Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«6 »
  • Post
  • Reply
xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

rhel and derivatives do clean up old kernels, but they didn't always. Don't remember anymore when they fixed it.

These days they keep the kernel the system was installed with, the previous kernel and the most recently installed kernel.

Adbot
ADBOT LOVES YOU

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

My group has been doing monthly kernel updates and reboots on 2700-ish servers for 15 years now over a normal ssh connection and have not lost a single system from a corrupted/failed rpm install due to connection drop. I'd certainly be more careful over a choppy globe crossing network connection but on a robust LAN it's a thing no one should put energy into worrying about.

Just don't run the update and reboot in the same command and you'll be fine. If your connection drops, you ssh back in and make sure the package installed. Problem solved.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Need a term for "this is hosed beyond my desire to try and fix it even though I admit it certainly is repairable."

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Containers can't mount disks without privileged mode. Better scheme is to mount volumes outside the container and make them available to the container with -v options.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Or spin up a clone of the system on a VM outside the protected environment, let yum do all the work, then copy all the packages it installed out of the cache.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Sarcastic but realistic. Eventually everyone gets to the point of "gently caress it, run as root" because they get tired of trying to figure out how to do it right.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

The issue has never been whether it could be done, it's more that people realized they don't really give a poo poo and the feature dies on the vine.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

You don't need to quote the curly braces or plus.

The reason the xargs form failed is because {} is meaningless to it. If you added the option "-I {}" then it would work.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Pfft, bash or

yes I opened that can

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

If you have Apache installed, look at the included rotatelogs command.

If not, I guarantee you can find a zillion stdout rotating solutions with some google.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

apropos man posted:

My immediate thought was "well I suppose they can fork", but the Red Hat stream of OS'es is too big a project to fork, isn't it? Is it?


There's nothing to fork, at least not near term. Both centos and scientific linux (not really sure if there's any other live+free rhel clones are out there atm) have shown that as long as the srpms continue to get published a rhel based system is not hard to produce.

(yes, centos is owned by redhat now, but it ran for a long time on its own)

My feeling is IBM influence won't be felt for a couple years.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

I like how the world has changed to the point where we've gone from slashdot style zero irony "M$ GONNA DESTROY LINUX" to preferring them owning a linux distribution than IBM, the company we were all cheering for when SCO was still a thing.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

anaconda defaults to graphical install, even when using a kickstart file. Edit the ks.cfg to get rid of skipx and text options and I'd think that will do it.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

What's the status on DNF? Got symlinks to yum?

edit - scrolled down and actually read, using yum 4. Which is DNF, right? I can't keep this poo poo straight anymore.

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Docjowles posted:

Probably responding to a joke/troll, but what would they reasonably replace systemd with at this point?

docker!

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

code:
# wc -l /proc/mounts
24556 /proc/mounts
Anyone wanna guess what happened.

users with root access and a cron job

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Yeah, this is exactly what I want to do while visiting family. Will generate no friction whatsoever.



(The story being linked to is basically just a new release announcement with some traditional WINDOZE SUX mixed in)

Adbot
ADBOT LOVES YOU

xzzy
Mar 5, 2009

wakey wakey to
this bowl of tasty


Yams Fan

Setting output to a drop policy seems excessive to me, but I I suppose there's good reasons to do it. But my suggestion is to not worry about it.

Be aware that docker also sets up some masquerade rules in the nat table, which aren't printed with 'iptables -l'. If you specify -t nat they'll show up and those rules are the ones that allow containers to talk to the outside world. Delete those rules and the containers will be locked down pretty tight (or configure docker to not modify iptables).

Just don't do it for docker0, as you'll run into problems pulling images. It's good practice to run containers on a bridge you create.


If you stop docker from messing with iptables note it also sets up rules inside containers (again in the nat table) to allow the internal dns to function. I can't remember if that breaks when docker stops messing with iptables.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«6 »