@matteo-nunziati said in Anacron Jobs on a CentOS 7 Server:

@JaredBusch well never considered the workload on servers. I don't know how they manage it! maybe not so many use unattended upgraqdes in debian.

I definitely feel like Ubuntu users don't keep their systems as up to date ;)

So that is where we are now. A missing package, unclear documentation and yum unable to resolve dependencies for some of the remaining packages. As the support community showed no interest in Kopano being used in production and actually got angry that we wanted to, we decided to halt here. But there is the documentation in case anyone runs into this and wants to pursue it further.

@scottalanmiller Thanks for welcoming me warmly.

I want to configure email on osTicket. Please remember, I am not technical.

I hope the following does not seem needlessly verbose to you. I have worked with engineers over the years. They typically generally very strongly preferred terse communication to verbose communication.

According to Configuring email on osTicket, "In order to use Gmail, your host must support SSL, so osTicket can negotiate the secure connection, and you must enable IMAP or POP in your GMail or GApps account."

I have a Google Apps account, although I think it might be called a Google Suite account now. (I wearied years ago of trying to keep up with Google's executives' seemingly absurdly comical efforts to confuse their customers by capriciously rebranding/renaming/canceling products. Be that as it may, Google makes many excellent products several of which I use nearly every day).

I have not really used that Google Apps account much in about eight years, but it is grandfathered in as a free account. I logged in the other day and verified that it is still active. Therefore, I would like to use it.

If I were to follow the directions listed at Issue SSL Certificates for Apache Using Certbot on CentOS 7 does it seem to you that, that SSL certificate would suffice?

Also, the domain name which is associated with the GoogleApps account is not currently registered with a registrar. The domain name appears to be actually unregistered. After GoDaddy's pernicious practice (years ago) of snagging domains people had looked up but did not register, I prefer not actually look up the domain name for fear some other registrar might snatch it up. I simply went to the URL and saw it was down. Also, the name is not quite obscure but it is close therefore, I would be surprised if anyone had registered it.

Would I need to re-register my domain in order to test out the osTicket email functionality with with the GoogleApps? I suppose I probably would. See, I do not want to test the osTicket email functionality through some other method than GoogleApps because my experience from around 2005 to 2010 with GoogleApps email service was excellent (nearly flawless if I remember correctly) and because I have a read many horror stories of people who seemed technically competent trying to manager their own email servers.

I suppose I might test could configure email on osTicket to run through Gmail instead of GoogleApps, but then I would run the risk that email would work properly through Gmail but not through GoogleApps. What is your opinion? Does my concern seem "over the top" the top to you?

My domain is a .com domain. It looks like for less than $10/year I could register the domain with Namesilo.com (I read many glowign reviews about Namesilo.com on various sub Reddits). But I estimate I won't go live for another 3 to 6 months, and therefore don't want to bother signing up with Namesilo.com and trying to figure out how their site works.

Sure, it supposed to be easy. But I remember spending many hours wrestling with GoDaddy to get all sorts of things set up (including my email) set up about 8 years ago. Eventually, I set everything up properly. But tasks like this always seem to take me a couple/few hours to figure out. Of course, once I actually get them set up and know how they work, the same stuff that took with a couple/few hours only takes a maybe five to ten minutes the next time I do it.

I probably spent at least 3 to 4 hours Googling and trying various methods to install osTicket 1.10 on CentOS 7. Now I can install it in about 10 minutes.

If I were to need re-register my domain to test osTicket's email feature though my Google Apps account then I suppose I would reluctantly sign up for an account with Namesilo.com. Maybe it really will be easy for me to figure out how to use Namesilo.com. Maybe it will only take me, say, five to ten minutes. But I doubt it. By the way, I want to be clear: I am not in any way attempting to besmirch Namesilo.com. I have never actually used their service at all.

But see. I am not technical. Therefore nuances and nomenclature that technical folks are familiar with are often so foreign and confusing to me that it usually takes me a while to "get up to speed on them." Once I understand the technospeak, I translate it into plain English and put it into some step-by-step notes for myself that I can refer to as needed.

I am sorry for this verbose message. Thanks for taking the time to read it.

@stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

@stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

@scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

XML I think.

That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult.

Ya it's not bad at all. Here's the config from my Identity Management server. It's pretty similar to /etc/sysconfig/system-config-firewall on RHEL 6, just in zone specific XML files.

<zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="http"/> <service name="https"/> <service name="ntp"/> <service name="dhcpv6-client"/> <service name="kerberos"/> <service name="ldaps"/> <service name="ssh"/> <service name="dns"/> <service name="ldap"/> </zone>

Those services are predefined right? You can also build your own services via the same process.

Ya and you can define specific ports. I prob could have grabbed a better example.

No, I think I've got it just need to investigate actually setting these up.

I'm running the same version on Ubuntu and mostly idle CPU utilization and disk usage here.

@scottalanmiller said in Installing Linux Malware Detect and ClamAV on CentOS 7:

@travisdh1 said in Installing Linux Malware Detect and ClamAV on CentOS 7:

Any reason to use LMD instead of or in addition to rkhunter?

Doesn't rkhunter focus only on root kits?

Mostly, but this was the first time I remember hearing about LMD.

@scottalanmiller said in Installing a Basic LAMP Stack on CentOS 7:

@NashBrydges said in Installing a Basic LAMP Stack on CentOS 7:

@scottalanmiller I haven't yet. About to give it a try. Stuck to legacy since that was what I was reading everywhere.

Where is everywhere? Technet says to not use legacy.

https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-centos-and-red-hat-enterprise-linux-virtual-machines-on-hyper-v

Legacy is a fallback driver that you never want to use, it's low performance and high overhead. If you needed that for CentOS, it would make Hyper-V a silly, non-production ready platform. But Hyper-V is a good, solid performer.

Not only that, but I install all of my CentOS 7 VM's as Generation 2 when on Hyper-V they work perfectly with default settings for everything except secure boot. Uncheck secure boot. Everything else is 100% default settings.

Great job @scottalanmiller and welcome aboard!

Hope you enjoyed the experience!

Now if you want to play with it, I recommend you to use our CLI (http://docs.openio.io/cli-reference) or you can deploy our S3/Swift implementation (https://github.com/open-io/oio-sds/wiki/Install-Guide---OpenIO-Swift-S3-gateway).

Feel free to send me some feedbacks, I'm here to help!

Guillaume.
Product Manager & Co-Founder @ OpenIO

That's a good question... when does chrooting make more sense than containers today?

Storage is one. Lots of people use chroot jails for storage purposes. Containers are heavier than chrooting which has effectively no impact on any resources.

@scottalanmiller Thanks for this post and answering all my questions. @travisdh1 Thanks for answering all my questions as well. Good Thread!

@dafyre said:

@JaredBusch said:

@dafyre said:

As a matter of correctness... Do you have EPEL /REMI or any other repos installed in your CentOS 7 image?

The script is connecting the Gitlab RPM, that is all. The base image he uses for all of these is CentOS 7 minimal, release 1511 unless he has changed the base template on his scale cluster.

Right. I'm just curious if he has added the epel-release or any other repos to it.

Definitely no EPEL. I often use it, but avoid it in the base image.

I just used this myself to make a new block device in a single line. Awesome :)

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

While I have never made a how to with a port range, the basic firewalld syntax is used all over the place on this forum by me and every system that I have ever seen that accepts a port range does so with the range hyphenated from lower boundary to upper boundary.

I would have thought that this was a colon, though, not a hyphen.

I have never seen it commonly used with a colon to represent a range

Native IPTables. :)

I rarely work with native IPTables. That would explain a difference in point of view.

Yeah, and for me I pretty much have done raw edits on /etc/sysconfig/iptables and never used external tools. Now with FirewallD I'm relearning the syntax for everything on Linux firewalls.

Well, at least I'm not the only one then. Learning how to use firewall-cmd still feels a bit odd.

@scottalanmiller
In version 7, you can enable it. However, in my version 8 test, I previously installed successfully the Zextras trial which includes the chat module. It did not expire when the trial does.

Zextras Suite Brochure

Page 24 The Zextras Chat module is included in Zextras Suite 100% free of charge!

Zextras Suite Chat

Chat and Videochat: 100% Free of charge The Zextras Chat module is included in Zextras Suite 100% free of charge! The Zextras Chat Zimlet allows your users to communicate within the Zimbra Web Client, while desktop and mobile clients can connect via XMPP.

ZxChat

Is this free? Yes, it is and it will always be! ZeXtras Chat is a free module of ZeXtras Suite, and will be functional even if your ZeXtras Suite trial is expired or if you don't have a valid ZeXtras Suite License installed.

ZxChat FAQ

Is ZeXtras Chat free? Yes!

I've also previously setup OpenFire/Spark bundle in my previous employer. Though it never saw the light of approval.

Regarding AD integration, I'm not sure I understand it though. I have successfully provisioned a server which can look-up the account password in AD, though its a separate account (manual creation of account--separate from AD), the password is the same as Zimbra looks it up. Lock the account up and the user can not log into Zimbra as well.

@ou_snaaksie said in Installing Rocket.Chat on CentOS 7:

The installation worked perfetly, but after restarting the server I am unable to access Rocketchat.

I've run the line:
/opt/Rocket.Chat/node_modules/forever/bin/forever start /opt/Rocket.Chat/main.js

but it is still not working.

Use this command to see what is listening...

netstat -tulpn

@scottalanmiller said in Installing MongoDB 3.2 on CentOS 7:

Just tested and deployed to CentOS 7.2 on Linode.

This failed me, so I went to the mongo docs and the baseurl contains the variable $releasever.

using that results in redhat//mongodb in the file, which is why I assume you hard coded that bit.

Escaping the $ fixes it.

cat > /etc/yum.repos.d/mongodb-org-3.2.repo <<EOF [mongodb-org-3.2] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/3.2/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc EOF

Had a spare laptop laying around. Installing CentOS now. Also planning on installing NextCloud here soon as well. Creating a repository/shared calendar for the family with this machine.

No, there is nothing like that. The filesystem is just not there. It would warn you, though, so you would know not to be trying to save to something that doesn't exist.

@JaredBusch said:

@coliver said:

@JaredBusch said:

Disabke SELinux and see if it works. Then if so, add the port as allowed to SELinux?

Looks like it was SELinux, setting it to permissive allowed the port to be used. Now to figure out how to allow the port in SELinux.

semanage port -m -t http_port_t -p tcp 82

That did it thanks.

I tried Rundeck. It was more confusing than just using Ansible without a GUI. IMO, just having the playbook with yaml and jinja files is easier to read and use. GUIs always have at least one thing you need in a place you wouldn't think.

I guess I wouldn't mind having some reports in a GUI but I'll stick with just text files.

Since you have that thread about testing out Vultr...

They don't explain it very well there but you can spin up a VM with OwnCloud already installed and ready to go.

It runs on CentOS 6, but still very handy!

Time for weekend updates, it sounds like.

@thecreativeone91 said:

@JaredBusch It's in the Repo's https://copr.fedoraproject.org/coprs/jaile/sogo/

Fedora repos are neither the RHEL repos, not the EPEL repos nor SOGO's repos. Until it is all the way to in the OS or supported by the makers, it's not supported yet. Tons of things are RPM'd by third parties for things. But none that I would use in production.

@nadnerB said:

@thanksajdotcom said:

For @nadnerB , what htop looks like:

Ah ha. That looks like what I want. Thanks :)

No problem

I love screenconnect, used it for 3-4 years for simple remote support at my last company that offered "remote support" to the public.

Have now implemented it here now instead of Teamviewer.