Maltfield Log/2020 Q2

From Open Source Ecology
Jump to: navigation, search

My work log from the year 2020 Quarter 2. I intentionally made this verbose to make future admin's work easier when troubleshooting. The more keywords, error messages, etc that are listed in this log, the more helpful it will be for the future OSE Sysadmin.

See Also

  1. Maltfield_Log
  2. User:Maltfield
  3. Special:Contributions/Maltfield

Thr May 26, 2020

  1. Marcin asked me about issues using this embed JS code to get a discourese topic to be displayed in the wiki https://meta.discourse.org/t/embedding-discourse-comments-via-javascript/31963
  2. I got this working by fixing a few issues
    1. The list of "Allowed Hosts" in discourse.opensourceecology.org's Admin -> Customize -> Embedding section didn't include the 'wiki.opensourceecology.org' domain. I Got this working by adding the following two lines to this list of Allowed Hosts:
      1. www.opensourceecology.org, (no class name), (no path whitelist), Post to Category = GVCS
      2. wiki.opensourceecology.org, (no class name), (no path whitelist), Post to Category = GVCS
    2. But I'm pretty sure that that "Post to Cateogry" is unnecessary since I could only reference existing topics by their ID
    3. Marcin tried to edit the prod wiki for accessing the discourse site that's only accessible in staging. He's using a firejail'd firefox to force firefox to use the dev dns server so it can access staging, but his main browser window that sees production can't access our staging sites. I made the JS available on the staging wiki and told him to access it on his firejail'd firefox window https://wiki.opensourceecology.org/wiki/Test
    4. I couldn't get the original code that Marcin tried to work. As described in the topic from meta.discourse.org linked-to above, this is supposed to create a new topic per page that the embed code is found on.
<html>

<div id='discourse-comments'></div>

<script type="text/javascript">
  DiscourseEmbed = { discourseUrl: 'https://discourse.opensourceecology.org/',
					 discourseEmbedUrl: 'https://wiki.opensourceecology.org/wiki/Test'};

  (function() {
	var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
	d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
	(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
  })();
</script>

</html>
    1. instead, I used this to reference a pre-existing topic ID, and it worked
<html>
<div id='discourse-comments'></div>

<script type="text/javascript">
  window.DiscourseEmbed = { discourseUrl: 'https://discourse.opensourceecology.org/',
					 topicId: 49 };

  (function() {
	var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
	d.src = window.DiscourseEmbed.discourseUrl + 'javascripts/embed.js';
	(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
  })();
</script>
</html>
  1. ...
  2. Marcin asked me about installing themes. This is an issue because our server's iptables intentionally prevent our web apps from initiating requets; they can only respond to requests.
  3. I found that you can upload a theme, which is the easiest way to install a theme (command line installs are apparently not really possible other than this hack of a solution) https://meta.discourse.org/t/how-do-i-install-a-theme-or-theme-component/63682/50
  4. I documented the process to upload and install a theme and theme component on the wiki's Discourse article https://wiki.opensourceecology.org/wiki/Discourse#Installing_Themes_and_Components
  5. I also spent some time preparing & uploading my backups of the PURGE topic where I was threatend to be banned from the Discourse forums for asking about their documentation policy and providing my own documentation https://wiki.opensourceecology.org/wiki/Discourse#Strategic_Open_Source

Thr May 21, 2020

  1. Meeting with Marcin
  2. Marcin fixed his issues with firejail so he can access the staging server from firefox in a firejail'd sandbox that forced firefox to use our Dev server's DNS (which redirects queries for our sites to the IP address of the staging server's VPN IP instead of the pubicly-addressible prod server)
    1. I updated our documentation with these commands
    2. And Marcin added this to his personal notes on connecting to the staging server
  3. Marcin was able to register an account on our discourse staging site
  4. I was able to grant Marcin's new account to be moderator & admin
  5. Marcin started playing with the stie as admin
  6. I asked Marcin to thourougly test the site. We didn't encounter any issues during our call, but hopefully we can fix any issues that may arise before I install on prod
  7. Hoepfully the prod install will happen in 1-3 weeks from now, depending on Marcin's tests
  8. I also asked marcin to consider & decide on what the domain should be. discourse.opensourceecology.org? discuss.opensourceecology.org? discuss.opensourceecology.org? forum.opensourceecology.org?
  9. I did a bunch of cleanup & organizing to our Discourse page on the wiki
    1. I added a section describing my conclusion that Discourse is a Fake Open Source project https://wiki.opensourceecology.org/wiki/Discourse#Fake_Open_Source
    2. I seperated out the install guide into a subpage https://wiki.opensourceecology.org/wiki/Discourse/Install
    3. I seperated out the updating guide into a subpage https://wiki.opensourceecology.org/wiki/Discourse/Updating

Mon May 18, 2020

  1. we got a request to delete a user's phone number from this page https://wiki.opensourceecology.org/wiki/Local_Contacts
  2. I immeidately deleted the current revision, but that doesn't make it go away from previous revisions as documented here https://www.mediawiki.org/wiki/GDPR_(General_Data_Protection_Regulation)_and_MediaWiki_software#The_problem_of_deleting_a_user's_contributions
  3. It loos like this RevisionDelete tool has been integrated into Mediawiki core since 2009, but we don't have it enabled. I enabled it by editing our LocalSettings.php file on prod https://www.mediawiki.org/wiki/Help:RevisionDelete
[root@opensourceecology wiki.opensourceecology.org]# cp LocalSettings.php LocalSettings.20200518.php
[root@opensourceecology wiki.opensourceecology.org]# vim LocalSettings.php
[root@opensourceecology wiki.opensourceecology.org]# grep -E 'deletelogentry|deleterevision' LocalSettings.php
$wgGroupPermissions['sysop']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;
[root@opensourceecology wiki.opensourceecology.org]# 
  1. ...
  2. I did some refining of the varnish config
    1. I commented-out the block that would bypass the cache if the backend responsed with no-cache or similar. The fact is that Discourse wasn't developed to play nice with reverse proxy caching sitting in-front of it. Instead, we just use a very short TTL (~5 minutes) so we don't really need to respec the backend, anyway
  3. I added a block (taken from our other wordpress varnish configs) that will strip cookies from requests for requests for static assets (without auth headers) so that static content (images, css, js, etc) will be cached--even if the user is logged-in
vcl_recv {
...
	# cache static content, even if a user is logged-in (but strip cookies)
	if (req.method ~ "^(GET|HEAD)$" && req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\?.*)?$") {

	  # if you use a subdomain for admin section, do not cache it
	  #if (req.http.host ~ "admin.yourdomain.com") {
	  #    set req.http.X-VC-Cacheable = "NO:Admin domain";
	  #    return(pass);
	  #}
	  # enable this if you want
	  #if (req.url ~ "debug") {
	  #    set req.http.X-VC-Debug = "true";
	  #}
	  # enable this if you need it
	  #if (req.url ~ "nocache") {
	  #    set req.http.X-VC-Cacheable = "NO:Not cacheable, nocache in URL";
	  #    return(pass);
	  #}

	  set req.url = regsub(req.url, "\?.*$", "");

	  # unset cookie only if no http auth
	  if (!req.http.Authorization) {
		  unset req.http.Cookie;
	  }

	  return(hash);

	}
...
}
  1. I also noticed that the X-Forwarded-For header was being clobbered and reset twice; once by varnish and once by our discourse-specific varnish config. I commented-out ours to fix this as it's redundant
  2. ok, I'm pretty happy with that varnish config. But I'm not going to cross it off the TODO list until I've done a fresh DIscourse install with this config and then validated it again.
  3. ...
  4. the one other item on our Discourse TODO list is to harden the file ownership & permissions
  5. I asked about this on the Discourse forums about a month ago, but nobody responded; I bumped it https://meta.discourse.org/t/minimum-hardened-file-permissions/148974
  6. I checked the install guide, which does explicitly tell you to become root and tells you that you need to be root to execute all the operations https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md
  7. I'm not sure I'll actually be able to harden this, unfortunately :(
  8. ...
  9. anyway, I encounered an issue updating the logo
==> /var/discourse/shared/standalone/log/var-log/nginx/error.log <==
2020/05/18 12:12:10 [error] 567#567: *1354 [client 172.17.0.1] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Eq' with parameter `0' against variable `MULTIPART_UNMATCHED_BOUNDARY' (Value: `2' ) [file "/etc/modsecurity/modsecurity.conf"] [line "73"] [id "200004"] [rev ""] [msg "Multipart parser detected a possible unmatched boundary."] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "172.17.0.2"] [uri "/uploads.json"] [unique_id "158980393038.283883"] [ref "v1326,1"], client: 172.17.0.1, server: _, request: "POST /uploads.json?client_id=1abc28e288b84e80890b21c25616217e&for_site_setting=true HTTP/1.1", host: "discourse.opensourceecology.org", referrer: "https://discourse.opensourceecology.org/admin/site_settings/category/branding"

==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <==
[18/May/2020:12:12:10 +0000] "discourse.opensourceecology.org" 172.17.0.1 "POST /uploads.json?client_id=1abc28e288b84e80890b21c25616217e&for_site_setting=true HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 403 294 "https://discourse.opensourceecology.org/admin/site_settings/category/branding" - 0.000 "-"

==> /var/discourse/shared/standalone/log/rails/production.log <==
Job exception: getaddrinfo: Temporary failure in name resolution (SocketError)
  1. So I added this rule id to the allow-list
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/nginx/conf.d/modsecurity.include 
################################################################################
# File:    modsecurity.include
# Version: 0.1
# Purpose: Defines mod_security rules for the discourse vhost
#          This should be included in the server{} blocks nginx vhosts.
# Author:  Michael Altfield <michael@opensourceecology.org>
# Created: 2019-11-12
# Updated: 2019-11-12
################################################################################
Include "/etc/modsecurity/modsecurity.conf"

# OWASP Core Rule Set, installed from the 'modsecurity-crs' package in debian
Include /etc/modsecurity/crs/crs-setup.conf
Include /usr/share/modsecurity-crs/rules/*.conf

SecRuleRemoveById 949110 942360 200004
root@osestaging1-discourse-ose:/var/www/discourse# sv stop nginx
ok: down: nginx: 0s, normally up
root@osestaging1-discourse-ose:/var/www/discourse# sv start nginx
ok: run: nginx: (pid 22705) 0s
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. that helped, but my attempts to update the logo still don't work. I didn't find anything useful in the error logs, but I did notice in firefox's network tab that my PUT requests didn't get a response.
  2. I updated the "outer" nginx config to permit PUTs, and that fixed it
   # whitelist requests to disable TRACE
   if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT)$ ) {
	  # note: 444 is a meta code; it doesn't return anything, actually
	  #       it just logs, drops, & closes the connection (useful
	  #       against malware)
	  return 444;
   }
  1. I encountered another ModSecurity FP when attempting to update the site's title
---YxQOk4X9---F--
HTTP/1.1 200
Referrer-Policy: strict-origin-when-cross-origin
X-Discourse-Route: site_settings/update
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Discourse-Username: maltfield0
X-XSS-Protection: 1; mode=block
Set-Cookie: _forum_session=WGFseC9qbmJsS09tci9EN3hYUHVzNU9NYmQvWW5rZnM1ZE5aOXZDekl2dklPY1VRUGJrbE51YTA5LzA0d3JqcVgrK3lLbFRPbkJTOHlWNFF1TnhQUEtmSmRNWnlnSlN3dUkrTHBZcmF4TWRBRnE1VmVGcHY1emswbFBsTWFVUTAzdC9zZHRKY3VXcFppY0d5dkUycFJROWZRS0NISXZWbnVOOFUwdUJsY1pNNU5RWWlwUzByMjlxbk5CVzl0bjFiR1pvZUhUMzJXeHh1cGJWbTFTV3hhTUtDb0lKeVJ4N1dBZ2lsZmd1YVozZXZDeFFXdFNJVjRXajVvVzNPNEt5M1NEbDJSQU9KY3k3KytVTUxxWTdzVjRMaVdMYm1HeTJacTNiU2RyREZHYU0vSkl4VTFPMlBCb0dPOFgveVNpRDVxZ3ZuaFdwTmw5b3hWT3BnU0gwSmdOLzV4Mi9DR0pzVUZvQW5rOUFLVWJTNGZLNHcxTWg0dDRYZ3cwZWVoOXNpalkxRnMrZnZSNldhN1htdkl6UjZJVnBDdWR4cTNuT0pBU3hFYkpWU0JORT0tLThYYitoTG5xdk1BcnVIQmZGQXk5MGc9PQ%3D%3D--ae58415ffb15b38ef6677093a2460471b8022ecd; path=/; HttpOnly; SameSite=Lax
Connection: keep-alive
X-Content-Type-Options: nosniff
X-Runtime: 0.074189
Content-Type: text/plain; charset=utf-8
Date: Mon, 18 May 2020 12:51:55 GMT
Server: nginx
X-Request-Id: e3cbd5da-e98d-4f11-966f-129466c7affa
Cache-Control: no-cache, no-store

---YxQOk4X9---H--
ModSecurity: Warning. Matched "Operator `Within' with parameter `GET HEAD POST OPTIONS' against variable `REQUEST_METHOD' (Value: `PUT' ) [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "27"] [id "911100"] [rev ""] [msg "Method is not allowed by policy"] [data "PUT"] [severity "2"] [ver "OWASP_CRS/3.1.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "172.17.0.2"] [uri "/admin/site_settings/title"] [unique_id "158980631570.007056"] [ref "v0,3"]

---YxQOk4X9---I--
  1. adding rule id = '911100' to the allow-list worked
  2. I hit another ModSecurity issue when attempting to edit a big html textarea on this page https://discourse.opensourceecology.org/admin/customize/email_style/html
    1. fixed by whitelisting 921130, 941250, 941180, 941160, 941140, 941130, 941100
  3. for some reason going to logs > error logs is blank; my browser showed a lot of 404 messages https://discourse.opensourceecology.org/logs
[18/May/2020:13:16:22 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 200 4441 "https://discourse.opensourceecology.org/admin/logs/search_logs" 0.057 0.057 "-"

==> /var/discourse/shared/standalone/log/rails/production.log <==
ActionController::RoutingError (No route matches [GET] "/logs/stylesheets/vendor.css")
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call'

==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <==
[18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/stylesheets/vendor.css HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "https://discourse.opensourceecology.org/logs" 0.038 0.037 "-"

==> /var/discourse/shared/standalone/log/rails/production.log <==
ActionController::RoutingError (No route matches [GET] "/logs/javascript/vendor.js")
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call'

==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <==
[18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/javascript/vendor.js HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "https://discourse.opensourceecology.org/logs" 0.040 0.041 "-"

==> /var/discourse/shared/standalone/log/rails/production.log <==
ActionController::RoutingError (No route matches [GET] "/logs/stylesheets/client-app.css")
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call'

==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <==
[18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/stylesheets/client-app.css HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "https://discourse.opensourceecology.org/logs" 0.062 0.062 "-"

==> /var/discourse/shared/standalone/log/rails/production.log <==
ActionController::RoutingError (No route matches [GET] "/logs/javascript/client-app.js")
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call'

==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <==
[18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/javascript/client-app.js HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "https://discourse.opensourceecology.org/logs" 0.026 0.026 "-"

==> /var/discourse/shared/standalone/log/rails/production.log <==
ActionController::RoutingError (No route matches [GET] "/logs/images/icon_144x144.png")
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call'
ActionController::RoutingError (No route matches [GET] "/logs/images/icon_64x64.png")
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call'

==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <==
[18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/images/icon_144x144.png HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "-" 0.042 0.042 "-"
[18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/images/icon_64x64.png HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "-" 0.038 0.038 "-"

==> /var/discourse/shared/standalone/log/var-log/redis/current <==
542:M 18 May 2020 13:16:24.100 * 10 changes in 300 seconds. Saving...
542:M 18 May 2020 13:16:24.114 * Background saving started by pid 26808
26808:C 18 May 2020 13:16:24.161 * DB saved on disk
26808:C 18 May 2020 13:16:24.162 * RDB: 0 MB of memory used by copy-on-write
542:M 18 May 2020 13:16:24.215 * Background saving terminated with success

==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <==
[18/May/2020:13:16:24 +0000] "discourse.opensourceecology.org" 172.17.0.1 "POST /message-bus/c8ab0418fc5c48b78813e778afe184ad/poll?dlp=t HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 200 575 "https://discourse.opensourceecology.org/g" 0.031 0.031 "-"
  1. I'm not sure if it even makes sense to test email functionality yet on staging (where there's issues with SPF rules), but it failed https://discourse.opensourceecology.org/admin/email
There was a problem sending the test email. Please double-check your mail settings, verify that your host is not blocking mail connections, and try again.
  1. I'm not even getting an error message on the staging server's postfix /var/log/maillog, so I'm thinking this is a real issue.
  2. yeah, it looks like postfix isn't even listening on the docker host ip
[root@osestaging1 conf.d]# ss -plan | grep -i master | grep LISTEN | grep ':25'
tcp    LISTEN     0      100    127.0.0.1:25                    *:*                   users:(("master",pid=813,fd=13))
[root@osestaging1 conf.d]# grep inet_interfaces /etc/postfix/main.cf
# The inet_interfaces parameter specifies the network interface
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
inet_interfaces = localhost
# the address list specified with the inet_interfaces parameter.
# receives mail on (see the inet_interfaces parameter).
# to $mydestination, $inet_interfaces or $proxy_interfaces.
# - destinations that match $inet_interfaces or $proxy_interfaces,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
[root@osestaging1 conf.d]# 
  1. I changed it to include the docker gateway, and now `ss` looks better
[root@osestaging1 conf.d]# systemctl restart postfix
[root@osestaging1 conf.d]# ss -plan | grep -i master | grep LISTEN | grep ':25'
tcp    LISTEN     0      100    172.17.0.1:25                    *:*                   users:(("master",pid=27688,fd=14))
tcp    LISTEN     0      100    127.0.0.1:25                    *:*                   users:(("master",pid=27688,fd=13))
[root@osestaging1 conf.d]# grep inet_interfaces /etc/postfix/main.cf
# The inet_interfaces parameter specifies the network interface
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
inet_interfaces = localhost, 172.17.0.1
# the address list specified with the inet_interfaces parameter.
# receives mail on (see the inet_interfaces parameter).
# to $mydestination, $inet_interfaces or $proxy_interfaces.
# - destinations that match $inet_interfaces or $proxy_interfaces,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
[root@osestaging1 conf.d]# 
  1. there's some iptables issues. I finally got it to connect after flushing the iptables on the docker container and adding this rule on the docker host: "iptables -A INPUT -d 172.17.0.1 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT"
May 18 13:39:21 osestaging1 postfix/smtpd[29248]: connect from unknown[172.17.0.2]
May 18 13:39:21 osestaging1 postfix/smtpd[29248]: 5DC0B5E0DEF: client=unknown[172.17.0.2]
May 18 13:39:21 osestaging1 postfix/cleanup[29251]: 5DC0B5E0DEF: message-id=<16af0159-eb43-414a-9020-7726ef05ecdc@discourse.opensourceecology.org>                                                                
May 18 13:39:21 osestaging1 postfix/qmgr[27690]: 5DC0B5E0DEF: from=<noreply@unconfigured.discourse.org>, size=8855, nrcpt=1 (queue active)                                                                        
May 18 13:39:21 osestaging1 postfix/smtpd[29248]: disconnect from unknown[172.17.0.2]
May 18 13:39:22 osestaging1 postfix/smtp[29253]: 5DC0B5E0DEF: to=<michael@opensourceecology.org>, relay=aspmx.l.google.com[66.102.1.27]:25, delay=0.62, delays=0.07/0.06/0.11/0.37, dsn=5.7.26, status=bounced (host aspmx.l.google.com[66.102.1.27] said: 550-5.7.26 Unauthenticated email from discourse.org is not accepted due to 550-5.7.26 domain's DMARC policy. Please contact the administrator of 550-5.7.26 discourse.org domain if this was a legitimate mail. Please visit 550-5.7.26  https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.26 DMARC initiative. w13si10283349wrp.412 - gsmtp (in reply to end of DATA command))                                                                                             
May 18 13:39:22 osestaging1 postfix/cleanup[29251]: 065D55E2DBD: message-id=<20200518133922.065D55E2DBD@mailer.opensourceecology.org>                                                                             
May 18 13:39:22 osestaging1 postfix/qmgr[27690]: 065D55E2DBD: from=<>, size=11662, nrcpt=1 (queue active)
May 18 13:39:22 osestaging1 postfix/bounce[29254]: 5DC0B5E0DEF: sender non-delivery notification: 065D55E2DBD                                                                                                     
May 18 13:39:22 osestaging1 postfix/qmgr[27690]: 5DC0B5E0DEF: removed
May 18 13:39:22 osestaging1 postfix/smtp[29253]: 065D55E2DBD: to=<noreply@unconfigured.discourse.org>, relay=none, delay=0.06, delays=0.02/0.01/0.03/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=unconfigured.discourse.org type=AAAA: Host not found)                        
May 18 13:39:22 osestaging1 postfix/qmgr[27690]: 065D55E2DBD: removed
  1. the iptables rule for the docker container is
iptables -A OUTPUT -d 172.17.0.1 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
  1. and I was able to craft a command to fix the posfix main.cf config with
grep 'inet_interfaces = localhost, 172.17.0.1' /etc/postfix/main.cf || sed --in-place=.`date "+%Y%m%d_%H%M%S"` 's%^\(inet_interfaces =.*\)$%#\1\ninet_interfaces = localhost, 172.17.0.1%' /etc/postfix/main.cf
  1. and I also crafted commands to update iptables on the docker host to permit docker containers to send mail
tmpDir="/var/tmp/`date "+%Y%m%d_%H%M%S"`_change_discourse_iptables"
mkdir "${tmpDir}"
pushd "${tmpDir}"
iptables-save > iptables_a
cp iptables_a iptables_b
grep "INPUT -d 172.17.0.1/32 -i docker0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT" iptables_b || sed -i 's%^\(.*-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT\)$%-A INPUT -d 172.17.0.1/32 -i docker0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT\n\1%' iptables_b
iptables-restore < iptables_b
service iptables save
popd
  1. ok, that fixes the network issues; the next issue is that email servers are rejecting the mail because it's coming from 'noreply@unconfigured.discourse.org'
  2. I had to change this in the WUI. after logging-in as the admin, I went to settings -> search for "notification email" to change it to 'noreply@discourse.opensourceecology.org'
  3. now it works!
May 18 17:22:54 osestaging1 postfix/smtpd[23195]: connect from unknown[172.17.0.2]
May 18 17:22:54 osestaging1 postfix/smtpd[23195]: C31835E328E: client=unknown[172.17.0.2]
May 18 17:22:54 osestaging1 postfix/cleanup[23197]: C31835E328E: message-id=<e9a1ebd4-9be2-4dc6-8e44-66544fcb4ca5@discourse.opensourceecology.org>
May 18 17:22:54 osestaging1 postfix/qmgr[27690]: C31835E328E: from=<noreply@discourse.opensourceecology.org>, size=8865, nrcpt=1 (queue active)
May 18 17:22:54 osestaging1 postfix/smtpd[23195]: disconnect from unknown[172.17.0.2]
May 18 17:22:54 osestaging1 postfix/smtp[23198]: connect to aspmx.l.google.com[2a00:1450:400c:c08::1b]:25: Network is unreachable
May 18 17:22:55 osestaging1 postfix/smtp[23198]: C31835E328E: to=<michael@opensourceecology.org>, relay=aspmx.l.google.com[173.194.76.26]:25, delay=0.51, delays=0.08/0.06/0.08/0.29, dsn=2.0.0, status=sent (250 2.0.0 OK  1589822577 j4si9355616wrb.460 - gsmtp)
May 18 17:22:55 osestaging1 postfix/qmgr[27690]: C31835E328E: removed
  1. actually, I think that log is a lie; the email didn't arrive. When I spoke to Sam Tuke (former CEO of phpList) he mentioned this can be an issue: gmail will lie with response codes to thwart spam
  2. anyway, that's good enough for now. I'm not gonna fuck with DNS. I expect that once it's coming from our actual prod server this last issue will be fixed.

Mon May 11, 2020

  1. I fixed the issue with the DB on the staging server (db wouldn't start so all wodpress sites were broken on staging) by initiating a sync of the mysql data dir (/var/lib/mysql)
time nice rsync -e "ssh -p 32415 -i /root/.ssh/id_rsa.201910" --bwlimit=3000 --numeric-ids --delete --rsync-path="sudo rsync" -av --progress /var/lib/mysql/ stagingsync@10.241.189.11:/var/lib/mysql/
  1. I also documented this command (for a single dir as opposed to a full sync) here https://wiki.opensourceecology.org/wiki/OSE_Staging_Server#Sync_Prod_to_Staging

Sun May 10, 2020

  1. onboarding call with Rob. He now has access to:
    1. a robert@opensourceecology.org email account
    2. ssh access to the dev server
    3. VPN access
    4. ssh access to the staging server (with sudo permission)
  2. we encountered an issue with the last prod to staging sync that broke mysql. I probably need to resync the mysql data dirs due to corruption or something
  3. we discussed his task, and I made clear the requirements for the "wordpress upgrade procedure" task, including the first deliverable, which should be a CHG ticket listing a set of idempotent & deterministic commands to run on production for updating the fef.opensourceecology.org wordpress site and all its themes/plugins and upgrading the database && valdation steps, etc.

Sat May 09, 2020

  1. I'm still investigating issues with the clients accessing the openvpn server after changing the topology from "net30" to "subnet"
  2. IPtables looks good. DNS over tun0 looks ok, and icmp for every interface is allowed
[root@osedev1 openvpn]# iptables-save
# Generated by iptables-save v1.4.21 on Sat May  9 12:22:35 2020
*mangle
:PREROUTING ACCEPT [51501895:33051507043]
:INPUT ACCEPT [42622449:15849589610]
:FORWARD ACCEPT [8866059:17200608978]
:OUTPUT ACCEPT [34017629:18944279835]
:POSTROUTING ACCEPT [42883687:36144888701]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Sat May  9 12:22:35 2020
# Generated by iptables-save v1.4.21 on Sat May  9 12:22:35 2020
*nat
:PREROUTING ACCEPT [3991015:240967558]
:INPUT ACCEPT [434822:31953624]
:OUTPUT ACCEPT [995653:73984001]
:POSTROUTING ACCEPT [995691:73986469]
-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Sat May  9 12:22:35 2020
# Generated by iptables-save v1.4.21 on Sat May  9 12:22:35 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [9284:773828]
:OUTPUT ACCEPT [34005620:18940275720]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 32415 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
-A INPUT -i tun0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
COMMIT
# Completed on Sat May  9 12:22:35 2020
[root@osedev1 openvpn]# 
  1. I did some tests, but after some changes then reverts and restarts on dev, staging, prod, and my laptop's openvpn services, I realized this issue is somehow now fixed?
  2. here's proof that the prod server can ping the openvpn server and the staging server
[root@opensourceecology ~]# ip a show tun0
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
	link/none 
	inet 10.241.189.10/24 brd 10.241.189.255 scope global tun0
	   valid_lft forever preferred_lft forever
	inet6 fe80::971c:9046:a103:3620/64 scope link flags 800 
	   valid_lft forever preferred_lft forever
[root@opensourceecology ~]# ip r
default via 138.201.84.193 dev eth0 
10.241.189.0/24 dev tun0 proto kernel scope link src 10.241.189.10 
138.201.0.0/16 dev eth0 proto kernel scope link src 138.201.84.243 
138.201.84.193 dev eth0 proto kernel scope link src 138.201.84.223 
169.254.0.0/16 dev eth0 scope link metric 1002 
[root@opensourceecology ~]# ping -qc5 10.241.189.11
PING 10.241.189.11 (10.241.189.11) 56(84) bytes of data.

--- 10.241.189.11 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 0.994/1.285/1.651/0.248 ms
[root@opensourceecology ~]# ping -qc5 10.241.189.1
PING 10.241.189.1 (10.241.189.1) 56(84) bytes of data.

--- 10.241.189.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.850/1.154/2.006/0.446 ms
[root@opensourceecology ~]# 
  1. and that the staging server can ping the openvpn server and the prod server
[root@osestaging1 ~]# ip a show tun0
143: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
	link/none 
	inet 10.241.189.11/24 brd 10.241.189.255 scope global tun0
	   valid_lft forever preferred_lft forever
	inet6 fe80::dbc6:ae37:a4be:4f02/64 scope link flags 800 
	   valid_lft forever preferred_lft forever
[root@osestaging1 ~]# ip r
default via 192.168.122.1 dev eth0 
10.241.189.0/24 dev tun0 proto kernel scope link src 10.241.189.11 
169.254.0.0/16 dev eth0 scope link metric 1057 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.201 
[root@osestaging1 ~]# ping -qc5 10.241.189.10
PING 10.241.189.10 (10.241.189.10) 56(84) bytes of data.

--- 10.241.189.10 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 0.863/2.046/5.694/1.830 ms
[root@osestaging1 ~]# ping -qc5 10.241.189.1
PING 10.241.189.1 (10.241.189.1) 56(84) bytes of data.

--- 10.241.189.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.266/0.467/0.779/0.172 ms
[root@osestaging1 ~]# 
  1. and that the openvpn server can ping both the staging and prod servers
[root@osedev1 openvpn]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul
t qlen 1000
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
	   valid_lft forever preferred_lft forever
	inet6 ::1/128 scope host 
	   valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
	link/ether 96:00:00:2e:48:9d brd ff:ff:ff:ff:ff:ff
	inet 195.201.233.113/32 brd 195.201.233.113 scope global dynamic eth0
	   valid_lft 73842sec preferred_lft 73842sec
	inet6 2a01:4f8:c010:3ca0::1/64 scope global 
	   valid_lft forever preferred_lft forever
	inet6 fe80::9400:ff:fe2e:489d/64 scope link 
	   valid_lft forever preferred_lft forever
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
	link/ether 52:54:00:7d:01:71 brd ff:ff:ff:ff:ff:ff
	inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
	   valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
	link/ether 52:54:00:7d:01:71 brd ff:ff:ff:ff:ff:ff
58: vethQPKFOD@if57: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UP group default qlen 1000
	link/ether fe:de:c7:01:50:8a brd ff:ff:ff:ff:ff:ff link-netnsid 0
	inet6 fe80::fcde:c7ff:fe01:508a/64 scope link 
	   valid_lft forever preferred_lft forever
64: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
	link/none 
	inet 10.241.189.1/24 brd 10.241.189.255 scope global tun0
	   valid_lft forever preferred_lft forever
	inet6 fe80::ca2e:edbf:f704:df3/64 scope link flags 800 
	   valid_lft forever preferred_lft forever
[root@osedev1 openvpn]# ip r
default via 172.31.1.1 dev eth0 
10.241.189.0/24 dev tun0 proto kernel scope link src 10.241.189.1 
169.254.0.0/16 dev eth0 scope link metric 1002 
172.31.1.1 dev eth0 scope link 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
[root@osedev1 openvpn]# ping -qc5 10.241.189.11
PING 10.241.189.11 (10.241.189.11) 56(84) bytes of data.

--- 10.241.189.11 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.497/1.102/3.176/1.038 ms
[root@osedev1 openvpn]# ping -qc5 10.241.189.11
PING 10.241.189.11 (10.241.189.11) 56(84) bytes of data.

--- 10.241.189.11 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 0.497/1.102/3.176/1.038 ms
[root@osedev1 openvpn]# ping -qc5 10.241.189.10
PING 10.241.189.10 (10.241.189.10) 56(84) bytes of data.

--- 10.241.189.10 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 0.620/0.904/1.087/0.161 ms
[root@osedev1 openvpn]#
  1. note that nothing can ping my laptop, which is probably due to firewall issues in my QubesOS, but I can ping the prod server, staging server, and the openvpn server
user@ose:~/tmp/rob$ ip a show dev tun0
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
	link/none 
	inet 10.241.189.50/24 brd 10.241.189.255 scope global tun0
	   valid_lft forever preferred_lft forever
	inet6 fe80::ab81:3908:6d9a:b21/64 scope link flags 800 
	   valid_lft forever preferred_lft forever
user@ose:~/tmp/rob$ ip r
default via 10.137.0.6 dev eth0 
10.137.0.6 dev eth0 scope link 
10.241.189.0/24 dev tun0 proto kernel scope link src 10.241.189.50 
user@ose:~/tmp/rob$ ping -qc5 10.241.189.11
PING 10.241.189.11 (10.241.189.11) 56(84) bytes of data.

--- 10.241.189.11 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 169.852/187.620/255.998/34.195 ms
user@ose:~/tmp/rob$ ping -qc5 10.241.189.10
PING 10.241.189.10 (10.241.189.10) 56(84) bytes of data.

--- 10.241.189.10 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 170.269/172.082/175.411/1.850 ms
user@ose:~/tmp/rob$ ping -qc5 10.241.189.1
PING 10.241.189.1 (10.241.189.1) 56(84) bytes of data.

--- 10.241.189.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 171.257/174.090/182.242/4.122 ms
user@ose:~/tmp/rob$ 
  1. And, finally, dns is working as expected *shrug*
user@ose:~/tmp/rob$ echo "nameserver 10.241.189.1" | sudo tee /etc/resolv.confnameserver 10.241.189.1
user@ose:~/tmp/rob$ dig discourse.opensourceecology.org

; <<>> DiG 9.10.3-P4-Debian <<>> discourse.opensourceecology.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62528
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;discourse.opensourceecology.org. IN	A

;; ANSWER SECTION:
discourse.opensourceecology.org. 0 IN	A	10.241.189.11

;; Query time: 186 msec
;; SERVER: 10.241.189.1#53(10.241.189.1)
;; WHEN: Sat May 09 16:26:40 +0545 2020
;; MSG SIZE  rcvd: 76

user@ose:~/tmp/rob$ 
  1. And also, just in case this happens again, here's the whole output of my laptop connecting to the vpn
user@ose:~/openvpn$ sudo openvpn client.conf
Sat May  9 16:13:37 2020 WARNING: file '/home/user/openvpn/username.txt' is group or others accessible
Sat May  9 16:13:37 2020 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Sat May  9 16:13:37 2020 library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.08
Enter Auth Password: OBFUSCATED
Sat May  9 16:13:52 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Enter Private Key Password: OBFUSCATED
Sat May  9 16:13:54 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May  9 16:13:54 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat May  9 16:13:54 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]195.201.233.113:1194
Sat May  9 16:13:54 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat May  9 16:13:54 2020 UDP link local: (not bound)
Sat May  9 16:13:54 2020 UDP link remote: [AF_INET]195.201.233.113:1194
Sat May  9 16:13:54 2020 TLS: Initial packet from [AF_INET]195.201.233.113:1194, sid=3fed8a4d bc39e72f
Sat May  9 16:13:55 2020 VERIFY OK: depth=1, CN=osedev1
Sat May  9 16:13:55 2020 Validating certificate key usage
Sat May  9 16:13:55 2020 ++ Certificate has key usage  00a0, expects 00a0
Sat May  9 16:13:55 2020 VERIFY KU OK
Sat May  9 16:13:55 2020 Validating certificate extended key usage
Sat May  9 16:13:55 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat May  9 16:13:55 2020 VERIFY EKU OK
Sat May  9 16:13:55 2020 VERIFY OK: depth=0, CN=server
Sat May  9 16:13:55 2020 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sat May  9 16:13:55 2020 [server] Peer Connection Initiated with [AF_INET]195.201.233.113:1194
Sat May  9 16:13:56 2020 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat May  9 16:13:57 2020 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.50 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Sat May  9 16:13:57 2020 OPTIONS IMPORT: timers and/or timeouts modified
Sat May  9 16:13:57 2020 OPTIONS IMPORT: --ifconfig/up options modified
Sat May  9 16:13:57 2020 OPTIONS IMPORT: route-related options modified
Sat May  9 16:13:57 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat May  9 16:13:57 2020 OPTIONS IMPORT: peer-id set
Sat May  9 16:13:57 2020 OPTIONS IMPORT: adjusting link_mtu to 1624
Sat May  9 16:13:57 2020 OPTIONS IMPORT: data channel crypto options modified
Sat May  9 16:13:57 2020 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat May  9 16:13:57 2020 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat May  9 16:13:57 2020 TUN/TAP device tun0 opened
Sat May  9 16:13:57 2020 TUN/TAP TX queue length set to 100
Sat May  9 16:13:57 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat May  9 16:13:57 2020 /sbin/ip link set dev tun0 up mtu 1500
Sat May  9 16:13:57 2020 /sbin/ip addr add dev tun0 10.241.189.50/24 broadcast 10.241.189.255
Sat May  9 16:13:57 2020 /etc/openvpn/update-resolv-conf tun0 1500 1552 10.241.189.50 255.255.255.0 init
dhcp-option DNS 10.241.189.1
Sat May  9 16:13:57 2020 Initialization Sequence Completed

Fri May 08, 2020

  1. Rob sent me his ose-specific vpn CSR and ssh public key; I went to add this to our dev/staging server, but I wasn't sure what his username should be. I emailed him what he would prefer it to be (and I'll make the linux username consistant with his @opensourceecology.org emal address as well)
  2. ...
  3. I installed Discourse on staging again, but I'm having some issues with DNS. Manually adding this line to the /etc/hosts file worked, though
10.241.189.11 discourse.opensourceecology.org

Thr May 07, 2020

  1. one (minor) problem popped-up from my change at the beginning of this week: the openvpn-client service on the prod server that I use to sync with the staging server is having issues
...
May 07 14:26:06 opensourceecology.org connect.sh[4930]: [server] Peer Connection Initiated with [AF_INET]195.201.233.113:1194
May 07 14:26:07 opensourceecology.org connect.sh[4930]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
May 07 14:26:07 opensourceecology.org connect.sh[4930]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.241.189.1,route 10.241.189.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.241.189.10 255.255.255.255,peer-id 1,cipher AES-256-GCM'
May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: timers and/or timeouts modified
May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: --ifconfig/up options modified
May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: route options modified
May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: peer-id set
May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: adjusting link_mtu to 1624
May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: data channel crypto options modified
May 07 14:26:07 opensourceecology.org connect.sh[4930]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 07 14:26:07 opensourceecology.org connect.sh[4930]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 07 14:26:07 opensourceecology.org connect.sh[4930]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address.  You are using something (255.255.255.255) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
May 07 14:26:07 opensourceecology.org connect.sh[4930]: ROUTE_GATEWAY 138.201.84.193
May 07 14:26:07 opensourceecology.org connect.sh[4930]: TUN/TAP device tun1 opened
May 07 14:26:07 opensourceecology.org connect.sh[4930]: TUN/TAP TX queue length set to 100
May 07 14:26:07 opensourceecology.org connect.sh[4930]: /sbin/ip link set dev tun1 up mtu 1500
May 07 14:26:07 opensourceecology.org connect.sh[4930]: /sbin/ip addr add dev tun1 local 10.241.189.10 peer 255.255.255.255
May 07 14:26:07 opensourceecology.org connect.sh[4930]: /sbin/ip route add 10.241.189.0/24 via 255.255.255.255
May 07 14:26:07 opensourceecology.org connect.sh[4930]: RTNETLINK answers: File exists
May 07 14:26:07 opensourceecology.org systemd[1]: Got notification message from PID 4934, but reception only permitted for main PID 4930
May 07 14:26:07 opensourceecology.org connect.sh[4930]: ERROR: Linux route add command failed: external program exited with error status: 2
May 07 14:26:07 opensourceecology.org connect.sh[4930]: Initialization Sequence Completed
...
(long pause)
...
May 07 14:27:36 opensourceecology.org systemd[1]: openvpn-client.service start operation timed out. Terminating.
May 07 14:27:36 opensourceecology.org systemd[1]: Failed to start openvpn-client.service.
May 07 14:27:36 opensourceecology.org systemd[1]: Unit openvpn-client.service entered failed state.
May 07 14:27:36 opensourceecology.org systemd[1]: openvpn-client.service failed.
  1. the vpn connects fine from my local machine, which doesn't get that error about 'ifconfig' above
  2. after connecting, the output of `ip a` for the tun0 interface and the routes are totally fucked for prod. Here's what they look like on my laptop
user@ose:~/openvpn$ ip a show dev tun0
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
	link/none 
	inet 10.241.189.50 peer 10.241.189.49/32 scope global tun0
	   valid_lft forever preferred_lft forever
	inet6 fe80::7729:c3a2:f677:f7da/64 scope link flags 800 
	   valid_lft forever preferred_lft forever
user@ose:~/openvpn$ ip r
default via 10.137.0.6 dev eth0 
10.137.0.6 dev eth0 scope link 
10.241.189.0/24 via 10.241.189.49 dev tun0 
10.241.189.49 dev tun0 proto kernel scope link src 10.241.189.50 
user@ose:~/openvpn$ 
  1. but on hetnzer2, it shows '255.255.255.0' instead of the dev server = openvpn server = 10.241.189.49
[root@opensourceecology client]# ip a show dev tun0
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
	link/none 
	inet 10.241.189.10 peer 255.255.255.255/32 scope global tun0
	   valid_lft forever preferred_lft forever
	inet6 fe80::d4d4:75bf:8f15:8ec5/64 scope link flags 800 
	   valid_lft forever preferred_lft forever
[root@opensourceecology client]# ip r
default via 138.201.84.193 dev eth0 
138.201.0.0/16 dev eth0 proto kernel scope link src 138.201.84.243 
138.201.84.193 dev eth0 proto kernel scope link src 138.201.84.223 
169.254.0.0/16 dev eth0 scope link metric 1002 
255.255.255.255 dev tun0 proto kernel scope link src 10.241.189.10 
[root@opensourceecology client]# 
  1. it looks like our change from Monday upgraded OpenVPN from 2.4.7 to 2.4.8
[root@opensourceecology client]# grep vpn /var/tmp/CHG-2020-05-04_yum_update/before.log 
openvpn-2.4.7-1.el7.x86_64
[root@opensourceecology client]# grep vpn /var/tmp/CHG-2020-05-04_yum_update/after.log 
openvpn-2.4.8-1.el7.x86_64
[root@opensourceecology client]# 
  1. I don't see any obvious relevant changes from 2.4.7 to 2.4.8 or fixed in 2.4.9 from the OpenVPN changelog https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
  2. meanwhile, the OpenVPN version on my debian-9 laptop VM is v2.4.0
user@ose:~/openvpn$ sudo openvpn --version
OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_sysroot=no
user@ose:~/openvpn$ 
  1. The internet seems to suggest that these settings are set by the server, not the client. I'm guessing it has to do with this helper 'server' line in the server config on the openvpn server
[root@osedev1 openvpn]# grep '255.255' /etc/openvpn/server.conf | grep -viE '^[;#]'
server 10.241.189.0 255.255.255.0
[root@osedev1 openvpn]# 
  1. this gives me bad memories from when I tried to "expand" this option in attempt to setup 2FA back in 2019-12-16 https://wiki.opensourceecology.org/wiki/Maltfield_Log/2019_Q4#Mon_Dec_16.2C_2019
  2. I find it very odd that our OpenVPN server is PUSHing two totally different configs to different clients. From above:
    1. here's the server (broken)
PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.241.189.1,route 10.241.189.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.241.189.10 255.255.255.255,peer-id 0,cipher AES-256-GCM'
    1. and here's my laptop (working)
PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.241.189.1,route 10.241.189.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.241.189.50 10.241.189.49,peer-id 1,cipher AES-256-GCM'
  1. one thing that I noted before and keep reading in the docs is that we should probably avoid using a topology of 'net30' but we are using it.. https://community.openvpn.net/openvpn/wiki/Concepts-Addressing
  2. in revisting my notes and that above PUSH_REPLY line, I was able to update the OpenVPN server config to the "subnet" topology. I restarted the openvpn server and was able to connect without issues from both my laptop and the prod server. it works!
    1. here's the same PUSH_REPLY line on my laptop now
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.50 255.255.255.0,peer-id 0,cipher AES-256-GCM'
    1. and on the prod server
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.10 255.255.255.255,peer-id 1,cipher AES-256-GCM'
  1. a benefit is that I was finally albe to add the address pool option, so that VPN clients not in the ccd are wait, err, here:
[root@osedev1 openvpn]# ls /etc/openvpn/ccd/
hetzner2  osestaging1
[root@osedev1 openvpn]# cat /etc/openvpn/ccd/hetzner2 
ifconfig-push 10.241.189.10 255.255.255.255
[root@osedev1 openvpn]# cat /etc/openvpn/ccd/osestaging1 
ifconfig-push 10.241.189.11 255.255.255.255
[root@osedev1 openvpn]# 
  1. well I guess that explains where the '255.255.255.255' came from. I don't know why it's fixed though.
  2. I changed those ccd files to use '255.255.255.0'. I don't really understand how it was working before. Here's the updated PUSH lines
    1. from my laptop
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.50 255.255.255.0,peer-id 0,cipher AES-256-GCM'
  1. and from the prod server
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.10 255.255.255.0,peer-id 2,cipher AES-256-GCM'
  1. I restarted 'openvpn-client' on the staging server and confirmed that it worked, and I could ssh into it from my laptop over the vpn after.
  2. I also confirmed that I could ssh into the staging server from production over the VPN. That's the problem solved. Now we can sync!
[root@opensourceecology client]# ssh -p 32415 -i /root/.ssh/id_rsa.201910 stagingsync@10.241.189.11
Last login: Thu May  7 17:09:21 2020 from 10.241.189.10
[stagingsync@osestaging1 ~]$ 
  1. I kicked-off a sync from prod to staging. when it finished, I rebooted staging. tomorrow I'll install Discourse again on the staging server.


Tue May 05, 2020

  1. preparing for meeting with Rob

Mon May 04, 2020

  1. I'm starting this CHG * https://wiki.opensourceecology.org/wiki/CHG-2020-05-04_yum_update
  2. I sent an email to Marcin & Catarina
  3. I confirmed that the lastest backup just finsihed and was uploaded to the cloud successfully
[maltfield@opensourceecology ~]$ sudo su -
[sudo] password for maltfield:
Last login: Sun May  3 09:11:37 UTC 2020 on pts/51
[root@opensourceecology ~]# sudo -u b2user /home/b2user/virtualenv/bin/b2 ls ose-server-backups | grep `date "+%Y%m%d"`
weekly_hetzner2_20200504_072001.tar.gpg
[root@opensourceecology ~]# date
Mon May  4 10:46:07 UTC 2020
[root@opensourceecology ~]# 
  1. I created a tmp dir to track the output of this CHG
[root@opensourceecology ~]# # create dir for logging the change
[root@opensourceecology ~]# tmpDir="/var/tmp/CHG-2020-05-04_yum_update"
[root@opensourceecology ~]# mkdir -p $tmpDir
[root@opensourceecology ~]# echo $tmpDir
/var/tmp/CHG-2020-05-04_yum_update
[root@opensourceecology ~]# 
  1. I did a graceful nginx shutdown, but it happened almost immediately anyway
[root@opensourceecology ~]# # begin to gracefully shutdown nginx in the background
[root@opensourceecology ~]# time nice /sbin/nginx -s quit
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11

real    0m0.063s
user    0m0.022s
sys     0m0.021s
[root@opensourceecology ~]# 
  1. I did a spot check on some of the websites in the browser and confirmed that they were down
  2. I did the CHG's update and gave the server a reboot
  3. After it came back up, I confirmed that the new changes were applied
[root@opensourceecology ~]# uname -a
Linux opensourceecology.org 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@opensourceecology ~]# needs-restarting -r
No core libraries or services have been updated.
Reboot is probably not necessary.
[root@opensourceecology ~]# 
  1. there's very few packages requiring updates (untested; won't fix now)
[root@opensourceecology ~]# yum list updates
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: centosmirror.netcup.net
 * epel: mirrors.n-ix.net
 * extras: mirror.plustech.de
 * updates: mirror.checkdomain.de
 * webtatic: uk.repo.webtatic.com
Updated Packages
git.x86_64                                          1.8.3.1-22.el7_8                         updates
java-1.8.0-openjdk.x86_64                           1:1.8.0.252.b09-2.el7_8                  updates
java-1.8.0-openjdk-headless.x86_64                  1:1.8.0.252.b09-2.el7_8                  updates
perl-Git.noarch                                     1.8.3.1-22.el7_8                         updates
python2-pyrfc3339.noarch                            1.1-3.el7                                epel   
tzdata.noarch                                       2020a-1.el7                              updates
tzdata-java.noarch                                  2020a-1.el7                              updates
[root@opensourceecology ~]# 
  1. I got a ton of OSSEC alert emails, here's just a snippet of some important changs worth documenting

OSSEC HIDS Notification.
2020 May 04 10:52:37

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/etc/redhat-release'
What changed:
1c1
< CentOS Linux release 7.4.1708 (Core) 
---
> CentOS Linux release 7.8.2003 (Core)
Old md5sum was: '1bbbbf90102ed1317186597c4660e84a'
New md5sum is : 'b1a1d6b7db44d997f3fab2ac76926e4d'
Old sha1sum was: '0b2b27eb190f790ec5ff65897b3a1ef844f254c5'
New sha1sum is : '7e467f233dd6e3c2fd0d132a4b6bcefb51feacd7'
...
OSSEC HIDS Notification.
2020 May 04 10:52:40

Received From: opensourceecology->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

May  4 10:52:38 opensourceecology systemd: [/etc/systemd/system/openvpn-client.service:2] Failed to resolve unit specifiers on OpenVPN tunnel for %I, ignoring: Success
...
OSSEC HIDS Notification.
2020 May 04 10:53:22

Received From: opensourceecology->/var/log/messages
Rule: 2934 fired (level 7) -> "Yum package deleted."
Portion of the log(s):

May  4 10:53:21 opensourceecology yum[2275]: Erased: python2-requests-2.6.0-0.el7.noarch



 --END OF NOTIFICATION
...


OSSEC HIDS Notification.
2020 May 04 10:53:55

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/etc/aliases'
Size changed from '1518' to '1529'
What changed:
65a66
> pcp:		root
Old md5sum was: '1ada193c78bf43234522b18242f38f6f'
New md5sum is : '852dab9087d52b29a2aa324791a07c6c'
Old sha1sum was: '00527ad3fd522bf1b921583a495d614b4daa9b62'
New sha1sum is : '41b96f30cc6b111373281bb4a549d252acff8d61'



 --END OF NOTIFICATION
...
OSSEC HIDS Notification.
2020 May 04 10:59:48

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/etc/cron.d/munin'
Size changed from '113' to '391'
Old md5sum was: 'dd6143262a1cca6efd1fc43ce394fc6c'
New md5sum is : '9b1da6119d79e3d266716c8ccdf1aeb3'
Old sha1sum was: '8dd6983e23a98caffcbf3a53da738819021fa3b6'
New sha1sum is : '46a9ccb00eb7554434e93bf77f00626e9700c1f2'
...


OSSEC HIDS Notification.
2020 May 04 11:00:02

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/etc/pki/ca-trust/extracted/java/cacerts'
Size changed from '183421' to '161905'
Old md5sum was: '1a16e25a833b2f145f23ab03a89e974e'
New md5sum is : '6761c121924e4b8177e176ab5c28300b'
Old sha1sum was: 'a412fc0d7d4deb4e11357197db05507765186a6b'
New sha1sum is : '7ca8eb66d22716c6ecd9afa11c38a35af54b9cae'
...
OSSEC HIDS Notification.
2020 May 04 11:00:02

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
Size changed from '333944' to '261737'
Old md5sum was: 'd4ec882f699c720b5aa222d3a0e9d24d'
New md5sum is : '4994f73e2ae2ab307504e28a619f5b07'
Old sha1sum was: '70cb08f47acca5e337601a5463b65fbf11ed0533'
New sha1sum is : '3730e29b7ee1c7b28b9f2503b09bd00e98ebc0c1'
...
OSSEC HIDS Notification.
2020 May 04 11:01:00

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/etc/grub2.cfg'
Old md5sum was: '92a75a7735d86e6c9a680e208f48dcb4'
New md5sum is : '76a86393c5fc7ec80201114aab136281'
Old sha1sum was: '1da2ac9dfd955220b81c73cff3747bd398a14350'
New sha1sum is : 'ef3d1e9e520f1f805cb69fc31134d814d13b6191'
...
OSSEC HIDS Notification.
2020 May 04 11:01:11

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/etc/audit/auditd.conf'
Size changed from '784' to '805'
Old md5sum was: '643fcb75e59e330539c91678a2bb6454'
New md5sum is : '29f4c6cd67a4ba11395a134cf7538dbd'
Old sha1sum was: '6c5bd201e4d8c75d6cc4ecfd0120ecff7b128fcb'
New sha1sum is : '8bc3d32d67d73cef5dc698bb5469ba373a9762d1'
...
OSSEC HIDS Notification.
2020 May 04 11:13:06

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/boot/initramfs-3.10.0-693.2.2.el7.x86_64kdump.img'
Size changed from '18143824' to '13462408'
Old md5sum was: '89113e70f33c11b82459f1a23a7be352'
New md5sum is : 'cea88b971a60233d94f1d252e2869c33'
Old sha1sum was: 'caa6146072b8a98b497e0359f6b0b09e22b933ac'
New sha1sum is : '221176bb260ffa6c21f6809291bd6629eb5cf3e0'
...
OSSEC HIDS Notification.
2020 May 04 11:13:07

Received From: opensourceecology->syscheck
Rule: 554 fired (level 10) -> "File added to the system."
Portion of the log(s):

New file '/boot/initramfs-3.10.0-1127.el7.x86_64.img' added to the file system.
...
OSSEC HIDS Notification.
2020 May 04 11:13:11

Received From: opensourceecology->syscheck
Rule: 554 fired (level 10) -> "File added to the system."
Portion of the log(s):

New file '/boot/.vmlinuz-3.10.0-1127.el7.x86_64.hmac' added to the file system.
...
OSSEC HIDS Notification.
2020 May 04 11:13:07

Received From: opensourceecology->syscheck
Rule: 554 fired (level 10) -> "File added to the system."
Portion of the log(s):

New file '/boot/config-3.10.0-1127.el7.x86_64' added to the file system.
...

OSSEC HIDS Notification.
2020 May 04 11:13:54

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/boot/grub2/grub.cfg'
Size changed from '7091' to '7946'
Old md5sum was: '92a75a7735d86e6c9a680e208f48dcb4'
New md5sum is : '76a86393c5fc7ec80201114aab136281'
Old sha1sum was: '1da2ac9dfd955220b81c73cff3747bd398a14350'
New sha1sum is : 'ef3d1e9e520f1f805cb69fc31134d814d13b6191'
...
OSSEC HIDS Notification.
2020 May 04 11:13:54

Received From: opensourceecology->syscheck
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):

Integrity checksum changed for: '/boot/grub2/grub.cfg'
Size changed from '7091' to '7946'
Old md5sum was: '92a75a7735d86e6c9a680e208f48dcb4'
New md5sum is : '76a86393c5fc7ec80201114aab136281'
Old sha1sum was: '1da2ac9dfd955220b81c73cff3747bd398a14350'
New sha1sum is : 'ef3d1e9e520f1f805cb69fc31134d814d13b6191'x`
  1. ...
  2. unrelated: there was an outage with imap.gmail.com for a few hours today
    1. https://support.google.com/mail/thread/44318228?hl=en
    2. https://news.ycombinator.com/item?id=23066561
    3. Google's Gsuite uptime page didn't even register it, and no explination for the worldwide issue was given. Pretty shitty.
  3. While I was investigating, I was poking around the admin.google.com Gsuite setttings and I decided to enforce a password policy of >10 characters

Tue Apr 28, 2020

  1. now that I have ironed-out the commands for the yum update on prod, let me re-do them exactly on staging https://wiki.opensourceecology.org/wiki/CHG-2020-05-04_yum_update#Change_Steps
  2. first I did a sync
[root@opensourceecology ~]# date && time nice /root/bin/syncToStaging.sh &> /var/log/syncToStaging.log
Tue Apr 28 08:40:15 UTC 2020

real    17m14.524s
user    2m52.861s
sys     0m34.959s
[root@opensourceecology ~]# 
  1. then rebooted staging
[root@osestaging1 ~]# reboot
PolicyKit daemon disconnected from the bus.
We are no longer a registered authentication agent.
Connection to 10.241.189.11 closed by remote host.
Connection to 10.241.189.11 closed.
user@ose:~/tmp$ 
  1. the preformed the CHG
[maltfield@osestaging1 ~]$ # become root
[maltfield@osestaging1 ~]$ sudo su -
Last login: Mon Apr 27 20:26:09 UTC 2020 on pts/0
[root@osestaging1 ~]# 
[root@osestaging1 ~]# # create dir for logging the change
[root@osestaging1 ~]# tmpDir="/var/tmp/CHG-2020-05-04_yum_update"
[root@osestaging1 ~]# mkdir -p $tmpDir
[root@osestaging1 ~]# 
[root@osestaging1 ~]# # begin to gracefully shutdown nginx in the background
[root@osestaging1 ~]# time nice /sbin/nginx -s quit
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
nginx: [warn] conflicting server name "_" on 10.241.189.11:443, ignored

real	0m0.092s
user	0m0.032s
sys	0m0.030s
[root@osestaging1 ~]# 
[root@osestaging1 ~]# # first record the set of packages currently installed
[root@osestaging1 ~]# time nice rpm -qa &> "${tmpDir}/before.log"

real	0m1.082s
user	0m0.889s
sys	0m0.131s
[root@osestaging1 ~]# cat $tmpDir/before.log 
firewalld-filesystem-0.4.4.4-6.el7.noarch
kernel-headers-3.10.0-693.2.2.el7.x86_64
libevent-2.0.21-4.el7.x86_64
perl-Carp-1.26-244.el7.noarch
ncurses-base-5.9-14.20130511.el7_4.noarch
perl-File-Temp-0.23.01-3.el7.noarch
perl-Encode-Locale-1.03-5.el7.noarch
glibc-2.17-196.el7.x86_64
perl-Filter-1.49-3.el7.x86_64
python-cffi-1.6.0-5.el7.x86_64
sysvinit-tools-2.88-14.dsf.el7.x86_64
perl-Switch-2.16-7.el7.noarch
libselinux-2.5-11.el7.x86_64
acl-2.2.51-12.el7.x86_64
perl-FCGI-0.74-8.el7.x86_64
libcap-2.22-9.el7.x86_64
ustr-1.0.4-16.el7.x86_64
perl-Business-ISBN-Data-20120719.001-2.el7.noarch
libblkid-2.23.2-43.el7.x86_64
perl-Geo-IP-1.43-3.el7.x86_64
gmp-6.0.0-15.el7.x86_64
perl-HTTP-Cookies-6.01-5.el7.noarch
libX11-1.6.5-1.el7.x86_64
php-paragonie-random-compat-2.0.18-1.el7.noarch
perl-IO-Socket-SSL-1.94-6.el7.noarch
shared-mime-info-1.8-3.el7.x86_64
pkcs11-helper-1.11-3.el7.x86_64
nss-pem-1.0.3-4.el7.x86_64
perl-Mozilla-CA-20130114-5.el7.noarch
varnish-libs-4.0.5-1.el7.x86_64
readline-6.2-10.el7.x86_64
nginx-filesystem-1.16.1-1.el7.noarch
libXi-1.7.9-1.el7.x86_64
nginx-mod-http-xslt-filter-1.16.1-1.el7.x86_64
gd-2.0.35-26.el7.x86_64
mesa-libglapi-17.0.1-6.20170307.el7.x86_64
sudo-1.8.23-4.el7.x86_64
apr-1.4.8-3.el7.x86_64
iptables-1.4.21-18.0.1.el7.centos.x86_64
liboath-2.6.2-1.el7.x86_64
ca-certificates-2017.2.14-71.el7.noarch
perl-Clipboard-0.21-1.el7.1.noarch
gpm-libs-1.20.7-5.el7.x86_64
ethtool-4.8-1.el7.x86_64
sqlite-3.7.17-8.el7.x86_64
pytz-2016.10-2.el7.noarch
ntpdate-4.2.6p5-25.el7.centos.2.x86_64
cacti-1.2.11-1.el7.noarch
perl-Data-Dumper-2.145-3.el7.x86_64
keyutils-libs-1.5.8-3.el7.x86_64
perl-IO-Compress-2.061-2.el7.noarch
bind-libs-lite-9.9.4-51.el7.x86_64
perl-DBD-MySQL-4.023-5.el7.x86_64
php-symfony-process-2.8.12-2.el7.noarch
fipscheck-1.4.1-6.el7.x86_64
libnetfilter_conntrack-1.0.6-1.el7_3.x86_64
nmap-6.40-7.el7.x86_64
json-c-0.11-4.el7_0.x86_64
php-symfony-config-2.8.12-2.el7.noarch
gettext-0.19.8.1-2.el7.x86_64
gobject-introspection-1.50.0-1.el7.x86_64
libthai-0.1.14-9.el7.x86_64
pyxattr-0.5.1-5.el7.x86_64
php-symfony-var-dumper-2.8.12-2.el7.noarch
libXxf86vm-1.1.4-1.el7.x86_64
enchant-1.6.0-8.el7.x86_64
libcurl-7.29.0-42.el7.x86_64
php-password-compat-1.0.4-1.el7.noarch
openldap-2.4.44-5.el7.x86_64
php-symfony-console-2.8.12-2.el7.noarch
libXft-2.3.2-2.el7.x86_64
nano-2.3.1-10.el7.x86_64
rpm-python-4.11.3-25.el7.x86_64
python-repoze-lru-0.4-3.el7.noarch
passwd-0.79-4.el7.x86_64
net-snmp-libs-5.7.2-28.el7_4.1.x86_64
libselinux-utils-2.5-11.el7.x86_64
python2-backports-functools_lru_cache-1.2.1-4.el7.noarch
net-snmp-5.7.2-28.el7_4.1.x86_64
device-mapper-persistent-data-0.7.0-0.1.rc6.el7.x86_64
php56w-mbstring-5.6.33-1.w7.x86_64
alsa-lib-1.1.3-3.el7.x86_64
php56w-ldap-5.6.33-1.w7.x86_64
dmidecode-3.0-5.el7.x86_64
dejavu-sans-mono-fonts-2.33-6.el7.noarch
glibc-devel-2.17-196.el7.x86_64
parted-3.1-28.el7.x86_64
php56w-enchant-5.6.33-1.w7.x86_64
libICE-1.0.9-9.el7.x86_64
perl-Crypt-DES-2.05-20.el7.x86_64
elfutils-default-yama-scope-0.168-8.el7.noarch
rrdtool-perl-1.4.8-9.el7.x86_64
policycoreutils-2.5-17.1.el7.x86_64
mt-st-1.1-14.el7.x86_64
perl-Socket6-0.23-15.el7.x86_64
cryptsetup-libs-1.7.4-3.el7.x86_64
bacula-director-5.2.13-23.1.el7.x86_64
perl-Sys-Syslog-0.33-3.el7.x86_64
kmod-20-15.el7_4.2.x86_64
hunspell-1.3.2-15.el7.x86_64
pyliblzma-0.5.3-11.el7.x86_64
perl-Package-DeprecationManager-0.13-7.el7.noarch
iputils-20160308-10.el7.x86_64
zip-3.0-11.el7.x86_64
perl-Email-Date-Format-1.002-15.el7.noarch
httpd-2.4.6-67.el7.centos.2.x86_64
postfix-2.10.1-6.el7.x86_64
perl-Net-Server-2.007-2.el7.noarch
device-mapper-event-1.02.140-8.el7.x86_64
perl-Package-Stash-XS-0.26-3.el7.x86_64
mesa-libEGL-17.0.1-6.20170307.el7.x86_64
fontpackages-filesystem-1.44-8.el7.noarch
perl-MIME-Lite-3.030-1.el7.noarch
policycoreutils-python-2.5-17.1.el7.x86_64
bzip2-1.0.6-13.el7.x86_64
perl-Mail-Sender-0.8.23-1.el7.noarch
mariadb-5.5.56-2.el7.x86_64
perl-Crypt-Rijndael-1.12-1.el7.x86_64
gdisk-0.8.6-5.el7.x86_64
perl-DateTime-TimeZone-1.63-2.el7.noarch
dhclient-4.2.5-58.el7.centos.x86_64
perl-Clone-0.34-5.el7.x86_64
perl-Log-Dispatch-FileRotate-1.19-13.el7.noarch
git-1.8.3.1-12.el7_4.x86_64
perl-HTML-Template-2.95-1.el7.noarch
plymouth-scripts-0.8.9-0.28.20140113.el7.centos.x86_64
perl-TermReadKey-2.30-20.el7.x86_64
findutils-4.5.11-5.el7.x86_64
varnish-libs-devel-4.0.5-1.el7.x86_64
fontconfig-2.10.95-11.el7.x86_64
perl-Error-0.17020-2.el7.noarch
tzdata-java-2017b-1.el7.noarch
pyOpenSSL-0.13.1-3.el7.x86_64
groff-base-1.22.2-8.el7.x86_64
mod_security_crs-2.2.9-1.el7.noarch
python2-six-1.9.0-0.el7.noarch
librsvg2-2.40.16-1.el7.x86_64
nettle-2.7.1-8.el7.x86_64
libsepol-2.5-6.el7.x86_64
snappy-1.1.0-3.el7.x86_64
gnutls-3.3.26-9.el7.x86_64
libproxy-0.4.11-10.el7.x86_64
xz-libs-5.2.2-1.el7.x86_64
python-idna-2.4-1.el7.noarch
libaio-0.3.109-13.el7.x86_64
lvm2-2.02.171-8.el7.x86_64
kernel-3.10.0-693.2.2.el7.x86_64
python-zope-interface-4.0.5-4.el7.x86_64
dbus-python-1.1.1-9.el7.x86_64
libyaml-0.1.4-11.el7_0.x86_64
iptables-services-1.4.21-18.0.1.el7.centos.x86_64
setools-libs-3.3.8-1.1.el7.x86_64
ncftp-3.2.5-7.el7.x86_64
biosdevname-0.7.2-2.el7.x86_64
libxml2-2.9.1-6.el7_2.3.x86_64
nss-softokn-3.36.0-5.el7_5.x86_64
vim-enhanced-7.4.160-2.el7.x86_64
python-backports-1.0-8.el7.x86_64
gcc-c++-4.8.5-16.el7.x86_64
xz-5.2.2-1.el7.x86_64
python2-josepy-1.1.0-1.el7.noarch
e2fsprogs-1.42.9-10.el7.x86_64
coreutils-8.22-18.el7.x86_64
python-requests-toolbelt-0.8.0-1.el7.noarch
haveged-1.9.1-1.el7.x86_64
python-lxml-3.2.1-4.el7.x86_64
python2-psutil-2.2.1-2.el7.x86_64
java-1.8.0-openjdk-1.8.0.181-3.b13.el7_5.x86_64
python-ply-3.4-11.el7.noarch
python2-iso8601-0.1.11-7.el7.noarch
perl-parent-0.225-244.el7.noarch
wget-1.14-15.el7.x86_64
python-virtualenv-15.1.0-2.el7.noarch
btrfs-progs-4.9.1-1.el7.x86_64
libgcc-4.8.5-16.el7.x86_64
libsodium13-1.0.5-1.el7.x86_64
ncurses-5.9-14.20130511.el7_4.x86_64
grub2-pc-modules-2.02-0.64.el7.centos.noarch
perl-constant-1.27-2.el7.noarch
libreport-filesystem-2.1.11-38.el7.centos.x86_64
php56w-pear-1.10.4-1.w7.noarch
perl-Time-HiRes-1.9725-3.el7.x86_64
bash-4.2.46-29.el7_4.x86_64
diffutils-3.3-4.el7.x86_64
perl-LWP-MediaTypes-6.02-2.el7.noarch
perl-File-Path-2.09-2.el7.noarch
htop-2.2.0-3.el7.x86_64
libstdc++-4.8.5-16.el7.x86_64
which-2.20-7.el7.x86_64
perl-Net-IP-1.26-4.el7.noarch
perl-Pod-Simple-3.28-4.el7.noarch
libcom_err-1.42.9-10.el7.x86_64
perl-File-Listing-6.04-7.el7.noarch
audit-libs-2.7.6-3.el7.x86_64
libicu-50.1.2-15.el7.x86_64
perl-Net-DNS-0.72-6.el7.x86_64
freetype-2.4.11-15.el7.x86_64
libestr-0.1.9-2.el7.x86_64
perl-WWW-RobotRules-6.02-5.el7.noarch
python-urlgrabber-3.10-8.el7.noarch
libgcrypt-1.5.3-14.el7.x86_64
cracklib-dicts-2.9.0-11.el7.x86_64
perl-HTML-Parser-3.71-4.el7.x86_64
perl-Encode-Detect-1.01-13.el7.x86_64
libXrender-0.9.10-1.el7.x86_64
python-configobj-4.7.2-7.el7.noarch
perl-IO-Socket-IP-0.21-4.el7.noarch
gnupg2-2.0.22-4.el7.x86_64
libcroco-0.6.11-1.el7.x86_64
redhat-rpm-config-9.1.0-76.el7.centos.noarch
centos-indexhtml-7-9.el7.centos.noarch
libgomp-4.8.5-16.el7.x86_64
libev-4.15-7.el7.x86_64
make-3.82-23.el7.x86_64
nginx-mod-stream-1.16.1-1.el7.x86_64
binutils-2.25.1-32.base.el7_4.1.x86_64
gperftools-libs-2.4-8.el7.x86_64
python-slip-0.4.0-2.el7.noarch
nginx-all-modules-1.16.1-1.el7.noarch
perl-libs-5.16.3-292.el7.x86_64
apr-util-1.5.2-6.el7.x86_64
mutt-1.5.21-28.el7_5.x86_64
iproute-3.10.0-87.el7.x86_64
libjpeg-turbo-1.2.90-5.el7.x86_64
php-getid3-1.9.19-1.el7.noarch
openssl-libs-1.0.2k-8.el7.x86_64
libXau-1.0.8-2.1.el7.x86_64
links-2.20.2-1.el7.x86_64
mariadb-libs-5.5.56-2.el7.x86_64
bzip2-libs-1.0.6-13.el7.x86_64
os-prober-1.58-9.el7.x86_64
python-perf-3.10.0-693.2.2.el7.x86_64
ncdu-1.14.2-2.el7.x86_64
libselinux-python-2.5-11.el7.x86_64
perl-Net-Daemon-0.48-5.el7.noarch
bind-libs-9.9.4-51.el7.x86_64
php-PsrLog-1.0.2-2.el7.noarch
httpd-tools-2.4.6-67.el7.centos.2.x86_64
libpipeline-1.2.3-3.el7.x86_64
php-symfony-filesystem-2.8.12-2.el7.noarch
subversion-libs-1.7.14-11.el7_4.x86_64
cracklib-2.9.0-11.el7.x86_64
python-gobject-base-3.22.0-1.el7.x86_64
yum-metadata-parser-1.1.4-10.el7.x86_64
php-symfony-browser-kit-2.8.12-2.el7.noarch
cpp-4.8.5-16.el7.x86_64
libuser-0.60-7.el7_1.x86_64
php-seld-cli-prompt-1.0.3-1.el7.noarch
curl-7.29.0-42.el7.x86_64
crontabs-1.11-6.20121102git.el7.noarch
php-IDNA_Convert-0.8.0-2.el7.noarch
php-symfony-event-dispatcher-2.8.12-2.el7.noarch
awstats-7.6-4.el7.noarch
yum-plugin-fastestmirror-1.1.31-42.el7.noarch
php56w-common-5.6.33-1.w7.x86_64
python2-jsonschema-2.5.1-3.el7.noarch
vim-minimal-7.4.160-2.el7.x86_64
rootfiles-8.1-11.el7.noarch
net-snmp-agent-libs-5.7.2-28.el7_4.1.x86_64
python2-texttable-1.3.1-1.el7.noarch
graphite2-1.3.10-1.el7_3.x86_64
php56w-process-5.6.33-1.w7.x86_64
ntp-4.2.6p5-25.el7.centos.2.x86_64
libseccomp-2.3.1-3.el7.x86_64
sed-4.2.2-5.el7.x86_64
php56w-xml-5.6.33-1.w7.x86_64
webtatic-release-7-3.noarch
jasper-libs-1.900.1-31.el7.x86_64
libacl-2.2.51-12.el7.x86_64
dejavu-fonts-common-2.33-6.el7.noarch
gcc-4.8.5-16.el7.x86_64
php56w-5.6.33-1.w7.x86_64
ipset-libs-6.29-1.el7.x86_64
gdbm-1.10-8.el7.x86_64
perl-Try-Tiny-0.12-2.el7.noarch
elfutils-libs-0.168-8.el7.x86_64
perl-Sub-Install-0.926-6.el7.noarch
perl-Sys-CPU-0.54-4.el7.x86_64
openssh-7.4p1-12.el7_4.x86_64
perl-Params-Validate-1.08-4.el7.x86_64
perl-Date-Manip-6.41-2.el7.noarch
kpartx-0.4.9-111.el7.x86_64
munin-common-2.0.33-1.el7.noarch
bacula-storage-5.2.13-23.1.el7.x86_64
systemd-219-42.el7_4.1.x86_64
libutempter-1.1.6-4.el7.x86_64
perl-XML-LibXML-2.0018-5.el7.x86_64
whois-5.1.1-2.el7.x86_64
initscripts-9.49.39-1.el7.x86_64
perl-DateTime-Locale-0.45-6.el7.noarch
grub2-tools-minimal-2.02-0.64.el7.centos.x86_64
perl-IO-Multiplex-1.13-6.el7.noarch
xorg-x11-font-utils-7.5-20.el7.x86_64
lvm2-libs-2.02.171-8.el7.x86_64
perl-Net-CIDR-0.18-1.el7.noarch
grub2-tools-2.02-0.64.el7.centos.x86_64
perl-MIME-Types-1.38-2.el7.noarch
perl-File-Copy-Recursive-0.38-14.el7.noarch
rsync-3.0.9-18.el7.x86_64
perl-Class-Singleton-1.4-14.el7.noarch
perl-Digest-MD5-2.52-3.el7.x86_64
dracut-network-033-502.el7.x86_64
perl-Log-Dispatch-2.41-1.el7.1.noarch
xclip-0.12-5.el7.x86_64
selinux-policy-3.13.1-166.el7_4.4.noarch
popt-1.13-16.el7.x86_64
perl-Log-Log4perl-1.42-2.el7.noarch
perl-Term-ReadLine-Gnu-1.26-2.el7.x86_64
plymouth-0.8.9-0.28.20140113.el7.centos.x86_64
setup-2.8.71-7.el7.noarch
python-libs-2.7.5-69.el7_5.x86_64
kpcli-2.7-3.el7.noarch
cairo-1.14.8-2.el7.x86_64
python2-future-0.16.0-6.el7.noarch
kbd-misc-1.15.5-13.el7.noarch
hostname-3.13-3.el7.x86_64
pakchois-0.4-10.el7.x86_64
php-pear-Mail-Mime-1.10.2-1.el7.noarch
libmodman-2.0.1-8.el7.x86_64
mariadb-server-5.5.56-2.el7.x86_64
python2-uritemplate-3.0.0-1.el7.noarch
python2-gflags-2.0-5.el7.noarch
perl-Socket-2.010-4.el7.x86_64
rsyslog-8.24.0-12.el7.x86_64
librsync-1.0.0-1.el7.x86_64
openssh-server-7.4p1-12.el7_4.x86_64
libssh2-1.4.3-10.el7_2.1.x86_64
pexpect-2.3-11.el7.noarch
nspr-4.19.0-1.el7_5.x86_64
python-ipaddress-1.0.16-2.el7.noarch
mdadm-4.0-5.el7.x86_64
trickle-1.07-19.el7.x86_64
nss-sysinit-3.36.0-5.el7_5.x86_64
python-zope-component-4.1.0-3.el7.noarch
ipset-6.29-1.el7.x86_64
file-libs-5.11-33.el7.x86_64
python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch
iprutils-2.4.14.1-1.el7.x86_64
python-ndg_httpsclient-0.3.2-1.el7.noarch
python2-requests-2.6.0-0.el7.noarch
python-pycparser-2.14-1.el7.noarch
python-javapackages-3.4.1-11.el7.noarch
python2-pyrfc3339-1.0-2.el7.noarch
bind-utils-9.9.4-51.el7.x86_64
mailx-12.5-16.el7.x86_64
libffi-3.0.13-18.el7.x86_64
python-httplib2-0.9.2-1.el7.noarch
perl-Digest-SHA-5.85-4.el7.x86_64
perl-Pod-Perldoc-3.20-4.el7.noarch
perl-Pod-Usage-1.63-3.el7.noarch
bind-license-9.9.4-51.el7.noarch
perl-Exporter-5.68-3.el7.noarch
xfsprogs-4.5.0-12.el7.x86_64
procmail-3.22-36.el7.x86_64
php56w-pecl-libsodium-1.0.6-1.w7.x86_64
perl-Time-Local-1.2300-2.el7.noarch
yum-cron-3.4.3-154.el7.centos.noarch
linux-firmware-20170606-56.gitc990aae.el7.noarch
php-PHPMailer-5.2.27-1.el7.noarch
perl-PathTools-3.40-5.el7.x86_64
ssldump-0.9-0.9.b3.el7.x86_64
glibc-common-2.17-196.el7.x86_64
perl-threads-shared-1.43-6.el7.x86_64
perl-Net-LibIDN-0.12-15.el7.x86_64
ncurses-libs-5.9-14.20130511.el7_4.x86_64
perl-Getopt-Long-2.40-2.el7.noarch
less-458-9.el7.x86_64
perl-HTTP-Date-6.02-8.el7.noarch
chkconfig-1.7.4-1.el7.x86_64
ntfs-3g-2017.3.23-11.el7.x86_64
perl-Digest-HMAC-1.03-5.el7.noarch
qrencode-libs-3.4.1-3.el7.x86_64
perl-URI-1.60-9.el7.noarch
grep-2.20-3.el7.x86_64
python-pycurl-7.19.0-19.el7.x86_64
perl-HTTP-Message-6.06-6.el7.noarch
cpio-2.11-25.el7_4.x86_64
mozjs17-17.0.0-19.el7.x86_64
python-iniparse-0.4-9.el7.noarch
perl-HTTP-Negotiate-6.01-5.el7.noarch
libmount-2.23.2-43.el7.x86_64
pinentry-0.8.1-17.el7.x86_64
perl-libwww-perl-6.05-2.el7.noarch
openvpn-2.4.7-1.el7.x86_64
dwz-0.11-3.el7.x86_64
libsemanage-2.5-8.el7.x86_64
php-justinrainbow-json-schema5-5.2.9-1.el7.noarch
varnish-4.0.5-1.el7.x86_64
gzip-1.5-9.el7.x86_64
nginx-mod-http-image-filter-1.16.1-1.el7.x86_64
kernel-3.10.0-327.18.2.el7.x86_64
libunwind-1.2-2.el7.x86_64
e2fsprogs-libs-1.42.9-10.el7.x86_64
nginx-mod-http-perl-1.16.1-1.el7.x86_64
perl-macros-5.16.3-292.el7.x86_64
dbus-libs-1.6.12-17.el7.x86_64
urlview-0.9-15.20121210git6cfcad.el7.x86_64
libtasn1-4.10-1.el7.x86_64
jbigkit-libs-2.0-11.el7.x86_64
nload-0.7.4-4.el7.x86_64
krb5-libs-1.15.1-8.el7.x86_64
dbus-1.6.12-17.el7.x86_64
php-composer-semver-1.5.1-1.el7.noarch
openssl-1.0.2k-8.el7.x86_64
polkit-pkla-compat-0.1-4.el7.x86_64
php-composer-spdx-licenses-1.5.3-1.el7.noarch
libsemanage-python-2.5-8.el7.x86_64
libassuan-2.1.0-3.el7.x86_64
libpciaccess-0.13.4-3.el7_3.x86_64
composer-1.10.5-1.el7.noarch
perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64
pkgconfig-0.27.1-4.el7.x86_64
python-linux-procfs-0.4.9-3.el7.noarch
perl-PlRPC-0.2020-14.el7.noarch
php-symfony-class-loader-2.8.12-2.el7.noarch
libc-client-2007f-16.el7.x86_64
gpg-pubkey-352c64e5-52ae6884
php-symfony-finder-2.8.12-2.el7.noarch
libXtst-1.2.3-1.el7.x86_64
gpg-pubkey-11f63c51-3c7dc11d
php-symfony-dom-crawler-2.8.12-2.el7.noarch
libXpm-3.5.12-1.el7.x86_64
php-symfony-dependency-injection-2.8.12-2.el7.noarch
grubby-8.28-23.el7.x86_64
php-jsonlint-1.6.1-1.el7.noarch
rpm-libs-4.11.3-25.el7.x86_64
php-simplepie-1.3.1-4.el7.noarch
php-symfony-http-foundation-2.8.12-2.el7.noarch
libXcomposite-0.4.4-4.1.el7.x86_64
p7zip-16.02-10.el7.x86_64
python2-cached_property-1.3.0-7.el7.noarch
lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64
tar-1.26-32.el7.x86_64
kernel-3.10.0-514.26.2.el7.x86_64
net-snmp-utils-5.7.2-28.el7_4.1.x86_64
harfbuzz-1.3.2-1.el7.x86_64
php56w-pdo-5.6.33-1.w7.x86_64
libpcap-1.5.3-9.el7.x86_64
gpg-pubkey-62e74ca5-539c878e
php56w-intl-5.6.33-1.w7.x86_64
gdk-pixbuf2-2.36.5-1.el7.x86_64
libidn-1.28-4.el7.x86_64
libfastjson-0.99.4-2.el7.x86_64
webmin-1.850-1.noarch
libnfnetlink-1.0.1-4.el7.x86_64
perl-List-MoreUtils-0.33-9.el7.x86_64
vim-common-7.4.160-2.el7.x86_64
bacula-libs-5.2.13-23.1.el7.x86_64
sysstat-10.1.5-12.el7.x86_64
systemd-libs-219-42.el7_4.1.x86_64
autogen-libopts-5.18-5.el7.x86_64
perl-Module-Implementation-0.06-6.el7.noarch
dhcp-libs-4.2.5-58.el7.centos.x86_64
perl-Sys-MemInfo-0.91-7.el7.x86_64
perl-Params-Util-1.07-6.el7.x86_64
device-mapper-libs-1.02.140-8.el7.x86_64
bacula-client-5.2.13-23.1.el7.x86_64
perl-XML-SAX-0.99-9.el7.noarch
dracut-033-502.el7.x86_64
libXext-1.3.3-3.el7.x86_64
perl-IO-Socket-INET6-2.69-5.el7.noarch
device-mapper-event-libs-1.02.140-8.el7.x86_64
libSM-1.2.2-2.el7.x86_64
perl-Cache-Cache-1.06-12.el7.noarch
grub2-tools-extra-2.02-0.64.el7.centos.x86_64
libmpc-1.0.1-3.el7.x86_64
perl-MailTools-2.12-2.el7.noarch
mesa-libGL-17.0.1-6.20170307.el7.x86_64
perl-Class-Load-0.20-3.el7.noarch
grub2-pc-2.02-0.64.el7.centos.x86_64
kernel-devel-3.10.0-514.26.2.el7.x86_64
xorg-x11-fonts-Type1-7.5-9.el7.noarch
perl-Taint-Runtime-0.03-19.el7.x86_64
cronie-anacron-1.4.11-17.el7.x86_64
perl-Digest-1.17-245.el7.noarch
munin-node-2.0.33-1.el7.noarch
trousers-0.3.14-2.el7.x86_64
perl-File-KeePass-2.03-10.el7.noarch
screen-4.1.0-0.23.20120314git3c2946.el7_2.x86_64
basesystem-10.0-7.el7.centos.noarch
perl-Mail-Sendmail-0.79-21.el7.noarch
openssh-clients-7.4p1-12.el7_4.x86_64
libXmu-1.1.2-2.el7.x86_64
GeoIP-1.5.0-11.el7.x86_64
perl-XML-DOM-1.44-19.el7.noarch
virt-what-1.13-10.el7.x86_64
perl-Capture-Tiny-0.24-1.el7.noarch
libgpg-error-1.12-3.el7.x86_64
python-pyudev-0.15-9.el7.noarch
perl-Sort-Naturally-1.03-8.el7.noarch
filesystem-3.2-21.el7.x86_64
python-2.7.5-69.el7_5.x86_64
pango-1.40.4-1.el7.x86_64
python2-parsedatetime-2.4-5.el7.noarch
tcp_wrappers-libs-7.6-77.el7.x86_64
kbd-1.15.5-13.el7.x86_64
mod_evasive-1.10.1-22.el7.x86_64
python-chardet-2.2.1-1.el7_1.noarch
selinux-policy-targeted-3.13.1-166.el7_4.4.noarch
zlib-1.2.7-17.el7.x86_64
python2-mock-1.0.1-9.el7.noarch
hardlink-1.0-19.el7.x86_64
python2-pyasn1-modules-0.1.9-7.el7.noarch
python-GnuPGInterface-0.3.2-11.el7.noarch
subversion-1.7.14-11.el7_4.x86_64
irqbalance-1.0.7-10.el7.x86_64
expat-2.1.0-10.el7_3.x86_64
chrony-3.1-2.el7.centos.x86_64
gawk-4.0.2-4.el7_3.1.x86_64
nss-util-3.36.0-1.el7_5.x86_64
grub2-tools-efi-2.02-0.64.el7.centos.x86_64
python-zope-event-4.0.3-2.el7.noarch
nss-3.36.0-5.el7_5.x86_64
libXt-1.1.5-3.el7.x86_64
python-augeas-0.5.0-2.el7.noarch
file-5.11-33.el7.x86_64
python-setuptools-0.9.8-7.el7.noarch
tcpdump-4.9.0-5.el7.x86_64
python-urllib3-1.10.2-5.el7.noarch
php56w-mysql-5.6.31-1.w7.x86_64
python2-acme-0.25.1-1.el7.noarch
man-db-2.6.3-9.el7.x86_64
yum-3.4.3-158.el7.centos.noarch
shadow-utils-4.1.5.1-24.el7.x86_64
javapackages-tools-3.4.1-11.el7.noarch
python2-dialog-3.3.0-6.el7.noarch
tuned-2.9.0-1.el7.noarch
perl-Net-SSLeay-1.55-6.el7.x86_64
python2-keyring-5.0-3.el7.noarch
perl-podlators-2.5.1-3.el7.noarch
perl-Pod-Escapes-1.04-292.el7.noarch
libxshmfence-1.2-1.el7.x86_64
php56w-pecl-xdebug-2.5.5-2.w7.x86_64
perl-Encode-2.51-7.el7.x86_64
centos-release-7-4.1708.el7.centos.x86_64
python2-certbot-0.26.1-2.el7.noarch
perl-Storable-2.45-3.el7.x86_64
augeas-libs-1.4.0-2.el7_4.1.x86_64
vim-filesystem-7.4.160-2.el7.x86_64
info-5.1-4.el7.x86_64
hunspell-en-US-0.20121024-6.el7.noarch
kbd-legacy-1.15.5-13.el7.noarch
php56w-pecl-geoip-1.1.1-1.w7.x86_64
perl-Scalar-List-Utils-1.27-248.el7.x86_64
libsodium-1.0.17-1.el7.x86_64
libedit-3.0-12.20121213cvs.el7.x86_64
perl-HTML-Tagset-3.20-15.el7.noarch
perl-threads-1.87-4.el7.x86_64
pcre-8.32-17.el7.x86_64
lzo-2.06-8.el7.x86_64
perl-TimeDate-2.30-2.el7.noarch
libdb-5.3.21-20.el7.x86_64
perl-CGI-3.63-4.el7.noarch
libuuid-2.23.2-43.el7.x86_64
libmnl-1.0.3-7.el7.x86_64
perl-Business-ISBN-2.06-2.el7.noarch
php-fedora-autoloader-1.0.0-1.el7.noarch
elfutils-libelf-0.168-8.el7.x86_64
perl-IO-HTML-1.00-2.el7.noarch
libxcb-1.12-1.el7.x86_64
perl-HTTP-Daemon-6.01-5.el7.noarch
glib2-2.50.3-3.el7.x86_64
perl-Net-HTTP-6.06-2.el7.noarch
lz4-1.7.5-3.el7.x86_64
perl-srpm-macros-1-8.el7.noarch
perl-LWP-Protocol-https-6.04-4.el7.noarch
cyrus-sasl-lib-2.1.26-21.el7.x86_64
gpgme-1.3.2-5.el7.x86_64
jemalloc-3.6.0-1.el7.x86_64
nginx-mod-mail-1.16.1-1.el7.x86_64
p11-kit-0.23.5-3.el7.x86_64
lksctp-tools-1.0.17-2.el7.x86_64
nginx-1.16.1-1.el7.x86_64
logrotate-3.8.6-14.el7.x86_64
pixman-0.34.0-1.el7.x86_64
tokyocabinet-1.4.48-3.el7.x86_64
perl-5.16.3-292.el7.x86_64
mailcap-2.1.41-2.el7.noarch
oathtool-2.6.2-1.el7.x86_64
p11-kit-trust-0.23.5-3.el7.x86_64
epel-release-7-11.noarch
php-seld-phar-utils-1.0.2-1.el7.noarch
libpng-1.5.13-7.el7_2.x86_64
polkit-0.112-12.el7_3.x86_64
pciutils-libs-3.5.1-2.el7.x86_64
libattr-2.4.46-12.el7.x86_64
libzip-0.10.1-8.el7.x86_64
php-composer-xdebug-handler-1.4.1-1.el7.noarch
audit-libs-python-2.7.6-3.el7.x86_64
php-composer-ca-bundle-1.2.7-1.el7.noarch
pyparsing-1.5.6-9.el7.noarch
perl-Compress-Raw-Zlib-2.061-4.el7.x86_64
ebtables-2.0.10-15.el7.x86_64
python-schedutils-0.4-6.el7.x86_64
php-symfony-common-2.8.12-2.el7.noarch
perl-DBI-1.627-4.el7.x86_64
fipscheck-lib-1.4.1-6.el7.x86_64
php-symfony-yaml-2.8.12-2.el7.noarch
nmap-ncat-6.40-7.el7.x86_64
gettext-libs-0.19.8.1-2.el7.x86_64
php-symfony-debug-2.8.12-2.el7.noarch
libgnome-keyring-3.12.0-1.el7.x86_64
centos-logos-70.0.6-3.el7.centos.noarch
php-symfony-css-selector-2.8.12-2.el7.noarch
libXfixes-5.0.3-1.el7.x86_64
php-symfony-expression-language-2.8.12-2.el7.noarch
libdb-utils-5.3.21-20.el7.x86_64
libxslt-1.1.28-5.el7.x86_64
libXdamage-1.1.4-4.1.el7.x86_64
rpm-4.11.3-25.el7.x86_64
pygpgme-0.3-9.el7.x86_64
php-symfony-polyfill-1.5.0-1.el7.noarch
t1lib-5.1.2-14.el7.x86_64
php-symfony-http-kernel-2.8.12-2.el7.noarch
rpm-build-libs-4.11.3-25.el7.x86_64
libss-1.42.9-10.el7.x86_64
php56w-cli-5.6.33-1.w7.x86_64
python2-docopt-0.6.2-7.el7.noarch
libstdc++-devel-4.8.5-16.el7.x86_64
php56w-snmp-5.6.33-1.w7.x86_64
kmod-libs-20-15.el7_4.2.x86_64
php56w-imap-5.6.33-1.w7.x86_64
lsscsi-0.27-6.el7.x86_64
php56w-gd-5.6.33-1.w7.x86_64
yum-plugin-replace-0.2.7-1.ius.el7.noarch
glibc-headers-2.17-196.el7.x86_64
rrdtool-1.4.8-9.el7.x86_64
kernel-tools-libs-3.10.0-693.2.2.el7.x86_64
libunistring-0.9.3-9.el7.x86_64
perl-Digest-SHA1-2.13-9.el7.x86_64
libfontenc-1.1.3-3.el7.x86_64
perl-XML-SAX-Base-1.08-7.el7.noarch
bacula-common-5.2.13-23.1.el7.x86_64
util-linux-2.23.2-43.el7.x86_64
libverto-0.2.5-4.el7.x86_64
perl-Module-Runtime-0.013-4.el7.noarch
bacula-libs-sql-5.2.13-23.1.el7.x86_64
procps-ng-3.3.10-16.el7.x86_64
pth-2.0.7-23.el7.x86_64
perl-Net-SNMP-6.0.1-7.el7.noarch
logwatch-7.4.0-32.20130522svn140.el7.noarch
device-mapper-1.02.140-8.el7.x86_64
libpwquality-1.2.3-4.el7.x86_64
perl-XML-NamespaceSupport-1.11-10.el7.noarch
bacula-console-5.2.13-23.1.el7.x86_64
unzip-6.0-16.el7.x86_64
libdrm-2.4.74-1.el7.x86_64
perl-Data-OptList-0.107-9.el7.noarch
systemd-sysv-219-42.el7_4.1.x86_64
kernel-3.10.0-327.13.1.el7.x86_64
perl-IPC-ShareLite-0.17-12.el7.x86_64
giflib-4.1.6-9.el7.x86_64
mpfr-3.1.1-4.el7.x86_64
mod_ssl-2.4.6-67.el7.centos.2.x86_64
perl-Net-SMTP-SSL-1.01-13.el7.noarch
mesa-libgbm-17.0.1-6.20170307.el7.x86_64
perl-Package-Stash-0.34-2.el7.noarch
ttmkfdir-3.0.9-42.el7.x86_64
libcgroup-0.41-13.el7.x86_64
perl-DBD-Pg-2.19.3-4.el7.x86_64
mod_security-2.7.3-5.el7.x86_64
cronie-1.4.11-17.el7.x86_64
hdparm-9.43-5.el7.x86_64
perl-XML-Parser-2.41-10.el7.x86_64
dhcp-common-4.2.5-58.el7.centos.x86_64
perl-DateTime-1.04-6.el7.x86_64
perl-Git-1.8.3.1-12.el7_4.noarch
perl-XML-RegExp-0.04-2.el7.noarch
perl-Term-ShellUI-0.92-2.el7.noarch
plymouth-core-libs-0.8.9-0.28.20140113.el7.centos.x86_64
munin-2.0.33-1.el7.noarch
perl-version-0.99.07-2.el7.x86_64
lyx-fonts-2.2.3-1.el7.noarch
libcap-ng-0.7.5-4.el7.x86_64
php56w-pecl-apcu-4.0.11-2.w7.x86_64
python-six-1.9.0-2.el7.noarch
copy-jdk-configs-2.2-3.el7.noarch
python-sqlalchemy-0.9.8-2.el7.x86_64
tzdata-2017b-1.el7.noarch
lsof-4.87-4.el7.x86_64
dbus-glib-0.100-7.el7.x86_64
kexec-tools-2.0.14-17.el7.x86_64
numactl-libs-2.0.9-6.el7_2.x86_64
python2-configargparse-0.11.0-1.el7.noarch
neon-0.30.0-3.el7.x86_64
grub2-2.02-0.64.el7.centos.x86_64
python-lockfile-0.9.1-4.el7.centos.noarch
python2-pyasn1-0.1.9-7.el7.noarch
audit-2.7.6-3.el7.x86_64
checkpolicy-2.5-4.el7.x86_64
hwdata-0.252-8.6.el7.x86_64
PyYAML-3.10-11.el7.x86_64
acpid-2.0.19-8.el7.x86_64
lua-5.1.4-15.el7.x86_64
nss-softokn-freebl-3.36.0-5.el7_5.x86_64
libXfont-1.5.2-1.el7.x86_64
python-decorator-3.4.0-3.el7.noarch
kernel-tools-3.10.0-693.2.2.el7.x86_64
libtiff-4.0.3-27.el7_3.x86_64
python2-cryptography-1.7.2-2.el7.x86_64
python-requests-2.6.0-1.el7_1.noarch
pam-1.1.8-18.el7.x86_64
python-IPy-0.75-6.el7.noarch
postgresql-libs-9.2.23-1.el7_4.x86_64
gpg-pubkey-f4a80eb5-53a7ff4b
java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el7_5.x86_64
dialog-1.2-4.20130523.el7.x86_64
nss-tools-3.36.0-5.el7_5.x86_64
python-enum34-1.0.4-1.el7.noarch
perl-HTTP-Tiny-0.033-3.el7.noarch
python-devel-2.7.5-69.el7_5.x86_64
kernel-devel-3.10.0-693.2.2.el7.x86_64
perl-Text-ParseWords-3.29-4.el7.noarch
grub2-common-2.02-0.64.el7.centos.noarch
telnet-0.17-64.el7.x86_64
certbot-0.26.1-2.el7.noarch
libX11-common-1.6.5-1.el7.noarch
[root@osestaging1 ~]# 
[root@osestaging1 ~]# # install yum-utils
[root@osestaging1 ~]# time nice yum -y install yum-utils-1.1.31-53.el7 &> "${tmpDir}/yum-utils.log"

real	0m11.383s
user	0m3.010s
sys	0m1.242s
[root@osestaging1 ~]# cat $tmpDir/yum-utils.log 
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: mirror.plustech.de
 * epel: mirrors.n-ix.net
 * extras: mirror.alpix.eu
 * updates: linux.darkpenguin.net
 * webtatic: uk.repo.webtatic.com
Resolving Dependencies
--> Running transaction check
---> Package yum-utils.noarch 0:1.1.31-53.el7 will be installed
--> Processing Dependency: python-kitchen for package: yum-utils-1.1.31-53.el7.noarch
--> Processing Dependency: libxml2-python for package: yum-utils-1.1.31-53.el7.noarch
--> Running transaction check
---> Package libxml2-python.x86_64 0:2.9.1-6.el7.4 will be installed
--> Processing Dependency: libxml2 = 2.9.1-6.el7.4 for package: libxml2-python-2.9.1-6.el7.4.x86_64
---> Package python-kitchen.noarch 0:1.1.1-5.el7 will be installed
--> Running transaction check
---> Package libxml2.x86_64 0:2.9.1-6.el7_2.3 will be updated
---> Package libxml2.x86_64 0:2.9.1-6.el7.4 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                Arch           Version               Repository    Size
================================================================================
Installing:
 yum-utils              noarch         1.1.31-53.el7         base         122 k
Installing for dependencies:
 libxml2-python         x86_64         2.9.1-6.el7.4         base         247 k
 python-kitchen         noarch         1.1.1-5.el7           base         267 k
Updating for dependencies:
 libxml2                x86_64         2.9.1-6.el7.4         base         668 k

Transaction Summary
================================================================================
Install  1 Package  (+2 Dependent packages)
Upgrade             ( 1 Dependent package)

Total download size: 1.3 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.

--------------------

Total                                              3.8 MB/s | 1.3 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : python-kitchen-1.1.1-5.el7.noarch                            1/5 
  Updating   : libxml2-2.9.1-6.el7.4.x86_64                                 2/5 
  Installing : libxml2-python-2.9.1-6.el7.4.x86_64                          3/5 
  Installing : yum-utils-1.1.31-53.el7.noarch                               4/5 
  Cleanup    : libxml2-2.9.1-6.el7_2.3.x86_64                               5/5 
  Verifying  : libxml2-2.9.1-6.el7.4.x86_64                                 1/5 
  Verifying  : yum-utils-1.1.31-53.el7.noarch                               2/5 
  Verifying  : libxml2-python-2.9.1-6.el7.4.x86_64                          3/5 
  Verifying  : python-kitchen-1.1.1-5.el7.noarch                            4/5 
  Verifying  : libxml2-2.9.1-6.el7_2.3.x86_64                               5/5 

Installed:
  yum-utils.noarch 0:1.1.31-53.el7                                              

Dependency Installed:
  libxml2-python.x86_64 0:2.9.1-6.el7.4   python-kitchen.noarch 0:1.1.1-5.el7  

Dependency Updated:
  libxml2.x86_64 0:2.9.1-6.el7.4                                                

Complete!
[root@osestaging1 ~]# 
[root@osestaging1 ~]# # update packages
[root@osestaging1 ~]# time nice yum -y update-to GeoIP-1.5.0-14.el7 acl-2.2.51-15.el7 acpid-2.0.19-9.el7 alsa-lib-1.1.8-1.el7 apr-1.4.8-5.el7 audit-2.8.5-4.el7 audit-libs-2.8.5-4.el7 audit-libs-python-2.8.5-4.el7 augeas-libs-1.4.0-9.el7_7.1 awstats-7.7-1.el7 bash-4.2.46-34.el7 bind-libs-9.11.4-16.P2.el7_8.2 bind-libs-lite-9.11.4-16.P2.el7_8.2 bind-license-9.11.4-16.P2.el7_8.2 bind-utils-9.11.4-16.P2.el7_8.2 binutils-2.27-43.base.el7 biosdevname-0.7.3-2.el7 ca-certificates-2019.2.32-76.el7_7 cairo-1.15.12-4.el7 centos-release-7-8.2003.0.el7.centos certbot-1.3.0-1.el7 checkpolicy-2.5-8.el7 chrony-3.4-1.el7 copy-jdk-configs-3.3-10.el7_5 coreutils-8.22-24.el7 cpio-2.11-27.el7 cpp-4.8.5-39.el7 cronie-1.4.11-23.el7 cronie-anacron-1.4.11-23.el7 cryptsetup-libs-2.0.3-6.el7 curl-7.29.0-57.el7 cyrus-sasl-lib-2.1.26-23.el7 dbus-1.10.24-13.el7_6 dbus-libs-1.10.24-13.el7_6 device-mapper-1.02.164-7.el7_8.1 device-mapper-event-1.02.164-7.el7_8.1 device-mapper-event-libs-1.02.164-7.el7_8.1 device-mapper-libs-1.02.164-7.el7_8.1 device-mapper-persistent-data-0.8.5-2.el7 dhclient-4.2.5-79.el7.centos dhcp-common-4.2.5-79.el7.centos dhcp-libs-4.2.5-79.el7.centos dialog-1.2-5.20130523.el7 diffutils-3.3-5.el7 dmidecode-3.2-3.el7 dracut-033-568.el7 dracut-network-033-568.el7 e2fsprogs-1.42.9-17.el7 e2fsprogs-libs-1.42.9-17.el7 ebtables-2.0.10-16.el7 elfutils-default-yama-scope-0.176-4.el7 elfutils-libelf-0.176-4.el7 elfutils-libs-0.176-4.el7 epel-release-7-12 ethtool-4.8-10.el7 expat-2.1.0-11.el7 file-5.11-36.el7 file-libs-5.11-36.el7 filesystem-3.2-25.el7 findutils-4.5.11-6.el7 firewalld-filesystem-0.6.3-8.el7_8.1 fontconfig-2.13.0-4.3.el7 freetype-2.8-14.el7 gcc-4.8.5-39.el7 gcc-c++-4.8.5-39.el7 gdisk-0.8.10-3.el7 gdk-pixbuf2-2.36.12-3.el7 gettext-0.19.8.1-3.el7 gettext-libs-0.19.8.1-3.el7 git-1.8.3.1-21.el7_7 glib2-2.56.1-5.el7 glibc-2.17-307.el7.1 glibc-common-2.17-307.el7.1 glibc-devel-2.17-307.el7.1 glibc-headers-2.17-307.el7.1 gnupg2-2.0.22-5.el7_5 gnutls-3.3.29-9.el7_6 gobject-introspection-1.56.1-1.el7 gperftools-libs-2.6.1-1.el7 gpm-libs-1.20.7-6.el7 grub2-2.02-0.81.el7.centos grub2-common-2.02-0.81.el7.centos grub2-pc-2.02-0.81.el7.centos grub2-pc-modules-2.02-0.81.el7.centos grub2-tools-2.02-0.81.el7.centos grub2-tools-extra-2.02-0.81.el7.centos grub2-tools-minimal-2.02-0.81.el7.centos grubby-8.28-26.el7 gzip-1.5-10.el7 harfbuzz-1.7.5-2.el7 hostname-3.13-3.el7_7.1 httpd-2.4.6-93.el7.centos httpd-tools-2.4.6-93.el7.centos hwdata-0.252-9.5.el7 info-5.1-5.el7 initscripts-9.49.49-1.el7 iproute-4.11.0-25.el7_7.2 iprutils-2.4.17.1-3.el7_7 ipset-7.1-1.el7 ipset-libs-7.1-1.el7 iptables-1.4.21-34.el7 iptables-services-1.4.21-34.el7 irqbalance-1.0.7-12.el7 jasper-libs-1.900.1-33.el7 java-1.8.0-openjdk-1.8.0.242.b08-1.el7 java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7 kbd-1.15.5-15.el7 kbd-legacy-1.15.5-15.el7 kbd-misc-1.15.5-15.el7 kernel-3.10.0-1127.el7 kernel-devel-3.10.0-1127.el7 kernel-headers-3.10.0-1127.el7 kernel-tools-3.10.0-1127.el7 kernel-tools-libs-3.10.0-1127.el7 kexec-tools-2.0.15-43.el7 kmod-20-28.el7 kmod-libs-20-28.el7 kpartx-0.4.9-131.el7 krb5-libs-1.15.1-46.el7 libX11-1.6.7-2.el7 libX11-common-1.6.7-2.el7 libXfont-1.5.4-1.el7 libacl-2.2.51-15.el7 libattr-2.4.46-13.el7 libblkid-2.23.2-63.el7 libcap-2.22-11.el7 libcgroup-0.41-21.el7 libcom_err-1.42.9-17.el7 libcroco-0.6.12-4.el7 libcurl-7.29.0-57.el7 libdb-5.3.21-25.el7 libdb-utils-5.3.21-25.el7 libdrm-2.4.97-2.el7 libfastjson-0.99.4-3.el7 libffi-3.0.13-19.el7 libgcc-4.8.5-39.el7 libgomp-4.8.5-39.el7 libicu-50.2-4.el7_7 libjpeg-turbo-1.2.90-8.el7 libmount-2.23.2-63.el7 libpcap-1.5.3-12.el7 libpciaccess-0.14-1.el7 libproxy-0.4.11-11.el7 libpwquality-1.2.3-5.el7 libreport-filesystem-2.1.11-53.el7.centos librsvg2-2.40.20-1.el7 librsync-2.0.2-1.el7 libseccomp-2.3.1-4.el7 libselinux-2.5-15.el7 libselinux-python-2.5-15.el7 libselinux-utils-2.5-15.el7 libsemanage-2.5-14.el7 libsemanage-python-2.5-14.el7 libsepol-2.5-10.el7 libsodium-1.0.18-1.el7 libss-1.42.9-17.el7 libssh2-1.8.0-3.el7 libstdc++-4.8.5-39.el7 libstdc++-devel-4.8.5-39.el7 libtiff-4.0.3-32.el7 libuser-0.60-9.el7 libuuid-2.23.2-63.el7 libxcb-1.13-1.el7 libxml2-2.9.1-6.el7.4 linux-firmware-20191203-76.gite8a0f4c.el7 lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7 logrotate-3.8.6-19.el7 logwatch-7.4.0-35.20130522svn140.el7_5 lsof-4.87-6.el7 lvm2-2.02.186-7.el7_8.1 lvm2-libs-2.02.186-7.el7_8.1 mailx-12.5-19.el7 make-3.82-24.el7 man-db-2.6.3-11.el7 mariadb-5.5.65-1.el7 mariadb-libs-5.5.65-1.el7 mariadb-server-5.5.65-1.el7 mdadm-4.1-4.el7 mesa-libEGL-18.3.4-7.el7 mesa-libGL-18.3.4-7.el7 mesa-libgbm-18.3.4-7.el7 mesa-libglapi-18.3.4-7.el7 mod_security-2.9.2-1.el7 mod_ssl-2.4.6-93.el7.centos mozjs17-17.0.0-20.el7 munin-2.0.54-1.el7 munin-common-2.0.54-1.el7 munin-node-2.0.54-1.el7 mutt-1.5.21-29.el7 neon-0.30.0-4.el7 net-snmp-5.7.2-48.el7_8 net-snmp-agent-libs-5.7.2-48.el7_8 net-snmp-libs-5.7.2-48.el7_8 net-snmp-utils-5.7.2-48.el7_8 nmap-6.40-19.el7 nmap-ncat-6.40-19.el7 nspr-4.21.0-1.el7 nss-3.44.0-7.el7_7 nss-pem-1.0.3-7.el7 nss-softokn-3.44.0-8.el7_7 nss-softokn-freebl-3.44.0-8.el7_7 nss-sysinit-3.44.0-7.el7_7 nss-tools-3.44.0-7.el7_7 nss-util-3.44.0-4.el7_7 ntp-4.2.6p5-29.el7.centos ntpdate-4.2.6p5-29.el7.centos numactl-libs-2.0.12-5.el7 openldap-2.4.44-21.el7_6 openssh-7.4p1-21.el7 openssh-clients-7.4p1-21.el7 openssh-server-7.4p1-21.el7 openssl-1.0.2k-19.el7 openssl-libs-1.0.2k-19.el7 openvpn-2.4.8-1.el7 pam-1.1.8-23.el7 pango-1.42.4-4.el7_7 parted-3.1-32.el7 passwd-0.79-6.el7 pciutils-libs-3.5.1-3.el7 perl-5.16.3-295.el7 perl-DBD-MySQL-4.023-6.el7 perl-DateTime-TimeZone-1.70-2.el7 perl-Getopt-Long-2.40-3.el7 perl-Git-1.8.3.1-21.el7_7 perl-HTTP-Daemon-6.01-8.el7 perl-IO-Socket-IP-0.21-5.el7 perl-IO-Socket-SSL-1.94-7.el7 perl-Net-CIDR-0.20-1.el7 perl-Pod-Escapes-1.04-295.el7 perl-Socket-2.010-5.el7 perl-libs-5.16.3-295.el7 perl-macros-5.16.3-295.el7 perl-version-0.99.07-6.el7 php-PsrLog-1.1.3-1.el7 php-fedora-autoloader-1.0.1-2.el7 php-seld-phar-utils-1.1.0-1.el7 php56w-5.6.40-1.w7 php56w-cli-5.6.40-1.w7 php56w-common-5.6.40-1.w7 php56w-enchant-5.6.40-1.w7 php56w-gd-5.6.40-1.w7 php56w-imap-5.6.40-1.w7 php56w-intl-5.6.40-1.w7 php56w-ldap-5.6.40-1.w7 php56w-mbstring-5.6.40-1.w7 php56w-mysql-5.6.40-1.w7 php56w-pdo-5.6.40-1.w7 php56w-process-5.6.40-1.w7 php56w-snmp-5.6.40-1.w7 php56w-xml-5.6.40-1.w7 plymouth-0.8.9-0.33.20140113.el7.centos plymouth-core-libs-0.8.9-0.33.20140113.el7.centos plymouth-scripts-0.8.9-0.33.20140113.el7.centos policycoreutils-2.5-34.el7 policycoreutils-python-2.5-34.el7 polkit-0.112-26.el7 postfix-2.10.1-9.el7 postgresql-libs-9.2.24-2.el7_7 procmail-3.22-36.el7_4.1 procps-ng-3.3.10-27.el7 pyOpenSSL-0.13.1-4.el7 python-2.7.5-88.el7 python-chardet-2.2.1-3.el7 python-devel-2.7.5-88.el7 python-gobject-base-3.22.0-1.el7_4.1 python-libs-2.7.5-88.el7 python-linux-procfs-0.4.11-4.el7 python-perf-3.10.0-1127.el7 python-requests-2.6.0-9.el7_8 python-slip-0.4.0-4.el7 python-urlgrabber-3.10-10.el7 python-urllib3-1.10.2-7.el7 python-virtualenv-15.1.0-4.el7_7 python-zope-component-4.1.0-5.el7 python2-acme-1.3.0-1.el7 python2-cached_property-1.5.1-2.el7 python2-certbot-1.3.0-1.el7 python2-docopt-0.6.2-8.el7 python2-future-0.18.2-2.el7 python2-iso8601-0.1.11-8.el7 python2-josepy-1.3.0-2.el7 python2-jsonschema-2.5.1-4.el7 python2-keyring-5.0-4.el7 python2-mock-1.0.1-10.el7 python2-parsedatetime-2.4-6.el7 python2-psutil-5.6.7-1.el7 python2-texttable-1.6.2-1.el7 readline-6.2-11.el7 redhat-rpm-config-9.1.0-88.el7.centos rpm-4.11.3-43.el7 rpm-build-libs-4.11.3-43.el7 rpm-libs-4.11.3-43.el7 rpm-python-4.11.3-43.el7 rsync-3.1.2-10.el7 rsyslog-8.24.0-52.el7 screen-4.1.0-0.25.20120314git3c2946.el7 sed-4.2.2-6.el7 selinux-policy-3.13.1-266.el7 selinux-policy-targeted-3.13.1-266.el7 setools-libs-3.3.8-4.el7 setup-2.8.71-11.el7 shadow-utils-4.6-5.el7 shared-mime-info-1.8-5.el7 sqlite-3.7.17-8.el7_7.1 subversion-1.7.14-14.el7 subversion-libs-1.7.14-14.el7 sudo-1.8.23-9.el7 sysstat-10.1.5-19.el7 systemd-219-73.el7_8.5 systemd-libs-219-73.el7_8.5 systemd-sysv-219-73.el7_8.5 tar-1.26-35.el7 tcpdump-4.9.2-4.el7_7.1 telnet-0.17-65.el7_8 tuned-2.11.0-8.el7 tzdata-2019c-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 util-linux-2.23.2-63.el7 vim-common-7.4.629-6.el7 vim-enhanced-7.4.629-6.el7 vim-filesystem-7.4.629-6.el7 vim-minimal-7.4.629-6.el7 virt-what-1.18-4.el7 webmin-1.941-1 wget-1.14-18.el7_6.1 xfsprogs-4.5.0-20.el7 xorg-x11-font-utils-7.5-21.el7 yum-3.4.3-167.el7.centos yum-cron-3.4.3-167.el7.centos yum-plugin-fastestmirror-1.1.31-53.el7 zlib-1.2.7-18.el7 &> "${tmpDir}/update.log"
   
real	10m9.596s
user	3m12.720s
sys	1m19.348s
[root@osestaging1 ~]# cat $tmpDir/update.log 
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: mirror.plustech.de
 * epel: mirrors.n-ix.net
 * extras: mirror.alpix.eu
 * updates: linux.darkpenguin.net
 * webtatic: uk.repo.webtatic.com
No Match for argument: libxcbp-5.6.40-1.w7
No package libxcbp-5.6.40-1.w7 available.
Resolving Dependencies
--> Running transaction check
---> Package GeoIP.x86_64 0:1.5.0-11.el7 will be updated
---> Package GeoIP.x86_64 0:1.5.0-14.el7 will be an update
--> Processing Dependency: geoipupdate for package: GeoIP-1.5.0-14.el7.x86_64
---> Package acl.x86_64 0:2.2.51-12.el7 will be updated
---> Package acl.x86_64 0:2.2.51-15.el7 will be an update
---> Package acpid.x86_64 0:2.0.19-8.el7 will be updated
---> Package acpid.x86_64 0:2.0.19-9.el7 will be an update
---> Package alsa-lib.x86_64 0:1.1.3-3.el7 will be updated
---> Package alsa-lib.x86_64 0:1.1.8-1.el7 will be an update
---> Package apr.x86_64 0:1.4.8-3.el7 will be updated
---> Package apr.x86_64 0:1.4.8-5.el7 will be an update
---> Package audit.x86_64 0:2.7.6-3.el7 will be updated
---> Package audit.x86_64 0:2.8.5-4.el7 will be an update
---> Package audit-libs.x86_64 0:2.7.6-3.el7 will be updated
---> Package audit-libs.x86_64 0:2.8.5-4.el7 will be an update
---> Package audit-libs-python.x86_64 0:2.7.6-3.el7 will be updated
---> Package audit-libs-python.x86_64 0:2.8.5-4.el7 will be an update
---> Package augeas-libs.x86_64 0:1.4.0-2.el7_4.1 will be updated
---> Package augeas-libs.x86_64 0:1.4.0-9.el7_7.1 will be an update
---> Package awstats.noarch 0:7.6-4.el7 will be updated
---> Package awstats.noarch 0:7.7-1.el7 will be an update
---> Package bash.x86_64 0:4.2.46-29.el7_4 will be updated
---> Package bash.x86_64 0:4.2.46-34.el7 will be an update
---> Package bind-libs.x86_64 32:9.9.4-51.el7 will be updated
---> Package bind-libs.x86_64 32:9.11.4-16.P2.el7_8.2 will be an update
---> Package bind-libs-lite.x86_64 32:9.9.4-51.el7 will be updated
---> Package bind-libs-lite.x86_64 32:9.11.4-16.P2.el7_8.2 will be an update
---> Package bind-license.noarch 32:9.9.4-51.el7 will be updated
---> Package bind-license.noarch 32:9.11.4-16.P2.el7_8.2 will be an update
---> Package bind-utils.x86_64 32:9.9.4-51.el7 will be updated
---> Package bind-utils.x86_64 32:9.11.4-16.P2.el7_8.2 will be an update
---> Package binutils.x86_64 0:2.25.1-32.base.el7_4.1 will be updated
---> Package binutils.x86_64 0:2.27-43.base.el7 will be an update
---> Package biosdevname.x86_64 0:0.7.2-2.el7 will be updated
---> Package biosdevname.x86_64 0:0.7.3-2.el7 will be an update
---> Package ca-certificates.noarch 0:2017.2.14-71.el7 will be updated
---> Package ca-certificates.noarch 0:2019.2.32-76.el7_7 will be an update
---> Package cairo.x86_64 0:1.14.8-2.el7 will be updated
---> Package cairo.x86_64 0:1.15.12-4.el7 will be an update
---> Package centos-release.x86_64 0:7-4.1708.el7.centos will be updated
---> Package centos-release.x86_64 0:7-8.2003.0.el7.centos will be an update
---> Package certbot.noarch 0:0.26.1-2.el7 will be updated
---> Package certbot.noarch 0:1.3.0-1.el7 will be an update
---> Package checkpolicy.x86_64 0:2.5-4.el7 will be updated
---> Package checkpolicy.x86_64 0:2.5-8.el7 will be an update
---> Package chrony.x86_64 0:3.1-2.el7.centos will be updated
---> Package chrony.x86_64 0:3.4-1.el7 will be an update
---> Package copy-jdk-configs.noarch 0:2.2-3.el7 will be updated
---> Package copy-jdk-configs.noarch 0:3.3-10.el7_5 will be an update
---> Package coreutils.x86_64 0:8.22-18.el7 will be updated
---> Package coreutils.x86_64 0:8.22-24.el7 will be an update
---> Package cpio.x86_64 0:2.11-25.el7_4 will be updated
---> Package cpio.x86_64 0:2.11-27.el7 will be an update
---> Package cpp.x86_64 0:4.8.5-16.el7 will be updated
---> Package cpp.x86_64 0:4.8.5-39.el7 will be an update
---> Package cronie.x86_64 0:1.4.11-17.el7 will be updated
---> Package cronie.x86_64 0:1.4.11-23.el7 will be an update
---> Package cronie-anacron.x86_64 0:1.4.11-17.el7 will be updated
---> Package cronie-anacron.x86_64 0:1.4.11-23.el7 will be an update
---> Package cryptsetup-libs.x86_64 0:1.7.4-3.el7 will be updated
---> Package cryptsetup-libs.x86_64 0:2.0.3-6.el7 will be an update
---> Package curl.x86_64 0:7.29.0-42.el7 will be updated
---> Package curl.x86_64 0:7.29.0-57.el7 will be an update
---> Package cyrus-sasl-lib.x86_64 0:2.1.26-21.el7 will be updated
---> Package cyrus-sasl-lib.x86_64 0:2.1.26-23.el7 will be an update
---> Package dbus.x86_64 1:1.6.12-17.el7 will be updated
---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update
---> Package dbus-libs.x86_64 1:1.6.12-17.el7 will be updated
---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update
---> Package device-mapper.x86_64 7:1.02.140-8.el7 will be updated
---> Package device-mapper.x86_64 7:1.02.164-7.el7_8.1 will be an update
---> Package device-mapper-event.x86_64 7:1.02.140-8.el7 will be updated
--> Processing Dependency: device-mapper-event = 7:1.02.140-8.el7 for package: 7:lvm2-libs-2.02.171-8.el7.x86_64
---> Package device-mapper-event.x86_64 7:1.02.164-7.el7_8.1 will be an update
---> Package device-mapper-event-libs.x86_64 7:1.02.140-8.el7 will be updated
---> Package device-mapper-event-libs.x86_64 7:1.02.164-7.el7_8.1 will be an update
---> Package device-mapper-libs.x86_64 7:1.02.140-8.el7 will be updated
---> Package device-mapper-libs.x86_64 7:1.02.164-7.el7_8.1 will be an update
---> Package device-mapper-persistent-data.x86_64 0:0.7.0-0.1.rc6.el7 will be updated
---> Package device-mapper-persistent-data.x86_64 0:0.8.5-2.el7 will be an update
---> Package dhclient.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhclient.x86_64 12:4.2.5-79.el7.centos will be an update
--> Processing Dependency: libisc-export.so.169()(64bit) for package: 12:dhclient-4.2.5-79.el7.centos.x86_64
--> Processing Dependency: libdns-export.so.1102()(64bit) for package: 12:dhclient-4.2.5-79.el7.centos.x86_64
---> Package dhcp-common.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhcp-common.x86_64 12:4.2.5-79.el7.centos will be an update
---> Package dhcp-libs.x86_64 12:4.2.5-58.el7.centos will be updated
---> Package dhcp-libs.x86_64 12:4.2.5-79.el7.centos will be an update
---> Package dialog.x86_64 0:1.2-4.20130523.el7 will be updated
---> Package dialog.x86_64 0:1.2-5.20130523.el7 will be an update
---> Package diffutils.x86_64 0:3.3-4.el7 will be updated
---> Package diffutils.x86_64 0:3.3-5.el7 will be an update
---> Package dmidecode.x86_64 1:3.0-5.el7 will be updated
---> Package dmidecode.x86_64 1:3.2-3.el7 will be an update
---> Package dracut.x86_64 0:033-502.el7 will be updated
---> Package dracut.x86_64 0:033-568.el7 will be an update
---> Package dracut-network.x86_64 0:033-502.el7 will be updated
---> Package dracut-network.x86_64 0:033-568.el7 will be an update
---> Package e2fsprogs.x86_64 0:1.42.9-10.el7 will be updated
---> Package e2fsprogs.x86_64 0:1.42.9-17.el7 will be an update
---> Package e2fsprogs-libs.x86_64 0:1.42.9-10.el7 will be updated
---> Package e2fsprogs-libs.x86_64 0:1.42.9-17.el7 will be an update
---> Package ebtables.x86_64 0:2.0.10-15.el7 will be updated
---> Package ebtables.x86_64 0:2.0.10-16.el7 will be an update
---> Package elfutils-default-yama-scope.noarch 0:0.168-8.el7 will be updated
---> Package elfutils-default-yama-scope.noarch 0:0.176-4.el7 will be an update
---> Package elfutils-libelf.x86_64 0:0.168-8.el7 will be updated
---> Package elfutils-libelf.x86_64 0:0.176-4.el7 will be an update
---> Package elfutils-libs.x86_64 0:0.168-8.el7 will be updated
---> Package elfutils-libs.x86_64 0:0.176-4.el7 will be an update
---> Package epel-release.noarch 0:7-11 will be updated
---> Package epel-release.noarch 0:7-12 will be an update
---> Package ethtool.x86_64 2:4.8-1.el7 will be updated
---> Package ethtool.x86_64 2:4.8-10.el7 will be an update
---> Package expat.x86_64 0:2.1.0-10.el7_3 will be updated
---> Package expat.x86_64 0:2.1.0-11.el7 will be an update
---> Package file.x86_64 0:5.11-33.el7 will be updated
---> Package file.x86_64 0:5.11-36.el7 will be an update
---> Package file-libs.x86_64 0:5.11-33.el7 will be updated
---> Package file-libs.x86_64 0:5.11-36.el7 will be an update
---> Package filesystem.x86_64 0:3.2-21.el7 will be updated
---> Package filesystem.x86_64 0:3.2-25.el7 will be an update
---> Package findutils.x86_64 1:4.5.11-5.el7 will be updated
---> Package findutils.x86_64 1:4.5.11-6.el7 will be an update
---> Package firewalld-filesystem.noarch 0:0.4.4.4-6.el7 will be updated
---> Package firewalld-filesystem.noarch 0:0.6.3-8.el7_8.1 will be an update
---> Package fontconfig.x86_64 0:2.10.95-11.el7 will be updated
---> Package fontconfig.x86_64 0:2.13.0-4.3.el7 will be an update
--> Processing Dependency: dejavu-sans-fonts for package: fontconfig-2.13.0-4.3.el7.x86_64
---> Package freetype.x86_64 0:2.4.11-15.el7 will be updated
---> Package freetype.x86_64 0:2.8-14.el7 will be an update
---> Package gcc.x86_64 0:4.8.5-16.el7 will be updated
---> Package gcc.x86_64 0:4.8.5-39.el7 will be an update
---> Package gcc-c++.x86_64 0:4.8.5-16.el7 will be updated
---> Package gcc-c++.x86_64 0:4.8.5-39.el7 will be an update
---> Package gdisk.x86_64 0:0.8.6-5.el7 will be updated
---> Package gdisk.x86_64 0:0.8.10-3.el7 will be an update
---> Package gdk-pixbuf2.x86_64 0:2.36.5-1.el7 will be updated
---> Package gdk-pixbuf2.x86_64 0:2.36.12-3.el7 will be an update
---> Package gettext.x86_64 0:0.19.8.1-2.el7 will be updated
---> Package gettext.x86_64 0:0.19.8.1-3.el7 will be an update
---> Package gettext-libs.x86_64 0:0.19.8.1-2.el7 will be updated
---> Package gettext-libs.x86_64 0:0.19.8.1-3.el7 will be an update
---> Package git.x86_64 0:1.8.3.1-12.el7_4 will be updated
--> Processing Dependency: git = 1.8.3.1-12.el7_4 for package: perl-Git-1.8.3.1-12.el7_4.noarch
---> Package git.x86_64 0:1.8.3.1-21.el7_7 will be an update
---> Package glib2.x86_64 0:2.50.3-3.el7 will be updated
---> Package glib2.x86_64 0:2.56.1-5.el7 will be an update
---> Package glibc.x86_64 0:2.17-196.el7 will be updated
---> Package glibc.x86_64 0:2.17-307.el7.1 will be an update
---> Package glibc-common.x86_64 0:2.17-196.el7 will be updated
---> Package glibc-common.x86_64 0:2.17-307.el7.1 will be an update
---> Package glibc-devel.x86_64 0:2.17-196.el7 will be updated
---> Package glibc-devel.x86_64 0:2.17-307.el7.1 will be an update
---> Package glibc-headers.x86_64 0:2.17-196.el7 will be updated
---> Package glibc-headers.x86_64 0:2.17-307.el7.1 will be an update
---> Package gnupg2.x86_64 0:2.0.22-4.el7 will be updated
---> Package gnupg2.x86_64 0:2.0.22-5.el7_5 will be an update
---> Package gnutls.x86_64 0:3.3.26-9.el7 will be updated
---> Package gnutls.x86_64 0:3.3.29-9.el7_6 will be an update
---> Package gobject-introspection.x86_64 0:1.50.0-1.el7 will be updated
---> Package gobject-introspection.x86_64 0:1.56.1-1.el7 will be an update
---> Package gperftools-libs.x86_64 0:2.4-8.el7 will be updated
---> Package gperftools-libs.x86_64 0:2.6.1-1.el7 will be an update
---> Package gpm-libs.x86_64 0:1.20.7-5.el7 will be updated
---> Package gpm-libs.x86_64 0:1.20.7-6.el7 will be an update
---> Package grub2.x86_64 1:2.02-0.64.el7.centos will be updated
---> Package grub2.x86_64 1:2.02-0.64.el7.centos will be obsoleted
---> Package grub2.x86_64 1:2.02-0.81.el7.centos will be obsoleting
---> Package grub2-common.noarch 1:2.02-0.64.el7.centos will be updated
---> Package grub2-common.noarch 1:2.02-0.81.el7.centos will be an update
---> Package grub2-pc.x86_64 1:2.02-0.64.el7.centos will be updated
---> Package grub2-pc.x86_64 1:2.02-0.81.el7.centos will be an update
---> Package grub2-pc-modules.noarch 1:2.02-0.64.el7.centos will be updated
---> Package grub2-pc-modules.noarch 1:2.02-0.81.el7.centos will be an update
---> Package grub2-tools.x86_64 1:2.02-0.64.el7.centos will be obsoleted
---> Package grub2-tools.x86_64 1:2.02-0.64.el7.centos will be updated
---> Package grub2-tools.x86_64 1:2.02-0.81.el7.centos will be obsoleting
---> Package grub2-tools-efi.x86_64 1:2.02-0.64.el7.centos will be obsoleted
---> Package grub2-tools-extra.x86_64 1:2.02-0.64.el7.centos will be updated
---> Package grub2-tools-extra.x86_64 1:2.02-0.81.el7.centos will be obsoleting
---> Package grub2-tools-minimal.x86_64 1:2.02-0.64.el7.centos will be updated
---> Package grub2-tools-minimal.x86_64 1:2.02-0.81.el7.centos will be obsoleting
---> Package grubby.x86_64 0:8.28-23.el7 will be updated
---> Package grubby.x86_64 0:8.28-26.el7 will be an update
---> Package gzip.x86_64 0:1.5-9.el7 will be updated
---> Package gzip.x86_64 0:1.5-10.el7 will be an update
---> Package harfbuzz.x86_64 0:1.3.2-1.el7 will be updated
---> Package harfbuzz.x86_64 0:1.7.5-2.el7 will be an update
---> Package hostname.x86_64 0:3.13-3.el7 will be updated
---> Package hostname.x86_64 0:3.13-3.el7_7.1 will be an update
---> Package httpd.x86_64 0:2.4.6-67.el7.centos.2 will be updated
--> Processing Dependency: httpd = 2.4.6-67.el7.centos.2 for package: 1:mod_ssl-2.4.6-67.el7.centos.2.x86_64
---> Package httpd.x86_64 0:2.4.6-93.el7.centos will be an update
---> Package httpd-tools.x86_64 0:2.4.6-67.el7.centos.2 will be updated
---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be an update
---> Package hwdata.x86_64 0:0.252-8.6.el7 will be updated
---> Package hwdata.x86_64 0:0.252-9.5.el7 will be an update
---> Package info.x86_64 0:5.1-4.el7 will be updated
---> Package info.x86_64 0:5.1-5.el7 will be an update
---> Package initscripts.x86_64 0:9.49.39-1.el7 will be updated
---> Package initscripts.x86_64 0:9.49.49-1.el7 will be an update
---> Package iproute.x86_64 0:3.10.0-87.el7 will be updated
---> Package iproute.x86_64 0:4.11.0-25.el7_7.2 will be an update
---> Package iprutils.x86_64 0:2.4.14.1-1.el7 will be updated
---> Package iprutils.x86_64 0:2.4.17.1-3.el7_7 will be an update
---> Package ipset.x86_64 0:6.29-1.el7 will be updated
---> Package ipset.x86_64 0:7.1-1.el7 will be an update
---> Package ipset-libs.x86_64 0:6.29-1.el7 will be updated
---> Package ipset-libs.x86_64 0:7.1-1.el7 will be an update
---> Package iptables.x86_64 0:1.4.21-18.0.1.el7.centos will be updated
---> Package iptables.x86_64 0:1.4.21-34.el7 will be an update
---> Package iptables-services.x86_64 0:1.4.21-18.0.1.el7.centos will be updated
---> Package iptables-services.x86_64 0:1.4.21-34.el7 will be an update
---> Package irqbalance.x86_64 3:1.0.7-10.el7 will be updated
---> Package irqbalance.x86_64 3:1.0.7-12.el7 will be an update
---> Package jasper-libs.x86_64 0:1.900.1-31.el7 will be updated
---> Package jasper-libs.x86_64 0:1.900.1-33.el7 will be an update
---> Package java-1.8.0-openjdk.x86_64 1:1.8.0.181-3.b13.el7_5 will be updated
---> Package java-1.8.0-openjdk.x86_64 1:1.8.0.242.b08-1.el7 will be an update
--> Processing Dependency: gtk2(x86-64) for package: 1:java-1.8.0-openjdk-1.8.0.242.b08-1.el7.x86_64
---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.181-3.b13.el7_5 will be updated
---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.242.b08-1.el7 will be an update
--> Processing Dependency: pcsc-lite-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7.x86_64
--> Processing Dependency: cups-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7.x86_64
---> Package kbd.x86_64 0:1.15.5-13.el7 will be updated
---> Package kbd.x86_64 0:1.15.5-15.el7 will be an update
---> Package kbd-legacy.noarch 0:1.15.5-13.el7 will be updated
---> Package kbd-legacy.noarch 0:1.15.5-15.el7 will be an update
---> Package kbd-misc.noarch 0:1.15.5-13.el7 will be updated
---> Package kbd-misc.noarch 0:1.15.5-15.el7 will be an update
---> Package kernel.x86_64 0:3.10.0-1127.el7 will be installed
--> Processing Dependency: linux-firmware >= 20190429-72 for package: kernel-3.10.0-1127.el7.x86_64
---> Package kernel-devel.x86_64 0:3.10.0-1127.el7 will be installed
---> Package kernel-headers.x86_64 0:3.10.0-693.2.2.el7 will be updated
---> Package kernel-headers.x86_64 0:3.10.0-1127.el7 will be an update
---> Package kernel-tools.x86_64 0:3.10.0-693.2.2.el7 will be updated
---> Package kernel-tools.x86_64 0:3.10.0-1127.el7 will be an update
---> Package kernel-tools-libs.x86_64 0:3.10.0-693.2.2.el7 will be updated
---> Package kernel-tools-libs.x86_64 0:3.10.0-1127.el7 will be an update
---> Package kexec-tools.x86_64 0:2.0.14-17.el7 will be updated
---> Package kexec-tools.x86_64 0:2.0.15-43.el7 will be an update
---> Package kmod.x86_64 0:20-15.el7_4.2 will be updated
---> Package kmod.x86_64 0:20-28.el7 will be an update
---> Package kmod-libs.x86_64 0:20-15.el7_4.2 will be updated
---> Package kmod-libs.x86_64 0:20-28.el7 will be an update
---> Package kpartx.x86_64 0:0.4.9-111.el7 will be updated
---> Package kpartx.x86_64 0:0.4.9-131.el7 will be an update
---> Package krb5-libs.x86_64 0:1.15.1-8.el7 will be updated
---> Package krb5-libs.x86_64 0:1.15.1-46.el7 will be an update
---> Package libX11.x86_64 0:1.6.5-1.el7 will be updated
---> Package libX11.x86_64 0:1.6.7-2.el7 will be an update
---> Package libX11-common.noarch 0:1.6.5-1.el7 will be updated
---> Package libX11-common.noarch 0:1.6.7-2.el7 will be an update
---> Package libXfont.x86_64 0:1.5.2-1.el7 will be updated
---> Package libXfont.x86_64 0:1.5.4-1.el7 will be an update
---> Package libacl.x86_64 0:2.2.51-12.el7 will be updated
---> Package libacl.x86_64 0:2.2.51-15.el7 will be an update
---> Package libattr.x86_64 0:2.4.46-12.el7 will be updated
---> Package libattr.x86_64 0:2.4.46-13.el7 will be an update
---> Package libblkid.x86_64 0:2.23.2-43.el7 will be updated
---> Package libblkid.x86_64 0:2.23.2-63.el7 will be an update
---> Package libcap.x86_64 0:2.22-9.el7 will be updated
---> Package libcap.x86_64 0:2.22-11.el7 will be an update
---> Package libcgroup.x86_64 0:0.41-13.el7 will be updated
---> Package libcgroup.x86_64 0:0.41-21.el7 will be an update
---> Package libcom_err.x86_64 0:1.42.9-10.el7 will be updated
---> Package libcom_err.x86_64 0:1.42.9-17.el7 will be an update
---> Package libcroco.x86_64 0:0.6.11-1.el7 will be updated
---> Package libcroco.x86_64 0:0.6.12-4.el7 will be an update
---> Package libcurl.x86_64 0:7.29.0-42.el7 will be updated
---> Package libcurl.x86_64 0:7.29.0-57.el7 will be an update
--> Processing Dependency: nss-pem(x86-64) >= 1.0.3-5 for package: libcurl-7.29.0-57.el7.x86_64
---> Package libdb.x86_64 0:5.3.21-20.el7 will be updated
---> Package libdb.x86_64 0:5.3.21-25.el7 will be an update
---> Package libdb-utils.x86_64 0:5.3.21-20.el7 will be updated
---> Package libdb-utils.x86_64 0:5.3.21-25.el7 will be an update
---> Package libdrm.x86_64 0:2.4.74-1.el7 will be updated
---> Package libdrm.x86_64 0:2.4.97-2.el7 will be an update
---> Package libfastjson.x86_64 0:0.99.4-2.el7 will be updated
---> Package libfastjson.x86_64 0:0.99.4-3.el7 will be an update
---> Package libffi.x86_64 0:3.0.13-18.el7 will be updated
---> Package libffi.x86_64 0:3.0.13-19.el7 will be an update
---> Package libgcc.x86_64 0:4.8.5-16.el7 will be updated
---> Package libgcc.x86_64 0:4.8.5-39.el7 will be an update
---> Package libgomp.x86_64 0:4.8.5-16.el7 will be updated
---> Package libgomp.x86_64 0:4.8.5-39.el7 will be an update
---> Package libicu.x86_64 0:50.1.2-15.el7 will be updated
---> Package libicu.x86_64 0:50.2-4.el7_7 will be an update
---> Package libjpeg-turbo.x86_64 0:1.2.90-5.el7 will be updated
---> Package libjpeg-turbo.x86_64 0:1.2.90-8.el7 will be an update
---> Package libmount.x86_64 0:2.23.2-43.el7 will be updated
---> Package libmount.x86_64 0:2.23.2-63.el7 will be an update
---> Package libpcap.x86_64 14:1.5.3-9.el7 will be updated
---> Package libpcap.x86_64 14:1.5.3-12.el7 will be an update
---> Package libpciaccess.x86_64 0:0.13.4-3.el7_3 will be updated
---> Package libpciaccess.x86_64 0:0.14-1.el7 will be an update
---> Package libproxy.x86_64 0:0.4.11-10.el7 will be updated
---> Package libproxy.x86_64 0:0.4.11-11.el7 will be an update
---> Package libpwquality.x86_64 0:1.2.3-4.el7 will be updated
---> Package libpwquality.x86_64 0:1.2.3-5.el7 will be an update
---> Package libreport-filesystem.x86_64 0:2.1.11-38.el7.centos will be updated
---> Package libreport-filesystem.x86_64 0:2.1.11-53.el7.centos will be an update
---> Package librsvg2.x86_64 0:2.40.16-1.el7 will be updated
---> Package librsvg2.x86_64 0:2.40.20-1.el7 will be an update
---> Package librsync.x86_64 0:1.0.0-1.el7 will be updated
---> Package librsync.x86_64 0:2.0.2-1.el7 will be an update
---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be updated
---> Package libseccomp.x86_64 0:2.3.1-4.el7 will be an update
---> Package libselinux.x86_64 0:2.5-11.el7 will be updated
---> Package libselinux.x86_64 0:2.5-15.el7 will be an update
---> Package libselinux-python.x86_64 0:2.5-11.el7 will be updated
---> Package libselinux-python.x86_64 0:2.5-15.el7 will be an update
---> Package libselinux-utils.x86_64 0:2.5-11.el7 will be updated
---> Package libselinux-utils.x86_64 0:2.5-15.el7 will be an update
---> Package libsemanage.x86_64 0:2.5-8.el7 will be updated
---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update
---> Package libsemanage-python.x86_64 0:2.5-8.el7 will be updated
---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be an update
---> Package libsepol.x86_64 0:2.5-6.el7 will be updated
---> Package libsepol.x86_64 0:2.5-10.el7 will be an update
---> Package libsodium.x86_64 0:1.0.17-1.el7 will be updated
---> Package libsodium.x86_64 0:1.0.18-1.el7 will be an update
---> Package libss.x86_64 0:1.42.9-10.el7 will be updated
---> Package libss.x86_64 0:1.42.9-17.el7 will be an update
---> Package libssh2.x86_64 0:1.4.3-10.el7_2.1 will be updated
---> Package libssh2.x86_64 0:1.8.0-3.el7 will be an update
---> Package libstdc++.x86_64 0:4.8.5-16.el7 will be updated
---> Package libstdc++.x86_64 0:4.8.5-39.el7 will be an update
---> Package libstdc++-devel.x86_64 0:4.8.5-16.el7 will be updated
---> Package libstdc++-devel.x86_64 0:4.8.5-39.el7 will be an update
---> Package libtiff.x86_64 0:4.0.3-27.el7_3 will be updated
---> Package libtiff.x86_64 0:4.0.3-32.el7 will be an update
---> Package libuser.x86_64 0:0.60-7.el7_1 will be updated
---> Package libuser.x86_64 0:0.60-9.el7 will be an update
---> Package libuuid.x86_64 0:2.23.2-43.el7 will be updated
---> Package libuuid.x86_64 0:2.23.2-63.el7 will be an update
---> Package php56w-mbstring.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-mbstring.x86_64 0:5.6.40-1.w7 will be an update
--> Processing Dependency: php56w-common(x86-64) = 5.6.40-1.w7 for package: php56w-mbstring-5.6.40-1.w7.x86_64
---> Package php56w-mysql.x86_64 0:5.6.31-1.w7 will be updated
---> Package php56w-mysql.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-pdo.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-pdo.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-process.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-process.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-snmp.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-snmp.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-xml.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-xml.x86_64 0:5.6.40-1.w7 will be an update
---> Package plymouth.x86_64 0:0.8.9-0.28.20140113.el7.centos will be updated
---> Package plymouth.x86_64 0:0.8.9-0.33.20140113.el7.centos will be an update
---> Package plymouth-core-libs.x86_64 0:0.8.9-0.28.20140113.el7.centos will be updated
---> Package plymouth-core-libs.x86_64 0:0.8.9-0.33.20140113.el7.centos will be an update
---> Package plymouth-scripts.x86_64 0:0.8.9-0.28.20140113.el7.centos will be updated
---> Package plymouth-scripts.x86_64 0:0.8.9-0.33.20140113.el7.centos will be an update
---> Package policycoreutils.x86_64 0:2.5-17.1.el7 will be updated
---> Package policycoreutils.x86_64 0:2.5-34.el7 will be an update
---> Package policycoreutils-python.x86_64 0:2.5-17.1.el7 will be updated
---> Package policycoreutils-python.x86_64 0:2.5-34.el7 will be an update
---> Package polkit.x86_64 0:0.112-12.el7_3 will be updated
---> Package polkit.x86_64 0:0.112-26.el7 will be an update
---> Package postfix.x86_64 2:2.10.1-6.el7 will be updated
---> Package postfix.x86_64 2:2.10.1-9.el7 will be an update
---> Package postgresql-libs.x86_64 0:9.2.23-1.el7_4 will be updated
---> Package postgresql-libs.x86_64 0:9.2.24-2.el7_7 will be an update
---> Package procmail.x86_64 0:3.22-36.el7 will be updated
---> Package procmail.x86_64 0:3.22-36.el7_4.1 will be an update
---> Package procps-ng.x86_64 0:3.3.10-16.el7 will be updated
---> Package procps-ng.x86_64 0:3.3.10-27.el7 will be an update
---> Package pyOpenSSL.x86_64 0:0.13.1-3.el7 will be updated
---> Package pyOpenSSL.x86_64 0:0.13.1-4.el7 will be an update
---> Package python.x86_64 0:2.7.5-69.el7_5 will be updated
---> Package python.x86_64 0:2.7.5-88.el7 will be an update
---> Package python-chardet.noarch 0:2.2.1-1.el7_1 will be updated
---> Package python-chardet.noarch 0:2.2.1-3.el7 will be an update
---> Package python-devel.x86_64 0:2.7.5-69.el7_5 will be updated
---> Package python-devel.x86_64 0:2.7.5-88.el7 will be an update
--> Processing Dependency: python2-rpm-macros > 3-30 for package: python-devel-2.7.5-88.el7.x86_64
--> Processing Dependency: python-rpm-macros > 3-30 for package: python-devel-2.7.5-88.el7.x86_64
---> Package python-gobject-base.x86_64 0:3.22.0-1.el7 will be updated
---> Package python-gobject-base.x86_64 0:3.22.0-1.el7_4.1 will be an update
---> Package python-libs.x86_64 0:2.7.5-69.el7_5 will be updated
---> Package python-libs.x86_64 0:2.7.5-88.el7 will be an update
---> Package python-linux-procfs.noarch 0:0.4.9-3.el7 will be updated
---> Package python-linux-procfs.noarch 0:0.4.11-4.el7 will be an update
---> Package python-perf.x86_64 0:3.10.0-693.2.2.el7 will be updated
---> Package python-perf.x86_64 0:3.10.0-1127.el7 will be an update
---> Package python-requests.noarch 0:2.6.0-1.el7_1 will be updated
---> Package python-requests.noarch 0:2.6.0-9.el7_8 will be obsoleting
---> Package python-slip.noarch 0:0.4.0-2.el7 will be updated
---> Package python-slip.noarch 0:0.4.0-4.el7 will be an update
---> Package python-urlgrabber.noarch 0:3.10-8.el7 will be updated
---> Package python-urlgrabber.noarch 0:3.10-10.el7 will be an update
---> Package python-urllib3.noarch 0:1.10.2-5.el7 will be updated
---> Package python-urllib3.noarch 0:1.10.2-7.el7 will be an update
---> Package python-virtualenv.noarch 0:15.1.0-2.el7 will be updated
---> Package python-virtualenv.noarch 0:15.1.0-4.el7_7 will be an update
---> Package python-zope-component.noarch 1:4.1.0-3.el7 will be updated
---> Package python-zope-component.noarch 1:4.1.0-5.el7 will be an update
---> Package python2-acme.noarch 0:0.25.1-1.el7 will be updated
---> Package python2-acme.noarch 0:1.3.0-1.el7 will be an update
---> Package python2-cached_property.noarch 0:1.3.0-7.el7 will be updated
---> Package python2-cached_property.noarch 0:1.5.1-2.el7 will be an update
---> Package python2-certbot.noarch 0:0.26.1-2.el7 will be updated
---> Package python2-certbot.noarch 0:1.3.0-1.el7 will be an update
--> Processing Dependency: python2-distro >= 1.0.1 for package: python2-certbot-1.3.0-1.el7.noarch
---> Package python2-docopt.noarch 0:0.6.2-7.el7 will be updated
---> Package python2-docopt.noarch 0:0.6.2-8.el7 will be an update
---> Package python2-future.noarch 0:0.16.0-6.el7 will be updated
---> Package python2-future.noarch 0:0.18.2-2.el7 will be an update
---> Package python2-iso8601.noarch 0:0.1.11-7.el7 will be updated
---> Package python2-iso8601.noarch 0:0.1.11-8.el7 will be an update
---> Package python2-josepy.noarch 0:1.1.0-1.el7 will be updated
---> Package python2-josepy.noarch 0:1.3.0-2.el7 will be an update
---> Package python2-jsonschema.noarch 0:2.5.1-3.el7 will be updated
---> Package python2-jsonschema.noarch 0:2.5.1-4.el7 will be an update
---> Package python2-keyring.noarch 0:5.0-3.el7 will be updated
---> Package python2-keyring.noarch 0:5.0-4.el7 will be an update
---> Package python2-mock.noarch 0:1.0.1-9.el7 will be updated
---> Package python2-mock.noarch 0:1.0.1-10.el7 will be an update
---> Package python2-parsedatetime.noarch 0:2.4-5.el7 will be updated
---> Package python2-parsedatetime.noarch 0:2.4-6.el7 will be an update
---> Package python2-psutil.x86_64 0:2.2.1-2.el7 will be updated
---> Package python2-psutil.x86_64 0:5.6.7-1.el7 will be an update
---> Package python2-requests.noarch 0:2.6.0-0.el7 will be obsoleted
---> Package python2-texttable.noarch 0:1.3.1-1.el7 will be updated
---> Package python2-texttable.noarch 0:1.6.2-1.el7 will be an update
---> Package readline.x86_64 0:6.2-10.el7 will be updated
---> Package readline.x86_64 0:6.2-11.el7 will be an update
---> Package redhat-rpm-config.noarch 0:9.1.0-76.el7.centos will be updated
---> Package redhat-rpm-config.noarch 0:9.1.0-88.el7.centos will be an update
--> Processing Dependency: python-srpm-macros for package: redhat-rpm-config-9.1.0-88.el7.centos.noarch
---> Package rpm.x86_64 0:4.11.3-25.el7 will be updated
---> Package rpm.x86_64 0:4.11.3-43.el7 will be an update
---> Package rpm-build-libs.x86_64 0:4.11.3-25.el7 will be updated
---> Package rpm-build-libs.x86_64 0:4.11.3-43.el7 will be an update
---> Package rpm-libs.x86_64 0:4.11.3-25.el7 will be updated
---> Package rpm-libs.x86_64 0:4.11.3-43.el7 will be an update
---> Package rpm-python.x86_64 0:4.11.3-25.el7 will be updated
---> Package rpm-python.x86_64 0:4.11.3-43.el7 will be an update
---> Package rsync.x86_64 0:3.0.9-18.el7 will be updated
---> Package rsync.x86_64 0:3.1.2-10.el7 will be an update
---> Package rsyslog.x86_64 0:8.24.0-12.el7 will be updated
---> Package rsyslog.x86_64 0:8.24.0-52.el7 will be an update
---> Package screen.x86_64 0:4.1.0-0.23.20120314git3c2946.el7_2 will be updated
---> Package screen.x86_64 0:4.1.0-0.25.20120314git3c2946.el7 will be an update
---> Package sed.x86_64 0:4.2.2-5.el7 will be updated
---> Package sed.x86_64 0:4.2.2-6.el7 will be an update
---> Package selinux-policy.noarch 0:3.13.1-166.el7_4.4 will be updated
---> Package selinux-policy.noarch 0:3.13.1-266.el7 will be an update
---> Package selinux-policy-targeted.noarch 0:3.13.1-166.el7_4.4 will be updated
---> Package selinux-policy-targeted.noarch 0:3.13.1-266.el7 will be an update
---> Package setools-libs.x86_64 0:3.3.8-1.1.el7 will be updated
---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be an update
---> Package setup.noarch 0:2.8.71-7.el7 will be updated
---> Package setup.noarch 0:2.8.71-11.el7 will be an update
---> Package shadow-utils.x86_64 2:4.1.5.1-24.el7 will be updated
---> Package shadow-utils.x86_64 2:4.6-5.el7 will be an update
---> Package shared-mime-info.x86_64 0:1.8-3.el7 will be updated
---> Package shared-mime-info.x86_64 0:1.8-5.el7 will be an update
---> Package sqlite.x86_64 0:3.7.17-8.el7 will be updated
---> Package sqlite.x86_64 0:3.7.17-8.el7_7.1 will be an update
---> Package subversion.x86_64 0:1.7.14-11.el7_4 will be updated
---> Package subversion.x86_64 0:1.7.14-14.el7 will be an update
---> Package subversion-libs.x86_64 0:1.7.14-11.el7_4 will be updated
---> Package subversion-libs.x86_64 0:1.7.14-14.el7 will be an update
---> Package sudo.x86_64 0:1.8.23-4.el7 will be updated
---> Package sudo.x86_64 0:1.8.23-9.el7 will be an update
---> Package sysstat.x86_64 0:10.1.5-12.el7 will be updated
---> Package sysstat.x86_64 0:10.1.5-19.el7 will be an update
---> Package systemd.x86_64 0:219-42.el7_4.1 will be updated
---> Package systemd.x86_64 0:219-73.el7_8.5 will be an update
---> Package systemd-libs.x86_64 0:219-42.el7_4.1 will be updated
---> Package systemd-libs.x86_64 0:219-73.el7_8.5 will be an update
---> Package systemd-sysv.x86_64 0:219-42.el7_4.1 will be updated
---> Package systemd-sysv.x86_64 0:219-73.el7_8.5 will be an update
---> Package tar.x86_64 2:1.26-32.el7 will be updated
---> Package tar.x86_64 2:1.26-35.el7 will be an update
---> Package tcpdump.x86_64 14:4.9.0-5.el7 will be updated
---> Package tcpdump.x86_64 14:4.9.2-4.el7_7.1 will be an update
---> Package telnet.x86_64 1:0.17-64.el7 will be updated
---> Package telnet.x86_64 1:0.17-65.el7_8 will be an update
---> Package tuned.noarch 0:2.9.0-1.el7 will be updated
---> Package tuned.noarch 0:2.11.0-8.el7 will be an update
---> Package tzdata.noarch 0:2017b-1.el7 will be updated
---> Package tzdata.noarch 0:2019c-1.el7 will be an update
---> Package tzdata-java.noarch 0:2017b-1.el7 will be updated
---> Package tzdata-java.noarch 0:2019c-1.el7 will be an update
---> Package unzip.x86_64 0:6.0-16.el7 will be updated
---> Package unzip.x86_64 0:6.0-21.el7 will be an update
---> Package util-linux.x86_64 0:2.23.2-43.el7 will be updated
---> Package util-linux.x86_64 0:2.23.2-63.el7 will be an update
--> Processing Dependency: libsmartcols = 2.23.2-63.el7 for package: util-linux-2.23.2-63.el7.x86_64
--> Processing Dependency: libsmartcols.so.1(SMARTCOLS_2.25)(64bit) for package: util-linux-2.23.2-63.el7.x86_64
--> Processing Dependency: libsmartcols.so.1()(64bit) for package: util-linux-2.23.2-63.el7.x86_64
---> Package vim-common.x86_64 2:7.4.160-2.el7 will be updated
---> Package vim-common.x86_64 2:7.4.629-6.el7 will be an update
---> Package vim-enhanced.x86_64 2:7.4.160-2.el7 will be updated
---> Package vim-enhanced.x86_64 2:7.4.629-6.el7 will be an update
---> Package vim-filesystem.x86_64 2:7.4.160-2.el7 will be updated
---> Package vim-filesystem.x86_64 2:7.4.629-6.el7 will be an update
---> Package vim-minimal.x86_64 2:7.4.160-2.el7 will be updated
---> Package vim-minimal.x86_64 2:7.4.629-6.el7 will be an update
---> Package virt-what.x86_64 0:1.13-10.el7 will be updated
---> Package virt-what.x86_64 0:1.18-4.el7 will be an update
---> Package webmin.noarch 0:1.850-1 will be updated
---> Package webmin.noarch 0:1.941-1 will be an update
---> Package wget.x86_64 0:1.14-15.el7 will be updated
---> Package wget.x86_64 0:1.14-18.el7_6.1 will be an update
---> Package xfsprogs.x86_64 0:4.5.0-12.el7 will be updated
---> Package xfsprogs.x86_64 0:4.5.0-20.el7 will be an update
---> Package xorg-x11-font-utils.x86_64 1:7.5-20.el7 will be updated
---> Package xorg-x11-font-utils.x86_64 1:7.5-21.el7 will be an update
---> Package yum.noarch 0:3.4.3-158.el7.centos will be updated
---> Package yum.noarch 0:3.4.3-167.el7.centos will be an update
---> Package yum-cron.noarch 0:3.4.3-154.el7.centos will be updated
---> Package yum-cron.noarch 0:3.4.3-167.el7.centos will be an update
---> Package yum-plugin-fastestmirror.noarch 0:1.1.31-42.el7 will be updated
---> Package yum-plugin-fastestmirror.noarch 0:1.1.31-53.el7 will be an update
---> Package zlib.x86_64 0:1.2.7-17.el7 will be updated
---> Package zlib.x86_64 0:1.2.7-18.el7 will be an update
--> Running transaction check
---> Package bind-export-libs.x86_64 32:9.11.4-16.P2.el7_8.2 will be installed
---> Package cups-libs.x86_64 1:1.6.3-43.el7 will be installed
--> Processing Dependency: libavahi-common.so.3()(64bit) for package: 1:cups-libs-1.6.3-43.el7.x86_64
--> Processing Dependency: libavahi-client.so.3()(64bit) for package: 1:cups-libs-1.6.3-43.el7.x86_64
---> Package dejavu-sans-fonts.noarch 0:2.33-6.el7 will be installed
---> Package geoipupdate.x86_64 0:2.5.0-1.el7 will be installed
---> Package gtk2.x86_64 0:2.24.31-1.el7 will be installed
--> Processing Dependency: libXrandr >= 1.2.99.4-2 for package: gtk2-2.24.31-1.el7.x86_64
--> Processing Dependency: atk >= 1.29.4-2 for package: gtk2-2.24.31-1.el7.x86_64
--> Processing Dependency: hicolor-icon-theme for package: gtk2-2.24.31-1.el7.x86_64
--> Processing Dependency: gtk-update-icon-cache for package: gtk2-2.24.31-1.el7.x86_64
--> Processing Dependency: libatk-1.0.so.0()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
--> Processing Dependency: libXrandr.so.2()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
--> Processing Dependency: libXinerama.so.1()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
--> Processing Dependency: libXcursor.so.1()(64bit) for package: gtk2-2.24.31-1.el7.x86_64
---> Package libsmartcols.x86_64 0:2.23.2-63.el7 will be installed
---> Package linux-firmware.noarch 0:20170606-56.gitc990aae.el7 will be updated
---> Package linux-firmware.noarch 0:20191203-76.gite8a0f4c.el7 will be an update
---> Package lvm2-libs.x86_64 7:2.02.171-8.el7 will be updated
--> Processing Dependency: lvm2-libs = 7:2.02.171-8.el7 for package: 7:lvm2-2.02.171-8.el7.x86_64
---> Package lvm2-libs.x86_64 7:2.02.186-7.el7_8.1 will be an update
---> Package mod_ssl.x86_64 1:2.4.6-67.el7.centos.2 will be updated
---> Package mod_ssl.x86_64 1:2.4.6-93.el7.centos will be an update
---> Package nss-pem.x86_64 0:1.0.3-4.el7 will be updated
---> Package nss-pem.x86_64 0:1.0.3-7.el7 will be an update
---> Package pcsc-lite-libs.x86_64 0:1.8.8-8.el7 will be installed
---> Package perl-Git.noarch 0:1.8.3.1-12.el7_4 will be updated
---> Package perl-Git.noarch 0:1.8.3.1-21.el7_7 will be an update
---> Package php56w-common.x86_64 0:5.6.33-1.w7 will be updated
--> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-enchant-5.6.33-1.w7.x86_64
--> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-5.6.33-1.w7.x86_64
--> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-cli-5.6.33-1.w7.x86_64
--> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-intl-5.6.33-1.w7.x86_64
--> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-ldap-5.6.33-1.w7.x86_64
--> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-gd-5.6.33-1.w7.x86_64
--> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-imap-5.6.33-1.w7.x86_64
---> Package php56w-common.x86_64 0:5.6.40-1.w7 will be an update
---> Package python-rpm-macros.noarch 0:3-32.el7 will be installed
---> Package python-srpm-macros.noarch 0:3-32.el7 will be installed
---> Package python2-distro.noarch 0:1.2.0-3.el7 will be installed
---> Package python2-rpm-macros.noarch 0:3-32.el7 will be installed
--> Running transaction check
---> Package atk.x86_64 0:2.28.1-2.el7 will be installed
---> Package avahi-libs.x86_64 0:0.6.31-20.el7 will be installed
---> Package gtk-update-icon-cache.x86_64 0:3.22.30-5.el7 will be installed
---> Package hicolor-icon-theme.noarch 0:0.12-7.el7 will be installed
---> Package libXcursor.x86_64 0:1.1.15-1.el7 will be installed
---> Package libXinerama.x86_64 0:1.1.3-2.1.el7 will be installed
---> Package libXrandr.x86_64 0:1.5.1-2.el7 will be installed
---> Package lvm2.x86_64 7:2.02.171-8.el7 will be updated
---> Package lvm2.x86_64 7:2.02.186-7.el7_8.1 will be an update
---> Package php56w.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-cli.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-cli.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-enchant.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-enchant.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-gd.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-gd.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-imap.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-imap.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-intl.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-intl.x86_64 0:5.6.40-1.w7 will be an update
---> Package php56w-ldap.x86_64 0:5.6.33-1.w7 will be updated
---> Package php56w-ldap.x86_64 0:5.6.40-1.w7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch   Version                         Repository
																		   Size
================================================================================
Installing:
 grub2                    x86_64 1:2.02-0.81.el7.centos          base      31 k
	 replacing  grub2.x86_64 1:2.02-0.64.el7.centos
 grub2-tools              x86_64 1:2.02-0.81.el7.centos          base     1.8 M
	 replacing  grub2-tools.x86_64 1:2.02-0.64.el7.centos
	 replacing  grub2-tools-efi.x86_64 1:2.02-0.64.el7.centos
 grub2-tools-extra        x86_64 1:2.02-0.81.el7.centos          base     996 k
	 replacing  grub2-tools.x86_64 1:2.02-0.64.el7.centos
 grub2-tools-minimal      x86_64 1:2.02-0.81.el7.centos          base     173 k
	 replacing  grub2-tools.x86_64 1:2.02-0.64.el7.centos
 kernel                   x86_64 3.10.0-1127.el7                 base      50 M
 kernel-devel             x86_64 3.10.0-1127.el7                 base      18 M
 python-requests          noarch 2.6.0-9.el7_8                   updates   94 k
	 replacing  python2-requests.noarch 2.6.0-0.el7
Updating:
 GeoIP                    x86_64 1.5.0-14.el7                    base     1.5 M
 acl                      x86_64 2.2.51-15.el7                   base      81 k
 acpid                    x86_64 2.0.19-9.el7                    base      69 k
 alsa-lib                 x86_64 1.1.8-1.el7                     base     425 k
 apr                      x86_64 1.4.8-5.el7                     base     103 k
 audit                    x86_64 2.8.5-4.el7                     base     256 k
 audit-libs               x86_64 2.8.5-4.el7                     base     102 k
 audit-libs-python        x86_64 2.8.5-4.el7                     base      76 k
 augeas-libs              x86_64 1.4.0-9.el7_7.1                 updates  357 k
 awstats                  noarch 7.7-1.el7                       epel     2.3 M
 bash                     x86_64 4.2.46-34.el7                   base     1.0 M
 bind-libs                x86_64 32:9.11.4-16.P2.el7_8.2         updates  155 k
 bind-libs-lite           x86_64 32:9.11.4-16.P2.el7_8.2         updates  1.1 M
 bind-license             noarch 32:9.11.4-16.P2.el7_8.2         updates   89 k
 bind-utils               x86_64 32:9.11.4-16.P2.el7_8.2         updates  259 k
 binutils                 x86_64 2.27-43.base.el7                base     5.9 M
 biosdevname              x86_64 0.7.3-2.el7                     base      38 k
 ca-certificates          noarch 2019.2.32-76.el7_7              base     399 k
 cairo                    x86_64 1.15.12-4.el7                   base     741 k
 centos-release           x86_64 7-8.2003.0.el7.centos           base      26 k
 certbot                  noarch 1.3.0-1.el7                     epel      42 k
 checkpolicy              x86_64 2.5-8.el7                       base     295 k
 chrony                   x86_64 3.4-1.el7                       base     251 k
 copy-jdk-configs         noarch 3.3-10.el7_5                    base      21 k
 coreutils                x86_64 8.22-24.el7                     base     3.3 M
 cpio                     x86_64 2.11-27.el7                     base     211 k
 cpp                      x86_64 4.8.5-39.el7                    base     5.9 M
 cronie                   x86_64 1.4.11-23.el7                   base      92 k
 cronie-anacron           x86_64 1.4.11-23.el7                   base      36 k
 cryptsetup-libs          x86_64 2.0.3-6.el7                     base     339 k
 curl                     x86_64 7.29.0-57.el7                   base     270 k
 cyrus-sasl-lib           x86_64 2.1.26-23.el7                   base     155 k
 dbus                     x86_64 1:1.10.24-13.el7_6              base     245 k
 dbus-libs                x86_64 1:1.10.24-13.el7_6              base     169 k
 device-mapper            x86_64 7:1.02.164-7.el7_8.1            updates  295 k
 device-mapper-event      x86_64 7:1.02.164-7.el7_8.1            updates  191 k
 device-mapper-event-libs x86_64 7:1.02.164-7.el7_8.1            updates  190 k
 device-mapper-libs       x86_64 7:1.02.164-7.el7_8.1            updates  324 k
 device-mapper-persistent-data
						  x86_64 0.8.5-2.el7                     base     422 k
 dhclient                 x86_64 12:4.2.5-79.el7.centos          base     286 k
 dhcp-common              x86_64 12:4.2.5-79.el7.centos          base     176 k
 dhcp-libs                x86_64 12:4.2.5-79.el7.centos          base     133 k
 dialog                   x86_64 1.2-5.20130523.el7              base     208 k
 diffutils                x86_64 3.3-5.el7                       base     322 k
 dmidecode                x86_64 1:3.2-3.el7                     base      81 k
 dracut                   x86_64 033-568.el7                     base     329 k
 dracut-network           x86_64 033-568.el7                     base     103 k
 e2fsprogs                x86_64 1.42.9-17.el7                   base     699 k
 e2fsprogs-libs           x86_64 1.42.9-17.el7                   base     168 k
 ebtables                 x86_64 2.0.10-16.el7                   base     123 k
 elfutils-default-yama-scope
						  noarch 0.176-4.el7                     base      33 k
 elfutils-libelf          x86_64 0.176-4.el7                     base     195 k
 elfutils-libs            x86_64 0.176-4.el7                     base     291 k
 epel-release             noarch 7-12                            epel      15 k
 ethtool                  x86_64 2:4.8-10.el7                    base     127 k
 expat                    x86_64 2.1.0-11.el7                    base      81 k
 file                     x86_64 5.11-36.el7                     base      57 k
 file-libs                x86_64 5.11-36.el7                     base     340 k
 filesystem               x86_64 3.2-25.el7                      base     1.0 M
 findutils                x86_64 1:4.5.11-6.el7                  base     559 k
 firewalld-filesystem     noarch 0.6.3-8.el7_8.1                 updates   51 k
 fontconfig               x86_64 2.13.0-4.3.el7                  base     254 k
 freetype                 x86_64 2.8-14.el7                      base     380 k
 gcc                      x86_64 4.8.5-39.el7                    base      16 M
 gcc-c++                  x86_64 4.8.5-39.el7                    base     7.2 M
 gdisk                    x86_64 0.8.10-3.el7                    base     190 k
 gdk-pixbuf2              x86_64 2.36.12-3.el7                   base     570 k
 gettext                  x86_64 0.19.8.1-3.el7                  base     1.0 M
 gettext-libs             x86_64 0.19.8.1-3.el7                  base     502 k
 git                      x86_64 1.8.3.1-21.el7_7                base     4.4 M
 glib2                    x86_64 2.56.1-5.el7                    base     2.5 M
 glibc                    x86_64 2.17-307.el7.1                  base     3.6 M
 glibc-common             x86_64 2.17-307.el7.1                  base      11 M
 glibc-devel              x86_64 2.17-307.el7.1                  base     1.1 M
 glibc-headers            x86_64 2.17-307.el7.1                  base     689 k
 gnupg2                   x86_64 2.0.22-5.el7_5                  base     1.5 M
 gnutls                   x86_64 3.3.29-9.el7_6                  base     680 k
 gobject-introspection    x86_64 1.56.1-1.el7                    base     241 k
 gperftools-libs          x86_64 2.6.1-1.el7                     base     272 k
 gpm-libs                 x86_64 1.20.7-6.el7                    base      32 k
 grub2-common             noarch 1:2.02-0.81.el7.centos          base     729 k
 grub2-pc                 x86_64 1:2.02-0.81.el7.centos          base      31 k
 grub2-pc-modules         noarch 1:2.02-0.81.el7.centos          base     847 k
 grubby                   x86_64 8.28-26.el7                     base      71 k
 gzip                     x86_64 1.5-10.el7                      base     130 k
 harfbuzz                 x86_64 1.7.5-2.el7                     base     267 k
 hostname                 x86_64 3.13-3.el7_7.1                  base      17 k
 httpd                    x86_64 2.4.6-93.el7.centos             base     2.7 M
 httpd-tools              x86_64 2.4.6-93.el7.centos             base      92 k
 hwdata                   x86_64 0.252-9.5.el7                   base     2.4 M
 info                     x86_64 5.1-5.el7                       base     233 k
 initscripts              x86_64 9.49.49-1.el7                   base     440 k
 iproute                  x86_64 4.11.0-25.el7_7.2               base     803 k
 iprutils                 x86_64 2.4.17.1-3.el7_7                updates  243 k
 ipset                    x86_64 7.1-1.el7                       base      39 k
 ipset-libs               x86_64 7.1-1.el7                       base      64 k
 iptables                 x86_64 1.4.21-34.el7                   base     432 k
 iptables-services        x86_64 1.4.21-34.el7                   base      52 k
 irqbalance               x86_64 3:1.0.7-12.el7                  base      45 k
 jasper-libs              x86_64 1.900.1-33.el7                  base     150 k
 java-1.8.0-openjdk       x86_64 1:1.8.0.242.b08-1.el7           base     293 k
 java-1.8.0-openjdk-headless
						  x86_64 1:1.8.0.242.b08-1.el7           base      32 M
 kbd                      x86_64 1.15.5-15.el7                   base     348 k
 kbd-legacy               noarch 1.15.5-15.el7                   base     466 k
 kbd-misc                 noarch 1.15.5-15.el7                   base     1.4 M
 kernel-headers           x86_64 3.10.0-1127.el7                 base     8.9 M
 kernel-tools             x86_64 3.10.0-1127.el7                 base     8.0 M
 kernel-tools-libs        x86_64 3.10.0-1127.el7                 base     7.9 M
 kexec-tools              x86_64 2.0.15-43.el7                   base     349 k
 kmod                     x86_64 20-28.el7                       base     123 k
 kmod-libs                x86_64 20-28.el7                       base      51 k
 kpartx                   x86_64 0.4.9-131.el7                   base      80 k
 krb5-libs                x86_64 1.15.1-46.el7                   base     809 k
 libX11                   x86_64 1.6.7-2.el7                     base     607 k
 libX11-common            noarch 1.6.7-2.el7                     base     164 k
 libXfont                 x86_64 1.5.4-1.el7                     base     153 k
 libacl                   x86_64 2.2.51-15.el7                   base      27 k
 libattr                  x86_64 2.4.46-13.el7                   base      18 k
 libblkid                 x86_64 2.23.2-63.el7                   base     182 k
 libcap                   x86_64 2.22-11.el7                     base      47 k
 libcgroup                x86_64 0.41-21.el7                     base      66 k
 libcom_err               x86_64 1.42.9-17.el7                   base      42 k
 libcroco                 x86_64 0.6.12-4.el7                    base     105 k
 libcurl                  x86_64 7.29.0-57.el7                   base     223 k
 libdb                    x86_64 5.3.21-25.el7                   base     720 k
 libdb-utils              x86_64 5.3.21-25.el7                   base     132 k
 libdrm                   x86_64 2.4.97-2.el7                    base     151 k
 libfastjson              x86_64 0.99.4-3.el7                    base      27 k
 libffi                   x86_64 3.0.13-19.el7                   base      30 k
 libgcc                   x86_64 4.8.5-39.el7                    base     102 k
 libgomp                  x86_64 4.8.5-39.el7                    base     158 k
 libicu                   x86_64 50.2-4.el7_7                    updates  6.9 M
 libjpeg-turbo            x86_64 1.2.90-8.el7                    base     135 k
 libmount                 x86_64 2.23.2-63.el7                   base     184 k
 libpcap                  x86_64 14:1.5.3-12.el7                 base     139 k
 libpciaccess             x86_64 0.14-1.el7                      base      26 k
 libproxy                 x86_64 0.4.11-11.el7                   base      64 k
 libpwquality             x86_64 1.2.3-5.el7                     base      85 k
 libreport-filesystem     x86_64 2.1.11-53.el7.centos            base      41 k
 librsvg2                 x86_64 2.40.20-1.el7                   base     132 k
 librsync                 x86_64 2.0.2-1.el7                     epel      56 k
 libseccomp               x86_64 2.3.1-4.el7                     base      56 k
 libselinux               x86_64 2.5-15.el7                      base     162 k
 libselinux-python        x86_64 2.5-15.el7                      base     236 k
 libselinux-utils         x86_64 2.5-15.el7                      base     151 k
 libsemanage              x86_64 2.5-14.el7                      base     151 k
 libsemanage-python       x86_64 2.5-14.el7                      base     113 k
 libsepol                 x86_64 2.5-10.el7                      base     297 k
 libsodium                x86_64 1.0.18-1.el7                    epel     147 k
 libss                    x86_64 1.42.9-17.el7                   base      46 k
 libssh2                  x86_64 1.8.0-3.el7                     base      88 k
 libstdc++                x86_64 4.8.5-39.el7                    base     305 k
 libstdc++-devel          x86_64 4.8.5-39.el7                    base     1.5 M
 libtiff                  x86_64 4.0.3-32.el7                    base     171 k
 libuser                  x86_64 0.60-9.el7                      base     400 k
 libuuid                  x86_64 2.23.2-63.el7                   base      83 k
 php56w-mbstring          x86_64 5.6.40-1.w7                     webtatic 545 k
 php56w-mysql             x86_64 5.6.40-1.w7                     webtatic 125 k
 php56w-pdo               x86_64 5.6.40-1.w7                     webtatic 115 k
 php56w-process           x86_64 5.6.40-1.w7                     webtatic  46 k
 php56w-snmp              x86_64 5.6.40-1.w7                     webtatic  38 k
 php56w-xml               x86_64 5.6.40-1.w7                     webtatic 171 k
 plymouth                 x86_64 0.8.9-0.33.20140113.el7.centos  base     116 k
 plymouth-core-libs       x86_64 0.8.9-0.33.20140113.el7.centos  base     108 k
 plymouth-scripts         x86_64 0.8.9-0.33.20140113.el7.centos  base      39 k
 policycoreutils          x86_64 2.5-34.el7                      base     917 k
 policycoreutils-python   x86_64 2.5-34.el7                      base     457 k
 polkit                   x86_64 0.112-26.el7                    base     170 k
 postfix                  x86_64 2:2.10.1-9.el7                  base     2.4 M
 postgresql-libs          x86_64 9.2.24-2.el7_7                  updates  234 k
 procmail                 x86_64 3.22-36.el7_4.1                 base     171 k
 procps-ng                x86_64 3.3.10-27.el7                   base     291 k
 pyOpenSSL                x86_64 0.13.1-4.el7                    base     135 k
 python                   x86_64 2.7.5-88.el7                    base      96 k
 python-chardet           noarch 2.2.1-3.el7                     base     227 k
 python-devel             x86_64 2.7.5-88.el7                    base     398 k
 python-gobject-base      x86_64 3.22.0-1.el7_4.1                base     294 k
 python-libs              x86_64 2.7.5-88.el7                    base     5.6 M
 python-linux-procfs      noarch 0.4.11-4.el7                    base      33 k
 python-perf              x86_64 3.10.0-1127.el7                 base     8.0 M
 python-slip              noarch 0.4.0-4.el7                     base      31 k
 python-urlgrabber        noarch 3.10-10.el7                     base     108 k
 python-urllib3           noarch 1.10.2-7.el7                    base     103 k
 python-virtualenv        noarch 15.1.0-4.el7_7                  updates  1.7 M
 python-zope-component    noarch 1:4.1.0-5.el7                   epel     228 k
 python2-acme             noarch 1.3.0-1.el7                     epel      75 k
 python2-cached_property  noarch 1.5.1-2.el7                     epel      18 k
 python2-certbot          noarch 1.3.0-1.el7                     epel     365 k
 python2-docopt           noarch 0.6.2-8.el7                     epel      28 k
 python2-future           noarch 0.18.2-2.el7                    epel     806 k
 python2-iso8601          noarch 0.1.11-8.el7                    epel      20 k
 python2-josepy           noarch 1.3.0-2.el7                     epel      89 k
 python2-jsonschema       noarch 2.5.1-4.el7                     epel      75 k
 python2-keyring          noarch 5.0-4.el7                       epel     116 k
 python2-mock             noarch 1.0.1-10.el7                    epel      92 k
 python2-parsedatetime    noarch 2.4-6.el7                       epel      78 k
 python2-psutil           x86_64 5.6.7-1.el7                     epel     399 k
 python2-texttable        noarch 1.6.2-1.el7                     epel      22 k
 readline                 x86_64 6.2-11.el7                      base     193 k
 redhat-rpm-config        noarch 9.1.0-88.el7.centos             base      81 k
 rpm                      x86_64 4.11.3-43.el7                   base     1.2 M
 rpm-build-libs           x86_64 4.11.3-43.el7                   base     107 k
 rpm-libs                 x86_64 4.11.3-43.el7                   base     278 k
 rpm-python               x86_64 4.11.3-43.el7                   base      84 k
 rsync                    x86_64 3.1.2-10.el7                    base     404 k
 rsyslog                  x86_64 8.24.0-52.el7                   base     620 k
 screen                   x86_64 4.1.0-0.25.20120314git3c2946.el7
																 base     552 k
 sed                      x86_64 4.2.2-6.el7                     base     231 k
 selinux-policy           noarch 3.13.1-266.el7                  base     497 k
 selinux-policy-targeted  noarch 3.13.1-266.el7                  base     7.0 M
 setools-libs             x86_64 3.3.8-4.el7                     base     620 k
 setup                    noarch 2.8.71-11.el7                   base     166 k
 shadow-utils             x86_64 2:4.6-5.el7                     base     1.2 M
 shared-mime-info         x86_64 1.8-5.el7                       base     312 k
 sqlite                   x86_64 3.7.17-8.el7_7.1                base     394 k
 subversion               x86_64 1.7.14-14.el7                   base     1.0 M
 subversion-libs          x86_64 1.7.14-14.el7                   base     922 k
 sudo                     x86_64 1.8.23-9.el7                    base     842 k
 sysstat                  x86_64 10.1.5-19.el7                   base     315 k
 systemd                  x86_64 219-73.el7_8.5                  updates  5.1 M
 systemd-libs             x86_64 219-73.el7_8.5                  updates  416 k
 systemd-sysv             x86_64 219-73.el7_8.5                  updates   93 k
 tar                      x86_64 2:1.26-35.el7                   base     846 k
 tcpdump                  x86_64 14:4.9.2-4.el7_7.1              base     422 k
 telnet                   x86_64 1:0.17-65.el7_8                 updates   64 k
 tuned                    noarch 2.11.0-8.el7                    base     268 k
 tzdata                   noarch 2019c-1.el7                     base     493 k
 tzdata-java              noarch 2019c-1.el7                     base     187 k
 unzip                    x86_64 6.0-21.el7                      base     171 k
 util-linux               x86_64 2.23.2-63.el7                   base     2.0 M
 vim-common               x86_64 2:7.4.629-6.el7                 base     5.9 M
 vim-enhanced             x86_64 2:7.4.629-6.el7                 base     1.1 M
 vim-filesystem           x86_64 2:7.4.629-6.el7                 base      11 k
 vim-minimal              x86_64 2:7.4.629-6.el7                 base     443 k
 virt-what                x86_64 1.18-4.el7                      base      29 k
 webmin                   noarch 1.941-1                         Webmin    22 M
 wget                     x86_64 1.14-18.el7_6.1                 base     547 k
 xfsprogs                 x86_64 4.5.0-20.el7                    base     896 k
 xorg-x11-font-utils      x86_64 1:7.5-21.el7                    base     104 k
 yum                      noarch 3.4.3-167.el7.centos            base     1.2 M
 yum-cron                 noarch 3.4.3-167.el7.centos            base      65 k
 yum-plugin-fastestmirror noarch 1.1.31-53.el7                   base      34 k
 zlib                     x86_64 1.2.7-18.el7                    base      90 k
Installing for dependencies:
 atk                      x86_64 2.28.1-2.el7                    base     263 k
 avahi-libs               x86_64 0.6.31-20.el7                   base      62 k
 bind-export-libs         x86_64 32:9.11.4-16.P2.el7_8.2         updates  1.1 M
 cups-libs                x86_64 1:1.6.3-43.el7                  base     358 k
 dejavu-sans-fonts        noarch 2.33-6.el7                      base     1.4 M
 geoipupdate              x86_64 2.5.0-1.el7                     base      35 k
 gtk-update-icon-cache    x86_64 3.22.30-5.el7                   base      27 k
 gtk2                     x86_64 2.24.31-1.el7                   base     3.4 M
 hicolor-icon-theme       noarch 0.12-7.el7                      base      42 k
 libXcursor               x86_64 1.1.15-1.el7                    base      30 k
 libXinerama              x86_64 1.1.3-2.1.el7                   base      14 k
 libXrandr                x86_64 1.5.1-2.el7                     base      27 k
 libsmartcols             x86_64 2.23.2-63.el7                   base     142 k
 pcsc-lite-libs           x86_64 1.8.8-8.el7                     base      34 k
 python-rpm-macros        noarch 3-32.el7                        base     8.8 k
 python-srpm-macros       noarch 3-32.el7                        base     8.4 k
 python2-distro           noarch 1.2.0-3.el7                     epel      29 k
 python2-rpm-macros       noarch 3-32.el7                        base     7.7 k
Updating for dependencies:
 linux-firmware           noarch 20191203-76.gite8a0f4c.el7      base      81 M
 lvm2                     x86_64 7:2.02.186-7.el7_8.1            updates  1.3 M
 lvm2-libs                x86_64 7:2.02.186-7.el7_8.1            updates  1.1 M
 mod_ssl                  x86_64 1:2.4.6-93.el7.centos           base     113 k
 nss-pem                  x86_64 1.0.3-7.el7                     base      74 k
 perl-Git                 noarch 1.8.3.1-21.el7_7                base      55 k
 php56w                   x86_64 5.6.40-1.w7                     webtatic 2.9 M
 php56w-cli               x86_64 5.6.40-1.w7                     webtatic 2.9 M
 php56w-common            x86_64 5.6.40-1.w7                     webtatic 1.3 M
 php56w-enchant           x86_64 5.6.40-1.w7                     webtatic  21 k
 php56w-gd                x86_64 5.6.40-1.w7                     webtatic 158 k
 php56w-imap              x86_64 5.6.40-1.w7                     webtatic  60 k
 php56w-intl              x86_64 5.6.40-1.w7                     webtatic 200 k
 php56w-ldap              x86_64 5.6.40-1.w7                     webtatic  43 k

Transaction Summary
================================================================================
Install    7 Packages (+18 Dependent packages)
Upgrade  243 Packages (+14 Dependent packages)

Total download size: 424 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.

--------------------

Total                                               11 MB/s | 424 MB  00:39     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : libgcc-4.8.5-39.el7.x86_64                                 1/546 
  Updating   : centos-release-7-8.2003.0.el7.centos.x86_64                2/546 
  Updating   : 1:grub2-common-2.02-0.81.el7.centos.noarch                 3/546 
  Updating   : setup-2.8.71-11.el7.noarch                                 4/546 
warning: /etc/group created as /etc/group.rpmnew
warning: /etc/shadow created as /etc/shadow.rpmnew
  Updating   : filesystem-3.2-25.el7.x86_64                               5/546 
  Updating   : 32:bind-license-9.11.4-16.P2.el7_8.2.noarch                6/546 
  Installing : python-srpm-macros-3-32.el7.noarch                         7/546 
  Installing : python-rpm-macros-3-32.el7.noarch                          8/546 
  Updating   : 1:grub2-pc-modules-2.02-0.81.el7.centos.noarch             9/546 
  Updating   : kbd-legacy-1.15.5-15.el7.noarch                           10/546 
  Updating   : kernel-headers-3.10.0-1127.el7.x86_64                     11/546 
  Updating   : kbd-misc-1.15.5-15.el7.noarch                             12/546 
  Updating   : libX11-common-1.6.7-2.el7.noarch                          13/546 
[root@osestaging1 ~]# 
[root@osestaging1 ~]# # log the post-state packages and versions
[root@osestaging1 ~]# time nice rpm -qa &> "${tmpDir}/after.log"

real	0m1.626s
user	0m1.362s
sys	0m0.224s
[root@osestaging1 ~]# cat $tmpDir/after.log 
perl-Carp-1.26-244.el7.noarch
rsync-3.1.2-10.el7.x86_64
perl-Filter-1.49-3.el7.x86_64
perl-Switch-2.16-7.el7.noarch
cups-libs-1.6.3-43.el7.x86_64
perl-Business-ISBN-Data-20120719.001-2.el7.noarch
libpcap-1.5.3-12.el7.x86_64
gmp-6.0.0-15.el7.x86_64
perl-HTTP-Cookies-6.01-5.el7.noarch
kernel-tools-3.10.0-1127.el7.x86_64
pkcs11-helper-1.11-3.el7.x86_64
php56w-5.6.40-1.w7.x86_64
nginx-filesystem-1.16.1-1.el7.noarch
kernel-3.10.0-1127.el7.x86_64
mesa-libglapi-17.0.1-6.20170307.el7.x86_64
bind-utils-9.11.4-16.P2.el7_8.2.x86_64
perl-Clipboard-0.21-1.el7.1.noarch
php56w-imap-5.6.40-1.w7.x86_64
e2fsprogs-1.42.9-17.el7.x86_64
ntpdate-4.2.6p5-25.el7.centos.2.x86_64
keyutils-libs-1.5.8-3.el7.x86_64
libxml2-2.9.1-6.el7.4.x86_64
perl-IO-Compress-2.061-2.el7.noarch
python2-cached_property-1.5.1-2.el7.noarch
fipscheck-1.4.1-6.el7.x86_64
bind-license-9.11.4-16.P2.el7_8.2.noarch
nmap-6.40-7.el7.x86_64
php-symfony-config-2.8.12-2.el7.noarch
xorg-x11-font-utils-7.5-21.el7.x86_64
tzdata-java-2019c-1.el7.noarch
php-symfony-var-dumper-2.8.12-2.el7.noarch
augeas-libs-1.4.0-9.el7_7.1.x86_64
libselinux-2.5-15.el7.x86_64
php-password-compat-1.0.4-1.el7.noarch
firewalld-filesystem-0.6.3-8.el7_8.1.noarch
freetype-2.8-14.el7.x86_64
nano-2.3.1-10.el7.x86_64
python-repoze-lru-0.4-3.el7.noarch
passwd-0.79-4.el7.x86_64
coreutils-8.22-24.el7.x86_64
net-snmp-5.7.2-28.el7_4.1.x86_64
file-libs-5.11-36.el7.x86_64
python-2.7.5-88.el7.x86_64
ca-certificates-2019.2.32-76.el7_7.noarch
rrdtool-perl-1.4.8-9.el7.x86_64
iproute-4.11.0-25.el7_7.2.x86_64
bacula-director-5.2.13-23.1.el7.x86_64
perl-Sys-Syslog-0.33-3.el7.x86_64
hunspell-1.3.2-15.el7.x86_64
pyliblzma-0.5.3-11.el7.x86_64
iputils-20160308-10.el7.x86_64
python-gobject-base-3.22.0-1.el7_4.1.x86_64
perl-Email-Date-Format-1.002-15.el7.noarch
libsemanage-python-2.5-14.el7.x86_64
perl-Package-Stash-XS-0.26-3.el7.x86_64
httpd-tools-2.4.6-93.el7.centos.x86_64
perl-Mail-Sender-0.8.23-1.el7.noarch
perl-Crypt-Rijndael-1.12-1.el7.x86_64
alsa-lib-1.1.8-1.el7.x86_64
perl-Log-Dispatch-FileRotate-1.19-13.el7.noarch
device-mapper-persistent-data-0.8.5-2.el7.x86_64
varnish-libs-devel-4.0.5-1.el7.x86_64
perl-Error-0.17020-2.el7.noarch
groff-base-1.22.2-8.el7.x86_64
kmod-libs-20-28.el7.x86_64
nettle-2.7.1-8.el7.x86_64
snappy-1.1.0-3.el7.x86_64
glibc-devel-2.17-307.el7.1.x86_64
xz-libs-5.2.2-1.el7.x86_64
kernel-3.10.0-693.2.2.el7.x86_64
nss-pem-1.0.3-7.el7.x86_64
libyaml-0.1.4-11.el7_0.x86_64
geoipupdate-2.5.0-1.el7.x86_64
python-backports-1.0-8.el7.x86_64
yum-3.4.3-167.el7.centos.noarch
xz-5.2.2-1.el7.x86_64
python-requests-toolbelt-0.8.0-1.el7.noarch
haveged-1.9.1-1.el7.x86_64
dracut-033-568.el7.x86_64
python-ply-3.4-11.el7.noarch
initscripts-9.49.49-1.el7.x86_64
btrfs-progs-4.9.1-1.el7.x86_64
httpd-2.4.6-93.el7.centos.x86_64
perl-constant-1.27-2.el7.noarch
php56w-pear-1.10.4-1.w7.noarch
perl-Time-HiRes-1.9725-3.el7.x86_64
perl-LWP-MediaTypes-6.02-2.el7.noarch
perl-File-Path-2.09-2.el7.noarch
htop-2.2.0-3.el7.x86_64
which-2.20-7.el7.x86_64
perl-Net-IP-1.26-4.el7.noarch
perl-Pod-Simple-3.28-4.el7.noarch
perl-File-Listing-6.04-7.el7.noarch
perl-Net-DNS-0.72-6.el7.x86_64
libestr-0.1.9-2.el7.x86_64
perl-WWW-RobotRules-6.02-5.el7.noarch
libgcrypt-1.5.3-14.el7.x86_64
cracklib-dicts-2.9.0-11.el7.x86_64
perl-HTML-Parser-3.71-4.el7.x86_64
perl-Encode-Detect-1.01-13.el7.x86_64
libXrender-0.9.10-1.el7.x86_64
python-configobj-4.7.2-7.el7.noarch
perl-IO-Socket-IP-0.21-4.el7.noarch
centos-indexhtml-7-9.el7.centos.noarch
libev-4.15-7.el7.x86_64
make-3.82-23.el7.x86_64
nginx-mod-stream-1.16.1-1.el7.x86_64
nginx-all-modules-1.16.1-1.el7.noarch
perl-libs-5.16.3-292.el7.x86_64
apr-util-1.5.2-6.el7.x86_64
mutt-1.5.21-28.el7_5.x86_64
php-getid3-1.9.19-1.el7.noarch
openssl-libs-1.0.2k-8.el7.x86_64
libXau-1.0.8-2.1.el7.x86_64
links-2.20.2-1.el7.x86_64
mariadb-libs-5.5.56-2.el7.x86_64
bzip2-libs-1.0.6-13.el7.x86_64
os-prober-1.58-9.el7.x86_64
ncdu-1.14.2-2.el7.x86_64
python-kitchen-1.1.1-5.el7.noarch
perl-Net-Daemon-0.48-5.el7.noarch
libgcc-4.8.5-39.el7.x86_64
php-PsrLog-1.0.2-2.el7.noarch
filesystem-3.2-25.el7.x86_64
libpipeline-1.2.3-3.el7.x86_64
php-symfony-filesystem-2.8.12-2.el7.noarch
grub2-pc-modules-2.02-0.81.el7.centos.noarch
cracklib-2.9.0-11.el7.x86_64
libX11-common-1.6.7-2.el7.noarch
yum-metadata-parser-1.1.4-10.el7.x86_64
php-symfony-browser-kit-2.8.12-2.el7.noarch
tzdata-2019c-1.el7.noarch
php-seld-cli-prompt-1.0.3-1.el7.noarch
libsepol-2.5-10.el7.x86_64
crontabs-1.11-6.20121102git.el7.noarch
php-IDNA_Convert-0.8.0-2.el7.noarch
audit-libs-2.8.5-4.el7.x86_64
php-symfony-event-dispatcher-2.8.12-2.el7.noarch
libuuid-2.23.2-63.el7.x86_64
libX11-1.6.7-2.el7.x86_64
libacl-2.2.51-15.el7.x86_64
rootfiles-8.1-11.el7.noarch
net-snmp-agent-libs-5.7.2-28.el7_4.1.x86_64
libjpeg-turbo-1.2.90-8.el7.x86_64
graphite2-1.3.10-1.el7_3.x86_64
ntp-4.2.6p5-25.el7.centos.2.x86_64
findutils-4.5.11-6.el7.x86_64
webtatic-release-7-3.noarch
libsemanage-2.5-14.el7.x86_64
dejavu-fonts-common-2.33-6.el7.noarch
python-libs-2.7.5-88.el7.x86_64
glib2-2.56.1-5.el7.x86_64
gdbm-1.10-8.el7.x86_64
perl-Try-Tiny-0.12-2.el7.noarch
libgomp-4.8.5-39.el7.x86_64
perl-Sub-Install-0.926-6.el7.noarch
perl-Sys-CPU-0.54-4.el7.x86_64
python2-josepy-1.3.0-2.el7.noarch
openssh-7.4p1-12.el7_4.x86_64
perl-Params-Validate-1.08-4.el7.x86_64
perl-Date-Manip-6.41-2.el7.noarch
iptables-1.4.21-34.el7.x86_64
munin-common-2.0.33-1.el7.noarch
bacula-storage-5.2.13-23.1.el7.x86_64
libutempter-1.1.6-4.el7.x86_64
perl-XML-LibXML-2.0018-5.el7.x86_64
whois-5.1.1-2.el7.x86_64
perl-DateTime-Locale-0.45-6.el7.noarch
perl-IO-Multiplex-1.13-6.el7.noarch
perl-Net-CIDR-0.18-1.el7.noarch
perl-MIME-Types-1.38-2.el7.noarch
perl-File-Copy-Recursive-0.38-14.el7.noarch
perl-Class-Singleton-1.4-14.el7.noarch
perl-Digest-MD5-2.52-3.el7.x86_64
perl-Log-Dispatch-2.41-1.el7.1.noarch
xclip-0.12-5.el7.x86_64
popt-1.13-16.el7.x86_64
perl-Log-Log4perl-1.42-2.el7.noarch
perl-Term-ReadLine-Gnu-1.26-2.el7.x86_64
kpcli-2.7-3.el7.noarch
pakchois-0.4-10.el7.x86_64
php-pear-Mail-Mime-1.10.2-1.el7.noarch
libmodman-2.0.1-8.el7.x86_64
mariadb-server-5.5.56-2.el7.x86_64
python2-uritemplate-3.0.0-1.el7.noarch
python2-gflags-2.0-5.el7.noarch
perl-Socket-2.010-4.el7.x86_64
openssh-server-7.4p1-12.el7_4.x86_64
pexpect-2.3-11.el7.noarch
nspr-4.19.0-1.el7_5.x86_64
python-ipaddress-1.0.16-2.el7.noarch
mdadm-4.0-5.el7.x86_64
trickle-1.07-19.el7.x86_64
nss-sysinit-3.36.0-5.el7_5.x86_64
python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch
python-ndg_httpsclient-0.3.2-1.el7.noarch
python-pycparser-2.14-1.el7.noarch
python-javapackages-3.4.1-11.el7.noarch
python2-pyrfc3339-1.0-2.el7.noarch
mailx-12.5-16.el7.x86_64
python-httplib2-0.9.2-1.el7.noarch
perl-Digest-SHA-5.85-4.el7.x86_64
perl-Pod-Perldoc-3.20-4.el7.noarch
perl-Pod-Usage-1.63-3.el7.noarch
perl-Exporter-5.68-3.el7.noarch
lvm2-libs-2.02.186-7.el7_8.1.x86_64
perl-Git-1.8.3.1-21.el7_7.noarch
libpciaccess-0.14-1.el7.x86_64
gtk2-2.24.31-1.el7.x86_64
dmidecode-3.2-3.el7.x86_64
kernel-tools-libs-3.10.0-1127.el7.x86_64
policycoreutils-python-2.5-34.el7.x86_64
tcpdump-4.9.2-4.el7_7.1.x86_64
lvm2-2.02.186-7.el7_8.1.x86_64
mod_ssl-2.4.6-93.el7.centos.x86_64
subversion-1.7.14-14.el7.x86_64
iptables-services-1.4.21-34.el7.x86_64
acpid-2.0.19-9.el7.x86_64
redhat-rpm-config-9.1.0-88.el7.centos.noarch
php56w-gd-5.6.40-1.w7.x86_64
php56w-xml-5.6.40-1.w7.x86_64
vim-enhanced-7.4.629-6.el7.x86_64
sudo-1.8.23-9.el7.x86_64
python2-jsonschema-2.5.1-4.el7.noarch
python2-docopt-0.6.2-8.el7.noarch
kernel-devel-3.10.0-1127.el7.x86_64
libXfont-1.5.4-1.el7.x86_64
libproxy-0.4.11-11.el7.x86_64
procmail-3.22-36.el7_4.1.x86_64
dialog-1.2-5.20130523.el7.x86_64
libreport-filesystem-2.1.11-53.el7.centos.x86_64
gettext-libs-0.19.8.1-3.el7.x86_64
gobject-introspection-1.56.1-1.el7.x86_64
python-urlgrabber-3.10-10.el7.noarch
python2-distro-1.2.0-3.el7.noarch
python2-acme-1.3.0-1.el7.noarch
audit-libs-python-2.8.5-4.el7.x86_64
jasper-libs-1.900.1-33.el7.x86_64
bind-export-libs-9.11.4-16.P2.el7_8.2.x86_64
vim-minimal-7.4.629-6.el7.x86_64
libXcursor-1.1.15-1.el7.x86_64
libstdc++-devel-4.8.5-39.el7.x86_64
libssh2-1.8.0-3.el7.x86_64
webmin-1.941-1.noarch
glibc-headers-2.17-307.el7.1.x86_64
vim-common-7.4.629-6.el7.x86_64
libseccomp-2.3.1-4.el7.x86_64
php56w-pdo-5.6.40-1.w7.x86_64
rpm-4.11.3-43.el7.x86_64
bind-libs-9.11.4-16.P2.el7_8.2.x86_64
yum-plugin-fastestmirror-1.1.31-53.el7.noarch
device-mapper-1.02.164-7.el7_8.1.x86_64
cryptsetup-libs-2.0.3-6.el7.x86_64
systemd-libs-219-73.el7_8.5.x86_64
elfutils-default-yama-scope-0.176-4.el7.noarch
cronie-anacron-1.4.11-23.el7.x86_64
grub2-tools-2.02-0.81.el7.centos.x86_64
dhclient-4.2.5-79.el7.centos.x86_64
php56w-pecl-libsodium-1.0.6-1.w7.x86_64
perl-Time-Local-1.2300-2.el7.noarch
php-PHPMailer-5.2.27-1.el7.noarch
perl-PathTools-3.40-5.el7.x86_64
ssldump-0.9-0.9.b3.el7.x86_64
perl-threads-shared-1.43-6.el7.x86_64
perl-Net-LibIDN-0.12-15.el7.x86_64
ncurses-libs-5.9-14.20130511.el7_4.x86_64
perl-Getopt-Long-2.40-2.el7.noarch
less-458-9.el7.x86_64
perl-HTTP-Date-6.02-8.el7.noarch
chkconfig-1.7.4-1.el7.x86_64
ntfs-3g-2017.3.23-11.el7.x86_64
perl-Digest-HMAC-1.03-5.el7.noarch
qrencode-libs-3.4.1-3.el7.x86_64
perl-URI-1.60-9.el7.noarch
grep-2.20-3.el7.x86_64
python-pycurl-7.19.0-19.el7.x86_64
perl-HTTP-Message-6.06-6.el7.noarch
mozjs17-17.0.0-19.el7.x86_64
python-iniparse-0.4-9.el7.noarch
perl-HTTP-Negotiate-6.01-5.el7.noarch
pinentry-0.8.1-17.el7.x86_64
perl-libwww-perl-6.05-2.el7.noarch
openvpn-2.4.7-1.el7.x86_64
dwz-0.11-3.el7.x86_64
php-justinrainbow-json-schema5-5.2.9-1.el7.noarch
varnish-4.0.5-1.el7.x86_64
nginx-mod-http-image-filter-1.16.1-1.el7.x86_64
kernel-3.10.0-327.18.2.el7.x86_64
libunwind-1.2-2.el7.x86_64
nginx-mod-http-perl-1.16.1-1.el7.x86_64
perl-macros-5.16.3-292.el7.x86_64
urlview-0.9-15.20121210git6cfcad.el7.x86_64
libtasn1-4.10-1.el7.x86_64
jbigkit-libs-2.0-11.el7.x86_64
nload-0.7.4-4.el7.x86_64
php-composer-semver-1.5.1-1.el7.noarch
openssl-1.0.2k-8.el7.x86_64
polkit-pkla-compat-0.1-4.el7.x86_64
php-composer-spdx-licenses-1.5.3-1.el7.noarch
libassuan-2.1.0-3.el7.x86_64
composer-1.10.5-1.el7.noarch
perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64
pkgconfig-0.27.1-4.el7.x86_64
yum-utils-1.1.31-53.el7.noarch
perl-PlRPC-0.2020-14.el7.noarch
php-symfony-class-loader-2.8.12-2.el7.noarch
libc-client-2007f-16.el7.x86_64
setup-2.8.71-11.el7.noarch
gpg-pubkey-352c64e5-52ae6884
php-symfony-finder-2.8.12-2.el7.noarch
libXtst-1.2.3-1.el7.x86_64
python-rpm-macros-3-32.el7.noarch
gpg-pubkey-11f63c51-3c7dc11d
kbd-misc-1.15.5-15.el7.noarch
php-symfony-dom-crawler-2.8.12-2.el7.noarch
libXpm-3.5.12-1.el7.x86_64
python2-rpm-macros-3-32.el7.noarch
php-symfony-dependency-injection-2.8.12-2.el7.noarch
bash-4.2.46-34.el7.x86_64
php-jsonlint-1.6.1-1.el7.noarch
info-5.1-5.el7.x86_64
php-simplepie-1.3.1-4.el7.noarch
php-symfony-http-foundation-2.8.12-2.el7.noarch
libXcomposite-0.4.4-4.1.el7.x86_64
libdb-5.3.21-25.el7.x86_64
sed-4.2.2-6.el7.x86_64
p7zip-16.02-10.el7.x86_64
libcap-2.22-11.el7.x86_64
lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64
kernel-3.10.0-514.26.2.el7.x86_64
net-snmp-utils-5.7.2-28.el7_4.1.x86_64
gpg-pubkey-62e74ca5-539c878e
libidn-1.28-4.el7.x86_64
libnfnetlink-1.0.1-4.el7.x86_64
perl-List-MoreUtils-0.33-9.el7.x86_64
bacula-libs-5.2.13-23.1.el7.x86_64
autogen-libopts-5.18-5.el7.x86_64
perl-Module-Implementation-0.06-6.el7.noarch
perl-Sys-MemInfo-0.91-7.el7.x86_64
perl-Params-Util-1.07-6.el7.x86_64
bacula-client-5.2.13-23.1.el7.x86_64
perl-XML-SAX-0.99-9.el7.noarch
libXext-1.3.3-3.el7.x86_64
perl-IO-Socket-INET6-2.69-5.el7.noarch
libSM-1.2.2-2.el7.x86_64
perl-Cache-Cache-1.06-12.el7.noarch
libmpc-1.0.1-3.el7.x86_64
perl-MailTools-2.12-2.el7.noarch
mesa-libGL-17.0.1-6.20170307.el7.x86_64
perl-Class-Load-0.20-3.el7.noarch
kernel-devel-3.10.0-514.26.2.el7.x86_64
xorg-x11-fonts-Type1-7.5-9.el7.noarch
perl-Taint-Runtime-0.03-19.el7.x86_64
perl-Digest-1.17-245.el7.noarch
munin-node-2.0.33-1.el7.noarch
trousers-0.3.14-2.el7.x86_64
perl-File-KeePass-2.03-10.el7.noarch
basesystem-10.0-7.el7.centos.noarch
perl-Mail-Sendmail-0.79-21.el7.noarch
openssh-clients-7.4p1-12.el7_4.x86_64
libXmu-1.1.2-2.el7.x86_64
perl-XML-DOM-1.44-19.el7.noarch
perl-Capture-Tiny-0.24-1.el7.noarch
libgpg-error-1.12-3.el7.x86_64
python-pyudev-0.15-9.el7.noarch
perl-Sort-Naturally-1.03-8.el7.noarch
pango-1.40.4-1.el7.x86_64
tcp_wrappers-libs-7.6-77.el7.x86_64
mod_evasive-1.10.1-22.el7.x86_64
hardlink-1.0-19.el7.x86_64
python2-pyasn1-modules-0.1.9-7.el7.noarch
python-GnuPGInterface-0.3.2-11.el7.noarch
gawk-4.0.2-4.el7_3.1.x86_64
nss-util-3.36.0-1.el7_5.x86_64
python-zope-event-4.0.3-2.el7.noarch
nss-3.36.0-5.el7_5.x86_64
libXt-1.1.5-3.el7.x86_64
python-augeas-0.5.0-2.el7.noarch
python-setuptools-0.9.8-7.el7.noarch
man-db-2.6.3-9.el7.x86_64
javapackages-tools-3.4.1-11.el7.noarch
python2-dialog-3.3.0-6.el7.noarch
perl-Net-SSLeay-1.55-6.el7.x86_64
perl-podlators-2.5.1-3.el7.noarch
perl-Pod-Escapes-1.04-292.el7.noarch
libxshmfence-1.2-1.el7.x86_64
php56w-pecl-xdebug-2.5.5-2.w7.x86_64
perl-Encode-2.51-7.el7.x86_64
perl-Storable-2.45-3.el7.x86_64
selinux-policy-3.13.1-266.el7.noarch
git-1.8.3.1-21.el7_7.x86_64
libdrm-2.4.97-2.el7.x86_64
plymouth-core-libs-0.8.9-0.33.20140113.el7.centos.x86_64
virt-what-1.18-4.el7.x86_64
pcsc-lite-libs-1.8.8-8.el7.x86_64
certbot-1.3.0-1.el7.noarch
rsyslog-8.24.0-52.el7.x86_64
grub2-2.02-0.81.el7.centos.x86_64
sysstat-10.1.5-19.el7.x86_64
audit-2.8.5-4.el7.x86_64
awstats-7.7-1.el7.noarch
biosdevname-0.7.3-2.el7.x86_64
php56w-mysql-5.6.40-1.w7.x86_64
php56w-process-5.6.40-1.w7.x86_64
php56w-enchant-5.6.40-1.w7.x86_64
gcc-c++-4.8.5-39.el7.x86_64
python-virtualenv-15.1.0-4.el7_7.noarch
python2-psutil-5.6.7-1.el7.x86_64
python2-keyring-5.0-4.el7.noarch
xfsprogs-4.5.0-20.el7.x86_64
gdisk-0.8.10-3.el7.x86_64
gnutls-3.3.29-9.el7_6.x86_64
libsodium-1.0.18-1.el7.x86_64
libpwquality-1.2.3-5.el7.x86_64
libblkid-2.23.2-63.el7.x86_64
sqlite-3.7.17-8.el7_7.1.x86_64
apr-1.4.8-5.el7.x86_64
libffi-3.0.13-19.el7.x86_64
libmount-2.23.2-63.el7.x86_64
gzip-1.5-10.el7.x86_64
pyOpenSSL-0.13.1-4.el7.x86_64
binutils-2.27-43.base.el7.x86_64
python-urllib3-1.10.2-7.el7.noarch
libuser-0.60-9.el7.x86_64
python2-mock-1.0.1-10.el7.noarch
python-linux-procfs-0.4.11-4.el7.noarch
python-requests-2.6.0-9.el7_8.noarch
python-perf-3.10.0-1127.el7.x86_64
setools-libs-3.3.8-4.el7.x86_64
grubby-8.28-26.el7.x86_64
acl-2.2.51-15.el7.x86_64
libXrandr-1.5.1-2.el7.x86_64
libicu-50.2-4.el7_7.x86_64
cpp-4.8.5-39.el7.x86_64
unzip-6.0-21.el7.x86_64
cairo-1.15.12-4.el7.x86_64
copy-jdk-configs-3.3-10.el7_5.noarch
ipset-libs-7.1-1.el7.x86_64
php56w-common-5.6.40-1.w7.x86_64
rpm-libs-4.11.3-43.el7.x86_64
bind-libs-lite-9.11.4-16.P2.el7_8.2.x86_64
rpm-python-4.11.3-43.el7.x86_64
kpartx-0.4.9-131.el7.x86_64
device-mapper-libs-1.02.164-7.el7_8.1.x86_64
elfutils-libs-0.176-4.el7.x86_64
dbus-1.10.24-13.el7_6.x86_64
policycoreutils-2.5-34.el7.x86_64
grub2-tools-minimal-2.02-0.81.el7.centos.x86_64
dhcp-common-4.2.5-79.el7.centos.x86_64
hunspell-en-US-0.20121024-6.el7.noarch
php56w-pecl-geoip-1.1.1-1.w7.x86_64
perl-Scalar-List-Utils-1.27-248.el7.x86_64
libedit-3.0-12.20121213cvs.el7.x86_64
perl-HTML-Tagset-3.20-15.el7.noarch
perl-threads-1.87-4.el7.x86_64
pcre-8.32-17.el7.x86_64
lzo-2.06-8.el7.x86_64
perl-TimeDate-2.30-2.el7.noarch
perl-CGI-3.63-4.el7.noarch
libmnl-1.0.3-7.el7.x86_64
perl-Business-ISBN-2.06-2.el7.noarch
php-fedora-autoloader-1.0.0-1.el7.noarch
perl-IO-HTML-1.00-2.el7.noarch
libxcb-1.12-1.el7.x86_64
perl-HTTP-Daemon-6.01-5.el7.noarch
perl-Net-HTTP-6.06-2.el7.noarch
lz4-1.7.5-3.el7.x86_64
perl-srpm-macros-1-8.el7.noarch
perl-LWP-Protocol-https-6.04-4.el7.noarch
gpgme-1.3.2-5.el7.x86_64
jemalloc-3.6.0-1.el7.x86_64
nginx-mod-mail-1.16.1-1.el7.x86_64
p11-kit-0.23.5-3.el7.x86_64
lksctp-tools-1.0.17-2.el7.x86_64
nginx-1.16.1-1.el7.x86_64
logrotate-3.8.6-14.el7.x86_64
pixman-0.34.0-1.el7.x86_64
tokyocabinet-1.4.48-3.el7.x86_64
perl-5.16.3-292.el7.x86_64
mailcap-2.1.41-2.el7.noarch
oathtool-2.6.2-1.el7.x86_64
p11-kit-trust-0.23.5-3.el7.x86_64
php-seld-phar-utils-1.0.2-1.el7.noarch
libpng-1.5.13-7.el7_2.x86_64
pciutils-libs-3.5.1-2.el7.x86_64
libzip-0.10.1-8.el7.x86_64
php-composer-xdebug-handler-1.4.1-1.el7.noarch
php-composer-ca-bundle-1.2.7-1.el7.noarch
pyparsing-1.5.6-9.el7.noarch
perl-Compress-Raw-Zlib-2.061-4.el7.x86_64
libxml2-python-2.9.1-6.el7.4.x86_64
python-schedutils-0.4-6.el7.x86_64
php-symfony-common-2.8.12-2.el7.noarch
perl-DBI-1.627-4.el7.x86_64
grub2-common-2.02-0.81.el7.centos.noarch
fipscheck-lib-1.4.1-6.el7.x86_64
php-symfony-yaml-2.8.12-2.el7.noarch
nmap-ncat-6.40-7.el7.x86_64
python-srpm-macros-3-32.el7.noarch
php-symfony-debug-2.8.12-2.el7.noarch
kernel-headers-3.10.0-1127.el7.x86_64
libgnome-keyring-3.12.0-1.el7.x86_64
centos-logos-70.0.6-3.el7.centos.noarch
php-symfony-css-selector-2.8.12-2.el7.noarch
vim-filesystem-7.4.629-6.el7.x86_64
libXfixes-5.0.3-1.el7.x86_64
php-symfony-expression-language-2.8.12-2.el7.noarch
glibc-2.17-307.el7.1.x86_64
libxslt-1.1.28-5.el7.x86_64
libXdamage-1.1.4-4.1.el7.x86_64
zlib-1.2.7-18.el7.x86_64
pygpgme-0.3-9.el7.x86_64
php-symfony-polyfill-1.5.0-1.el7.noarch
t1lib-5.1.2-14.el7.x86_64
libstdc++-4.8.5-39.el7.x86_64
php-symfony-http-kernel-2.8.12-2.el7.noarch
expat-2.1.0-11.el7.x86_64
libattr-2.4.46-13.el7.x86_64
krb5-libs-1.15.1-46.el7.x86_64
readline-6.2-11.el7.x86_64
cyrus-sasl-lib-2.1.26-23.el7.x86_64
lsscsi-0.27-6.el7.x86_64
yum-plugin-replace-0.2.7-1.ius.el7.noarch
diffutils-3.3-5.el7.x86_64
rrdtool-1.4.8-9.el7.x86_64
libunistring-0.9.3-9.el7.x86_64
perl-Digest-SHA1-2.13-9.el7.x86_64
libfontenc-1.1.3-3.el7.x86_64
perl-XML-SAX-Base-1.08-7.el7.noarch
bacula-common-5.2.13-23.1.el7.x86_64
libverto-0.2.5-4.el7.x86_64
perl-Module-Runtime-0.013-4.el7.noarch
bacula-libs-sql-5.2.13-23.1.el7.x86_64
pth-2.0.7-23.el7.x86_64
perl-Net-SNMP-6.0.1-7.el7.noarch
logwatch-7.4.0-32.20130522svn140.el7.noarch
perl-XML-NamespaceSupport-1.11-10.el7.noarch
bacula-console-5.2.13-23.1.el7.x86_64
perl-Data-OptList-0.107-9.el7.noarch
kernel-3.10.0-327.13.1.el7.x86_64
perl-IPC-ShareLite-0.17-12.el7.x86_64
giflib-4.1.6-9.el7.x86_64
mpfr-3.1.1-4.el7.x86_64
perl-Net-SMTP-SSL-1.01-13.el7.noarch
mesa-libgbm-17.0.1-6.20170307.el7.x86_64
perl-Package-Stash-0.34-2.el7.noarch
ttmkfdir-3.0.9-42.el7.x86_64
perl-DBD-Pg-2.19.3-4.el7.x86_64
mod_security-2.7.3-5.el7.x86_64
hdparm-9.43-5.el7.x86_64
perl-XML-Parser-2.41-10.el7.x86_64
perl-DateTime-1.04-6.el7.x86_64
perl-XML-RegExp-0.04-2.el7.noarch
perl-Term-ShellUI-0.92-2.el7.noarch
munin-2.0.33-1.el7.noarch
perl-version-0.99.07-2.el7.x86_64
lyx-fonts-2.2.3-1.el7.noarch
libcap-ng-0.7.5-4.el7.x86_64
php56w-pecl-apcu-4.0.11-2.w7.x86_64
python-six-1.9.0-2.el7.noarch
python-sqlalchemy-0.9.8-2.el7.x86_64
lsof-4.87-4.el7.x86_64
dbus-glib-0.100-7.el7.x86_64
numactl-libs-2.0.9-6.el7_2.x86_64
python2-configargparse-0.11.0-1.el7.noarch
neon-0.30.0-3.el7.x86_64
python-lockfile-0.9.1-4.el7.centos.noarch
python2-pyasn1-0.1.9-7.el7.noarch
PyYAML-3.10-11.el7.x86_64
lua-5.1.4-15.el7.x86_64
nss-softokn-freebl-3.36.0-5.el7_5.x86_64
python-decorator-3.4.0-3.el7.noarch
python2-cryptography-1.7.2-2.el7.x86_64
pam-1.1.8-18.el7.x86_64
python-IPy-0.75-6.el7.noarch
gpg-pubkey-f4a80eb5-53a7ff4b
nss-tools-3.36.0-5.el7_5.x86_64
python-enum34-1.0.4-1.el7.noarch
perl-HTTP-Tiny-0.033-3.el7.noarch
kernel-devel-3.10.0-693.2.2.el7.x86_64
perl-Text-ParseWords-3.29-4.el7.noarch
grub2-pc-2.02-0.81.el7.centos.x86_64
polkit-0.112-26.el7.x86_64
libcgroup-0.41-21.el7.x86_64
avahi-libs-0.6.31-20.el7.x86_64
plymouth-scripts-0.8.9-0.33.20140113.el7.centos.x86_64
libfastjson-0.99.4-3.el7.x86_64
java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7.x86_64
java-1.8.0-openjdk-1.8.0.242.b08-1.el7.x86_64
tuned-2.11.0-8.el7.noarch
kexec-tools-2.0.15-43.el7.x86_64
yum-cron-3.4.3-167.el7.centos.noarch
kbd-1.15.5-15.el7.x86_64
chrony-3.4-1.el7.x86_64
irqbalance-1.0.7-12.el7.x86_64
php56w-ldap-5.6.40-1.w7.x86_64
php56w-intl-5.6.40-1.w7.x86_64
php56w-snmp-5.6.40-1.w7.x86_64
librsvg2-2.40.20-1.el7.x86_64
python-slip-0.4.0-4.el7.noarch
python2-texttable-1.6.2-1.el7.noarch
python2-iso8601-0.1.11-8.el7.noarch
postgresql-libs-9.2.24-2.el7_7.x86_64
wget-1.14-18.el7_6.1.x86_64
iprutils-2.4.17.1-3.el7_7.x86_64
telnet-0.17-65.el7_8.x86_64
epel-release-7-12.noarch
file-5.11-36.el7.x86_64
libcroco-0.6.12-4.el7.x86_64
hostname-3.13-3.el7_7.1.x86_64
libtiff-4.0.3-32.el7.x86_64
ethtool-4.8-10.el7.x86_64
atk-2.28.1-2.el7.x86_64
python-zope-component-4.1.0-5.el7.noarch
python2-parsedatetime-2.4-6.el7.noarch
python-chardet-2.2.1-3.el7.noarch
python-devel-2.7.5-88.el7.x86_64
subversion-libs-1.7.14-14.el7.x86_64
gtk-update-icon-cache-3.22.30-5.el7.x86_64
hicolor-icon-theme-0.12-7.el7.noarch
libXinerama-1.1.3-2.1.el7.x86_64
libdb-utils-5.3.21-25.el7.x86_64
e2fsprogs-libs-1.42.9-17.el7.x86_64
libselinux-utils-2.5-15.el7.x86_64
fontconfig-2.13.0-4.3.el7.x86_64
gcc-4.8.5-39.el7.x86_64
gpm-libs-1.20.7-6.el7.x86_64
libcurl-7.29.0-57.el7.x86_64
curl-7.29.0-57.el7.x86_64
GeoIP-1.5.0-14.el7.x86_64
rpm-build-libs-4.11.3-43.el7.x86_64
libsmartcols-2.23.2-63.el7.x86_64
procps-ng-3.3.10-27.el7.x86_64
kmod-20-28.el7.x86_64
systemd-219-73.el7_8.5.x86_64
systemd-sysv-219-73.el7_8.5.x86_64
device-mapper-event-libs-1.02.164-7.el7_8.1.x86_64
dhcp-libs-4.2.5-79.el7.centos.x86_64
grub2-tools-extra-2.02-0.81.el7.centos.x86_64
device-mapper-event-1.02.164-7.el7_8.1.x86_64
libevent-2.0.21-4.el7.x86_64
ncurses-base-5.9-14.20130511.el7_4.noarch
perl-File-Temp-0.23.01-3.el7.noarch
perl-Encode-Locale-1.03-5.el7.noarch
hwdata-0.252-9.5.el7.x86_64
python-cffi-1.6.0-5.el7.x86_64
sysvinit-tools-2.88-14.dsf.el7.x86_64
perl-FCGI-0.74-8.el7.x86_64
plymouth-0.8.9-0.33.20140113.el7.centos.x86_64
ustr-1.0.4-16.el7.x86_64
perl-Geo-IP-1.43-3.el7.x86_64
checkpolicy-2.5-8.el7.x86_64
php-paragonie-random-compat-2.0.18-1.el7.noarch
perl-IO-Socket-SSL-1.94-6.el7.noarch
selinux-policy-targeted-3.13.1-266.el7.noarch
perl-Mozilla-CA-20130114-5.el7.noarch
varnish-libs-4.0.5-1.el7.x86_64
postfix-2.10.1-9.el7.x86_64
libXi-1.7.9-1.el7.x86_64
nginx-mod-http-xslt-filter-1.16.1-1.el7.x86_64
gd-2.0.35-26.el7.x86_64
ebtables-2.0.10-16.el7.x86_64
liboath-2.6.2-1.el7.x86_64
php56w-mbstring-5.6.40-1.w7.x86_64
ipset-7.1-1.el7.x86_64
pytz-2016.10-2.el7.noarch
cacti-1.2.11-1.el7.noarch
perl-Data-Dumper-2.145-3.el7.x86_64
harfbuzz-1.7.5-2.el7.x86_64
centos-release-7-8.2003.0.el7.centos.x86_64
perl-DBD-MySQL-4.023-5.el7.x86_64
php-symfony-process-2.8.12-2.el7.noarch
screen-4.1.0-0.25.20120314git3c2946.el7.x86_64
libnetfilter_conntrack-1.0.6-1.el7_3.x86_64
json-c-0.11-4.el7_0.x86_64
kbd-legacy-1.15.5-15.el7.noarch
gperftools-libs-2.6.1-1.el7.x86_64
libthai-0.1.14-9.el7.x86_64
pyxattr-0.5.1-5.el7.x86_64
libXxf86vm-1.1.4-1.el7.x86_64
glibc-common-2.17-307.el7.1.x86_64
enchant-1.6.0-8.el7.x86_64
librsync-2.0.2-1.el7.x86_64
openldap-2.4.44-5.el7.x86_64
libcom_err-1.42.9-17.el7.x86_64
php-symfony-console-2.8.12-2.el7.noarch
libXft-2.3.2-2.el7.x86_64
elfutils-libelf-0.176-4.el7.x86_64
net-snmp-libs-5.7.2-28.el7_4.1.x86_64
python2-backports-functools_lru_cache-1.2.1-4.el7.noarch
cpio-2.11-27.el7.x86_64
shadow-utils-4.6-5.el7.x86_64
dejavu-sans-mono-fonts-2.33-6.el7.noarch
parted-3.1-28.el7.x86_64
libICE-1.0.9-9.el7.x86_64
shared-mime-info-1.8-5.el7.x86_64
perl-Crypt-DES-2.05-20.el7.x86_64
libselinux-python-2.5-15.el7.x86_64
mt-st-1.1-14.el7.x86_64
perl-Socket6-0.23-15.el7.x86_64
gettext-0.19.8.1-3.el7.x86_64
perl-Package-DeprecationManager-0.13-7.el7.noarch
zip-3.0-11.el7.x86_64
python2-future-0.18.2-2.el7.noarch
perl-Net-Server-2.007-2.el7.noarch
mesa-libEGL-17.0.1-6.20170307.el7.x86_64
python2-certbot-1.3.0-1.el7.noarch
fontpackages-filesystem-1.44-8.el7.noarch
perl-MIME-Lite-3.030-1.el7.noarch
bzip2-1.0.6-13.el7.x86_64
mariadb-5.5.56-2.el7.x86_64
gdk-pixbuf2-2.36.12-3.el7.x86_64
perl-DateTime-TimeZone-1.63-2.el7.noarch
perl-Clone-0.34-5.el7.x86_64
tar-1.26-35.el7.x86_64
perl-HTML-Template-2.95-1.el7.noarch
perl-TermReadKey-2.30-20.el7.x86_64
libss-1.42.9-17.el7.x86_64
mod_security_crs-2.2.9-1.el7.noarch
python2-six-1.9.0-0.el7.noarch
dejavu-sans-fonts-2.33-6.el7.noarch
python-idna-2.4-1.el7.noarch
libaio-0.3.109-13.el7.x86_64
linux-firmware-20191203-76.gite8a0f4c.el7.noarch
python-zope-interface-4.0.5-4.el7.x86_64
dbus-python-1.1.1-9.el7.x86_64
php56w-cli-5.6.40-1.w7.x86_64
ncftp-3.2.5-7.el7.x86_64
nss-softokn-3.36.0-5.el7_5.x86_64
gnupg2-2.0.22-5.el7_5.x86_64
util-linux-2.23.2-63.el7.x86_64
python-lxml-3.2.1-4.el7.x86_64
dbus-libs-1.10.24-13.el7_6.x86_64
perl-parent-0.225-244.el7.noarch
cronie-1.4.11-23.el7.x86_64
libsodium13-1.0.5-1.el7.x86_64
ncurses-5.9-14.20130511.el7_4.x86_64
dracut-network-033-568.el7.x86_64
[root@osestaging1 ~]# 
[root@osestaging1 ~]# # check to see what changes require a reboot, if any
[root@osestaging1 ~]# time nice needs-restarting &> "${tmpDir}/needs-restarting.log"

real	0m1.645s
user	0m1.198s
sys	0m0.436s
[root@osestaging1 ~]# cat $tmpDir/needs-restarting.log 
2615 : sshd: maltfield [priv]
20444 : su - 
20443 : sudo su - 
1082 : /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a 127.0.0.1:6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -u varnish -g varnish -s malloc,40G 
335 : /usr/sbin/sshd -D 
554 : /var/ossec/bin/ossec-logcollector 
2636 : sshd: maltfield@pts/0
14916 : sshd: maltfield@pts/1
2440 : /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock 
1 : /usr/lib/systemd/systemd --system --deserialize 19 
46 : /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation 
1075 : /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a 127.0.0.1:6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -u varnish -g varnish -s malloc,40G 
3195 : su - 
11409 : sshd: maltfield [priv]
407 : /usr/bin/perl -wT /usr/sbin/munin-node 
540 : /var/ossec/bin/ossec-analysisd 
520 : /var/ossec/bin/ossec-execd 
738 : /var/ossec/bin/ossec-syscheckd 
349 : /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220 
751 : /var/ossec/bin/ossec-monitord 
440 : /bin/sh /usr/bin/mysqld_safe --basedir=/usr 
2647 : -bash 
265 : /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient--eth0.lease -pf /var/run/dhclient-eth0.pid -H osestaging1 eth0 
19 : /usr/lib/systemd/systemd-journald 
54 : /usr/lib/systemd/systemd-logind 
3196 : -bash 
355 : /usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/client.conf 
3194 : sudo su - 
[root@osestaging1 ~]# 
[root@osestaging1 ~]# time nice needs-restarting -r &> "${tmpDir}/needs-reboot.log"

real	0m0.362s
user	0m0.235s
sys	0m0.124s
[root@osestaging1 ~]# cat $tmpDir/needs-reboot.log 
Core libraries or services have been updated:
  dbus -> 1:1.10.24-13.el7_6
  kernel -> 3.10.0-1127.el7
  glibc -> 2.17-307.el7.1
  linux-firmware -> 20191203-76.gite8a0f4c.el7
  gnutls -> 3.3.29-9.el7_6
  systemd -> 219-73.el7_8.5

Reboot is required to ensure that your system benefits from these updates.

More information:
https://access.redhat.com/solutions/27943
[root@osestaging1 ~]# 
[root@osestaging1 ~]# # reboot the system to apply kernel changes
[root@osestaging1 ~]# reboot
  1. after reboot, I tried to visit www.opensourceecology.org on the staging server, but I was immediately met with an https error indicating that the cert expired September 4, 2018. Strange, the sync should have updated the cert. Did the package updates cause some issue?
  2. hmm, the cert says it was updated last on April 13 (~2 weeks ago)
[root@osestaging1 conf.d]# ls -lah /etc/letsencrypt/live/
total 16K
drwx------. 4 root root 4.0K Nov 27  2017 .
drwxr-xr-x. 9 root root 4.0K Mar  9 16:57 ..
drwxr-xr-x. 2 root root 4.0K Apr 13 04:20 openbuildinginstitute.org
drwxr-xr-x. 2 root root 4.0K Apr 13 04:20 opensourceecology.org
[root@osestaging1 conf.d]# ls -lah /etc/letsencrypt/live/opensourceecology.org/
total 12K
drwxr-xr-x. 2 root root 4.0K Apr 13 04:20 .
drwx------. 4 root root 4.0K Nov 27  2017 ..
lrwxrwxrwx. 1 root root   46 Apr 13 04:20 cert.pem -> ../../archive/opensourceecology.org/cert29.pem
lrwxrwxrwx. 1 root root   47 Apr 13 04:20 chain.pem -> ../../archive/opensourceecology.org/chain29.pem
lrwxrwxrwx. 1 root root   51 Apr 13 04:20 fullchain.pem -> ../../archive/opensourceecology.org/fullchain29.pem
lrwxrwxrwx. 1 root root   49 Apr 13 04:20 privkey.pem -> ../../archive/opensourceecology.org/privkey29.pem
-rw-r--r--. 1 root root  543 Nov 27  2017 README
[root@osestaging1 conf.d]# 
  1. hmm...nginx won't even restart at all
[root@osestaging1 conf.d]# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[root@osestaging1 conf.d]# 
  1. the error log suggests that there's a conflict when trying to bind() to the server's tun0 (vpn) IP on port 443
[root@osestaging1 ~]# journalctl -f
...
Apr 28 12:11:24 osestaging1 nginx[23616]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11
Apr 28 12:11:24 osestaging1 nginx[23616]: nginx: [warn] conflicting server name "_" on 10.241.189.11:443, ignored
Apr 28 12:11:24 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use)
Apr 28 12:11:25 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use)
Apr 28 12:11:25 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use)
Apr 28 12:11:26 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use)
Apr 28 12:11:26 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use)
Apr 28 12:11:27 osestaging1 nginx[23616]: nginx: [emerg] still could not bind()
Apr 28 12:11:27 osestaging1 systemd[1]: nginx.service: control process exited, code=exited status=1
Apr 28 12:11:27 osestaging1 systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Apr 28 12:11:27 osestaging1 systemd[1]: Unit nginx.service entered failed state.
Apr 28 12:11:27 osestaging1 systemd[1]: nginx.service failed.
Apr 28 12:11:27 osestaging1 polkitd[52]: Unregistered Authentication Agent for unix-process:23608:1631663499 (system bus name :1.176, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

^C
[root@osestaging1 ~]# 
  1. interesting, it looks like apache is now listening on 443?
[root@osestaging1 conf.d]# ss -plan | grep 443
tcp    LISTEN     0      128    [::]:443                [::]:*                   users:(("httpd",pid=21969,fd=8),("httpd",pid=589,fd=8),("httpd",pid=584,fd=8),("httpd",pid=583,fd=8),("httpd",pid=582,fd=8),("httpd",pid=580,fd=8),("httpd",pid=341,fd=8))
[root@osestaging1 conf.d]# 
  1. woah, there's 5x new files in /etc/httpd/conf.d
    1. here's the staging server's 33 files
[root@osestaging1 conf.d]# ls -1 | wc -l
33
[root@osestaging1 conf.d]# ls
000-www.opensourceecology.org.conf          mod_security.conf
00-fef.opensourceecology.org.conf           mod_security.wordpress.include
00-forum.opensourceecology.org.conf         munin.20180304.bak
00-microfactory.opensourceecology.org.conf  munin.opensourceecology.org.conf
00-oswh.opensourceecology.org.conf          php.conf
00-phplist.opensourceecology.org.conf       README
00-seedhome.openbuildinginstitute.org.conf  ssl.conf
00-store.opensourceecology.org.conf         ssl.conf.disabled
00-wiki.opensourceecology.org.conf          ssl.conf.orig
00-www.openbuildinginstitute.org.conf       ssl.openbuildinginstitute.org
autoindex.conf                              ssl.opensourceecology.org
awstats.conf                                staging.openbuildinginstitute.org.conf.bak
awstats.openbuildinginstitute.org.conf      staging.opensourceecology.org.conf
awstats.opensourceecology.org.conf          userdir.conf
cacti.conf                                  varnishTest.conf.disabled
certbot.conf                                welcome.conf
mod_evasive.conf
[root@osestaging1 conf.d]# 
    1. and here's the prod server's 28 files
[root@opensourceecology conf.d]# pwd
/etc/httpd/conf.d
[root@opensourceecology conf.d]# ls -1 | wc -l
28
[root@opensourceecology conf.d]# ls
000-www.opensourceecology.org.conf          mod_evasive.conf
00-fef.opensourceecology.org.conf           mod_security.conf
00-forum.opensourceecology.org.conf         mod_security.wordpress.include
00-microfactory.opensourceecology.org.conf  munin.20180304.bak
00-oswh.opensourceecology.org.conf          munin.opensourceecology.org.conf
00-phplist.opensourceecology.org.conf       php.conf
00-seedhome.openbuildinginstitute.org.conf  README
00-store.opensourceecology.org.conf         ssl.conf.disabled
00-wiki.opensourceecology.org.conf          ssl.conf.orig
00-www.openbuildinginstitute.org.conf       ssl.openbuildinginstitute.org
awstats.openbuildinginstitute.org.conf      ssl.opensourceecology.org
awstats.opensourceecology.org.conf          staging.openbuildinginstitute.org.conf.bak
cacti.conf                                  staging.opensourceecology.org.conf
certbot.conf                                varnishTest.conf.disabled
[root@opensourceecology conf.d]# 
  1. A diff shows the following new files popped-up on the staging server after the package updates
autoindex.conf
awstats.conf
ssl.conf
userdir.conf
welcome.conf
  1. As well as listening on 443, these files create a bunch of new Directory and Location blocks that expose parts of our server. Bleh, let's remove all them
[root@osestaging1 conf.d]# mv /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/autoindex.conf.`date "+%Y%m%d_%H%M%S"`.disabled
[root@osestaging1 conf.d]# mv /etc/httpd/conf.d/awstats.conf /etc/httpd/conf.d/awstats.conf.`date "+%Y%m%d_%H%M%S"`.disabled
[root@osestaging1 conf.d]# mv /etc/httpd/conf.d/ssl.conf.disabled /etc/httpd/conf.d/ssl.conf.disabled.old
[root@osestaging1 conf.d]# mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.`date "+%Y%m%d_%H%M%S"`.disabled
[root@osestaging1 conf.d]# mv /etc/httpd/conf.d/userdir.conf /etc/httpd/conf.d/userdir.conf.`date "+%Y%m%d_%H%M%S"`.disabled
[root@osestaging1 conf.d]# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.`date "+%Y%m%d_%H%M%S"`.disabled
[root@osestaging1 conf.d]# systemctl restart httpd
[root@osestaging1 conf.d]# systemctl restart nginx
[root@osestaging1 conf.d]# 
  1. ok that worked. I guess the cert was some old self-signed cert distributed by apache. Now the site is accessible ☺
  2. I confirmed that all the other sites were good too. Except phplist, whoose 'is_staging' file didn't exist because its docrooot is named 'public_html' instead of the usual 'htdocs' expected in the syncToStaging.sh script. I fixed that
#runOnStaging 'for docroot in $(sudo find /var/www/html/* -maxdepth 1 -name htdocs -type d); do echo 'true' | sudo tee "$docroot/is_staging"; done'                                                                       
runOnStaging 'for docroot in $(sudo find /var/www/html/* -maxdepth 1 -regextype awk -regex ".*(htdocs|public_html)" -type d); do echo "true" | sudo tee "$docroot/is_staging"; done'
  1. I confirmed that I could also edit a page (and purge the cache) on the osemain site
  2. I confimred that I could also access both the awstats & munin sites
  3. And finally I confirmed that I could login and make a change on the wiki
  4. That concludes the testing; I think this is ready for prod on Monday

Mon Apr 27, 2020

  1. I want to do a `yum update` to upgrade all of the packages installed on our production server to their latest versions and give the server a reboot (t apply, eg, kernel upgrades)
  2. I began to checkout some nginx graphs to determine what would be a good dey & time to do this change with minimal impact from the downtime
  3. stragnely, I noticed a huge ever-growig spike in the "writing" processes of the "nginx status" weekly graph

File:Munin_nginx_week.20200427.gif File:Munin_nginx_month.20200427.gif File:Munin_nginx_year.20200427.gif

  1. the yearly graphs shows that it was near-zero through the entire months of Feb & March, then it spiked in April. Really strange..
  2. hmm..apparently our requests graph shows requests on port 80; we should be looking at port 443 https://munin.opensourceecology.org:4443/localhost/localhost/nginx_wiki_opensourceecology_org_request.html
  3. A quick curl shows the current status. 60 writing!
[root@opensourceecology munin]# pwd
/etc/munin
[root@opensourceecology munin]# ls plugin-conf.d/
amavis  df  fw_  hddtemp_smartctl  munin-node  postfix  postgres  sendmail  zzz-ose
[root@opensourceecology munin]# cat plugin-conf.d/zzz-ose 
# ose-specific configs go here per this doc
#  * http://guide.munin-monitoring.org/en/latest/plugin/use.html#configuring

[nginx_wiki.opensourceecology.org_*]
env.url https://wiki.opensourceecology.org/nginx_status
env.graph_title graph title
env.graph_info graph info goes here

[nginx_www.opensourceecology.org_*]
env.url https://www.opensourceecology.org/nginx_status

[mysql*]
user root
group wheel
env.mysqlopts -u munin_user -pqd2qQiFdeNGepvhv5dsQx4rVt7pRyFJ

[multips_memory]
env.names varnishd mysqld httpd varnishlog systemd-journal rsyslogd b2 nginx munin munin-node ssh sshd openvpn tuned ossec-analysisd bash vim screen tail gpg gpg2 polkitd tuned
[root@opensourceecology munin]# curl https://wiki.opensourceecology.org/nginx_status
Active connections: 77 
server accepts handled requests
 18190954 18190954 24376179 
Reading: 0 Writing: 60 Waiting: 15 
[root@opensourceecology munin]# 
  1. I woulde expect "waiting" to be high due to keep-alive, but writing? I'd expect reading to be higher than writing, and they should be about the same. But here "reading" is flat zero.
  2. actually, it looks like "writing" is usually much higher than "reading" probably because it's the case that a server's connection is much more stable than a client's, so the server has to stay in the "writing" state until clients with poor connections confirm the transactions https://nginx.org/en/docs/http/ngx_http_stub_status_module.html
  3. this serverfault question shows a similar type of graph--where reading is near-zero and writing is this sawtooth climbing-falling shape month-to-month https://serverfault.com/questions/675971/is-it-normal-for-nginx-to-accumulate-connections-in-writing-state
    1. the conclusion was that it was a faulty implementaton of protocols SPDY and HTTP/2, but it's been fixed since our current version (1.16.1
[root@opensourceecology munin]# nginx -v
nginx version: nginx/1.16.1
[root@opensourceecology munin]# 
    1. what I really don't understand s what changed in April when this started to climb. It's possible that an attack or crawl started then?
  1. anyway, this doesn't appear to be impacting our uptime in any way. The server's still basically idle. If it becomes an actual issue, then perhaps I can track what the client IPs are for nginx processes stuck in the "writing" state and also the pages they're accessing and maybe adjust 'keepalive_timeout'
  2. looks like this climb started on the 2020-04-20. But I didn't do anything OSE-related from 2020-04-11 until 2020-04-22. Not sure what happend on the 20th..
  3. A quick check at awstats shows the following IPs as our top clients for wiki.opensourceecology.org (note that munin nginx stats are blended together for all sites, but the awstats logs are distinct, so the wiki is just a best guess)
2a02:8109:98c0:36a8:8e7c:495c:68c:e4e4
31.13.191.173
47.133.48.12
51.15.246.137
66.102.6.130
68.56.114.230
71.85.148.111
76.189.142.119
78.113.133.139
130.185.155.59
152.44.74.166
167.114.92.59
167.88.7.134
173.249.10.94
173.48.239.135
180.150.113.19
185.59.207.9
196.196.244.93
216.235.121.70
2001:985:2ce:1:36f:9c55:3f0d:3ac
    1. geo lookups show those IPs in Sweeden, US (Chicago, New York, Michigan, Missouri, North Carolina, Massachusetts, Washington, Google), France (Paris), Canada (Montreal), Germany (Nurnberg, Berlin), Austrailia (Adelaide), UK (Waterlooville), Neatherlands (Amsterdam)
    2. ahh, I found the Tor exit node = 167.88.7.134
[maltfield@opensourceecology log]$ sudo grep -irl '167.88.7.134'
[sudo] password for maltfield: 
nginx/wiki.opensourceecology.org/access.log-20200427
nginx/www.openbuildinginstitute.org/access.log-20200427
nginx/awstats.opensourceecology.org/access.log-20200427
nginx/www.opensourceecology.org/access.log-20200427
secure
[maltfield@opensourceecology log]$
  1. We actually don't appear to have a very strong sine graph on our hourly usage day-to-day. In munin it's really hard to see, but in awstats it looks like our wiki's traffic is generally a bit less between the hours of 23-7 (it's most busy between 15-22). So maybe we do the upgrade at ~05:00? The backups run at 04:20
  2. It's not clear when the backup finishes exactly, so I updated our backup.sh script to echo out the timestamp just before it exits. If it's too close to 07:00, I may want to just manually kick-off a backup at ~01:00 UTC, make my change, reboot the server, and then hope that another backup is kicked-off again after the change is complete.
  3. I sent an email to Marcin about this, asking if there's any times where I should *not* do the CHG
Hey Marcin,

When would be a good time to do a update of all the packages installed
on our production server? This process may involve some downtime.

As a prereq to doing the Docker/Discourse install on our production
server, I'd like to go ahead and upgrade all of the yum-installed
packages on the server. It's probably been more than a year since I've
done this (except for security-critical updates, which are preformed
automatically), so there will be a *lot* of updates. After the update,
I'd like to reboot the server to apply all the changes, which may
include kernel updates.

The reboot means this change will necessarily include downtime. And if
there's any substantial package changes, more complications could arise.
So it would be wise to schedule this change wisely (ie: not in the
middle of a workshop).

Our server doesn't have an especially obvious daily sine usage graph,
but it appears that the lowest traffic to the wiki is between the hours
of 23:00-07:00-ish UTC.

Are there any days/times that I should *not* preform this CHG?


Thank you,

Michael Altfield
Senior System Administrator
PGP Fingerprint: 8A4B 0AF8 162F 3B6A 79B7  70D2 AA3E DF71 60E2 D97B

Open Source Ecology
www.opensourceecology.org
  1. I couldn't find any other coorelation in munin graphs, but our 'rss' graph finally has some useful data in it that hasn't been uploaded to the wiki yet, so I downloaded those.
    1. note the take-away is that our biggest RAM consumers are varnish, mysql, and apache. Nginx is surprisingly low. And the cycle of apache and varnish is pretty wild and useful to know

Munin multips-memory day.20200427.gif Munin multips-memory week.20200427.gif Munin multips-memory month.20200427.gif Munin multips-memory year.20200427.gif

  1. ...
  1. Anyway, back to upgrading the yum packages on prod. I created a CHG ticket for this, tenativley scheduled for Monday (1 week from today) at 07:00 UTC https://wiki.opensourceecology.org/wiki/CHG-2020-05-04_yum_update
  2. Marcin replied to my email, saying "that sounds good to me" regarding my scheduling
  3. ok, let me go through this process on Staging. First I'll do a sync from prod to staging and reboot the staging server
  4. after the sync & reboot, I started poking at `man yum`
  5. I want to get a single command now on statging that will define a set of pacakges and versions to be updated so that I can duplicate what I'm doing on staging (which has been validated) exactly on production. As such, I should not just do a `yum update` as that could easily produce different results from one second to the next
  6. It looks like I want to use `yum update-to <list of packages w/ versions>`
  7. there doesn't appear to be an easy way to get a list of packages from yum that are to be updated in the format that it wants for the `yum update-to X Y Z` command. The output for `yum --assumeno update...` and `yum list updates` all appear to be human readable, with the package name, arch, and version in distinct columns. What I need is <package name>-<version>.<arch>
  8. let's see if I can hack this together with the unzip command, for example
[root@osestaging1 ~]# yum --assumeno update | grep 'will be an update' | grep unzip
---> Package unzip.x86_64 0:6.0-21.el7 will be an update
[root@osestaging1 ~]# 
  1. And
[root@osestaging1 ~]# yum list updates | grep unzip
unzip.x86_64                          6.0-21.el7                        base    
[root@osestaging1 ~]# 
  1. Unfortunately they wedge the package name and arch together. If they were actually different fields than this simple awk would work
[root@osestaging1 ~]# yum list updates | grep unzip | awk '{print $1 "-" $2}'
unzip.x86_64-6.0-21.el7
[root@osestaging1 ~]# yum list updates | grep unzip | awk '{print $1 "-" $2}' | xargs yum update-to
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: mirror.plustech.de
 * epel: mirrors.n-ix.net
 * extras: mirror.alpix.eu
 * updates: mirror.alpix.eu
 * webtatic: uk.repo.webtatic.com
No Match for argument: unzip.x86_64-6.0-21.el7
No package unzip.x86_64-6.0-21.el7 available.
No packages marked for update
[root@osestaging1 ~]# 
  1. some sed/awk magic makes this useable
[root@osestaging1 ~]# yum list updates | grep unzip | awk '{print $1 "|" $2}' | sed 's/\..*|/-/'
unzip-6.0-21.el7
[root@osestaging1 ~]# yum list updates | grep unzip | awk '{print $1 "|" $2}' | sed 's/\..*|/-/' | xargs yum update-to
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: mirror.plustech.de
 * epel: mirrors.n-ix.net
 * extras: mirror.alpix.eu
 * updates: mirror.alpix.eu
 * webtatic: uk.repo.webtatic.com
Resolving Dependencies
--> Running transaction check
---> Package unzip.x86_64 0:6.0-16.el7 will be updated
---> Package unzip.x86_64 0:6.0-21.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================
 Package               Arch                   Version                       Repository            Size
=======================================================================================================
Updating:
 unzip                 x86_64                 6.0-21.el7                    base                 171 k

Transaction Summary
=======================================================================================================
Upgrade  1 Package

Total download size: 171 k
Is this ok [y/d/N]: Exiting on user command
Your transaction was saved, rerun it with:
 yum load-transaction /tmp/yum_save_tx.2020-04-27.17-38.npl2_x.yumtx
[root@osestaging1 ~]# 
  1. And here's a lst of all the packages to be installed for passing directly to `yum update-to`
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | awk '{print $1 "|" $2}' | sed 's/\..*|/-/' | tr "\n" " "
GeoIP-1.5.0-14.el7 acl-2.2.51-15.el7 acpid-2.0.19-9.el7 alsa-lib-1.1.8-1.el7 apr-1.4.8-5.el7 audit-2.8.5-4.el7 audit-libs-2.8.5-4.el7 audit-libs-python-2.8.5-4.el7 augeas-libs-1.4.0-9.el7_7.1 awstats-7.7-1.el7 bash-4.2.46-34.el7 bind-libs-32:9.11.4-16.P2.el7_8.2 bind-libs-lite-32:9.11.4-16.P2.el7_8.2 bind-license-32:9.11.4-16.P2.el7_8.2 bind-utils-32:9.11.4-16.P2.el7_8.2 binutils-2.27-43.base.el7 biosdevname-0.7.3-2.el7 ca-certificates-2019.2.32-76.el7_7 cairo-1.15.12-4.el7 centos-release-7-8.2003.0.el7.centos certbot-1.3.0-1.el7 checkpolicy-2.5-8.el7 chrony-3.4-1.el7 copy-jdk-configs-3.3-10.el7_5 coreutils-8.22-24.el7 cpio-2.11-27.el7 cpp-4.8.5-39.el7 cronie-1.4.11-23.el7 cronie-anacron-1.4.11-23.el7 cryptsetup-libs-2.0.3-6.el7 curl-7.29.0-57.el7 cyrus-sasl-lib-2.1.26-23.el7 dbus-1:1.10.24-13.el7_6 dbus-libs-1:1.10.24-13.el7_6 device-mapper-7:1.02.164-7.el7_8.1 device-mapper-event-7:1.02.164-7.el7_8.1 device-mapper-event-libs-7:1.02.164-7.el7_8.1 device-mapper-libs-7:1.02.164-7.el7_8.1 device-mapper-persistent-data-0.8.5-2.el7 dhclient-12:4.2.5-79.el7.centos dhcp-common-12:4.2.5-79.el7.centos dhcp-libs-12:4.2.5-79.el7.centos dialog-1.2-5.20130523.el7 diffutils-3.3-5.el7 dmidecode-1:3.2-3.el7 dracut-033-568.el7 dracut-network-033-568.el7 e2fsprogs-1.42.9-17.el7 e2fsprogs-libs-1.42.9-17.el7 ebtables-2.0.10-16.el7 elfutils-default-yama-scope-0.176-4.el7 elfutils-libelf-0.176-4.el7 elfutils-libs-0.176-4.el7 epel-release-7-12 ethtool-2:4.8-10.el7 expat-2.1.0-11.el7 file-5.11-36.el7 file-libs-5.11-36.el7 filesystem-3.2-25.el7 findutils-1:4.5.11-6.el7 firewalld-filesystem-0.6.3-8.el7_8.1 fontconfig-2.13.0-4.3.el7 freetype-2.8-14.el7 gcc-4.8.5-39.el7 gcc-c++-4.8.5-39.el7 gdisk-0.8.10-3.el7 gdk-pixbuf2-2.36.12-3.el7 gettext-0.19.8.1-3.el7 gettext-libs-0.19.8.1-3.el7 git-1.8.3.1-21.el7_7 glib2-2.56.1-5.el7 glibc-2.17-307.el7.1 glibc-common-2.17-307.el7.1 glibc-devel-2.17-307.el7.1 glibc-headers-2.17-307.el7.1 gnupg2-2.0.22-5.el7_5 gnutls-3.3.29-9.el7_6 gobject-introspection-1.56.1-1.el7 gperftools-libs-2.6.1-1.el7 gpm-libs-1.20.7-6.el7 grub2-1:2.02-0.81.el7.centos grub2-common-1:2.02-0.81.el7.centos grub2-pc-1:2.02-0.81.el7.centos grub2-pc-modules-1:2.02-0.81.el7.centos grub2-tools-1:2.02-0.81.el7.centos grub2-tools-extra-1:2.02-0.81.el7.centos grub2-tools-minimal-1:2.02-0.81.el7.centos grubby-8.28-26.el7 gzip-1.5-10.el7 harfbuzz-1.7.5-2.el7 hostname-3.13-3.el7_7.1 httpd-2.4.6-93.el7.centos httpd-tools-2.4.6-93.el7.centos hwdata-0.252-9.5.el7 info-5.1-5.el7 initscripts-9.49.49-1.el7 iproute-4.11.0-25.el7_7.2 iprutils-2.4.17.1-3.el7_7 ipset-7.1-1.el7 ipset-libs-7.1-1.el7 iptables-1.4.21-34.el7 iptables-services-1.4.21-34.el7 irqbalance-3:1.0.7-12.el7 jasper-libs-1.900.1-33.el7 java-1-1:1.8.0.242.b08-1.el7 java-1-1:1.8.0.242.b08-1.el7 kbd-1.15.5-15.el7 kbd-legacy-1.15.5-15.el7 kbd-misc-1.15.5-15.el7 kernel-3.10.0-1127.el7 kernel-devel-3.10.0-1127.el7 kernel-headers-3.10.0-1127.el7 kernel-tools-3.10.0-1127.el7 kernel-tools-libs-3.10.0-1127.el7 kexec-tools-2.0.15-43.el7 kmod-20-28.el7 kmod-libs-20-28.el7 kpartx-0.4.9-131.el7 krb5-libs-1.15.1-46.el7 libX11-1.6.7-2.el7 libX11-common-1.6.7-2.el7 libXfont-1.5.4-1.el7 libacl-2.2.51-15.el7 libattr-2.4.46-13.el7 libblkid-2.23.2-63.el7 libcap-2.22-11.el7 libcgroup-0.41-21.el7 libcom_err-1.42.9-17.el7 libcroco-0.6.12-4.el7 libcurl-7.29.0-57.el7 libdb-5.3.21-25.el7 libdb-utils-5.3.21-25.el7 libdrm-2.4.97-2.el7 libfastjson-0.99.4-3.el7 libffi-3.0.13-19.el7 libgcc-4.8.5-39.el7 libgomp-4.8.5-39.el7 libicu-50.2-4.el7_7 libjpeg-turbo-1.2.90-8.el7 libmount-2.23.2-63.el7 libpcap-14:1.5.3-12.el7 libpciaccess-0.14-1.el7 libproxy-0.4.11-11.el7 libpwquality-1.2.3-5.el7 libreport-filesystem-2.1.11-53.el7.centos librsvg2-2.40.20-1.el7 librsync-2.0.2-1.el7 libseccomp-2.3.1-4.el7 libselinux-2.5-15.el7 libselinux-python-2.5-15.el7 libselinux-utils-2.5-15.el7 libsemanage-2.5-14.el7 libsemanage-python-2.5-14.el7 libsepol-2.5-10.el7 libsodium-1.0.18-1.el7 libss-1.42.9-17.el7 libssh2-1.8.0-3.el7 libstdc++-4.8.5-39.el7 libstdc++-devel-4.8.5-39.el7 libtiff-4.0.3-32.el7 libuser-0.60-9.el7 libuuid-2.23.2-63.el7 libxcb-1.13-1.el7 libxml2-2.9.1-6.el7.4 linux-firmware-20191203-76.gite8a0f4c.el7 lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7 logrotate-3.8.6-19.el7 logwatch-7.4.0-35.20130522svn140.el7_5 lsof-4.87-6.el7 lvm2-7:2.02.186-7.el7_8.1 lvm2-libs-7:2.02.186-7.el7_8.1 mailx-12.5-19.el7 make-1:3.82-24.el7 man-db-2.6.3-11.el7 mariadb-1:5.5.65-1.el7 mariadb-libs-1:5.5.65-1.el7 mariadb-server-1:5.5.65-1.el7 mdadm-4.1-4.el7 mesa-libEGL-18.3.4-7.el7 mesa-libGL-18.3.4-7.el7 mesa-libgbm-18.3.4-7.el7 mesa-libglapi-18.3.4-7.el7 mod_security-2.9.2-1.el7 mod_ssl-1:2.4.6-93.el7.centos mozjs17-17.0.0-20.el7 munin-2.0.54-1.el7 munin-common-2.0.54-1.el7 munin-node-2.0.54-1.el7 mutt-5:1.5.21-29.el7 neon-0.30.0-4.el7 net-snmp-1:5.7.2-48.el7_8 net-snmp-agent-libs-1:5.7.2-48.el7_8 net-snmp-libs-1:5.7.2-48.el7_8 net-snmp-utils-1:5.7.2-48.el7_8 nmap-2:6.40-19.el7 nmap-ncat-2:6.40-19.el7 nspr-4.21.0-1.el7 nss-3.44.0-7.el7_7 nss-pem-1.0.3-7.el7 nss-softokn-3.44.0-8.el7_7 nss-softokn-freebl-3.44.0-8.el7_7 nss-sysinit-3.44.0-7.el7_7 nss-tools-3.44.0-7.el7_7 nss-util-3.44.0-4.el7_7 ntp-4.2.6p5-29.el7.centos ntpdate-4.2.6p5-29.el7.centos numactl-libs-2.0.12-5.el7 openldap-2.4.44-21.el7_6 openssh-7.4p1-21.el7 openssh-clients-7.4p1-21.el7 openssh-server-7.4p1-21.el7 openssl-1:1.0.2k-19.el7 openssl-libs-1:1.0.2k-19.el7 openvpn-2.4.8-1.el7 pam-1.1.8-23.el7 pango-1.42.4-4.el7_7 parted-3.1-32.el7 passwd-0.79-6.el7 pciutils-libs-3.5.1-3.el7 perl-4:5.16.3-295.el7 perl-DBD-MySQL-4.023-6.el7 perl-DateTime-TimeZone-1.70-2.el7 perl-Getopt-Long-2.40-3.el7 perl-Git-1.8.3.1-21.el7_7 perl-HTTP-Daemon-6.01-8.el7 perl-IO-Socket-IP-0.21-5.el7 perl-IO-Socket-SSL-1.94-7.el7 perl-Net-CIDR-0.20-1.el7 perl-Pod-Escapes-1:1.04-295.el7 perl-Socket-2.010-5.el7 perl-libs-4:5.16.3-295.el7 perl-macros-4:5.16.3-295.el7 perl-version-3:0.99.07-6.el7 php-PsrLog-1.1.3-1.el7 php-fedora-autoloader-1.0.1-2.el7 php-seld-phar-utils-1.1.0-1.el7 php56w-5.6.40-1.w7 php56w-cli-5.6.40-1.w7 php56w-common-5.6.40-1.w7 php56w-enchant-5.6.40-1.w7 php56w-gd-5.6.40-1.w7 php56w-imap-5.6.40-1.w7 php56w-intl-5.6.40-1.w7 php56w-ldap-5.6.40-1.w7 php56w-mbstring-5.6.40-1.w7 php56w-mysql-5.6.40-1.w7 php56w-pdo-5.6.40-1.w7 php56w-process-5.6.40-1.w7 php56w-snmp-5.6.40-1.w7 php56w-xml-5.6.40-1.w7 plymouth-0.8.9-0.33.20140113.el7.centos plymouth-core-libs-0.8.9-0.33.20140113.el7.centos plymouth-scripts-0.8.9-0.33.20140113.el7.centos policycoreutils-2.5-34.el7 policycoreutils-python-2.5-34.el7 polkit-0.112-26.el7 postfix-2:2.10.1-9.el7 postgresql-libs-9.2.24-2.el7_7 procmail-3.22-36.el7_4.1 procps-ng-3.3.10-27.el7 pyOpenSSL-0.13.1-4.el7 python-2.7.5-88.el7 python-chardet-2.2.1-3.el7 python-devel-2.7.5-88.el7 python-gobject-base-3.22.0-1.el7_4.1 python-libs-2.7.5-88.el7 python-linux-procfs-0.4.11-4.el7 python-perf-3.10.0-1127.el7 python-requests-2.6.0-9.el7_8 python-slip-0.4.0-4.el7 python-urlgrabber-3.10-10.el7 python-urllib3-1.10.2-7.el7 python-virtualenv-15.1.0-4.el7_7 python-zope-component-1:4.1.0-5.el7 python2-acme-1.3.0-1.el7 python2-cached_property-1.5.1-2.el7 python2-certbot-1.3.0-1.el7 python2-docopt-0.6.2-8.el7 python2-future-0.18.2-2.el7 python2-iso8601-0.1.11-8.el7 python2-josepy-1.3.0-2.el7 python2-jsonschema-2.5.1-4.el7 python2-keyring-5.0-4.el7 python2-mock-1.0.1-10.el7 python2-parsedatetime-2.4-6.el7 python2-psutil-5.6.7-1.el7 python2-texttable-1.6.2-1.el7 readline-6.2-11.el7 redhat-rpm-config-9.1.0-88.el7.centos rpm-4.11.3-43.el7 rpm-build-libs-4.11.3-43.el7 rpm-libs-4.11.3-43.el7 rpm-python-4.11.3-43.el7 rsync-3.1.2-10.el7 rsyslog-8.24.0-52.el7 screen-4.1.0-0.25.20120314git3c2946.el7 sed-4.2.2-6.el7 selinux-policy-3.13.1-266.el7 selinux-policy-targeted-3.13.1-266.el7 setools-libs-3.3.8-4.el7 setup-2.8.71-11.el7 shadow-utils-2:4.6-5.el7 shared-mime-info-1.8-5.el7 sqlite-3.7.17-8.el7_7.1 subversion-1.7.14-14.el7 subversion-libs-1.7.14-14.el7 sudo-1.8.23-9.el7 sysstat-10.1.5-19.el7 systemd-219-73.el7_8.5 systemd-libs-219-73.el7_8.5 systemd-sysv-219-73.el7_8.5 tar-2:1.26-35.el7 tcpdump-14:4.9.2-4.el7_7.1 telnet-1:0.17-65.el7_8 tuned-2.11.0-8.el7 tzdata-2019c-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 util-linux-2.23.2-63.el7 vim-common-2:7.4.629-6.el7 vim-enhanced-2:7.4.629-6.el7 vim-filesystem-2:7.4.629-6.el7 vim-minimal-2:7.4.629-6.el7 virt-what-1.18-4.el7 webmin-1.941-1 wget-1.14-18.el7_6.1 xfsprogs-4.5.0-20.el7 xorg-x11-font-utils-1:7.5-21.el7 yum-3.4.3-167.el7.centos yum-cron-3.4.3-167.el7.centos yum-plugin-fastestmirror-1.1.31-53.el7 zlib-1.2.7-18.el7 [root@osestaging1 ~]# 
  1. and pass it. Unfortunately that doesn't work for manay packages. FOr example, dbus
[root@osestaging1 ~]# pkgs=`yum -q list updates 2>&1 | tail -n+2 | awk '{print $1 "|" $2}' | sed 's/\..*|/-/' | tr "\n" " "`
[root@osestaging1 ~]# yum update-to $pkgs
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: mirror.plustech.de
 * epel: mirrors.n-ix.net
 * extras: mirror.alpix.eu
 * updates: mirror.alpix.eu
 * webtatic: uk.repo.webtatic.com
No Match for argument: bind-libs-32:9.11.4-16.P2.el7_8.2
No package bind-libs-32:9.11.4-16.P2.el7_8.2 available.
No Match for argument: bind-libs-lite-32:9.11.4-16.P2.el7_8.2
No package bind-libs-lite-32:9.11.4-16.P2.el7_8.2 available.
No Match for argument: bind-license-32:9.11.4-16.P2.el7_8.2
No package bind-license-32:9.11.4-16.P2.el7_8.2 available.
No Match for argument: bind-utils-32:9.11.4-16.P2.el7_8.2
No package bind-utils-32:9.11.4-16.P2.el7_8.2 available.
No Match for argument: dbus-1:1.10.24-13.el7_6
...
  1. Here's what it says about that dbus package
[root@osestaging1 ~]# yum -q list updates 2>&1 | grep dbus
dbus.x86_64                           1:1.10.24-13.el7_6                base    
dbus-libs.x86_64                      1:1.10.24-13.el7_6                base    
[root@osestaging1 ~]# yum update dbus
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: mirror.plustech.de
 * epel: mirrors.n-ix.net
 * extras: mirror.alpix.eu
 * updates: mirror.alpix.eu
 * webtatic: uk.repo.webtatic.com
Resolving Dependencies
--> Running transaction check
---> Package dbus.x86_64 1:1.6.12-17.el7 will be updated
---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update
--> Processing Dependency: dbus-libs(x86-64) = 1:1.10.24-13.el7_6 for package: 1:dbus-1.10.24-13.el7_6.x86_64
--> Processing Dependency: libdbus-1.so.3(LIBDBUS_PRIVATE_1.10.24)(64bit) for package: 1:dbus-1.10.24-13.el7_6.x86_64
--> Processing Dependency: libdbus-1.so.3(LIBDBUS_1_3)(64bit) for package: 1:dbus-1.10.24-13.el7_6.x86_64
--> Running transaction check
---> Package dbus-libs.x86_64 1:1.6.12-17.el7 will be updated
---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================
 Package                Arch                Version                            Repository         Size
=======================================================================================================
Updating:
 dbus                   x86_64              1:1.10.24-13.el7_6                 base              245 k
Updating for dependencies:
 dbus-libs              x86_64              1:1.10.24-13.el7_6                 base              169 k

Transaction Summary
=======================================================================================================
Upgrade  1 Package (+1 Dependent package)

Total download size: 414 k
Is this ok [y/d/N]: 
  1. I guess it doesn't like the "1:" preceeding the version. No idea what that even is
[root@osestaging1 ~]# yum update-to dbus-1:1.10.24-13
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: mirror.plustech.de
 * epel: mirrors.n-ix.net
 * extras: mirror.alpix.eu
 * updates: mirror.alpix.eu
 * webtatic: uk.repo.webtatic.com
No Match for argument: dbus-1:1.10.24-13
No package dbus-1:1.10.24-13 available.
No packages marked for update
[root@osestaging1 ~]# yum update-to dbus-1.10.24-13.el7_6
Loaded plugins: fastestmirror, replace
Loading mirror speeds from cached hostfile
 * base: mirror.plustech.de
 * epel: mirrors.n-ix.net
 * extras: mirror.alpix.eu
 * updates: mirror.alpix.eu
 * webtatic: uk.repo.webtatic.com
Resolving Dependencies
--> Running transaction check
---> Package dbus.x86_64 1:1.6.12-17.el7 will be updated
---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update
--> Processing Dependency: dbus-libs(x86-64) = 1:1.10.24-13.el7_6 for package: 1:dbus-1.10.24-13.el7_6.x86_64
--> Processing Dependency: libdbus-1.so.3(LIBDBUS_PRIVATE_1.10.24)(64bit) for package: 1:dbus-1.10.24-13.el7_6.x86_64
--> Processing Dependency: libdbus-1.so.3(LIBDBUS_1_3)(64bit) for package: 1:dbus-1.10.24-13.el7_6.x86_64
--> Running transaction check
---> Package dbus-libs.x86_64 1:1.6.12-17.el7 will be updated
---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================
 Package                Arch                Version                            Repository         Size
=======================================================================================================
Updating:
 dbus                   x86_64              1:1.10.24-13.el7_6                 base              245 k
Updating for dependencies:
 dbus-libs              x86_64              1:1.10.24-13.el7_6                 base              169 k

Transaction Summary
=======================================================================================================
Upgrade  1 Package (+1 Dependent package)

Total download size: 414 k
Is this ok [y/d/N]: ^C
  1. ok, with the same logic as the previous awk/sed for stripping the arch, we can do it here too
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | grep -E 'unzip|dbus' | awk '{print $1 "|" $2}' | sed 's/\..*|.*\:/-/' | sed 's/\..*|/-/'
dbus-1.10.24-13.el7_6
dbus-libs-1.10.24-13.el7_6
unzip-6.0-21.el7
[root@osestaging1 ~]# 
  1. close, but there's still problems with 2x packages
[root@osestaging1 ~]# yum update-to $pkgs 2>&1 
...
No Match for argument: java-1-1.8.0.242.b08-1.el7
No package java-1-1.8.0.242.b08-1.el7 available.
No Match for argument: java-1-1.8.0.242.b08-1.el7
No package java-1-1.8.0.242.b08-1.el7 available.
  1. Here's the java packages currently installed
[root@osestaging1 ~]# rpm -qa | grep -i java
tzdata-java-2017b-1.el7.noarch
java-1.8.0-openjdk-1.8.0.181-3.b13.el7_5.x86_64
python-javapackages-3.4.1-11.el7.noarch
javapackages-tools-3.4.1-11.el7.noarch
java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el7_5.x86_64
[root@osestaging1 ~]# 
  1. Here's our parsing of the package from `yum list updates`. It looks fine to me
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | grep java | awk '{print $1 "|" $2}' | sed 's/\..*|.*\:/-/' | sed 's/\..*|/-/'
java-1-1.8.0.242.b08-1.el7
java-1-1.8.0.242.b08-1.el7
tzdata-java-2019c-1.el7
[root@osestaging1 ~]# 
  1. But if I just try to `yum update java` then I can see what it *should* be. Yeah, this is an issue because it's not an arch that I'm removing after the period. Ugh `yum` should just have a fucking way to output the package name as it wants to recieve it without all this damn hacking
=======================================================================================================
 Package                             Arch           Version                         Repository    Size
=======================================================================================================
Updating:
 java-1.8.0-openjdk                  x86_64         1:1.8.0.242.b08-1.el7           base         293 k
Installing for dependencies:
 atk                                 x86_64         2.28.1-2.el7                    base         263 k
 avahi-libs                          x86_64         0.6.31-20.el7                   base          62 k
 cups-libs                           x86_64         1:1.6.3-43.el7                  base         358 k
 gtk-update-icon-cache               x86_64         3.22.30-5.el7                   base          27 k
 gtk2                                x86_64         2.24.31-1.el7                   base         3.4 M
 hicolor-icon-theme                  noarch         0.12-7.el7                      base          42 k
 libXcursor                          x86_64         1.1.15-1.el7                    base          30 k
 libXinerama                         x86_64         1.1.3-2.1.el7                   base          14 k
 libXrandr                           x86_64         1.5.1-2.el7                     base          27 k
 pcsc-lite-libs                      x86_64         1.8.8-8.el7                     base          34 k
Updating for dependencies:
 copy-jdk-configs                    noarch         3.3-10.el7_5                    base          21 k
 dbus                                x86_64         1:1.10.24-13.el7_6              base         245 k
 dbus-libs                           x86_64         1:1.10.24-13.el7_6              base         169 k
 java-1.8.0-openjdk-headless         x86_64         1:1.8.0.242.b08-1.el7           base          32 M

Transaction Summary
=======================================================================================================
Install             ( 10 Dependent packages)
Upgrade  1 Package  (+ 4 Dependent packages)

Total download size: 37 M
Is this ok [y/d/N]:
  1. This is stupid; I created a serverfault question on this https://serverfault.com/questions/1014455/how-to-list-packages-needing-update-in-format-for-yum-update-to
  2. Meanwhile, this may work
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | grep -E 'unzip|dbus|java' | awk '{print $1 "|" $2}' | sed 's/\..*|\(.*\:\)*/-/'
dbus-1.10.24-13.el7_6
dbus-libs-1.10.24-13.el7_6
java-1-1.8.0.242.b08-1.el7
java-1-1.8.0.242.b08-1.el7
tzdata-java-2019c-1.el7
unzip-6.0-21.el7
[root@osestaging1 ~]# 
  1. no, it still fails
No Match for argument: java-1-1.8.0.242.b08-1.el7
No Match for argument: java-1-1.8.0.242.b08-1.el7
No package java-1-1.8.0.242.b08-1.el7 available.
No package java-1-1.8.0.242.b08-1.el7 available.
Resolving Dependencies
  1. I guess it wants java-1.8.0-openjdk-1.8.0.242.b08-1.el7
[root@osestaging1 ~]# yum update java-1.8.0-openjdk-1.8.0.242.b08-1.el7
...
Dependencies Resolved

=======================================================================================================
 Package                             Arch           Version                         Repository    Size
=======================================================================================================
Updating:
 java-1.8.0-openjdk                  x86_64         1:1.8.0.242.b08-1.el7           base         293 k
Installing for dependencies:
 atk                                 x86_64         2.28.1-2.el7                    base         263 k
 avahi-libs                          x86_64         0.6.31-20.el7                   base          62 k
 cups-libs                           x86_64         1:1.6.3-43.el7                  base         358 k
 gtk-update-icon-cache               x86_64         3.22.30-5.el7                   base          27 k
 gtk2                                x86_64         2.24.31-1.el7                   base         3.4 M
 hicolor-icon-theme                  noarch         0.12-7.el7                      base          42 k
 libXcursor                          x86_64         1.1.15-1.el7                    base          30 k
 libXinerama                         x86_64         1.1.3-2.1.el7                   base          14 k
 libXrandr                           x86_64         1.5.1-2.el7                     base          27 k
 pcsc-lite-libs                      x86_64         1.8.8-8.el7                     base          34 k
Updating for dependencies:
 copy-jdk-configs                    noarch         3.3-10.el7_5                    base          21 k
 dbus                                x86_64         1:1.10.24-13.el7_6              base         245 k
 dbus-libs                           x86_64         1:1.10.24-13.el7_6              base         169 k
 java-1.8.0-openjdk-headless         x86_64         1:1.8.0.242.b08-1.el7           base          32 M

Transaction Summary
=======================================================================================================
Install             ( 10 Dependent packages)
Upgrade  1 Package  (+ 4 Dependent packages)

Total download size: 37 M
Is this ok [y/d/N]: ^Cn
Exiting on user command
Your transaction was saved, rerun it with:
 yum load-transaction /tmp/yum_save_tx.2020-04-27.19-23.34MI63.yumtx
[root@osestaging1 ~]# 
  1. ok so the sed was clobbering at the first '.' so I fixed that
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | grep -E 'unzip|dbus|java' | awk '{print $1 "|" $2}' | sed 's/\.[^.]*|\(.*\:\)*/-/'
dbus-1.10.24-13.el7_6
dbus-libs-1.10.24-13.el7_6
java-1.8.0-openjdk-1.8.0.242.b08-1.el7
java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7
tzdata-java-2019c-1.el7
unzip-6.0-21.el7
[root@osestaging1 ~]# 
  1. And, finally, here's our update command
yum update-to GeoIP-1.5.0-14.el7 acl-2.2.51-15.el7 acpid-2.0.19-9.el7 alsa-lib-1.1.8-1.el7 apr-1.4.8-5.el7 audit-2.8.5-4.el7 audit-libs-2.8.5-4.el7 audit-libs-python-2.8.5-4.el7 augeas-libs-1.4.0-9.el7_7.1 awstats-7.7-1.el7 bash-4.2.46-34.el7 bind-libs-9.11.4-16.P2.el7_8.2 bind-libs-lite-9.11.4-16.P2.el7_8.2 bind-license-9.11.4-16.P2.el7_8.2 bind-utils-9.11.4-16.P2.el7_8.2 binutils-2.27-43.base.el7 biosdevname-0.7.3-2.el7 ca-certificates-2019.2.32-76.el7_7 cairo-1.15.12-4.el7 centos-release-7-8.2003.0.el7.centos certbot-1.3.0-1.el7 checkpolicy-2.5-8.el7 chrony-3.4-1.el7 copy-jdk-configs-3.3-10.el7_5 coreutils-8.22-24.el7 cpio-2.11-27.el7 cpp-4.8.5-39.el7 cronie-1.4.11-23.el7 cronie-anacron-1.4.11-23.el7 cryptsetup-libs-2.0.3-6.el7 curl-7.29.0-57.el7 cyrus-sasl-lib-2.1.26-23.el7 dbus-1.10.24-13.el7_6 dbus-libs-1.10.24-13.el7_6 device-mapper-1.02.164-7.el7_8.1 device-mapper-event-1.02.164-7.el7_8.1 device-mapper-event-libs-1.02.164-7.el7_8.1 device-mapper-libs-1.02.164-7.el7_8.1 device-mapper-persistent-data-0.8.5-2.el7 dhclient-4.2.5-79.el7.centos dhcp-common-4.2.5-79.el7.centos dhcp-libs-4.2.5-79.el7.centos dialog-1.2-5.20130523.el7 diffutils-3.3-5.el7 dmidecode-3.2-3.el7 dracut-033-568.el7 dracut-network-033-568.el7 e2fsprogs-1.42.9-17.el7 e2fsprogs-libs-1.42.9-17.el7 ebtables-2.0.10-16.el7 elfutils-default-yama-scope-0.176-4.el7 elfutils-libelf-0.176-4.el7 elfutils-libs-0.176-4.el7 epel-release-7-12 ethtool-4.8-10.el7 expat-2.1.0-11.el7 file-5.11-36.el7 file-libs-5.11-36.el7 filesystem-3.2-25.el7 findutils-4.5.11-6.el7 firewalld-filesystem-0.6.3-8.el7_8.1 fontconfig-2.13.0-4.3.el7 freetype-2.8-14.el7 gcc-4.8.5-39.el7 gcc-c++-4.8.5-39.el7 gdisk-0.8.10-3.el7 gdk-pixbuf2-2.36.12-3.el7 gettext-0.19.8.1-3.el7 gettext-libs-0.19.8.1-3.el7 git-1.8.3.1-21.el7_7 glib2-2.56.1-5.el7 glibc-2.17-307.el7.1 glibc-common-2.17-307.el7.1 glibc-devel-2.17-307.el7.1 glibc-headers-2.17-307.el7.1 gnupg2-2.0.22-5.el7_5 gnutls-3.3.29-9.el7_6 gobject-introspection-1.56.1-1.el7 gperftools-libs-2.6.1-1.el7 gpm-libs-1.20.7-6.el7 grub2-2.02-0.81.el7.centos grub2-common-2.02-0.81.el7.centos grub2-pc-2.02-0.81.el7.centos grub2-pc-modules-2.02-0.81.el7.centos grub2-tools-2.02-0.81.el7.centos grub2-tools-extra-2.02-0.81.el7.centos grub2-tools-minimal-2.02-0.81.el7.centos grubby-8.28-26.el7 gzip-1.5-10.el7 harfbuzz-1.7.5-2.el7 hostname-3.13-3.el7_7.1 httpd-2.4.6-93.el7.centos httpd-tools-2.4.6-93.el7.centos hwdata-0.252-9.5.el7 info-5.1-5.el7 initscripts-9.49.49-1.el7 iproute-4.11.0-25.el7_7.2 iprutils-2.4.17.1-3.el7_7 ipset-7.1-1.el7 ipset-libs-7.1-1.el7 iptables-1.4.21-34.el7 iptables-services-1.4.21-34.el7 irqbalance-1.0.7-12.el7 jasper-libs-1.900.1-33.el7 java-1.8.0-openjdk-1.8.0.242.b08-1.el7 java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7 kbd-1.15.5-15.el7 kbd-legacy-1.15.5-15.el7 kbd-misc-1.15.5-15.el7 kernel-3.10.0-1127.el7 kernel-devel-3.10.0-1127.el7 kernel-headers-3.10.0-1127.el7 kernel-tools-3.10.0-1127.el7 kernel-tools-libs-3.10.0-1127.el7 kexec-tools-2.0.15-43.el7 kmod-20-28.el7 kmod-libs-20-28.el7 kpartx-0.4.9-131.el7 krb5-libs-1.15.1-46.el7 libX11-1.6.7-2.el7 libX11-common-1.6.7-2.el7 libXfont-1.5.4-1.el7 libacl-2.2.51-15.el7 libattr-2.4.46-13.el7 libblkid-2.23.2-63.el7 libcap-2.22-11.el7 libcgroup-0.41-21.el7 libcom_err-1.42.9-17.el7 libcroco-0.6.12-4.el7 libcurl-7.29.0-57.el7 libdb-5.3.21-25.el7 libdb-utils-5.3.21-25.el7 libdrm-2.4.97-2.el7 libfastjson-0.99.4-3.el7 libffi-3.0.13-19.el7 libgcc-4.8.5-39.el7 libgomp-4.8.5-39.el7 libicu-50.2-4.el7_7 libjpeg-turbo-1.2.90-8.el7 libmount-2.23.2-63.el7 libpcap-1.5.3-12.el7 libpciaccess-0.14-1.el7 libproxy-0.4.11-11.el7 libpwquality-1.2.3-5.el7 libreport-filesystem-2.1.11-53.el7.centos librsvg2-2.40.20-1.el7 librsync-2.0.2-1.el7 libseccomp-2.3.1-4.el7 libselinux-2.5-15.el7 libselinux-python-2.5-15.el7 libselinux-utils-2.5-15.el7 libsemanage-2.5-14.el7 libsemanage-python-2.5-14.el7 libsepol-2.5-10.el7 libsodium-1.0.18-1.el7 libss-1.42.9-17.el7 libssh2-1.8.0-3.el7 libstdc++-4.8.5-39.el7 libstdc++-devel-4.8.5-39.el7 libtiff-4.0.3-32.el7 libuser-0.60-9.el7 libuuid-2.23.2-63.el7 libxcb-1.13-1.el7 libxml2-2.9.1-6.el7.4 linux-firmware-20191203-76.gite8a0f4c.el7 lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7 logrotate-3.8.6-19.el7 logwatch-7.4.0-35.20130522svn140.el7_5 lsof-4.87-6.el7 lvm2-2.02.186-7.el7_8.1 lvm2-libs-2.02.186-7.el7_8.1 mailx-12.5-19.el7 make-3.82-24.el7 man-db-2.6.3-11.el7 mariadb-5.5.65-1.el7 mariadb-libs-5.5.65-1.el7 mariadb-server-5.5.65-1.el7 mdadm-4.1-4.el7 mesa-libEGL-18.3.4-7.el7 mesa-libGL-18.3.4-7.el7 mesa-libgbm-18.3.4-7.el7 mesa-libglapi-18.3.4-7.el7 mod_security-2.9.2-1.el7 mod_ssl-2.4.6-93.el7.centos mozjs17-17.0.0-20.el7 munin-2.0.54-1.el7 munin-common-2.0.54-1.el7 munin-node-2.0.54-1.el7 mutt-1.5.21-29.el7 neon-0.30.0-4.el7 net-snmp-5.7.2-48.el7_8 net-snmp-agent-libs-5.7.2-48.el7_8 net-snmp-libs-5.7.2-48.el7_8 net-snmp-utils-5.7.2-48.el7_8 nmap-6.40-19.el7 nmap-ncat-6.40-19.el7 nspr-4.21.0-1.el7 nss-3.44.0-7.el7_7 nss-pem-1.0.3-7.el7 nss-softokn-3.44.0-8.el7_7 nss-softokn-freebl-3.44.0-8.el7_7 nss-sysinit-3.44.0-7.el7_7 nss-tools-3.44.0-7.el7_7 nss-util-3.44.0-4.el7_7 ntp-4.2.6p5-29.el7.centos ntpdate-4.2.6p5-29.el7.centos numactl-libs-2.0.12-5.el7 openldap-2.4.44-21.el7_6 openssh-7.4p1-21.el7 openssh-clients-7.4p1-21.el7 openssh-server-7.4p1-21.el7 openssl-1.0.2k-19.el7 openssl-libs-1.0.2k-19.el7 openvpn-2.4.8-1.el7 pam-1.1.8-23.el7 pango-1.42.4-4.el7_7 parted-3.1-32.el7 passwd-0.79-6.el7 pciutils-libs-3.5.1-3.el7 perl-5.16.3-295.el7 perl-DBD-MySQL-4.023-6.el7 perl-DateTime-TimeZone-1.70-2.el7 perl-Getopt-Long-2.40-3.el7 perl-Git-1.8.3.1-21.el7_7 perl-HTTP-Daemon-6.01-8.el7 perl-IO-Socket-IP-0.21-5.el7 perl-IO-Socket-SSL-1.94-7.el7 perl-Net-CIDR-0.20-1.el7 perl-Pod-Escapes-1.04-295.el7 perl-Socket-2.010-5.el7 perl-libs-5.16.3-295.el7 perl-macros-5.16.3-295.el7 perl-version-0.99.07-6.el7 php-PsrLog-1.1.3-1.el7 php-fedora-autoloader-1.0.1-2.el7 php-seld-phar-utils-1.1.0-1.el7 php56w-5.6.40-1.w7 php56w-cli-5.6.40-1.w7 php56w-common-5.6.40-1.w7 php56w-enchant-5.6.40-1.w7 php56w-gd-5.6.40-1.w7 php56w-imap-5.6.40-1.w7 php56w-intl-5.6.40-1.w7 php56w-ldap-5.6.40-1.w7 php56w-mbstring-5.6.40-1.w7 php56w-mysql-5.6.40-1.w7 php56w-pdo-5.6.40-1.w7 php56w-process-5.6.40-1.w7 php56w-snmp-5.6.40-1.w7 php56w-xml-5.6.40-1.w7 plymouth-0.8.9-0.33.20140113.el7.centos plymouth-core-libs-0.8.9-0.33.20140113.el7.centos plymouth-scripts-0.8.9-0.33.20140113.el7.centos policycoreutils-2.5-34.el7 policycoreutils-python-2.5-34.el7 polkit-0.112-26.el7 postfix-2.10.1-9.el7 postgresql-libs-9.2.24-2.el7_7 procmail-3.22-36.el7_4.1 procps-ng-3.3.10-27.el7 pyOpenSSL-0.13.1-4.el7 python-2.7.5-88.el7 python-chardet-2.2.1-3.el7 python-devel-2.7.5-88.el7 python-gobject-base-3.22.0-1.el7_4.1 python-libs-2.7.5-88.el7 python-linux-procfs-0.4.11-4.el7 python-perf-3.10.0-1127.el7 python-requests-2.6.0-9.el7_8 python-slip-0.4.0-4.el7 python-urlgrabber-3.10-10.el7 python-urllib3-1.10.2-7.el7 python-virtualenv-15.1.0-4.el7_7 python-zope-component-4.1.0-5.el7 python2-acme-1.3.0-1.el7 python2-cached_property-1.5.1-2.el7 python2-certbot-1.3.0-1.el7 python2-docopt-0.6.2-8.el7 python2-future-0.18.2-2.el7 python2-iso8601-0.1.11-8.el7 python2-josepy-1.3.0-2.el7 python2-jsonschema-2.5.1-4.el7 python2-keyring-5.0-4.el7 python2-mock-1.0.1-10.el7 python2-parsedatetime-2.4-6.el7 python2-psutil-5.6.7-1.el7 python2-texttable-1.6.2-1.el7 readline-6.2-11.el7 redhat-rpm-config-9.1.0-88.el7.centos rpm-4.11.3-43.el7 rpm-build-libs-4.11.3-43.el7 rpm-libs-4.11.3-43.el7 rpm-python-4.11.3-43.el7 rsync-3.1.2-10.el7 rsyslog-8.24.0-52.el7 screen-4.1.0-0.25.20120314git3c2946.el7 sed-4.2.2-6.el7 selinux-policy-3.13.1-266.el7 selinux-policy-targeted-3.13.1-266.el7 setools-libs-3.3.8-4.el7 setup-2.8.71-11.el7 shadow-utils-4.6-5.el7 shared-mime-info-1.8-5.el7 sqlite-3.7.17-8.el7_7.1 subversion-1.7.14-14.el7 subversion-libs-1.7.14-14.el7 sudo-1.8.23-9.el7 sysstat-10.1.5-19.el7 systemd-219-73.el7_8.5 systemd-libs-219-73.el7_8.5 systemd-sysv-219-73.el7_8.5 tar-1.26-35.el7 tcpdump-4.9.2-4.el7_7.1 telnet-0.17-65.el7_8 tuned-2.11.0-8.el7 tzdata-2019c-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 util-linux-2.23.2-63.el7 vim-common-7.4.629-6.el7 vim-enhanced-7.4.629-6.el7 vim-filesystem-7.4.629-6.el7 vim-minimal-7.4.629-6.el7 virt-what-1.18-4.el7 webmin-1.941-1 wget-1.14-18.el7_6.1 xfsprogs-4.5.0-20.el7 xorg-x11-font-utils-7.5-21.el7 yum-3.4.3-167.el7.centos yum-cron-3.4.3-167.el7.centos yum-plugin-fastestmirror-1.1.31-53.el7 zlib-1.2.7-18.el7
  1. I'll add the command to install yum-utils so we get the 'needs-restarting' command
yum install yum-utils-1.1.31-53.el7
  1. I ran the above commands but realized I should have gotten a dump of `rpm -qa` first. I updated the CHG ticket with these commands and I'll redo them on staging tomorrow https://wiki.opensourceecology.org/wiki/CHG-2020-05-04_yum_update#Change_Steps
  2. strangely, this was the output after the install before I rebooted and it didn't change after I rebooted
[root@osestaging1 ~]# needs-restarting -r
Core libraries or services have been updated:
  dbus -> 1:1.10.24-13.el7_6
  systemd -> 219-73.el7_8.5
  kernel -> 3.10.0-1127.el7
  linux-firmware -> 20191203-76.gite8a0f4c.el7
  openssl-libs -> 1:1.0.2k-19.el7
  gnutls -> 3.3.29-9.el7_6
  glibc -> 2.17-307.el7.1

Reboot is required to ensure that your system benefits from these updates.

More information:
https://access.redhat.com/solutions/27943
[root@osestaging1 ~]# 

Thr Apr 23, 2020

  1. since yesterday, it appears that the sudo package has been automatically updated by `unattended-upgrades` triggered by our cron job. Horray!
root@osestaging1-discourse-ose:/etc/nginx# dpkg -l | grep -i sudo
ii  sudo                            1.8.27-1+deb10u2             amd64        Provide limited super user privileges to specific users
root@osestaging1-discourse-ose:/etc/nginx# 
  1. My cron job was set to trigger it to go off a 04:20
root@osestaging1-discourse-ose:/var/log/nginx# cat /etc/cron.d/unattended-upgrades 
################################################################################
# File:    /etc/cron.d/unattended-upgrades
# Version: 0.1
# Purpose: run unattended-upgrades in lieu of systemd. For more info see
#           * https://wiki.opensourceecology.org/wiki/Discourse
#           * https://meta.discourse.org/t/does-discourse-container-use-unattended-upgrades/136296/3
# Author:  Michael Altfield <michael@opensourceecology.org>
# Created: 2020-03-23
# Updated: 2020-03-23
################################################################################
20 04 * * * root /usr/bin/nice /usr/bin/unattended-upgrades --debug




root@osestaging1-discourse-ose:/var/log/nginx# 
  1. sure enough, there's an unattended-upgrades log with an entry starting at 04:20. Looks like it installed a hell of a lot more security-critical updates than just sudo, though
==> /var/log/unattended-upgrades/unattended-upgrades.log <==
2020-04-23 04:20:03,462 INFO Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery.
2020-04-23 04:20:03,524 INFO Initial blacklist :
2020-04-23 04:20:03,524 INFO Initial whitelist:
2020-04-23 04:20:03,524 INFO Starting unattended upgrades script
2020-04-23 04:20:03,524 INFO Allowed origins are: origin=Debian,codename=buster,label=Debian, origin=Debian,codename=buster,label=Debian-Security
2020-04-23 04:20:06,461 DEBUG Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^linux-image-unsigned-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*|^linux-buildinfo-[0-9]+\.[0-9\.]+-.*|^linux-source-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
2020-04-23 04:20:06,481 DEBUG Using (^linux-image-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-headers-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-image-extra-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-modules-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-modules-extra-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-signed-image-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-image-unsigned-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^kfreebsd-image-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^kfreebsd-headers-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^gnumach-image-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^.*-modules-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^.*-kernel-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-backports-modules-.*-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-modules-.*-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-tools-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-cloud-tools-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-buildinfo-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-source-3\.10\.0\-957\.21\.3\.el7\.x86_64$) regexp to find running kernel packages
2020-04-23 04:20:07,539 DEBUG Checking: git ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:07,793 DEBUG Checking: git-man ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:08,054 DEBUG Checking: icu-devtools ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:08,415 DEBUG Checking: libgnutls-dane0 ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:08,597 DEBUG Checking: libgnutls30 ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:08,811 DEBUG Checking: libicu-dev ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:09,000 DEBUG Checking: libicu63 ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:09,314 DEBUG Checking: libssl-dev ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:09,566 DEBUG Checking: libssl1.1 ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:09,819 DEBUG Checking: nodejs ([<Origin component:'main' archive:'' origin:'Node Source' label:'Node Source' site:'deb.nodesource.com' isTrusted:True>])
2020-04-23 04:20:09,821 DEBUG adjusting candidate version: nodejs=10.15.2~dfsg-2
2020-04-23 04:20:09,855 DEBUG Checking: openssl ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>])
2020-04-23 04:20:10,330 DEBUG Checking: sudo ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian' site:'deb.debian.org' isTrusted:True>])
2020-04-23 04:20:11,364 DEBUG pkgs that look like they should be upgraded: git
git-man
icu-devtools
libgnutls-dane0
libgnutls30
libicu-dev
libicu63
libssl-dev
libssl1.1
openssl
sudo
2020-04-23 04:20:14,287 DEBUG fetch.run() result: 0
2020-04-23 04:20:14,863 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 316560 DestFile:'/var/cache/apt/archives/libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/gnutls28/libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb' ID:2 ErrorText: ''>
2020-04-23 04:20:14,875 DEBUG check_conffile_prompt(/var/cache/apt/archives/libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb)
2020-04-23 04:20:14,877 DEBUG found pkg: libgnutls-dane0
2020-04-23 04:20:14,878 DEBUG No conffiles in deb /var/cache/apt/archives/libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb (There is no member named 'conffiles')
2020-04-23 04:20:14,879 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1124428 DestFile:'/var/cache/apt/archives/libgnutls30_3.6.7-4+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u3_amd64.deb' ID:3 ErrorText: ''>
2020-04-23 04:20:14,879 DEBUG check_conffile_prompt(/var/cache/apt/archives/libgnutls30_3.6.7-4+deb10u3_amd64.deb)
2020-04-23 04:20:14,880 DEBUG found pkg: libgnutls30
2020-04-23 04:20:14,884 DEBUG No conffiles in deb /var/cache/apt/archives/libgnutls30_3.6.7-4+deb10u3_amd64.deb (There is no member named 'conffiles')
2020-04-23 04:20:14,891 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1793184 DestFile:'/var/cache/apt/archives/libssl-dev_1.1.1d-0+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl-dev_1.1.1d-0+deb10u3_amd64.deb' ID:4 ErrorText: ''>
2020-04-23 04:20:14,891 DEBUG check_conffile_prompt(/var/cache/apt/archives/libssl-dev_1.1.1d-0+deb10u3_amd64.deb)
2020-04-23 04:20:14,893 DEBUG found pkg: libssl-dev
2020-04-23 04:20:14,894 DEBUG No conffiles in deb /var/cache/apt/archives/libssl-dev_1.1.1d-0+deb10u3_amd64.deb (There is no member named 'conffiles')
2020-04-23 04:20:14,894 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1538460 DestFile:'/var/cache/apt/archives/libssl1.1_1.1.1d-0+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1d-0+deb10u3_amd64.deb' ID:5 ErrorText: ''>
2020-04-23 04:20:14,894 DEBUG check_conffile_prompt(/var/cache/apt/archives/libssl1.1_1.1.1d-0+deb10u3_amd64.deb)
2020-04-23 04:20:14,900 DEBUG found pkg: libssl1.1
2020-04-23 04:20:14,911 DEBUG No conffiles in deb /var/cache/apt/archives/libssl1.1_1.1.1d-0+deb10u3_amd64.deb (There is no member named 'conffiles')
2020-04-23 04:20:14,912 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1620352 DestFile:'/var/cache/apt/archives/git-man_1%3a2.20.1-2+deb10u3_all.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/git/git-man_2.20.1-2+deb10u3_all.deb' ID:6 ErrorText: ''>
2020-04-23 04:20:14,912 DEBUG check_conffile_prompt(/var/cache/apt/archives/git-man_1%3a2.20.1-2+deb10u3_all.deb)
2020-04-23 04:20:14,920 DEBUG found pkg: git-man
2020-04-23 04:20:14,923 DEBUG No conffiles in deb /var/cache/apt/archives/git-man_1%3a2.20.1-2+deb10u3_all.deb (There is no member named 'conffiles')
2020-04-23 04:20:14,923 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 5633060 DestFile:'/var/cache/apt/archives/git_1%3a2.20.1-2+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/git/git_2.20.1-2+deb10u3_amd64.deb' ID:7 ErrorText: ''>
2020-04-23 04:20:14,923 DEBUG check_conffile_prompt(/var/cache/apt/archives/git_1%3a2.20.1-2+deb10u3_amd64.deb)
2020-04-23 04:20:14,925 DEBUG found pkg: git
2020-04-23 04:20:14,935 DEBUG conffile line: /etc/bash_completion.d/git-prompt 7baac5c3ced94ebf2c0e1dde65c3b1a6
2020-04-23 04:20:14,938 DEBUG current md5: 7baac5c3ced94ebf2c0e1dde65c3b1a6
2020-04-23 04:20:14,938 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 9186164 DestFile:'/var/cache/apt/archives/libicu-dev_63.1-6+deb10u1_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/i/icu/libicu-dev_63.1-6+deb10u1_amd64.deb' ID:8 ErrorText: ''>
2020-04-23 04:20:14,938 DEBUG check_conffile_prompt(/var/cache/apt/archives/libicu-dev_63.1-6+deb10u1_amd64.deb)
2020-04-23 04:20:14,940 DEBUG found pkg: libicu-dev
2020-04-23 04:20:14,942 DEBUG No conffiles in deb /var/cache/apt/archives/libicu-dev_63.1-6+deb10u1_amd64.deb (There is no member named 'conffiles')
2020-04-23 04:20:14,943 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 188624 DestFile:'/var/cache/apt/archives/icu-devtools_63.1-6+deb10u1_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/i/icu/icu-devtools_63.1-6+deb10u1_amd64.deb' ID:9 ErrorText: ''>
2020-04-23 04:20:14,950 DEBUG check_conffile_prompt(/var/cache/apt/archives/icu-devtools_63.1-6+deb10u1_amd64.deb)
2020-04-23 04:20:14,951 DEBUG found pkg: icu-devtools
2020-04-23 04:20:14,953 DEBUG No conffiles in deb /var/cache/apt/archives/icu-devtools_63.1-6+deb10u1_amd64.deb (There is no member named 'conffiles')
2020-04-23 04:20:14,953 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 8300324 DestFile:'/var/cache/apt/archives/libicu63_63.1-6+deb10u1_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/i/icu/libicu63_63.1-6+deb10u1_amd64.deb' ID:10 ErrorText: ''>
2020-04-23 04:20:14,953 DEBUG check_conffile_prompt(/var/cache/apt/archives/libicu63_63.1-6+deb10u1_amd64.deb)
2020-04-23 04:20:14,954 DEBUG found pkg: libicu63
2020-04-23 04:20:14,956 DEBUG No conffiles in deb /var/cache/apt/archives/libicu63_63.1-6+deb10u1_amd64.deb (There is no member named 'conffiles')
2020-04-23 04:20:14,956 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 844404 DestFile:'/var/cache/apt/archives/openssl_1.1.1d-0+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/o/openssl/openssl_1.1.1d-0+deb10u3_amd64.deb' ID:11 ErrorText: ''>
2020-04-23 04:20:14,957 DEBUG check_conffile_prompt(/var/cache/apt/archives/openssl_1.1.1d-0+deb10u3_amd64.deb)
2020-04-23 04:20:14,960 DEBUG found pkg: openssl
2020-04-23 04:20:14,961 DEBUG conffile line: /etc/ssl/openssl.cnf 8dd4de5642570c91e9071900b6b9d5bc
2020-04-23 04:20:14,971 DEBUG current md5: 8dd4de5642570c91e9071900b6b9d5bc
2020-04-23 04:20:14,971 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1244824 DestFile:'/var/cache/apt/archives/sudo_1.8.27-1+deb10u2_amd64.deb' DescURI: 'http://deb.debian.org/debian/pool/main/s/sudo/sudo_1.8.27-1+deb10u2_amd64.deb' ID:1 ErrorText: ''>
2020-04-23 04:20:14,971 DEBUG check_conffile_prompt(/var/cache/apt/archives/sudo_1.8.27-1+deb10u2_amd64.deb)
2020-04-23 04:20:14,974 DEBUG found pkg: sudo
2020-04-23 04:20:14,975 DEBUG conffile line: /etc/init.d/sudo 1153f6e6fa7c0e2166779df6ad43f1a8
2020-04-23 04:20:14,993 DEBUG current md5: 1153f6e6fa7c0e2166779df6ad43f1a8
2020-04-23 04:20:14,993 DEBUG conffile line: /etc/pam.d/sudo 85da64f888739f193fc0fa896680030e
2020-04-23 04:20:15,002 DEBUG current md5: 85da64f888739f193fc0fa896680030e
2020-04-23 04:20:15,002 DEBUG conffile line: /etc/sudoers 45437b4e86fba2ab890ac81db2ec3606
2020-04-23 04:20:15,005 DEBUG current md5: 45437b4e86fba2ab890ac81db2ec3606
2020-04-23 04:20:15,005 DEBUG conffile line: /etc/sudoers.d/README 8d3cf36d1713f40a0ddc38e1b21a51b6
2020-04-23 04:20:15,011 DEBUG current md5: 8d3cf36d1713f40a0ddc38e1b21a51b6
2020-04-23 04:20:15,011 DEBUG blacklist: []
2020-04-23 04:20:15,011 DEBUG whitelist: []
2020-04-23 04:20:15,011 INFO Packages that will be upgraded: git git-man icu-devtools libgnutls-dane0 libgnutls30 libicu-dev libicu63 libssl-dev libssl1.1 openssl sudo
2020-04-23 04:20:15,027 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
2020-04-23 04:20:15,419 DEBUG applying set ['libicu63', 'libicu-dev', 'icu-devtools']
...
2020-04-23 04:20:31,192 DEBUG left to upgrade {'libssl-dev', 'sudo', 'git-man', 'libssl1.1', 'openssl', 'git
', 'libgnutls-dane0', 'libgnutls30'}
2020-04-23 04:20:31,473 DEBUG applying set ['libssl-dev', 'libssl1.1']
...
2020-04-23 04:20:40,854 DEBUG left to upgrade {'sudo', 'git-man', 'openssl', 'git', 'libgnutls-dane0', 'libg
nutls30'}
2020-04-23 04:20:41,256 DEBUG applying set ['sudo']
...
2020-04-23 04:20:45,311 DEBUG left to upgrade {'git-man', 'openssl', 'git', 'libgnutls-dane0', 'libgnutls30'
}
2020-04-23 04:20:45,535 DEBUG applying set ['git-man']
...
2020-04-23 04:20:48,234 DEBUG left to upgrade {'libgnutls-dane0', 'openssl', 'libgnutls30', 'git'}
2020-04-23 04:20:48,368 DEBUG applying set ['openssl']
...
2020-04-23 04:20:51,259 DEBUG left to upgrade {'libgnutls-dane0', 'libgnutls30', 'git'}
2020-04-23 04:20:51,453 DEBUG applying set ['git']
...
2020-04-23 04:20:56,727 DEBUG left to upgrade {'libgnutls-dane0', 'libgnutls30'}
2020-04-23 04:20:56,897 DEBUG applying set ['libgnutls30', 'libgnutls-dane0']
...
2020-04-23 04:20:59,859 DEBUG left to upgrade set()
2020-04-23 04:20:59,860 INFO All upgrades installed
2020-04-23 04:21:00,337 DEBUG InstCount=0 DelCount=0 BrokenCount=0
2020-04-23 04:21:00,356 DEBUG Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg.
log since 2020-04-23 04:20:03

==> /var/log/unattended-upgrades/unattended-upgrades-dpkg.log <==
Log started: 2020-04-23  04:20:15
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 48062 files and directories currently installed.)
Preparing to unpack .../libicu-dev_63.1-6+deb10u1_amd64.deb ...
Unpacking libicu-dev:amd64 (63.1-6+deb10u1) over (63.1-6) ...
Preparing to unpack .../icu-devtools_63.1-6+deb10u1_amd64.deb ...
Unpacking icu-devtools (63.1-6+deb10u1) over (63.1-6) ...
Preparing to unpack .../libicu63_63.1-6+deb10u1_amd64.deb ...
Unpacking libicu63:amd64 (63.1-6+deb10u1) over (63.1-6) ...
Setting up libicu63:amd64 (63.1-6+deb10u1) ...
Setting up icu-devtools (63.1-6+deb10u1) ...
Setting up libicu-dev:amd64 (63.1-6+deb10u1) ...
Processing triggers for libc-bin (2.28-10) ...
Log ended: 2020-04-23  04:20:29
...
Log started: 2020-04-23  04:20:31
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 48062 files and directories currently installed.)
Preparing to unpack .../libssl-dev_1.1.1d-0+deb10u3_amd64.deb ...
Unpacking libssl-dev:amd64 (1.1.1d-0+deb10u3) over (1.1.1d-0+deb10u2) ...
Preparing to unpack .../libssl1.1_1.1.1d-0+deb10u3_amd64.deb ...
Unpacking libssl1.1:amd64 (1.1.1d-0+deb10u3) over (1.1.1d-0+deb10u2) ...
Setting up libssl1.1:amd64 (1.1.1d-0+deb10u3) ...
Setting up libssl-dev:amd64 (1.1.1d-0+deb10u3) ...
Processing triggers for libc-bin (2.28-10) ...
Log ended: 2020-04-23  04:20:38
...
Log started: 2020-04-23  04:20:41
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 48062 files and directories currently installed.)
Preparing to unpack .../sudo_1.8.27-1+deb10u2_amd64.deb ...
Unpacking sudo (1.8.27-1+deb10u2) over (1.8.27-1+deb10u1) ...
Setting up sudo (1.8.27-1+deb10u2) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
Processing triggers for systemd (241-7~deb10u3) ...
Log ended: 2020-04-23  04:20:43
...
Log started: 2020-04-23  04:20:45
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 48062 files and directories currently installed.)
Preparing to unpack .../git-man_1%3a2.20.1-2+deb10u3_all.deb ...
Unpacking git-man (1:2.20.1-2+deb10u3) over (1:2.20.1-2+deb10u1) ...
Setting up git-man (1:2.20.1-2+deb10u3) ...
Log ended: 2020-04-23  04:20:46
...
Log started: 2020-04-23  04:20:48
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 48062 files and directories currently installed.)
Preparing to unpack .../openssl_1.1.1d-0+deb10u3_amd64.deb ...
Unpacking openssl (1.1.1d-0+deb10u3) over (1.1.1d-0+deb10u2) ...
Setting up openssl (1.1.1d-0+deb10u3) ...
Log ended: 2020-04-23  04:20:49
...
Log started: 2020-04-23  04:20:51
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 48062 files and directories currently installed.)
Preparing to unpack .../git_1%3a2.20.1-2+deb10u3_amd64.deb ...
Unpacking git (1:2.20.1-2+deb10u3) over (1:2.20.1-2+deb10u1) ...
Setting up git (1:2.20.1-2+deb10u3) ...
Log ended: 2020-04-23  04:20:55
...Log started: 2020-04-23  04:20:57
debconf: delaying package configuration, since apt-utils is not installed
(Reading database ... 48070 files and directories currently installed.)
Preparing to unpack .../libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb ...
Unpacking libgnutls-dane0:amd64 (3.6.7-4+deb10u3) over (3.6.7-4+deb10u2) ...
Preparing to unpack .../libgnutls30_3.6.7-4+deb10u3_amd64.deb ...
Unpacking libgnutls30:amd64 (3.6.7-4+deb10u3) over (3.6.7-4+deb10u2) ...
Setting up libgnutls30:amd64 (3.6.7-4+deb10u3) ...
Setting up libgnutls-dane0:amd64 (3.6.7-4+deb10u3) ...
Processing triggers for libc-bin (2.28-10) ...
Log ended: 2020-04-23  04:20:58
  1. Interestingly, it appears to have gotten kicked-off at 08:00 again somehow *shurg*
==> /var/log/unattended-upgrades/unattended-upgrades.log <==
2020-04-23 08:00:15,117 INFO Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery.
2020-04-23 08:00:15,125 INFO Initial blacklist :
2020-04-23 08:00:15,125 INFO Initial whitelist:
2020-04-23 08:00:15,126 INFO Starting unattended upgrades script
2020-04-23 08:00:15,126 INFO Allowed origins are: origin=Debian,codename=buster,label=Debian, origin=Debian,codename=buster,label=Debian-Security
2020-04-23 08:00:20,219 INFO Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery.
2020-04-23 08:00:20,222 INFO Initial blacklist :
2020-04-23 08:00:20,223 INFO Initial whitelist:
2020-04-23 08:00:20,223 INFO Starting unattended upgrades script
2020-04-23 08:00:20,223 INFO Allowed origins are: origin=Debian,codename=buster,label=Debian, origin=Debian,codename=buster,label=Debian-Security
2020-04-23 08:00:24,157 INFO No packages found that can be upgraded unattended and no pending auto-removals
  1. I documented my solution to the cron bug here https://meta.discourse.org/t/cron-in-docker-container-cannot-make-remove-an-entry-for-the-specified-session/148969/2
  2. And I also documented my solution to fixing the `unattended-upgrades` install with cron here https://meta.discourse.org/t/does-discourse-container-use-unattended-upgrades/136296/9?u=maltfield
  3. Finally, I crossed-off the 'unattended-upgrades' requirement from the TODO list!
  1. ...
  1. the last item on the TODO list that I haven't even begun yet is the hardened file permissions.
  2. First I just searched their forums (since there's no fucking documentation for Discourse)
    1. I found this CentOS install guide; it only said to set the owner to 'discourse' for the whole '/var/discourse/' dir. For us it's currently root:root; we don't even have a 'discourse' user on the box https://meta.discourse.org/t/how-to-install-discourse-on-an-isolated-centos-7-server/73538/22
  3. I couldn't find anything else, so I posted a topic on it https://meta.discourse.org/t/minimum-hardened-file-permissions/148974
  1. ...
  1. Meanwhile, I'm going to test the upgrade documentation again https://wiki.opensourceecology.org/wiki/Discourse#Updating_Discoruse
  2. I had an update conflict with `install-nginx` again, but the documentation was clear enough for me to resolve this and continue
  3. I made some slight changes to the upgrade documentation, but otherwise it was smooth.
  4. I'm crossing-off the "Test/document Discourse upgrade process" TODO item!
  1. ..
  1. Now, I'm going to do a fresh install following my guide.
  2. I already have a backup from the upgrade I just did
[root@osestaging1 base]# echo $tmpDir
/var/tmp/discourseUpgrade.20200423_11:15:32
[root@osestaging1 base]# ls -lah /var/tmp/discourseUpgrade.20200423_11\:15\:32/
total 184M
drwx------.  2 root      root      4.0K Apr 23 11:16 .
drwxrwxrwt. 59 root      root       12K Apr 23 12:13 ..
-rw-r--r--.  1 tgriffing tgriffing  70M Apr 23 11:16 discourse-2020-04-23-111614-v20200417183143.tar.gz
-rw-r--r--.  1 root      root      114M Apr 23 11:16 discourse_files.20200423_11:15:32.tar.gz
[root@osestaging1 base]#   
  1. So now I'm going to clobber the staging server's Discourse install by doing a destructive sync from prod to staging
user@ose:~$ ssh oseprod
Last login: Mon Mar 16 06:58:53 2020 from 110-44-121-46.vianet.com.np
[maltfield@opensourceecology ~]$ screen -dr syncToSt
...
[maltfield@opensourceecology ~]$ sudo su -
[sudo] password for maltfield: 
Last login: Mon Mar 16 06:59:11 UTC 2020 on pts/34
[root@opensourceecology ~]# time nice /root/bin/syncToStaging.sh &> /var/log/syncToStaging.log
  1. I fixed some minor issues with the documentation's smtp section
  2. I updated the "inner nginx" config section to include the changes for varnish
  3. oh fuck, looks like I didn't actually save my varnish config before I wiped it. Fortunately I did log it https://wiki.opensourceecology.org/wiki/Maltfield_Log/2020_Q1#Tue_Mar_23.2C_2020
  4. ugh, apparently I did the same thing to my "outer" ngingx config file. I'll update the wiki install guide now with these, but this will have to be fully tested again..
  5. ok, I made some other documentation changes to the install guide too
  6. I was able to restore and access the site successfully!
  7. Now the only item left is the permissions/ownership of the files/dirs. I'll tackle that and do another whole-install process next week.

Wed Apr 22, 2020

  1. I'm returning to some OSE work after a brief segway building-out an open-source COVID-19-related project
    1. https://www.coviz.org/
  2. ...
  3. unfortunately it appears that our anacron *still* hasn't kicked-off the upgrade of sudo via unattended-upgrades
root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo
ii  sudo                            1.8.27-1+deb10u1             amd64        Provide limited super user privileges to specific users
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. syslog was flooded with these messages all the way up to the top of the `screen` scrollback
root@osestaging1-discourse-ose:/var/www/discourse# tail -f /var/log/syslog /var/log/unattended-upgrades/*
==> /var/log/syslog <==
Apr 22 09:35:01 osestaging1-discourse-ose CRON[21770]: Cannot make/remove an entry for the specified session
Apr 22 09:45:01 osestaging1-discourse-ose CRON[22402]: Cannot make/remove an entry for the specified session
Apr 22 09:55:01 osestaging1-discourse-ose CRON[23038]: Cannot make/remove an entry for the specified session
Apr 22 10:05:01 osestaging1-discourse-ose CRON[23673]: Cannot make/remove an entry for the specified session
Apr 22 10:15:01 osestaging1-discourse-ose CRON[24307]: Cannot make/remove an entry for the specified session
Apr 22 10:17:01 osestaging1-discourse-ose CRON[24440]: Cannot make/remove an entry for the specified session
Apr 22 10:25:01 osestaging1-discourse-ose CRON[24947]: Cannot make/remove an entry for the specified session
Apr 22 10:35:01 osestaging1-discourse-ose CRON[25584]: Cannot make/remove an entry for the specified session
Apr 22 10:45:01 osestaging1-discourse-ose CRON[26215]: Cannot make/remove an entry for the specified session
Apr 22 10:55:01 osestaging1-discourse-ose CRON[26857]: Cannot make/remove an entry for the specified session
  1. I confirmed that my anacron is in-place
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/cron.daily/unattended-upgrades 
#!/bin/bash
################################################################################
# File:    /etc/cron.daily/unattended-upgrades
# Version: 0.1
# Purpose: run unattended-upgrades in lieu of systemd. For more info see
#           * https://wiki.opensourceecology.org/wiki/Discourse
#           * https://meta.discourse.org/t/does-discourse-container-use-unattended-upgrades/136296/3
# Author:  Michael Altfield <michael@opensourceecology.org>
# Created: 2020-03-23
# Updated: 2020-03-23
################################################################################
/usr/bin/nice /usr/bin/unattended-upgrades --debug




root@osestaging1-discourse-ose:/var/www/discourse# 
  1. But I don't see an anacron service running..
root@osestaging1-discourse-ose:/var/www/discourse# ps -ef | grep -i cron
root       721   715  0 Mar30 ?        00:00:00 runsv cron
root       727   721  0 Mar30 ?        00:00:16 cron -f
root     27421  1204  0 11:03 pts/1    00:00:00 grep -i cron
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. though, of course, anacron is supposed to be started by regular cron
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/cron.d/anacron 
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

30 7    * * *   root    /usr/sbin/anacron -s >/dev/null
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. I manually started anacron; we'll see if that does something
root@osestaging1-discourse-ose:/var/www/discourse# /usr/sbin/anacron -s >/dev/null
root@osestaging1-discourse-ose:/var/www/discourse# ps -ef | grep -i cron
root       721   715  0 Mar30 ?        00:00:00 runsv cron
root       727   721  0 Mar30 ?        00:00:16 cron -f
root     30691     0  0 11:54 ?        00:00:00 /usr/sbin/anacron -s
root     30698  1204  0 11:55 pts/1    00:00:00 grep -i cron
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. I could see from the logs this time that anacron's daily jobs got kicked-off, but still sudo didn't get updated
==> /var/log/syslog <==
Apr 22 11:45:01 osestaging1-discourse-ose CRON[30055]: Cannot make/remove an entry for the specified session
Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Anacron 2.3 started on 2020-04-22
Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Will run job `cron.daily' in 5 min.
Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Will run job `cron.weekly' in 10 min.
Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Will run job `cron.monthly' in 15 min.
Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Jobs will be executed sequentially
Apr 22 11:55:01 osestaging1-discourse-ose CRON[30694]: Cannot make/remove an entry for the specified session
Apr 22 11:59:59 osestaging1-discourse-ose anacron[30691]: Job `cron.daily' started
Apr 22 11:59:59 osestaging1-discourse-ose anacron[31015]: Updated timestamp for job `cron.daily' to 2020-04-22
Apr 22 12:05:01 osestaging1-discourse-ose CRON[31345]: Cannot make/remove an entry for the specified session
...
root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo
ii  sudo                            1.8.27-1+deb10u1             amd64        Provide limited super user privileges to specific users
root@osestaging1-discourse-ose:/var/www/discourse#
  1. I commented out that 'session required pam_loginid.so' line that I've read issues about and re-started anacron

  1. holy shit that worked
root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo
ii  sudo                            1.8.27-1+deb10u2             amd64        Provide limited super user privileges to specific users
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. apparently this was a bug that got fixed in Debain recently, but apparently not our Discourse's debian build https://stackoverflow.com/questions/43323754/cannot-make-remove-an-entry-for-the-specified-session-cron
  2. I rigged up a sed command for this fix and added it to the Docker install documentation https://wiki.opensourceecology.org/wiki/Discourse#unattended-upgrades
  3. I did a rebuild of the Discourse docker image (including fixing this damn stuck docker container that tells me docker isn't good for production apps at all)
[root@osestaging1 discourse]# time /var/discourse/launcher rebuild discourse_ose
...
2020-04-22 12:54:22.823 UTC [60] LOG:  shutting down
173:M 22 Apr 2020 12:54:22.832 * DB saved on disk
173:M 22 Apr 2020 12:54:22.832 # Redis is now ready to exit, bye bye...
2020-04-22 12:54:22.922 UTC [56] LOG:  database system is shut down
sha256:24e9ff23984a280d4abdac05971d447f55868c477c542b4e9ae7c9b3c15715d4
6cd93242ddfbf37e847697ac3323623a71ea24c1595972e694dcd7b5e990da95
Removing old container
+ /bin/docker rm discourse_ose
Error response from daemon: container 15a32ba3c8e485f9591c7925dcd48ee44ca0216e4df99570a29e3b04990267dd: driver "overlay2" failed to remove root filesystem: unlinkat /var/lib/docker/overlay2/3a9100ce8740fe74bf3e6d0f1ecf6ea9d5ce97a1270a1fc36348f1ddb60e51ab/merged: device or resource busy

starting up existing container
+ /bin/docker start discourse_ose
Error response from daemon: container is marked for removal and cannot be started
Error: failed to start containers: discourse_ose

real    8m32.751s
user    0m1.529s
sys     0m1.528s
[root@osestaging1 discourse]#
  1. And I downgraded the app
root@osestaging1-discourse-ose:/var/www/discourse# logout
[root@osestaging1 sites-enabled]# /var/discourse/launcher enter discourse_ose
root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo
ii  sudo                            1.8.27-1+deb10u2             amd64        Provide limited super user privileges to specific users
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. finally, to test this, I re-downgraded the sudo package to the insecure version
root@osestaging1-discourse-ose:/var/www/discourse# apt-get install sudo=1.8.27-1+deb10u1
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be DOWNGRADED:
  sudo
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 11 not upgraded.
Need to get 1,244 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://security.debian.org/debian-security buster/updates/main amd64 sudo amd64 1.8.27-1+deb10u1 [1,244 kB]
Fetched 1,244 kB in 0s (12.6 MB/s)
debconf: delaying package configuration, since apt-utils is not installed
dpkg: warning: downgrading sudo from 1.8.27-1+deb10u2 to 1.8.27-1+deb10u1
(Reading database ... 48062 files and directories currently installed.)
Preparing to unpack .../sudo_1.8.27-1+deb10u1_amd64.deb ...
Unpacking sudo (1.8.27-1+deb10u1) over (1.8.27-1+deb10u2) ...
Setting up sudo (1.8.27-1+deb10u1) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
Processing triggers for systemd (241-7~deb10u3) ...
root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo
ii  sudo                            1.8.27-1+deb10u1             amd64        Provide limited super user privileges to specific users
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. I confirmed cron is running
root@osestaging1-discourse-ose:/var/www/discourse# ps -ef | grep -i cron
root       723   717  0 13:01 ?        00:00:00 runsv cron
root       728   723  0 13:01 ?        00:00:00 cron -f
root      1309   763  0 13:08 pts/1    00:00:00 grep -i cron
root@osestaging1-discourse-ose:/var/www/discourse# 
  1. And our unattended-upgrades cron is in-place
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/cron.d/unattended-upgrades 
################################################################################
# File:    /etc/cron.d/unattended-upgrades
# Version: 0.1
# Purpose: run unattended-upgrades in lieu of systemd. For more info see
#           * https://wiki.opensourceecology.org/wiki/Discourse
#           * https://meta.discourse.org/t/does-discourse-container-use-unattended-upgrades/136296/3
# Author:  Michael Altfield <michael@opensourceecology.org>
# Created: 2020-03-23
# Updated: 2020-03-23
################################################################################
20 04 * * * root /usr/bin/nice /usr/bin/unattended-upgrades --debug




root@osestaging1-discourse-ose:/var/www/discourse# 
  1. And our patched /etc/pam.d/cron module is fixed
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/pam.d/cron
# The PAM configuration file for the cron daemon

@include common-auth

# Sets the loginuid process attribute
#session    required     pam_loginuid.so

# Read environment variables from pam_env's default files, /etc/environment
# and /etc/security/pam_env.conf.
session       required   pam_env.so

# In addition, read system locale information
session       required   pam_env.so envfile=/etc/default/locale

@include common-account
@include common-session-noninteractive 

# Sets up user limits, please define limits for cron tasks
# through /etc/security/limits.conf
session    required   pam_limits.so

root@osestaging1-discourse-ose:/var/www/discourse# 
  1. And now I'll wait to see if if my cron job finally actually kicks-off a run of `unattended-upgrades` to upgrade the insecure version of `sudo` within 24 hours!
  1. ...
  1. Meanwhile, back to varnish
  2. All of the varnish config is done *outside* discourse. When I left off, I found some 403 errors after switching to varnish (maybe not related). Anyway, let's deal with those mod_security rules
  3. Mod_security is setup in the "inner" nginx inside on the Discourse docker container. Here's the current config
root@osestaging1-discourse-ose:/etc/nginx/conf.d# cat modsecurity.include 
################################################################################
# File:    modsecurity.include
# Version: 0.1
# Purpose: Defines mod_security rules for the discourse vhost
#          This should be included in the server{} blocks nginx vhosts.
# Author:  Michael Altfield <michael@opensourceecology.org>
# Created: 2019-11-12
# Updated: 2019-11-12
################################################################################
Include "/etc/modsecurity/modsecurity.conf"

# OWASP Core Rule Set, installed from the 'modsecurity-crs' package in debian
Include /etc/modsecurity/crs/crs-setup.conf
Include /usr/share/modsecurity-crs/rules/*.conf

SecRuleRemoveById 949110, 942360
root@osestaging1-discourse-ose:/etc/nginx/conf.d# 
  1. I also noticed a "414 Request-URI Too Large" response from a GET my browser made to https://discourse.opensourceecology.org/admin/reports/bulk?reports%5Bdau_by_mau%5D%5Bcache%5D=true&reports%5Bdau_by_mau%5D%5Bfacets%5D%5B%5D=prev_period&reports%5Bdau_by_mau%5D%5Bstart_date%5D=2020-03-21T00%3A00%3A00.000Z&reports%5Bdau_by_mau%5D%5Bend_date%5D=2020-04-21T23%3A59%3A59.999Z&reports%5Bdaily_engaged_users%5D%5Bcache%5D=true&reports%5Bdaily_engaged_users%5D%5Bfacets%5D%5B%5D=prev_period&reports%5Bdaily_engaged_users%5D%5Bstart_date%5D=2020-03-21T00%3A00%3A00.000Z&reports%5Bdaily_engaged_users%5D%5Bend_date%5D=2020-04-21T23%3A59%3A59.999Z&reports%5Bnew_contributors%5D%5Bcache%5D=true&reports%5Bnew_contributors%5D%5Bfacets%5D%5B%5D=prev_period&reports%5Bnew_contributors%5D%5Bstart_date%5D=2020-03-21T00%3A00%3A00.000Z&reports%5Bnew_contributors%5D%5Bend_date%5D=2020-04-21T23%3A59%3A59.999Z&reports%5Bpage_view_total_reqs%5D%5Bcache%5D=true&reports%5Bpage_view_total_reqs%5D%5Bfacets%5D%5B%5D=prev_period&reports%5Bpage_view_total_reqs%5D%5Bstart_date%5D=2020-03-22T00%3A00%3A00.000Z&reports%5Bpage_view_total_reqs%5D%5Bend_date%5D=2020-04-22T23%3A59%3A59.999Z
    1. fucking hell no wonder. look at that fucking query string. that's insane!
    2. but that's only half of it; here's a request cookie '_forum_session'
RmZiVjJySDY1NjVvcXE4QnYwdUpIVVRBYkF2c3JqMGw4WTdGeUhEV1NpakpVQzBRTFIyQnhrN3poUzd6YWIxZ1VHSUQ2S09HSXdnaG9ibUZTZkZkVHhjaThIdk9aK0lhUjBwS2dMd1poa29FMDFqS1pPSUFwM0hyOXF6VW5kY0pyZ21VM1QrbmViNjU2LzY5N0xkcTZ3Qy80OHcvZXZKODkvOGlFVjNKbzZHajZGMmlobU1NYktwZlNuQVh6R3A2UnF1L3hzYWpnTzRGY3JKUFE2SzJJNU55K1ZpSHVWVVJtNWJDT1BodkNRc1NROWtQcVR6S251SlZiSTMvaUsrZjEyRTlqbW9xK0NxN092bkxzeGQxejRlUDR5OTFNOW9SN0YzdUpLMVBvU0hQb1BBV1RKdUtFai9xR05lN2t4dU9SWkQ2U2ZpQmEwcXBDaXFPajdPbGdWOThKOFhaT0VQOWlLTzR4VnJ4KzEwWG5aUis1a3JkOEZQQjl5aHJFTUh2cDB4dm5FYTcyR2IzVkVxMjBSRGh5NnFqUWRsMkcyKzN6Y3krQXZQQUpKZHNCR2JGUWYzUE4rbmhaMUFDZmZGRS0tYTZCSmNDRis4WTRpcmJ2aVQ4d3BxQT09--7d65f5962920fd5f668973ee58e468fd9339f62c
  1. I remember I brought this up to the devs, and they agreed it was silly but didn't commit to fixing it https://meta.discourse.org/t/discourse-session-cookies-400-request-header-or-cookie-too-large/137245
    1. maybe that's a different issue that I already fixed, but this is a consequence of similarlly inconsiderate development practices..
  2. so it looks like the option in nginx that would trigger a 414 error is 'large_client_header_buffers'
    1. https://stackoverflow.com/questions/1067334/how-to-set-the-allowed-url-length-for-a-nginx-request-error-code-414-uri-too
    2. https://nginx.org/en/docs/http/ngx_http_core_module.html#large_client_header_buffers
  3. indeed, as I pointed out in the meta.discourse.org topic above, I've set this as a DOS protection tuning. It runs fine for all our other webapps, but apparently Discourse likes to do stupid shit like using ridiculous large URIs in a GET instead of a POST...
[root@osestaging1 nginx]# hostname
osestaging1
[root@osestaging1 nginx]# pwd
/etc/nginx
[root@osestaging1 nginx]# grep -ir 'large_client_header_buffers' *
nginx.conf:   	;
[root@osestaging1 nginx]# 
  1. apparently the default is "large_client_header_buffers 4 8k", so I set that in the server block of the nginx config specific to the discourse site (this is the "outer" nginx config running on the docker host)
[root@osestaging1 nginx]# grep -ir 'large_client_header_buffers' *
conf.d/discourse.opensourceecology.org.conf:   large_client_header_buffers 4 8k;
nginx.conf:   large_client_header_buffers 2 1k;
[root@osestaging1 nginx]# grep -irC5 'large_client_header_buffers' *
conf.d/discourse.opensourceecology.org.conf-
conf.d/discourse.opensourceecology.org.conf-   # resetting this back to its nginx default to override our DOS protection
conf.d/discourse.opensourceecology.org.conf-   # since the Discourse developers like to store a ton of data on the URI and
conf.d/discourse.opensourceecology.org.conf-   # directly in client's cookies instead of using POST and server-side storage
conf.d/discourse.opensourceecology.org.conf-   #  * https://meta.discourse.org/t/discourse-session-cookies-400-request-header-or-cookie-too-large/137245/6
conf.d/discourse.opensourceecology.org.conf:   large_client_header_buffers 4 8k;
conf.d/discourse.opensourceecology.org.conf-
conf.d/discourse.opensourceecology.org.conf-   # we can't use the global 'secure.include' file for Discourse, which
conf.d/discourse.opensourceecology.org.conf-   # requires use of the DELETE http method, for example
conf.d/discourse.opensourceecology.org.conf-   #include conf.d/secure.include;
conf.d/discourse.opensourceecology.org.conf-
--
nginx.conf-
nginx.conf-   # prevent buffer overflows
nginx.conf-   #client_body_buffer_size  1k;
nginx.conf-   client_body_buffer_size  900k;
nginx.conf-   client_header_buffer_size 1k;
nginx.conf:   large_client_header_buffers 2 1k;
nginx.conf-
nginx.conf-     # allow large posts for image uploads
nginx.conf-     #client_max_body_size 1k;
nginx.conf-     #client_max_body_size 900k;
nginx.conf-     client_max_body_size 10M;
[root@osestaging1 nginx]# 
  1. that's it. I was able to login. logout. login again. edit some settings. create a new topic. No mod_security issues or otherwise.
  2. I updated the documentation to use these new nginx config options
  3. I did a quick check with `varnishstat` to see if varnish is actually caching. At first the number of hits (all the rows of avg(n) in the top-right) remained all zero. But it was because I was logged-in!
  4. I logged-out, deleted my session cookies, and started clicking around the topics and I saw the hit rate climb to ~0.4 (per 10 requests). Unfortunately it quickly dropped back to zero (after maybe 30-120 seconds) after DIscourse set a session cookie, even without logging-in! Ugh, it's a pretty weak cache, but at least it'll do some of the heavy lifting to prevent our site from going down in reddit hug-of-death thundering herd viral event..

Sat Apr 11, 2020

  1. Meeting with Robert

Sun Apr 05, 2020

  1. Researching Robert Hrvol as my potential replacement as OSE Sysadmin
  2. I added some items to our OSE Server TODO list https://wiki.opensourceecology.org/wiki/OSE_Server#TODO
  3. emailed Marcin about a potential meeting with us 3 to discuss this transition and begin ramping-up Robert and assigning his first tasks

Fri Apr 03, 2020

  1. Our monthly backup report came in with issues:
    1. the first-of-the-month backup is missing for April 1st
    2. the day before's March 31st's backup is also missing
    3. the day before that's March 30th's backup is actually present in the file listing, but it says that it thinks the day before yesterday's backup is actually April 1st, not March 30th--this one may be a bug in the backup report script


ATTENTION: BACKUPS MISSING!


WARNING: First of this month's backup (20200401) is missing!
WARNING: Yesterday's backup (20200402) is missing!
WARNING: The day before yesterday's backup (20200401) is missing!

See below for the contents of the backblaze b2 bucket = ose-server-backups

monthly_hetzner2_20190501_072001.tar.gpg
monthly_hetzner2_20190601_072001.tar.gpg
monthly_hetzner2_20190701_072001.tar.gpg
monthly_hetzner2_20190901_072001.tar.gpg
monthly_hetzner2_20191001_072001.tar.gpg
monthly_hetzner2_20191101_072001.tar.gpg
monthly_hetzner2_20191201_072001.tar.gpg
monthly_hetzner2_20200201_072001.tar.gpg
monthly_hetzner2_20200301_072001.tar.gpg
weekly_hetzner2_20200316_072001.tar.gpg
weekly_hetzner2_20200323_072001.tar.gpg
weekly_hetzner2_20200330_072001.tar.gpg
yearly_hetzner2_20190101_111520.tar.gpg
yearly_hetzner2_20200101_072001.tar.gpg
---
Note: This report was generated on 20200403_042001 UTC by script '/root/backups/backupReport.sh'
	  This script was triggered by '/etc/cron.d/backup_to_backblaze'

	  For more information about OSE backups, please see the relevant documentation pages on the wiki:
	   * https://wiki.opensourceecology.org/wiki/Backblaze
	   * https://wiki.opensourceecology.org/wiki/OSE_Server#Backup[[https://wiki.opensourceecology.org/wiki/OSE_Server#Backups|s]]