Hosts NFS / NIS Mounts / Binding Verified

     Hosts NFS mounts have been checked and NIS bindings have been checked.  A few hosts failed to come up completely after reboot.  All of these problems have been resolved and all hosts are operational except for OpenSuse.

     OpenSuse has a problem with a library that breaks NIS.  I opened a ticket on this close to half a year ago.  If it is not resolved soon I am going to discontinue this host.

     If anyone has any suggestions for a better Linux distro, please e-mail them to nanook@eskimo.com.

     Thank you.

Reboots Complete – Still Checking Hosts

     The reboots are completed but I am about an hour behind schedule.

     Two things set me back.  First, SOMETHING installed dnsmasq on my stealth master DNS server.  It is a master that is hidden behind a firewall so that hackers can’t inject nastiness into it and then it supplies all the secondary servers with zone records.

     Because it has bind, it does not need dnsmasq.  Further, dnsmasq breaks bind IF it starts first because it uses the same network port (53) as bind thus blocking bind’s ability to attach to that port and function.

     So at some past point when I rebooted, about a week ago, zone records just now expired and all the secondary servers quit serving them, so when I went to ssh into the server, my workstation couldn’t find them (and neither could any external computer), thus it was broken for everyone but because I had posted about the reboots everyone was expecting an outage and nobody called so I was unaware until i tried to connect and then it took me a little while to figure out what the hell was going on.

     And then once that was resolved, one of Canonical’s engineers (the Ubuntu developers) asked me to try an experiment for them in order to try to nail down a problem with a apparmor profile for libvirtd, and that took additional time.

     Everything is rebooted now but I am still checking for proper NFS mounts and NIS binding of hosts to servers.

Server Reboots

     I am planning on rebooting physical hosts which will affect all services tonight starting at midnight.  I should be complete by about 12:30, and then another hour or so to check all the servers for proper NFS/NIS mounting/binding which is not 100% reliable under Linux.

Eskimo SSL Certificate

     We use a site-wide SSL certificate for our web and mail servers which we purchased from RAPIDSSL.

     About two years ago, they were bought out by an outfit called SECTIGO, and asses apparently decided to shut off the intermediate certificate server even though they still had acquired customers using those certificates and without providing ANY warning to those customers (US), at least this is the explanation I’ve gotten from Integraserver, the dealer I bought the certificate through. SSLShopper’s SSL checker tells me the intermediate server expired a day ago.

     Consequently you will get a message when you connect to our mail server saying unable to verify the authenticity.  The web server is still working because Apache allows us to configure the intermediate servers into it so it doesn’t rely on their servers but there is no such option with the mail servers.

     I am having the certificates re-issued to reflect the current intermediate servers and will install as soon as I receive it.

Physical Host Reboots

     Tonight I have to reboot physical hosts which various virtual machines and NFS file system hosts that hosts things like your mail spool and home directories.  I expect to start this around 12AM and the reboots should be completed by about 12:30 but it will take a few more hours to check all the client machines to be sure NFS properly remounted and NIS properly rebinds to the NIS servers.

Mail to Comcast

     A couple of days ago a customers account here was compromised about two PM and used to send about 40,000 spams out before I shut it down.  I managed to delete the majority of them from queue before they were processed but some  got through.

     In response, Comcast black listed out entire domain rather than the one customer all the spam came from.

     I’ve already talked to Comcast Security and have been told it will take them 24-72 hours to remove the block.  The ticket number is #NA250519982.

Centos 8 -> Centos Stream

     CentOS8 has been out for approximately a half year and in that time no Desktop interface has been completely ported.  And at this time the current release is 8.1, however, Centos folks seem bent on abandoning Centos 8 and replacing it with a rolling release called Centos Stream similar to Fedora and that seems to be where all the development effort is going these days.  So I am planning on deleting the Centos8 server and replacing it with a Centos Stream server in the near future.

Centos 7 / Scientific 7 Additions

     Good news for those of you who liked the old Gnome environment on Centos6, Gnome is now available on Centos7 and Scientific Linux 7.  It has been, up to this point, unavailable because of the unavailability of gnome-flashback, necessary for remote Gnome Desktop access, but I found an “unofficial repository” that contained it so it is now installed.

     Also newly installed is the “KDE Plasma Workspaces” desktop.  Part of KDE was previously available but now there is a group and the full group is installed.  There is also a group for Mate now which makes it a more complete install than it previously was.

     And one more Desktop, LXQT, a fairly light Desktop similar to LXDE except using the QT graphical interface, is now also installed.

     Have fun!