0r
TrevorH: ELRepo? Never heard of it. you got a link
deryni-work
darius93: The way to prevent that is the HWADDR lines. The networking scripts handle ensuring the "correct" NIC is assigned to the eth# with the right HWADDR entry. (This is what the consistent device naming stuff introduced in CentOS 6/7 "fixes".)
TrevorH
@repos
centbot
Additional packages are often in 3rd party repos. Information on additional CentOS repos is available at http://wiki.centos.org/AdditionalResources/Repositories Pay attention to the reference on yum-priorities.
pr0fess0r
nvm
found
TrevorH
but I bet google know it too
if they don't currently have a driver then you could ask in #elrepo and/or raise an RFE on their bug tracker to see if they can create a package for it
         

pr0fess0r
ok. cool. thanks. I'll give it a try
darius93
hmm then i guest the best way is to deploy and import the image but make sure it doesnt autoboot them fetch the mac address assigned to the guest and then inject it into the vm
TrevorH
darius93: have you looked at libguestfs
yum list libguestfs\*
then info on the hopeful looking ones
darius93
TrevorH, thats what im using
virt-customize
MACscr
I have some older centos 5 systems that id like to use ipset with. While i can install ipset through another repo, the centos version of iptables doesnt have support for it and somehow its iptables version number is newer than the versions that do have it. Any suggestions? Basically iptables-1.3.5-9.2.el5_8.x86_64.rpm does not support it, but iptables-1.3.5-5.6.centos5.1.x86_64.rpm from flexbox do
es
wolfy
MACscr: 4 years ago TrevorH here present created a couple of packages which were usable as addons , on top of stock iptables
TrevorH
MACscr: ever built packages from an SRPM?
MACscr
a few times, id have to google the steps again =P
TrevorH
I can upload my SRPMs so you can grab them if you like
MACscr
TrevorH: what exactly are they? If its an older iptables release, wouldnt i then be worried about not having newer backported security patches?
TrevorH
I have ipset-kmod-4.5-1.el5.src.rpm ipset-utils-4.5-2.el5.src.rpm and iptables-1.3.5-5.3.el5_4.1.src.rpm but the latter might need some work
the trick is that you build the iptables srpm then throw away everything except iptables-ipset
deryni-work
'iptables-1.3.5-9.2.el5_8' is not older than 'iptables-1.3.5-5.6.centos5.1'. They are the same version of iptables with different packaging revisions (from different packagers/etc.).
TrevorH
that is a copy of the corresponding centos srpm then modded with enough bits to make it build an iptables-ipset rpm
well it is older and I should probably re-fetch the newer srpm and repatch it but the iptables-ipset from it works perfectly with the newer binary iptables rpms on all my boxes so I can't be bothered
deryni-work
I was only commenting on the original statement, not your srpm stuff.
MACscr
deryni-work: huh? i never said that. the newer rpm doesnt support it, but the older one does
TrevorH
MACscr: I took the centos supplied srpm for iptables and made a couple of amendments to the spec file and fed it the necessary patch to make it build an iptables-ipset binary rpm, my version is currently against an older iptables srpm
if you want them then I can point you to them
MACscr
TrevorH: i appreciate it, but i think at this point, i will just make due with not having the support for now as i hope to be switching over to centos 7 in the next couple of months
TrevorH
I use them on more than 25 systems that process terabytes of data and they've been in use for about 4 years now
MACscr
right, but you know what you are doing. i get nervous when i cant update something as important as iptables with yum =P
TrevorH
you can update iptables just fine
http://pastebin.centos.org/31101/
sartan
an iptables binary? for user space tools?
yer good
MACscr
what i tried to do was just extracted /lib64/iptables/libipt_set.so from the other rpm and used that, but then the iptables command didnt have one of the needed command flags i guess =/
i guess i can give your method a try though. thanks
TrevorH
you need 3 bits for it, you need the kernel module, you need iptables-ipset and you need the ipset utils
wolfy
MACscr: I suspect you were missing the required kernel module, not a "command flag" for iptables. There is no need to change the iptables binary
MACscr
wolfy: it ended up being that the software im using it with used syntax that does not appear to be supported by the el5 version of ipset
Error:[iptables v1.3.5: Unknown arg `--match-set']
TechIsCool
how do I upgrade to a specific revision of kernel?
wolfy
TechIsCool: specify name-version-release at install time
TechIsCool
alright let me be more specific. I am trying to install the newest kernel but its breaking the software that is hosted on this machine. I was going to try the earlier version of the same kernel to see if it was a bug or not
wolfy
the answer remains the asme
*sam4
TechIsCool
ok
wolfy
damn. I swear, I CAN type. from time to time at least
TrevorH
also it might be interesting to know how it breaks your software and what that is
waterfoul
lspci freezes with no output when run without arguments, freezes at "Decided to use linux-sysfs" when run as `lspci -G`, and works when I do `lspci -H 1`. Any idea as to why?
billings
is /sys mounted?
is this a VM or something?
waterfoul
_/sys is mounted and centos is installed bare metal. I did have to add iommu=pt to the kernal startup params but other than that it is a fairly clean minimal install
pj
@uname waterfoul
centbot
waterfoul, please paste the single line of output from the 'uname -a' command run on the server in question to the channel.
pj
...just to make sure
waterfoul
Linux vm.waterfoul.net 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
billings
try the latest updates
there's a newer kernel, at least
pj
yeah, yum update, reboot and try again
waterfoul
I guess I forgot to reboot since I did the initial update
pj
not sure that will help, but it's the first thing to try
waterfoul
will it transfer the modified kernel args automatically?
billings
depends on how you modified the kernel args
did you update grub? then yes.
« prev 1 2 3 4 5 next »