CentOS Private Repositories (http://centos.cms4all.org/repo/7/)

This page gives a brief overview of the different repositories. The versions may vary because I can not maintain this page due to limited time.

Those packages absolute playground to fit onto newer hardware + multimedia. WineHQ builds just for fun.

drivers https://centos.cms4all.org/repo/centos/7/drivers/
btrfs-progs
hardinfo (GTK Tool show hardwareinfo)
libdrm 2.49.2
libva 2.1 (intel)
xorg-x11-drv-amdgpu 18.0.1
xorg-x11-drv-ati 18.0.1
xorg-x11-drv-intel+git
xort-x11-drv-nouveau 1.10.15
xorg-x11-drv-mga (broken by new Xorg /llvm software)

gstreamer https://centos.cms4all.org/repo/centos/7/gstreamer
gstreamer 1.10.15 with allmost every plugin
ffmpeg 2.8.14
x264-1.0.152
x265-2.7
rythmbox
guvcview 2.0.4
tumbler 0.2.1
totem with patch –no-existing-session (can be multiple open)
combat-nasm 2.13
double the libva 2.1 driver from drivers, because of gstreamer-vaapi

media *needs gstreamerhttps://centos.cms4all.org/repo/centos/7/media/
HandBrake 1.0.7
VLC 2.2.8
obs-studio-21.1.1
mplayer-1.3.0

mesa *needs drivers https://centos.cms4all.org/repo/centos/7/mesa/
freeglut-3.0.0
mesa-18.0.3
mesa-demos-8.3
mesa-private-llvm-6.0

wine *needs drivers,mesa,gstreamer http://centos.cms4all.org/repo/7/wine/
q4-wine-1.3.1
libtxc_dxtn 1.0.0
p11-kit i686 (at epel not exist)
wine-stage 2.21 / wine-stage-pba 3.8 (incl. d3dadapter)
https://centos.cms4all.org/repo/centos/7/wine/readme_wine-stage-pba.txt

Proxmox 4.4 Extreme Network Setup (Bring Network adapters in place)

For our solution we need.

  • eth0 (onboard here)
  • wlan (pcie card)
  • dummy0.

First let’s do the dummy interface(s):

root@cloud:~# echo dummy >> /etc/modules

root@cloud:~# echo options dummy numdummies=1 >> /etc/modprobe.d/dummy.conf

root@cloud:~# modprobe dummy

You can count the number of dummy interfaces by your self. Got in mind that the interface get automatical a hardware address, that can be in conflict with the virtual machine(s).

We reconfigure the interface in

root@cloud:~# nano /etc/network/interfaces

The configuration files has to look something like:

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you’re doing.
#
# If you want to manage part of the network configuration manually,
# please utilize the ‘source’ or ‘source-directory’ directives to do
# so.
# PVE will preserve these directives, but will NOT its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

allow-hotplug eth0
allow-hotplug dummy0

auto vmbr0
iface vmbr0 inet static
address 192.168.0.2
netmask 255.255.255.0
gateway 192.168.0.1
bridge_ports eth0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.127.1
netmask 255.255.255.0
broadcast 192.168.127.255
bridge_ports dummy0
bridge_stp off
bridge_fd 0

auto wlan0
iface wlan0 inet static
address 10.0.10.1
netmask 255.255.255.0
broadcast 10.0.10.255

If you do it up right here, proxmox will use it without problems;- there is no need for a graphical interface this time.

Time for reboot

Proxmox 4.4 Extreme Network Setup (Setup and fixes)

First we install needed software packages

Proxmox VE No-Subscription Repository

root@cloud:~# update -y
root@cloud:~# update dist-upgrade

Don’t hurt me about RFC RFC2606, because I subdomain everything to sweethome and “local.” is allowed in time of this post.

root@localhost:~# hostnamectl set-hostname cloud.sweethome.local

root@localhost:~# reboot

After reboot we login again as root

root@cloud:~# apt-get install install isc-dhcp-server bind9 ntpdate ntp

Fix bind9 with appamor

root@cloud:~# echo ‘/run/systemd/journal/dev-log rw,’ >> /etc/apparmor.d/local/usr.sbin.named

root@cloud:~# systemctl restart apparmor.service

Enable IP 4v forward in root@cloud:~# nano /etc/sysctl.conf
#net.ipv4.ip_forward=1 to
net.ipv4.ip_forward=1

We do not need to reboot now:

root@cloud:~# echo 1 > /proc/sys/net/ipv4/ip_forward

We sync local time is better for lxc containers.

root@cloud:~/systemctl stop ntp

Replace my local ntp server in

“root@cloud:~# vi /etc/ntp.conf”

to

server 0.de.pool.ntp.org iburst
server 1.de.pool.ntp.org iburst
server 2.de.pool.ntp.org iburst
server 3.de.pool.ntp.org iburst

Now we update our local time with time server.

root@cloud:~# ntpdate 0.de.pool.ntp.org

root@cloud:~# systemctl start ntp
root@cloud:~# systemctl enable ntp

What we got now:

  • Bind9 Ready for setup
  • isc-dhcpd ready for setup
  • ipforward v4
  • time sync

    Proxmox 4.4 Extreme Network Setup (Prolog)

    In this post i will declare how i configure:

    • Hypervisor as gate
    • Bind9 as nameserver
    • isc-dhcp as dhcp server
    • Provider WAN/LAN (192.168.0.0/24)
    • dummy networkadapter for virtual machines (192.168.127.0)
    • wlan hotspot (hostapd) (10.0.10.0/24) – not compatible with freebsd. Don’t wane buy another hardware.

    Why i not use NAT from proxmox:

    • Got everything around: Windows, Macs (Macs & Timecapsule Iphone), Linux Distributions (Debian/Centos/Android).
    • I wane speak with my machines by name, not ip addresses.
    • Pick mac address from virtual adapter and configure network directly as an network administrator (half dhcp).
    • use pxe setup on qemu/kvm.
    • This are things that i often did in the past and use today. On local machine and server side. Perhaps I look for an
      software in the future, but network infastructur inside virtualisation? With a good primary backup not needed.

      A type of this setup is more complicated as use of “dnsmaq” toolkit. What is nicely
      for small networks infrastructure. What ever that means. I’ve tested it one day and it works.

      This can be used directly under debian and ubuntu without proxmox for sure.

      Maybe I’ll write this post to see for myself how I’ve solved it. 🙂

    Centos 7 the journey form NetworkManager to self managed network configuration files

    Long time ago that i wrote something. I think it’s time to start with a small one…

    While I create a manual installation for Centos 7, i was borrowed by follow message after
    disabled the NetworkManager:
    (systemctl stop NetworkManager; systemctl disable NetworkManager; systemctl mask NetworkManager)

    systemctl restart network … BOOOM (-;

    network.service – LSB: Bring up/down networking
    Loaded: loaded (/etc/rc.d/init.d/network; bad; vendor preset: disabled)
    Active: failed (Result: exit-code) since Di 2017-03-07 19:01:15 CET; 7s ago
    Docs: man:systemd-sysv-generator(8)
    Process: 3469 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=6)

    I wasn’t that stupid, created the file with nmtui. In fact: No mistakes! But the failure
    came around from ipv6, what i disabled in the configuration.

    Search for a file like “/etc/sysconfig/network”. “touch” it or create empty one.

    echo “# Created by anaconda” > /etc/sysconfig/network

    your done. Now “systemctl start/stop/restart network “work and the adapter is up on boot.

    There is one little thing about loopback device, which is not present NetworkManager:

    “ip r”

    default via 172.16.200.1 dev enp2s0
    169.254.0.0/16 dev enp2s0 scope link metric 1002
    172.16.200.0/24 dev enp2s0 proto kernel scope link src 172.16.200

    After read up some forums who tell you “Prevent the kernel from load ipv6”. In Centos 7 the ipv6 module is builtin. 🙂
    By the way the backloop ip is ipv 4.

    After I add to the ifcfg- configuration file:

    NOZEROCONF=yes

    Everything looks clean.

    “ip r”
    default via 172.16.200.1 dev enp2s0
    172.16.200.0/24 dev enp2s0 proto kernel scope link src 172.16.200.10

    We can still mix ipv4 and ipv6 with another card.

    Now everything works like it should;- how simple it can be……

    PS: You really know what you install when you “click” inside a gui? 🙂 Me not.

    Add my git user

    I log in as root:

    adduser-N -d /path/to/my/repository/repo -s /bin/bash -r MyGitUser

    -N do not create a group with the same name as the user
    -d home directory of the new account
    -s login shell of the new account
    -r create a system account

    what’s happen in /etc/passwd
    MyGitUser:x:888:100:/path/to/my/repository/repo:/bin/bash

    passwd MyGitUser

    ok back again.

    Now i’m able todo something like
    git clone MyGitUser@myhost:project.git
    or more complicated
    git clone MyGitUser@myhost:/path/to/my/repository/repo/project.git

    cheers

    CGIT inside ispconfig 3

    I got many git resources on my server, there must be a way to push it into the world wide web. CGI.GIT is one of them. Let’s try it out here inside of ispconfig 3.

    Through the previous installation I have a lot of development tools on board.

    Missing only:
    yum install openssl-devel asciidoc xmlto

    cd /usr/local/src
    wget https://git.zx2c4.com/cgit/snapshot/cgit-1.0.tar.xz
    tar xf cgi-1.0.tar.xz
    cd cgi-1.0
    make get-git
    make CGIT_SCRIPT_PATH=/usr/share/cgit prefix=/usr install install-man
    .
    .
    install -m 0755 -d /usr/share/man/man5
    SUBDIR git
    install -m 0644 cgitrc.5 /usr/share/man/man5
    install -m 0755 -d /usr/share/cgit
    install -m 0755 cgit /usr/share/cgit/cgit.cgi
    install -m 0755 -d /usr/share/cgit
    install -m 0644 cgit.css /usr/share/cgit/cgit.css
    install -m 0644 cgit.png /usr/share/cgit/cgit.png
    install -m 0644 favicon.ico /usr/share/cgit/favicon.ico
    install -m 0644 robots.txt /usr/share/cgit/robots.txt
    install -m 0755 -d /usr/lib/cgit/filters
    cp -r filters/* /usr/lib/cgit/filters
    .
    .

    Aha, this files are installed. With yum history I removed the installed developer parts..

    Create the cache
    install -vd “/var/cache/cgit”

    For better syntax highlight:
    yum install highlight

    create a new web site in ispconfig and check only cgi & active.
    Option -> Apache directives:

    <Directory /var/www/MyGitWebSide/web>
    DirectoryIndex disabled
    DirectoryIndex cgit.cgi
    Options +ExecCGI
    AddHandler cgi-script .cgi
    </Directory>

    Back in the console

    cd /var/www/MyGitWebSide/web
    cp /usr/share/cgit/* .
    mkdir css
    mv cgit.css cgit.png css
    rm index.html

    Clean up permissions:
    chown -R webXXX:clientXXXX *

    Directory looks like
    ls
    cgit.cgi css favicon.ico robots.txt stats

    vi /etc/cgitrc
    # cgit config
    css=/css/cgit.css
    logo=/css/cgit.png
    # if you don’t want that webcrawler (like google) index your site
    robots=noindex, nofollow
    #syntax highlight
    source-filter=/usr/lib/cgit/filters/syntax-highlighting-edited.sh
    ## and included like this:
    ## include=/etc/cgitrepos
    repo.url=test-git
    repo.path=/path/to/my/repository/test.git
    repo.desc=Test Git
    repo.owner=me@myhost
    # if had another module – it would be added like so
    # repo.url=OSGi-module
    # repo.path=/home/git/repositories/OSGi-module.git
    # repo.desc=the OSGi-module repository
    # repo.owner=foo@bar.com

    cp /usr/lib/cgit/filters/syntax-highlighting.sh /usr/lib/cgit/filters/syntax-highlighting-edited.sh

    Enable version 3 and add “–inline-css” at the end.

    vi /usr/lib/cgit/filters/syntax-highlighting-edited.sh

    # for version 3.
    #
    # Version 2 can be found (for example) on EPEL 5, while version 3 can be
    # found (for example) on EPEL 6.
    #
    # This is for version 2
    #exec highlight –force -f -I -X -S “$EXTENSION” 2>/dev/null

    # This is for version 3
    exec highlight –force -f -I –inline-css -O xhtml -S “$EXTENSION” 2>/dev/null

    Now I’m able to browse my git on web.

    Quick and dirty

    Sometimes I felt like a normal person without any kind of bad conscience. It takes me two hours and the server was ready. https://www.howtoforge.com/perfect-server-centos-7-apache2-mysql-php-pureftpd-postfix-dovecot-and-ispconfig3
    helped me out.

    I was a fool, hammer down every ssl information with enter. This must be corrected:

    Postfix
    cd /etc/postfix
    Genenerate Postfix ssl key:
    openssl req -x509 -newkey rsa:2048 -keyout smtpd.key -out smtpd.cert -days 3650 -nodes
    chmod 600 smtp.*

    change /etc/postfix/master.cf (add some lines to get smtps, taken from my old host)
    smtps inet n – n – – smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING

    ISPConfig
    cd /usr/local/ispconfig/interface/ssl
    openssl genrsa -des3 -out ispserver.key 4096
    openssl req -new -key ispserver.key -out ispserver.csr
    openssl x509 -req -days 3650 -in ispserver.csr \
    -signkey ispserver.key -out ispserver.crt
    openssl rsa -in ispserver.key -out ispserver.key.insecure
    mv ispserver.key ispserver.key.secure
    mv ispserver.key.insecure ispserver.key

    HTTPD
    vi /etc/httpd/conf.d/ssl.conf
    replace follow line:
    #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
    #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

    #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key (one line !!!)

    Standard SSL website share the same ssl-keys from ispconfig.

    Uh done. I was near a seam outburst.

    Time to left the old server…

    It was in time to update my v-server. The given package could not be updated. I went to my provider and bought a new one. It came preinstalled with Ubuntu 14.04. A System with a lifecycle till april 2019. No. I take a look to the systems that can be installed and yeah.. centos 7 is there. Security lifecycle till 2024. Good. That’s the way …the story goes on…