logs archiveIRC Archive / Freenode / #centos / 2015 / July / 4 / 1
jafa2
btw - the FAQ instructions for 7 talk about the change in interface naming convention, then say to modify ifcfg-eth0 (old naming)
TrevorH
tricky to work out which of the 57 varieties of names it will use on your system so probably using eth0 is as good as any
kaos01
yesterday i found the enoXX names usefull :)
TrevorH
you were listening to Roxy Music?
kaos01
haha, was doing a kickstart and it sort of helped, as i didnt have to keep track of did I just affect the ethX order
i think it was like, eth4 is used to access internet, but than i added a fcoe interface and eth4 became something else
with the enoXX think i knew eno{49,50} will always be VLANXXX
jafa2
ok, reproduced the customer problem with our app running on CentOS
app is listening on a UDP port
device sends packet to CentOS server
CentOS replies with ICMP Code: 10 (Host administratively prohibited)
oh - iptables
does CentOS not track UDP conversations?
kaos01
isnt UDP stateless
TrevorH
default iptables set up is to disallow everything except ssh
jafa2
typically a firewall will track outgoing UDP and allow UDP replies
for example DNS
         

TrevorH
pastebin the output of iptables-save
jafa2
http://pastebin.com/un6PN3YL
I added the two lines near the bottom for port 65001 both udp and tcp
but must not have got that quite right
otherwise it is the default
TrevorH
damn, I hate firewalld :(
jafa2
I am used to iptables being a few lines
TrevorH
with those rules you are using firewalld not iptables.service so any rules you add manually with iptables will probably get removed again almost immedately
and if you want connection tracking then you have to tell it so
jafa2
what is the best way to disable the firewall as a quick test?
TrevorH
-m conntrack --ctstate NEW as per the line above
I think there are instructions in the el6->el7 migration guide on how to disable firewalld and enable plain iptables
@migrate7
centbot
For changes and considerations to take into account when moving from CentOS-6 to CentOS-7 please see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Migration_Planning_Guide/index.html
jafa2
adding conntrack didn't change anything - still blocking udp traffic
I would be happy with disabling the firewall for the moment - that way I can confirm the fw is the only problem
TrevorH
systemctl stop firewalld
jafa2
thanks
ok, that fixed it
TrevorH
the only time I've seen where firewalld might be useful is if using NAT'ed VMs with libvirt as it then manages the iptables rules it adds where on older versions it used to break quite a lot
jafa2
thanks for your help
kexmex
hi. i think i got a circular link here
here /var/named/chroot/var/named
how do i make sure
DiscordianUK
Do what?
TrevorH
the bind-chroot set up sets it up as a bind mount
kexmex
TrevorH: seems like it's circular or something
TrevorH
why do you think that
kexmex
cause i can keep going into /var/named/chroot/var/named/chroot ;)
and some scripts complain
du: mount point `/var/named/chroot/var/named' already traversed
TrevorH
did you set it up yourself?
         

Evolution
sure looks like.
TrevorH
as opposed to just installing bind-chroot
kexmex
i haven't
someone else has it seems
Zequal
Heading out of the office. Have a good night guys, you guys make up a solid community and I love it.
o7
darius93
what would be the best way to change qemu/libvirt xml file without having to manually edit it?
er i think that didnt come out right
TrevorH
what change
parallel21
The slave device on a bridge is supposed to be a physical ethernet device, yeah?
devhen
darius93: virsh edit name
yuppie
oh look, centos7 is getting 3.10
WilliamDotAT
i have a script loaded in /etc/rc.local which contains sleep 60 and a bunch of NFS mounts
works so far, gets executed at boot
but the sleep just repeats after 60 seconds are over
i see it show up with new process id
weird, fixed by putting commands inside /sbin/ifup-local instead
meandrain
Hi. So I am using CentOS as a database server, running virtualized with filesystem on ZFS ZVOL. I was looking at this tutorial: https://www.patpro.net/blog/index.php/2014/03/09/2617-mysql-on-zfs-on-freebsd/ that shows how to optimized the filesystem for performance in MySQL. My question is if I create three datasets with different block sizes and if I create three ext4 file systems with the same block size as the dataset on top of thos
e datasets in an attempt to match block sizes, would that help?
TrevorH
WilliamDotAT: both are almost certainly the wrong places for mount commands. You should probably put this into autofs instead
AndyCap
(Action) wonders if autofs can handle NetworkManager "networks"
TrevorH
or create systemd mounts
AndyCap
TrevorH: systemd mounts can take cues from networkmanager?
TrevorH
no idea
kaos01
grub2-mkconfig keep son giving me:/usr/sbin/grub2-probe: error: failed to get canonical path of
TrevorH
path of?
kaos01
/dev/mapper/mpathh2.
its where /boot resides
the command still seems to work
blackflow
so guise, how's btrfs support in 7? Good enough to put into production (for example with regular offsite backups just in case)?
MerlinTHP
Red Hat still class it as a tech preview.
blackflow
MerlinTHP: yea, I know, but it can be unusable, usable so-so, usable very good, ... That's what I'm asking.
TrevorH
tech preview means you get what you're given and if it works, great but if it doesn't and it eats your data, well that's great too
blackflow
I'm not asking what a tech preview is. I'm asking if anyone is using it on CentOS 7 and has good or bad experiences to share. 'sall. :)
kaos01
im gussing its multipath alias causing grub2-mkconfig or grub2-probe to complain
blackflow
what's the best way to copy the entire root filesystem to another disk/partition with regards to preserving the selinux contexts on files? 'cp -xar /* /mnt/newroot/' enough?
or do I rather dd at the block level?
chotaz
Does CentOS 5 block incoming connecting by default in any way? Im not being able to reach my fresh installed centos VM with apache listening on port 80
nanga
@c5eol
centbot
CentOS 5 will go EOL on 31 March, 2017 -- in 1 year, 38 weeks, 4 days, 9 hours, 7 minutes, and 22 seconds
_val_
chotaz: it's important to check if the webserver is running, iptables are active and blocking, if selinux is causing some permission problems etc.
chotaz
_val_, I sshd into said VM, 'curl 192.168.1.93' does return the centos apache default page, however I cant reach it from my host machine
192.168.1.93 being the VM's eth0 ip
_val_
chotaz: and what's your host address?
chotaz
_val_, .1.75
_val_, would iptables by default be blocking incoming connectings?
_val_
chotaz: I guess iptables are blocking then. Try iptables -I INPUT -p tcp --dport 80 -j ACCEPT
starter2
hello, I am trying to shrink an Logical Volume and Extend another one, because I am running out of space, but the guides aren't working for me, they all suggest creatinf a new partition using fdisk, but I get told that the partition is full
chotaz
_val_, no return of any sort
_val_
chotaz: what's the log telling you? /var/log/httpd/error_log or /access_log..
starter2
my SWAP is 250 GB, is it ok to resize it to 200GB, will this create problems?
« prev 1 2 3 next »