Maltfield Log/2020 Q2
My work log from the year 2020 Quarter 2. I intentionally made this verbose to make future admin's work easier when troubleshooting. The more keywords, error messages, etc that are listed in this log, the more helpful it will be for the future OSE Sysadmin.
Contents
- 1 See Also
- 2 Thr May 26, 2020
- 3 Thr May 21, 2020
- 4 Mon May 18, 2020
- 5 Mon May 11, 2020
- 6 Sun May 10, 2020
- 7 Sat May 09, 2020
- 8 Fri May 08, 2020
- 9 Thr May 07, 2020
- 10 Tue May 05, 2020
- 11 Mon May 04, 2020
- 12 Tue Apr 28, 2020
- 13 Mon Apr 27, 2020
- 14 Thr Apr 23, 2020
- 15 Wed Apr 22, 2020
- 16 Sat Apr 11, 2020
- 17 Sun Apr 05, 2020
- 18 Fri Apr 03, 2020
See Also
Thr May 26, 2020
- Marcin asked me about issues using this embed JS code to get a discourese topic to be displayed in the wiki https://meta.discourse.org/t/embedding-discourse-comments-via-javascript/31963
- I got this working by fixing a few issues
- The list of "Allowed Hosts" in discourse.opensourceecology.org's Admin -> Customize -> Embedding section didn't include the 'wiki.opensourceecology.org' domain. I Got this working by adding the following two lines to this list of Allowed Hosts:
- www.opensourceecology.org, (no class name), (no path whitelist), Post to Category = GVCS
- wiki.opensourceecology.org, (no class name), (no path whitelist), Post to Category = GVCS
- But I'm pretty sure that that "Post to Cateogry" is unnecessary since I could only reference existing topics by their ID
- Marcin tried to edit the prod wiki for accessing the discourse site that's only accessible in staging. He's using a firejail'd firefox to force firefox to use the dev dns server so it can access staging, but his main browser window that sees production can't access our staging sites. I made the JS available on the staging wiki and told him to access it on his firejail'd firefox window https://wiki.opensourceecology.org/wiki/Test
- I couldn't get the original code that Marcin tried to work. As described in the topic from meta.discourse.org linked-to above, this is supposed to create a new topic per page that the embed code is found on.
- The list of "Allowed Hosts" in discourse.opensourceecology.org's Admin -> Customize -> Embedding section didn't include the 'wiki.opensourceecology.org' domain. I Got this working by adding the following two lines to this list of Allowed Hosts:
<html> <div id='discourse-comments'></div> <script type="text/javascript"> DiscourseEmbed = { discourseUrl: 'https://discourse.opensourceecology.org/', discourseEmbedUrl: 'https://wiki.opensourceecology.org/wiki/Test'}; (function() { var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true; d.src = DiscourseEmbed.discourseUrl + 'javascripts/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d); })(); </script> </html>
- instead, I used this to reference a pre-existing topic ID, and it worked
<html> <div id='discourse-comments'></div> <script type="text/javascript"> window.DiscourseEmbed = { discourseUrl: 'https://discourse.opensourceecology.org/', topicId: 49 }; (function() { var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true; d.src = window.DiscourseEmbed.discourseUrl + 'javascripts/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d); })(); </script> </html>
- ...
- Marcin asked me about installing themes. This is an issue because our server's iptables intentionally prevent our web apps from initiating requets; they can only respond to requests.
- I found that you can upload a theme, which is the easiest way to install a theme (command line installs are apparently not really possible other than this hack of a solution) https://meta.discourse.org/t/how-do-i-install-a-theme-or-theme-component/63682/50
- I documented the process to upload and install a theme and theme component on the wiki's Discourse article https://wiki.opensourceecology.org/wiki/Discourse#Installing_Themes_and_Components
- I also spent some time preparing & uploading my backups of the PURGE topic where I was threatend to be banned from the Discourse forums for asking about their documentation policy and providing my own documentation https://wiki.opensourceecology.org/wiki/Discourse#Strategic_Open_Source
Thr May 21, 2020
- Meeting with Marcin
- Marcin fixed his issues with firejail so he can access the staging server from firefox in a firejail'd sandbox that forced firefox to use our Dev server's DNS (which redirects queries for our sites to the IP address of the staging server's VPN IP instead of the pubicly-addressible prod server)
- I updated our documentation with these commands
- And Marcin added this to his personal notes on connecting to the staging server
- Marcin was able to register an account on our discourse staging site
- I was able to grant Marcin's new account to be moderator & admin
- Marcin started playing with the stie as admin
- I asked Marcin to thourougly test the site. We didn't encounter any issues during our call, but hopefully we can fix any issues that may arise before I install on prod
- Hoepfully the prod install will happen in 1-3 weeks from now, depending on Marcin's tests
- I also asked marcin to consider & decide on what the domain should be. discourse.opensourceecology.org? discuss.opensourceecology.org? discuss.opensourceecology.org? forum.opensourceecology.org?
- I did a bunch of cleanup & organizing to our Discourse page on the wiki
- I added a section describing my conclusion that Discourse is a Fake Open Source project https://wiki.opensourceecology.org/wiki/Discourse#Fake_Open_Source
- I seperated out the install guide into a subpage https://wiki.opensourceecology.org/wiki/Discourse/Install
- I seperated out the updating guide into a subpage https://wiki.opensourceecology.org/wiki/Discourse/Updating
Mon May 18, 2020
- we got a request to delete a user's phone number from this page https://wiki.opensourceecology.org/wiki/Local_Contacts
- I immeidately deleted the current revision, but that doesn't make it go away from previous revisions as documented here https://www.mediawiki.org/wiki/GDPR_(General_Data_Protection_Regulation)_and_MediaWiki_software#The_problem_of_deleting_a_user's_contributions
- It loos like this RevisionDelete tool has been integrated into Mediawiki core since 2009, but we don't have it enabled. I enabled it by editing our LocalSettings.php file on prod https://www.mediawiki.org/wiki/Help:RevisionDelete
[root@opensourceecology wiki.opensourceecology.org]# cp LocalSettings.php LocalSettings.20200518.php [root@opensourceecology wiki.opensourceecology.org]# vim LocalSettings.php [root@opensourceecology wiki.opensourceecology.org]# grep -E 'deletelogentry|deleterevision' LocalSettings.php $wgGroupPermissions['sysop']['deletelogentry'] = true; $wgGroupPermissions['sysop']['deleterevision'] = true; [root@opensourceecology wiki.opensourceecology.org]#
- ...
- I did some refining of the varnish config
- I commented-out the block that would bypass the cache if the backend responsed with no-cache or similar. The fact is that Discourse wasn't developed to play nice with reverse proxy caching sitting in-front of it. Instead, we just use a very short TTL (~5 minutes) so we don't really need to respec the backend, anyway
- I added a block (taken from our other wordpress varnish configs) that will strip cookies from requests for requests for static assets (without auth headers) so that static content (images, css, js, etc) will be cached--even if the user is logged-in
vcl_recv { ... # cache static content, even if a user is logged-in (but strip cookies) if (req.method ~ "^(GET|HEAD)$" && req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)(\?.*)?$") { # if you use a subdomain for admin section, do not cache it #if (req.http.host ~ "admin.yourdomain.com") { # set req.http.X-VC-Cacheable = "NO:Admin domain"; # return(pass); #} # enable this if you want #if (req.url ~ "debug") { # set req.http.X-VC-Debug = "true"; #} # enable this if you need it #if (req.url ~ "nocache") { # set req.http.X-VC-Cacheable = "NO:Not cacheable, nocache in URL"; # return(pass); #} set req.url = regsub(req.url, "\?.*$", ""); # unset cookie only if no http auth if (!req.http.Authorization) { unset req.http.Cookie; } return(hash); } ... }
- I also noticed that the X-Forwarded-For header was being clobbered and reset twice; once by varnish and once by our discourse-specific varnish config. I commented-out ours to fix this as it's redundant
- ok, I'm pretty happy with that varnish config. But I'm not going to cross it off the TODO list until I've done a fresh DIscourse install with this config and then validated it again.
- ...
- the one other item on our Discourse TODO list is to harden the file ownership & permissions
- I asked about this on the Discourse forums about a month ago, but nobody responded; I bumped it https://meta.discourse.org/t/minimum-hardened-file-permissions/148974
- I checked the install guide, which does explicitly tell you to become root and tells you that you need to be root to execute all the operations https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md
- I'm not sure I'll actually be able to harden this, unfortunately :(
- ...
- anyway, I encounered an issue updating the logo
==> /var/discourse/shared/standalone/log/var-log/nginx/error.log <== 2020/05/18 12:12:10 [error] 567#567: *1354 [client 172.17.0.1] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Eq' with parameter `0' against variable `MULTIPART_UNMATCHED_BOUNDARY' (Value: `2' ) [file "/etc/modsecurity/modsecurity.conf"] [line "73"] [id "200004"] [rev ""] [msg "Multipart parser detected a possible unmatched boundary."] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "172.17.0.2"] [uri "/uploads.json"] [unique_id "158980393038.283883"] [ref "v1326,1"], client: 172.17.0.1, server: _, request: "POST /uploads.json?client_id=1abc28e288b84e80890b21c25616217e&for_site_setting=true HTTP/1.1", host: "discourse.opensourceecology.org", referrer: "https://discourse.opensourceecology.org/admin/site_settings/category/branding" ==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <== [18/May/2020:12:12:10 +0000] "discourse.opensourceecology.org" 172.17.0.1 "POST /uploads.json?client_id=1abc28e288b84e80890b21c25616217e&for_site_setting=true HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 403 294 "https://discourse.opensourceecology.org/admin/site_settings/category/branding" - 0.000 "-" ==> /var/discourse/shared/standalone/log/rails/production.log <== Job exception: getaddrinfo: Temporary failure in name resolution (SocketError)
- So I added this rule id to the allow-list
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/nginx/conf.d/modsecurity.include ################################################################################ # File: modsecurity.include # Version: 0.1 # Purpose: Defines mod_security rules for the discourse vhost # This should be included in the server{} blocks nginx vhosts. # Author: Michael Altfield <michael@opensourceecology.org> # Created: 2019-11-12 # Updated: 2019-11-12 ################################################################################ Include "/etc/modsecurity/modsecurity.conf" # OWASP Core Rule Set, installed from the 'modsecurity-crs' package in debian Include /etc/modsecurity/crs/crs-setup.conf Include /usr/share/modsecurity-crs/rules/*.conf SecRuleRemoveById 949110 942360 200004 root@osestaging1-discourse-ose:/var/www/discourse# sv stop nginx ok: down: nginx: 0s, normally up root@osestaging1-discourse-ose:/var/www/discourse# sv start nginx ok: run: nginx: (pid 22705) 0s root@osestaging1-discourse-ose:/var/www/discourse#
- that helped, but my attempts to update the logo still don't work. I didn't find anything useful in the error logs, but I did notice in firefox's network tab that my PUT requests didn't get a response.
- I updated the "outer" nginx config to permit PUTs, and that fixed it
# whitelist requests to disable TRACE if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT)$ ) { # note: 444 is a meta code; it doesn't return anything, actually # it just logs, drops, & closes the connection (useful # against malware) return 444; }
- I encountered another ModSecurity FP when attempting to update the site's title
---YxQOk4X9---F-- HTTP/1.1 200 Referrer-Policy: strict-origin-when-cross-origin X-Discourse-Route: site_settings/update X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-Permitted-Cross-Domain-Policies: none X-Discourse-Username: maltfield0 X-XSS-Protection: 1; mode=block Set-Cookie: _forum_session=WGFseC9qbmJsS09tci9EN3hYUHVzNU9NYmQvWW5rZnM1ZE5aOXZDekl2dklPY1VRUGJrbE51YTA5LzA0d3JqcVgrK3lLbFRPbkJTOHlWNFF1TnhQUEtmSmRNWnlnSlN3dUkrTHBZcmF4TWRBRnE1VmVGcHY1emswbFBsTWFVUTAzdC9zZHRKY3VXcFppY0d5dkUycFJROWZRS0NISXZWbnVOOFUwdUJsY1pNNU5RWWlwUzByMjlxbk5CVzl0bjFiR1pvZUhUMzJXeHh1cGJWbTFTV3hhTUtDb0lKeVJ4N1dBZ2lsZmd1YVozZXZDeFFXdFNJVjRXajVvVzNPNEt5M1NEbDJSQU9KY3k3KytVTUxxWTdzVjRMaVdMYm1HeTJacTNiU2RyREZHYU0vSkl4VTFPMlBCb0dPOFgveVNpRDVxZ3ZuaFdwTmw5b3hWT3BnU0gwSmdOLzV4Mi9DR0pzVUZvQW5rOUFLVWJTNGZLNHcxTWg0dDRYZ3cwZWVoOXNpalkxRnMrZnZSNldhN1htdkl6UjZJVnBDdWR4cTNuT0pBU3hFYkpWU0JORT0tLThYYitoTG5xdk1BcnVIQmZGQXk5MGc9PQ%3D%3D--ae58415ffb15b38ef6677093a2460471b8022ecd; path=/; HttpOnly; SameSite=Lax Connection: keep-alive X-Content-Type-Options: nosniff X-Runtime: 0.074189 Content-Type: text/plain; charset=utf-8 Date: Mon, 18 May 2020 12:51:55 GMT Server: nginx X-Request-Id: e3cbd5da-e98d-4f11-966f-129466c7affa Cache-Control: no-cache, no-store ---YxQOk4X9---H-- ModSecurity: Warning. Matched "Operator `Within' with parameter `GET HEAD POST OPTIONS' against variable `REQUEST_METHOD' (Value: `PUT' ) [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "27"] [id "911100"] [rev ""] [msg "Method is not allowed by policy"] [data "PUT"] [severity "2"] [ver "OWASP_CRS/3.1.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "172.17.0.2"] [uri "/admin/site_settings/title"] [unique_id "158980631570.007056"] [ref "v0,3"] ---YxQOk4X9---I--
- adding rule id = '911100' to the allow-list worked
- I hit another ModSecurity issue when attempting to edit a big html textarea on this page https://discourse.opensourceecology.org/admin/customize/email_style/html
- fixed by whitelisting 921130, 941250, 941180, 941160, 941140, 941130, 941100
- for some reason going to logs > error logs is blank; my browser showed a lot of 404 messages https://discourse.opensourceecology.org/logs
[18/May/2020:13:16:22 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 200 4441 "https://discourse.opensourceecology.org/admin/logs/search_logs" 0.057 0.057 "-" ==> /var/discourse/shared/standalone/log/rails/production.log <== ActionController::RoutingError (No route matches [GET] "/logs/stylesheets/vendor.css") /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call' ==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <== [18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/stylesheets/vendor.css HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "https://discourse.opensourceecology.org/logs" 0.038 0.037 "-" ==> /var/discourse/shared/standalone/log/rails/production.log <== ActionController::RoutingError (No route matches [GET] "/logs/javascript/vendor.js") /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call' ==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <== [18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/javascript/vendor.js HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "https://discourse.opensourceecology.org/logs" 0.040 0.041 "-" ==> /var/discourse/shared/standalone/log/rails/production.log <== ActionController::RoutingError (No route matches [GET] "/logs/stylesheets/client-app.css") /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call' ==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <== [18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/stylesheets/client-app.css HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "https://discourse.opensourceecology.org/logs" 0.062 0.062 "-" ==> /var/discourse/shared/standalone/log/rails/production.log <== ActionController::RoutingError (No route matches [GET] "/logs/javascript/client-app.js") /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call' ==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <== [18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/javascript/client-app.js HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "https://discourse.opensourceecology.org/logs" 0.026 0.026 "-" ==> /var/discourse/shared/standalone/log/rails/production.log <== ActionController::RoutingError (No route matches [GET] "/logs/images/icon_144x144.png") /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call' ActionController::RoutingError (No route matches [GET] "/logs/images/icon_64x64.png") /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-6.0.3/lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call' ==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <== [18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/images/icon_144x144.png HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "-" 0.042 0.042 "-" [18/May/2020:13:16:23 +0000] "discourse.opensourceecology.org" 172.17.0.1 "GET /logs/images/icon_64x64.png HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 404 2107 "-" 0.038 0.038 "-" ==> /var/discourse/shared/standalone/log/var-log/redis/current <== 542:M 18 May 2020 13:16:24.100 * 10 changes in 300 seconds. Saving... 542:M 18 May 2020 13:16:24.114 * Background saving started by pid 26808 26808:C 18 May 2020 13:16:24.161 * DB saved on disk 26808:C 18 May 2020 13:16:24.162 * RDB: 0 MB of memory used by copy-on-write 542:M 18 May 2020 13:16:24.215 * Background saving terminated with success ==> /var/discourse/shared/standalone/log/var-log/nginx/access.log <== [18/May/2020:13:16:24 +0000] "discourse.opensourceecology.org" 172.17.0.1 "POST /message-bus/c8ab0418fc5c48b78813e778afe184ad/poll?dlp=t HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "-" 200 575 "https://discourse.opensourceecology.org/g" 0.031 0.031 "-"
- I'm not sure if it even makes sense to test email functionality yet on staging (where there's issues with SPF rules), but it failed https://discourse.opensourceecology.org/admin/email
There was a problem sending the test email. Please double-check your mail settings, verify that your host is not blocking mail connections, and try again.
- I'm not even getting an error message on the staging server's postfix /var/log/maillog, so I'm thinking this is a real issue.
- yeah, it looks like postfix isn't even listening on the docker host ip
[root@osestaging1 conf.d]# ss -plan | grep -i master | grep LISTEN | grep ':25' tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=813,fd=13)) [root@osestaging1 conf.d]# grep inet_interfaces /etc/postfix/main.cf # The inet_interfaces parameter specifies the network interface #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost inet_interfaces = localhost # the address list specified with the inet_interfaces parameter. # receives mail on (see the inet_interfaces parameter). # to $mydestination, $inet_interfaces or $proxy_interfaces. # - destinations that match $inet_interfaces or $proxy_interfaces, # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned [root@osestaging1 conf.d]#
- I changed it to include the docker gateway, and now `ss` looks better
[root@osestaging1 conf.d]# systemctl restart postfix [root@osestaging1 conf.d]# ss -plan | grep -i master | grep LISTEN | grep ':25' tcp LISTEN 0 100 172.17.0.1:25 *:* users:(("master",pid=27688,fd=14)) tcp LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=27688,fd=13)) [root@osestaging1 conf.d]# grep inet_interfaces /etc/postfix/main.cf # The inet_interfaces parameter specifies the network interface #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #inet_interfaces = localhost inet_interfaces = localhost, 172.17.0.1 # the address list specified with the inet_interfaces parameter. # receives mail on (see the inet_interfaces parameter). # to $mydestination, $inet_interfaces or $proxy_interfaces. # - destinations that match $inet_interfaces or $proxy_interfaces, # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned [root@osestaging1 conf.d]#
- there's some iptables issues. I finally got it to connect after flushing the iptables on the docker container and adding this rule on the docker host: "iptables -A INPUT -d 172.17.0.1 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT"
May 18 13:39:21 osestaging1 postfix/smtpd[29248]: connect from unknown[172.17.0.2] May 18 13:39:21 osestaging1 postfix/smtpd[29248]: 5DC0B5E0DEF: client=unknown[172.17.0.2] May 18 13:39:21 osestaging1 postfix/cleanup[29251]: 5DC0B5E0DEF: message-id=<16af0159-eb43-414a-9020-7726ef05ecdc@discourse.opensourceecology.org> May 18 13:39:21 osestaging1 postfix/qmgr[27690]: 5DC0B5E0DEF: from=<noreply@unconfigured.discourse.org>, size=8855, nrcpt=1 (queue active) May 18 13:39:21 osestaging1 postfix/smtpd[29248]: disconnect from unknown[172.17.0.2] May 18 13:39:22 osestaging1 postfix/smtp[29253]: 5DC0B5E0DEF: to=<michael@opensourceecology.org>, relay=aspmx.l.google.com[66.102.1.27]:25, delay=0.62, delays=0.07/0.06/0.11/0.37, dsn=5.7.26, status=bounced (host aspmx.l.google.com[66.102.1.27] said: 550-5.7.26 Unauthenticated email from discourse.org is not accepted due to 550-5.7.26 domain's DMARC policy. Please contact the administrator of 550-5.7.26 discourse.org domain if this was a legitimate mail. Please visit 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.26 DMARC initiative. w13si10283349wrp.412 - gsmtp (in reply to end of DATA command)) May 18 13:39:22 osestaging1 postfix/cleanup[29251]: 065D55E2DBD: message-id=<20200518133922.065D55E2DBD@mailer.opensourceecology.org> May 18 13:39:22 osestaging1 postfix/qmgr[27690]: 065D55E2DBD: from=<>, size=11662, nrcpt=1 (queue active) May 18 13:39:22 osestaging1 postfix/bounce[29254]: 5DC0B5E0DEF: sender non-delivery notification: 065D55E2DBD May 18 13:39:22 osestaging1 postfix/qmgr[27690]: 5DC0B5E0DEF: removed May 18 13:39:22 osestaging1 postfix/smtp[29253]: 065D55E2DBD: to=<noreply@unconfigured.discourse.org>, relay=none, delay=0.06, delays=0.02/0.01/0.03/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=unconfigured.discourse.org type=AAAA: Host not found) May 18 13:39:22 osestaging1 postfix/qmgr[27690]: 065D55E2DBD: removed
- the iptables rule for the docker container is
iptables -A OUTPUT -d 172.17.0.1 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
- and I was able to craft a command to fix the posfix main.cf config with
grep 'inet_interfaces = localhost, 172.17.0.1' /etc/postfix/main.cf || sed --in-place=.`date "+%Y%m%d_%H%M%S"` 's%^\(inet_interfaces =.*\)$%#\1\ninet_interfaces = localhost, 172.17.0.1%' /etc/postfix/main.cf
- and I also crafted commands to update iptables on the docker host to permit docker containers to send mail
tmpDir="/var/tmp/`date "+%Y%m%d_%H%M%S"`_change_discourse_iptables" mkdir "${tmpDir}" pushd "${tmpDir}" iptables-save > iptables_a cp iptables_a iptables_b grep "INPUT -d 172.17.0.1/32 -i docker0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT" iptables_b || sed -i 's%^\(.*-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT\)$%-A INPUT -d 172.17.0.1/32 -i docker0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT\n\1%' iptables_b iptables-restore < iptables_b service iptables save popd
- ok, that fixes the network issues; the next issue is that email servers are rejecting the mail because it's coming from 'noreply@unconfigured.discourse.org'
- I had to change this in the WUI. after logging-in as the admin, I went to settings -> search for "notification email" to change it to 'noreply@discourse.opensourceecology.org'
- now it works!
May 18 17:22:54 osestaging1 postfix/smtpd[23195]: connect from unknown[172.17.0.2] May 18 17:22:54 osestaging1 postfix/smtpd[23195]: C31835E328E: client=unknown[172.17.0.2] May 18 17:22:54 osestaging1 postfix/cleanup[23197]: C31835E328E: message-id=<e9a1ebd4-9be2-4dc6-8e44-66544fcb4ca5@discourse.opensourceecology.org> May 18 17:22:54 osestaging1 postfix/qmgr[27690]: C31835E328E: from=<noreply@discourse.opensourceecology.org>, size=8865, nrcpt=1 (queue active) May 18 17:22:54 osestaging1 postfix/smtpd[23195]: disconnect from unknown[172.17.0.2] May 18 17:22:54 osestaging1 postfix/smtp[23198]: connect to aspmx.l.google.com[2a00:1450:400c:c08::1b]:25: Network is unreachable May 18 17:22:55 osestaging1 postfix/smtp[23198]: C31835E328E: to=<michael@opensourceecology.org>, relay=aspmx.l.google.com[173.194.76.26]:25, delay=0.51, delays=0.08/0.06/0.08/0.29, dsn=2.0.0, status=sent (250 2.0.0 OK 1589822577 j4si9355616wrb.460 - gsmtp) May 18 17:22:55 osestaging1 postfix/qmgr[27690]: C31835E328E: removed
- actually, I think that log is a lie; the email didn't arrive. When I spoke to Sam Tuke (former CEO of phpList) he mentioned this can be an issue: gmail will lie with response codes to thwart spam
- anyway, that's good enough for now. I'm not gonna fuck with DNS. I expect that once it's coming from our actual prod server this last issue will be fixed.
Mon May 11, 2020
- I fixed the issue with the DB on the staging server (db wouldn't start so all wodpress sites were broken on staging) by initiating a sync of the mysql data dir (/var/lib/mysql)
time nice rsync -e "ssh -p 32415 -i /root/.ssh/id_rsa.201910" --bwlimit=3000 --numeric-ids --delete --rsync-path="sudo rsync" -av --progress /var/lib/mysql/ stagingsync@10.241.189.11:/var/lib/mysql/
- I also documented this command (for a single dir as opposed to a full sync) here https://wiki.opensourceecology.org/wiki/OSE_Staging_Server#Sync_Prod_to_Staging
Sun May 10, 2020
- onboarding call with Rob. He now has access to:
- a robert@opensourceecology.org email account
- ssh access to the dev server
- VPN access
- ssh access to the staging server (with sudo permission)
- we encountered an issue with the last prod to staging sync that broke mysql. I probably need to resync the mysql data dirs due to corruption or something
- we discussed his task, and I made clear the requirements for the "wordpress upgrade procedure" task, including the first deliverable, which should be a CHG ticket listing a set of idempotent & deterministic commands to run on production for updating the fef.opensourceecology.org wordpress site and all its themes/plugins and upgrading the database && valdation steps, etc.
Sat May 09, 2020
- I'm still investigating issues with the clients accessing the openvpn server after changing the topology from "net30" to "subnet"
- IPtables looks good. DNS over tun0 looks ok, and icmp for every interface is allowed
[root@osedev1 openvpn]# iptables-save # Generated by iptables-save v1.4.21 on Sat May 9 12:22:35 2020 *mangle :PREROUTING ACCEPT [51501895:33051507043] :INPUT ACCEPT [42622449:15849589610] :FORWARD ACCEPT [8866059:17200608978] :OUTPUT ACCEPT [34017629:18944279835] :POSTROUTING ACCEPT [42883687:36144888701] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Sat May 9 12:22:35 2020 # Generated by iptables-save v1.4.21 on Sat May 9 12:22:35 2020 *nat :PREROUTING ACCEPT [3991015:240967558] :INPUT ACCEPT [434822:31953624] :OUTPUT ACCEPT [995653:73984001] :POSTROUTING ACCEPT [995691:73986469] -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Sat May 9 12:22:35 2020 # Generated by iptables-save v1.4.21 on Sat May 9 12:22:35 2020 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [9284:773828] :OUTPUT ACCEPT [34005620:18940275720] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 32415 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT -A INPUT -i tun0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -j DROP -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT COMMIT # Completed on Sat May 9 12:22:35 2020 [root@osedev1 openvpn]#
- I did some tests, but after some changes then reverts and restarts on dev, staging, prod, and my laptop's openvpn services, I realized this issue is somehow now fixed?
- here's proof that the prod server can ping the openvpn server and the staging server
[root@opensourceecology ~]# ip a show tun0 12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.241.189.10/24 brd 10.241.189.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::971c:9046:a103:3620/64 scope link flags 800 valid_lft forever preferred_lft forever [root@opensourceecology ~]# ip r default via 138.201.84.193 dev eth0 10.241.189.0/24 dev tun0 proto kernel scope link src 10.241.189.10 138.201.0.0/16 dev eth0 proto kernel scope link src 138.201.84.243 138.201.84.193 dev eth0 proto kernel scope link src 138.201.84.223 169.254.0.0/16 dev eth0 scope link metric 1002 [root@opensourceecology ~]# ping -qc5 10.241.189.11 PING 10.241.189.11 (10.241.189.11) 56(84) bytes of data. --- 10.241.189.11 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 0.994/1.285/1.651/0.248 ms [root@opensourceecology ~]# ping -qc5 10.241.189.1 PING 10.241.189.1 (10.241.189.1) 56(84) bytes of data. --- 10.241.189.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4002ms rtt min/avg/max/mdev = 0.850/1.154/2.006/0.446 ms [root@opensourceecology ~]#
- and that the staging server can ping the openvpn server and the prod server
[root@osestaging1 ~]# ip a show tun0 143: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.241.189.11/24 brd 10.241.189.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::dbc6:ae37:a4be:4f02/64 scope link flags 800 valid_lft forever preferred_lft forever [root@osestaging1 ~]# ip r default via 192.168.122.1 dev eth0 10.241.189.0/24 dev tun0 proto kernel scope link src 10.241.189.11 169.254.0.0/16 dev eth0 scope link metric 1057 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.201 [root@osestaging1 ~]# ping -qc5 10.241.189.10 PING 10.241.189.10 (10.241.189.10) 56(84) bytes of data. --- 10.241.189.10 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 0.863/2.046/5.694/1.830 ms [root@osestaging1 ~]# ping -qc5 10.241.189.1 PING 10.241.189.1 (10.241.189.1) 56(84) bytes of data. --- 10.241.189.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4000ms rtt min/avg/max/mdev = 0.266/0.467/0.779/0.172 ms [root@osestaging1 ~]#
- and that the openvpn server can ping both the staging and prod servers
[root@osedev1 openvpn]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group defaul t qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 96:00:00:2e:48:9d brd ff:ff:ff:ff:ff:ff inet 195.201.233.113/32 brd 195.201.233.113 scope global dynamic eth0 valid_lft 73842sec preferred_lft 73842sec inet6 2a01:4f8:c010:3ca0::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::9400:ff:fe2e:489d/64 scope link valid_lft forever preferred_lft forever 4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:54:00:7d:01:71 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:7d:01:71 brd ff:ff:ff:ff:ff:ff 58: vethQPKFOD@if57: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UP group default qlen 1000 link/ether fe:de:c7:01:50:8a brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::fcde:c7ff:fe01:508a/64 scope link valid_lft forever preferred_lft forever 64: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.241.189.1/24 brd 10.241.189.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::ca2e:edbf:f704:df3/64 scope link flags 800 valid_lft forever preferred_lft forever [root@osedev1 openvpn]# ip r default via 172.31.1.1 dev eth0 10.241.189.0/24 dev tun0 proto kernel scope link src 10.241.189.1 169.254.0.0/16 dev eth0 scope link metric 1002 172.31.1.1 dev eth0 scope link 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 [root@osedev1 openvpn]# ping -qc5 10.241.189.11 PING 10.241.189.11 (10.241.189.11) 56(84) bytes of data. --- 10.241.189.11 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4001ms rtt min/avg/max/mdev = 0.497/1.102/3.176/1.038 ms [root@osedev1 openvpn]# ping -qc5 10.241.189.11 PING 10.241.189.11 (10.241.189.11) 56(84) bytes of data. --- 10.241.189.11 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4001ms rtt min/avg/max/mdev = 0.497/1.102/3.176/1.038 ms [root@osedev1 openvpn]# ping -qc5 10.241.189.10 PING 10.241.189.10 (10.241.189.10) 56(84) bytes of data. --- 10.241.189.10 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 0.620/0.904/1.087/0.161 ms [root@osedev1 openvpn]#
- note that nothing can ping my laptop, which is probably due to firewall issues in my QubesOS, but I can ping the prod server, staging server, and the openvpn server
user@ose:~/tmp/rob$ ip a show dev tun0 12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.241.189.50/24 brd 10.241.189.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::ab81:3908:6d9a:b21/64 scope link flags 800 valid_lft forever preferred_lft forever user@ose:~/tmp/rob$ ip r default via 10.137.0.6 dev eth0 10.137.0.6 dev eth0 scope link 10.241.189.0/24 dev tun0 proto kernel scope link src 10.241.189.50 user@ose:~/tmp/rob$ ping -qc5 10.241.189.11 PING 10.241.189.11 (10.241.189.11) 56(84) bytes of data. --- 10.241.189.11 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4001ms rtt min/avg/max/mdev = 169.852/187.620/255.998/34.195 ms user@ose:~/tmp/rob$ ping -qc5 10.241.189.10 PING 10.241.189.10 (10.241.189.10) 56(84) bytes of data. --- 10.241.189.10 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4005ms rtt min/avg/max/mdev = 170.269/172.082/175.411/1.850 ms user@ose:~/tmp/rob$ ping -qc5 10.241.189.1 PING 10.241.189.1 (10.241.189.1) 56(84) bytes of data. --- 10.241.189.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4001ms rtt min/avg/max/mdev = 171.257/174.090/182.242/4.122 ms user@ose:~/tmp/rob$
- And, finally, dns is working as expected *shrug*
user@ose:~/tmp/rob$ echo "nameserver 10.241.189.1" | sudo tee /etc/resolv.confnameserver 10.241.189.1 user@ose:~/tmp/rob$ dig discourse.opensourceecology.org ; <<>> DiG 9.10.3-P4-Debian <<>> discourse.opensourceecology.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62528 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;discourse.opensourceecology.org. IN A ;; ANSWER SECTION: discourse.opensourceecology.org. 0 IN A 10.241.189.11 ;; Query time: 186 msec ;; SERVER: 10.241.189.1#53(10.241.189.1) ;; WHEN: Sat May 09 16:26:40 +0545 2020 ;; MSG SIZE rcvd: 76 user@ose:~/tmp/rob$
- And also, just in case this happens again, here's the whole output of my laptop connecting to the vpn
user@ose:~/openvpn$ sudo openvpn client.conf Sat May 9 16:13:37 2020 WARNING: file '/home/user/openvpn/username.txt' is group or others accessible Sat May 9 16:13:37 2020 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018 Sat May 9 16:13:37 2020 library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.08 Enter Auth Password: OBFUSCATED Sat May 9 16:13:52 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Enter Private Key Password: OBFUSCATED Sat May 9 16:13:54 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat May 9 16:13:54 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat May 9 16:13:54 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]195.201.233.113:1194 Sat May 9 16:13:54 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat May 9 16:13:54 2020 UDP link local: (not bound) Sat May 9 16:13:54 2020 UDP link remote: [AF_INET]195.201.233.113:1194 Sat May 9 16:13:54 2020 TLS: Initial packet from [AF_INET]195.201.233.113:1194, sid=3fed8a4d bc39e72f Sat May 9 16:13:55 2020 VERIFY OK: depth=1, CN=osedev1 Sat May 9 16:13:55 2020 Validating certificate key usage Sat May 9 16:13:55 2020 ++ Certificate has key usage 00a0, expects 00a0 Sat May 9 16:13:55 2020 VERIFY KU OK Sat May 9 16:13:55 2020 Validating certificate extended key usage Sat May 9 16:13:55 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat May 9 16:13:55 2020 VERIFY EKU OK Sat May 9 16:13:55 2020 VERIFY OK: depth=0, CN=server Sat May 9 16:13:55 2020 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Sat May 9 16:13:55 2020 [server] Peer Connection Initiated with [AF_INET]195.201.233.113:1194 Sat May 9 16:13:56 2020 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Sat May 9 16:13:57 2020 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.50 255.255.255.0,peer-id 0,cipher AES-256-GCM' Sat May 9 16:13:57 2020 OPTIONS IMPORT: timers and/or timeouts modified Sat May 9 16:13:57 2020 OPTIONS IMPORT: --ifconfig/up options modified Sat May 9 16:13:57 2020 OPTIONS IMPORT: route-related options modified Sat May 9 16:13:57 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sat May 9 16:13:57 2020 OPTIONS IMPORT: peer-id set Sat May 9 16:13:57 2020 OPTIONS IMPORT: adjusting link_mtu to 1624 Sat May 9 16:13:57 2020 OPTIONS IMPORT: data channel crypto options modified Sat May 9 16:13:57 2020 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Sat May 9 16:13:57 2020 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Sat May 9 16:13:57 2020 TUN/TAP device tun0 opened Sat May 9 16:13:57 2020 TUN/TAP TX queue length set to 100 Sat May 9 16:13:57 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sat May 9 16:13:57 2020 /sbin/ip link set dev tun0 up mtu 1500 Sat May 9 16:13:57 2020 /sbin/ip addr add dev tun0 10.241.189.50/24 broadcast 10.241.189.255 Sat May 9 16:13:57 2020 /etc/openvpn/update-resolv-conf tun0 1500 1552 10.241.189.50 255.255.255.0 init dhcp-option DNS 10.241.189.1 Sat May 9 16:13:57 2020 Initialization Sequence Completed
Fri May 08, 2020
- Rob sent me his ose-specific vpn CSR and ssh public key; I went to add this to our dev/staging server, but I wasn't sure what his username should be. I emailed him what he would prefer it to be (and I'll make the linux username consistant with his @opensourceecology.org emal address as well)
- ...
- I installed Discourse on staging again, but I'm having some issues with DNS. Manually adding this line to the /etc/hosts file worked, though
10.241.189.11 discourse.opensourceecology.org
Thr May 07, 2020
- one (minor) problem popped-up from my change at the beginning of this week: the openvpn-client service on the prod server that I use to sync with the staging server is having issues
... May 07 14:26:06 opensourceecology.org connect.sh[4930]: [server] Peer Connection Initiated with [AF_INET]195.201.233.113:1194 May 07 14:26:07 opensourceecology.org connect.sh[4930]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) May 07 14:26:07 opensourceecology.org connect.sh[4930]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.241.189.1,route 10.241.189.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.241.189.10 255.255.255.255,peer-id 1,cipher AES-256-GCM' May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: timers and/or timeouts modified May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: --ifconfig/up options modified May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: route options modified May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: peer-id set May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: adjusting link_mtu to 1624 May 07 14:26:07 opensourceecology.org connect.sh[4930]: OPTIONS IMPORT: data channel crypto options modified May 07 14:26:07 opensourceecology.org connect.sh[4930]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key May 07 14:26:07 opensourceecology.org connect.sh[4930]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key May 07 14:26:07 opensourceecology.org connect.sh[4930]: WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.255) that looks more like a netmask. (silence this warning with --ifconfig-nowarn) May 07 14:26:07 opensourceecology.org connect.sh[4930]: ROUTE_GATEWAY 138.201.84.193 May 07 14:26:07 opensourceecology.org connect.sh[4930]: TUN/TAP device tun1 opened May 07 14:26:07 opensourceecology.org connect.sh[4930]: TUN/TAP TX queue length set to 100 May 07 14:26:07 opensourceecology.org connect.sh[4930]: /sbin/ip link set dev tun1 up mtu 1500 May 07 14:26:07 opensourceecology.org connect.sh[4930]: /sbin/ip addr add dev tun1 local 10.241.189.10 peer 255.255.255.255 May 07 14:26:07 opensourceecology.org connect.sh[4930]: /sbin/ip route add 10.241.189.0/24 via 255.255.255.255 May 07 14:26:07 opensourceecology.org connect.sh[4930]: RTNETLINK answers: File exists May 07 14:26:07 opensourceecology.org systemd[1]: Got notification message from PID 4934, but reception only permitted for main PID 4930 May 07 14:26:07 opensourceecology.org connect.sh[4930]: ERROR: Linux route add command failed: external program exited with error status: 2 May 07 14:26:07 opensourceecology.org connect.sh[4930]: Initialization Sequence Completed ... (long pause) ... May 07 14:27:36 opensourceecology.org systemd[1]: openvpn-client.service start operation timed out. Terminating. May 07 14:27:36 opensourceecology.org systemd[1]: Failed to start openvpn-client.service. May 07 14:27:36 opensourceecology.org systemd[1]: Unit openvpn-client.service entered failed state. May 07 14:27:36 opensourceecology.org systemd[1]: openvpn-client.service failed.
- the vpn connects fine from my local machine, which doesn't get that error about 'ifconfig' above
- after connecting, the output of `ip a` for the tun0 interface and the routes are totally fucked for prod. Here's what they look like on my laptop
user@ose:~/openvpn$ ip a show dev tun0 3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.241.189.50 peer 10.241.189.49/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::7729:c3a2:f677:f7da/64 scope link flags 800 valid_lft forever preferred_lft forever user@ose:~/openvpn$ ip r default via 10.137.0.6 dev eth0 10.137.0.6 dev eth0 scope link 10.241.189.0/24 via 10.241.189.49 dev tun0 10.241.189.49 dev tun0 proto kernel scope link src 10.241.189.50 user@ose:~/openvpn$
- but on hetnzer2, it shows '255.255.255.0' instead of the dev server = openvpn server = 10.241.189.49
[root@opensourceecology client]# ip a show dev tun0 5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100 link/none inet 10.241.189.10 peer 255.255.255.255/32 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::d4d4:75bf:8f15:8ec5/64 scope link flags 800 valid_lft forever preferred_lft forever [root@opensourceecology client]# ip r default via 138.201.84.193 dev eth0 138.201.0.0/16 dev eth0 proto kernel scope link src 138.201.84.243 138.201.84.193 dev eth0 proto kernel scope link src 138.201.84.223 169.254.0.0/16 dev eth0 scope link metric 1002 255.255.255.255 dev tun0 proto kernel scope link src 10.241.189.10 [root@opensourceecology client]#
- it looks like our change from Monday upgraded OpenVPN from 2.4.7 to 2.4.8
[root@opensourceecology client]# grep vpn /var/tmp/CHG-2020-05-04_yum_update/before.log openvpn-2.4.7-1.el7.x86_64 [root@opensourceecology client]# grep vpn /var/tmp/CHG-2020-05-04_yum_update/after.log openvpn-2.4.8-1.el7.x86_64 [root@opensourceecology client]#
- I don't see any obvious relevant changes from 2.4.7 to 2.4.8 or fixed in 2.4.9 from the OpenVPN changelog https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
- meanwhile, the OpenVPN version on my debian-9 laptop VM is v2.4.0
user@ose:~/openvpn$ sudo openvpn --version OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018 library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.08 Originally developed by James Yonan Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_sysroot=no user@ose:~/openvpn$
- The internet seems to suggest that these settings are set by the server, not the client. I'm guessing it has to do with this helper 'server' line in the server config on the openvpn server
[root@osedev1 openvpn]# grep '255.255' /etc/openvpn/server.conf | grep -viE '^[;#]' server 10.241.189.0 255.255.255.0 [root@osedev1 openvpn]#
- this gives me bad memories from when I tried to "expand" this option in attempt to setup 2FA back in 2019-12-16 https://wiki.opensourceecology.org/wiki/Maltfield_Log/2019_Q4#Mon_Dec_16.2C_2019
- I find it very odd that our OpenVPN server is PUSHing two totally different configs to different clients. From above:
- here's the server (broken)
PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.241.189.1,route 10.241.189.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.241.189.10 255.255.255.255,peer-id 0,cipher AES-256-GCM'
- and here's my laptop (working)
PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.241.189.1,route 10.241.189.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.241.189.50 10.241.189.49,peer-id 1,cipher AES-256-GCM'
- one thing that I noted before and keep reading in the docs is that we should probably avoid using a topology of 'net30' but we are using it.. https://community.openvpn.net/openvpn/wiki/Concepts-Addressing
- in revisting my notes and that above PUSH_REPLY line, I was able to update the OpenVPN server config to the "subnet" topology. I restarted the openvpn server and was able to connect without issues from both my laptop and the prod server. it works!
- here's the same PUSH_REPLY line on my laptop now
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.50 255.255.255.0,peer-id 0,cipher AES-256-GCM'
- and on the prod server
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.10 255.255.255.255,peer-id 1,cipher AES-256-GCM'
- a benefit is that I was finally albe to add the address pool option, so that VPN clients not in the ccd are wait, err, here:
[root@osedev1 openvpn]# ls /etc/openvpn/ccd/ hetzner2 osestaging1 [root@osedev1 openvpn]# cat /etc/openvpn/ccd/hetzner2 ifconfig-push 10.241.189.10 255.255.255.255 [root@osedev1 openvpn]# cat /etc/openvpn/ccd/osestaging1 ifconfig-push 10.241.189.11 255.255.255.255 [root@osedev1 openvpn]#
- well I guess that explains where the '255.255.255.255' came from. I don't know why it's fixed though.
- I changed those ccd files to use '255.255.255.0'. I don't really understand how it was working before. Here's the updated PUSH lines
- from my laptop
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.50 255.255.255.0,peer-id 0,cipher AES-256-GCM'
- and from the prod server
PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.241.189.1,dhcp-option DNS 10.241.189.1,ping 10,ping-restart 120,ifconfig 10.241.189.10 255.255.255.0,peer-id 2,cipher AES-256-GCM'
- I restarted 'openvpn-client' on the staging server and confirmed that it worked, and I could ssh into it from my laptop over the vpn after.
- I also confirmed that I could ssh into the staging server from production over the VPN. That's the problem solved. Now we can sync!
[root@opensourceecology client]# ssh -p 32415 -i /root/.ssh/id_rsa.201910 stagingsync@10.241.189.11 Last login: Thu May 7 17:09:21 2020 from 10.241.189.10 [stagingsync@osestaging1 ~]$
- I kicked-off a sync from prod to staging. when it finished, I rebooted staging. tomorrow I'll install Discourse again on the staging server.
Tue May 05, 2020
- preparing for meeting with Rob
Mon May 04, 2020
- I'm starting this CHG * https://wiki.opensourceecology.org/wiki/CHG-2020-05-04_yum_update
- I sent an email to Marcin & Catarina
- I confirmed that the lastest backup just finsihed and was uploaded to the cloud successfully
[maltfield@opensourceecology ~]$ sudo su - [sudo] password for maltfield: Last login: Sun May 3 09:11:37 UTC 2020 on pts/51 [root@opensourceecology ~]# sudo -u b2user /home/b2user/virtualenv/bin/b2 ls ose-server-backups | grep `date "+%Y%m%d"` weekly_hetzner2_20200504_072001.tar.gpg [root@opensourceecology ~]# date Mon May 4 10:46:07 UTC 2020 [root@opensourceecology ~]#
- I created a tmp dir to track the output of this CHG
[root@opensourceecology ~]# # create dir for logging the change [root@opensourceecology ~]# tmpDir="/var/tmp/CHG-2020-05-04_yum_update" [root@opensourceecology ~]# mkdir -p $tmpDir [root@opensourceecology ~]# echo $tmpDir /var/tmp/CHG-2020-05-04_yum_update [root@opensourceecology ~]#
- I did a graceful nginx shutdown, but it happened almost immediately anyway
[root@opensourceecology ~]# # begin to gracefully shutdown nginx in the background [root@opensourceecology ~]# time nice /sbin/nginx -s quit nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 real 0m0.063s user 0m0.022s sys 0m0.021s [root@opensourceecology ~]#
- I did a spot check on some of the websites in the browser and confirmed that they were down
- I did the CHG's update and gave the server a reboot
- After it came back up, I confirmed that the new changes were applied
[root@opensourceecology ~]# uname -a Linux opensourceecology.org 3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@opensourceecology ~]# needs-restarting -r No core libraries or services have been updated. Reboot is probably not necessary. [root@opensourceecology ~]#
- there's very few packages requiring updates (untested; won't fix now)
[root@opensourceecology ~]# yum list updates Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: centosmirror.netcup.net * epel: mirrors.n-ix.net * extras: mirror.plustech.de * updates: mirror.checkdomain.de * webtatic: uk.repo.webtatic.com Updated Packages git.x86_64 1.8.3.1-22.el7_8 updates java-1.8.0-openjdk.x86_64 1:1.8.0.252.b09-2.el7_8 updates java-1.8.0-openjdk-headless.x86_64 1:1.8.0.252.b09-2.el7_8 updates perl-Git.noarch 1.8.3.1-22.el7_8 updates python2-pyrfc3339.noarch 1.1-3.el7 epel tzdata.noarch 2020a-1.el7 updates tzdata-java.noarch 2020a-1.el7 updates [root@opensourceecology ~]#
- I got a ton of OSSEC alert emails, here's just a snippet of some important changs worth documenting
OSSEC HIDS Notification. 2020 May 04 10:52:37 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/redhat-release' What changed: 1c1 < CentOS Linux release 7.4.1708 (Core) --- > CentOS Linux release 7.8.2003 (Core) Old md5sum was: '1bbbbf90102ed1317186597c4660e84a' New md5sum is : 'b1a1d6b7db44d997f3fab2ac76926e4d' Old sha1sum was: '0b2b27eb190f790ec5ff65897b3a1ef844f254c5' New sha1sum is : '7e467f233dd6e3c2fd0d132a4b6bcefb51feacd7' ... OSSEC HIDS Notification. 2020 May 04 10:52:40 Received From: opensourceecology->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): May 4 10:52:38 opensourceecology systemd: [/etc/systemd/system/openvpn-client.service:2] Failed to resolve unit specifiers on OpenVPN tunnel for %I, ignoring: Success ... OSSEC HIDS Notification. 2020 May 04 10:53:22 Received From: opensourceecology->/var/log/messages Rule: 2934 fired (level 7) -> "Yum package deleted." Portion of the log(s): May 4 10:53:21 opensourceecology yum[2275]: Erased: python2-requests-2.6.0-0.el7.noarch --END OF NOTIFICATION ... OSSEC HIDS Notification. 2020 May 04 10:53:55 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/aliases' Size changed from '1518' to '1529' What changed: 65a66 > pcp: root Old md5sum was: '1ada193c78bf43234522b18242f38f6f' New md5sum is : '852dab9087d52b29a2aa324791a07c6c' Old sha1sum was: '00527ad3fd522bf1b921583a495d614b4daa9b62' New sha1sum is : '41b96f30cc6b111373281bb4a549d252acff8d61' --END OF NOTIFICATION ... OSSEC HIDS Notification. 2020 May 04 10:59:48 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/cron.d/munin' Size changed from '113' to '391' Old md5sum was: 'dd6143262a1cca6efd1fc43ce394fc6c' New md5sum is : '9b1da6119d79e3d266716c8ccdf1aeb3' Old sha1sum was: '8dd6983e23a98caffcbf3a53da738819021fa3b6' New sha1sum is : '46a9ccb00eb7554434e93bf77f00626e9700c1f2' ... OSSEC HIDS Notification. 2020 May 04 11:00:02 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/pki/ca-trust/extracted/java/cacerts' Size changed from '183421' to '161905' Old md5sum was: '1a16e25a833b2f145f23ab03a89e974e' New md5sum is : '6761c121924e4b8177e176ab5c28300b' Old sha1sum was: 'a412fc0d7d4deb4e11357197db05507765186a6b' New sha1sum is : '7ca8eb66d22716c6ecd9afa11c38a35af54b9cae' ... OSSEC HIDS Notification. 2020 May 04 11:00:02 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' Size changed from '333944' to '261737' Old md5sum was: 'd4ec882f699c720b5aa222d3a0e9d24d' New md5sum is : '4994f73e2ae2ab307504e28a619f5b07' Old sha1sum was: '70cb08f47acca5e337601a5463b65fbf11ed0533' New sha1sum is : '3730e29b7ee1c7b28b9f2503b09bd00e98ebc0c1' ... OSSEC HIDS Notification. 2020 May 04 11:01:00 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/grub2.cfg' Old md5sum was: '92a75a7735d86e6c9a680e208f48dcb4' New md5sum is : '76a86393c5fc7ec80201114aab136281' Old sha1sum was: '1da2ac9dfd955220b81c73cff3747bd398a14350' New sha1sum is : 'ef3d1e9e520f1f805cb69fc31134d814d13b6191' ... OSSEC HIDS Notification. 2020 May 04 11:01:11 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/audit/auditd.conf' Size changed from '784' to '805' Old md5sum was: '643fcb75e59e330539c91678a2bb6454' New md5sum is : '29f4c6cd67a4ba11395a134cf7538dbd' Old sha1sum was: '6c5bd201e4d8c75d6cc4ecfd0120ecff7b128fcb' New sha1sum is : '8bc3d32d67d73cef5dc698bb5469ba373a9762d1' ... OSSEC HIDS Notification. 2020 May 04 11:13:06 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/boot/initramfs-3.10.0-693.2.2.el7.x86_64kdump.img' Size changed from '18143824' to '13462408' Old md5sum was: '89113e70f33c11b82459f1a23a7be352' New md5sum is : 'cea88b971a60233d94f1d252e2869c33' Old sha1sum was: 'caa6146072b8a98b497e0359f6b0b09e22b933ac' New sha1sum is : '221176bb260ffa6c21f6809291bd6629eb5cf3e0' ... OSSEC HIDS Notification. 2020 May 04 11:13:07 Received From: opensourceecology->syscheck Rule: 554 fired (level 10) -> "File added to the system." Portion of the log(s): New file '/boot/initramfs-3.10.0-1127.el7.x86_64.img' added to the file system. ... OSSEC HIDS Notification. 2020 May 04 11:13:11 Received From: opensourceecology->syscheck Rule: 554 fired (level 10) -> "File added to the system." Portion of the log(s): New file '/boot/.vmlinuz-3.10.0-1127.el7.x86_64.hmac' added to the file system. ... OSSEC HIDS Notification. 2020 May 04 11:13:07 Received From: opensourceecology->syscheck Rule: 554 fired (level 10) -> "File added to the system." Portion of the log(s): New file '/boot/config-3.10.0-1127.el7.x86_64' added to the file system. ... OSSEC HIDS Notification. 2020 May 04 11:13:54 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/boot/grub2/grub.cfg' Size changed from '7091' to '7946' Old md5sum was: '92a75a7735d86e6c9a680e208f48dcb4' New md5sum is : '76a86393c5fc7ec80201114aab136281' Old sha1sum was: '1da2ac9dfd955220b81c73cff3747bd398a14350' New sha1sum is : 'ef3d1e9e520f1f805cb69fc31134d814d13b6191' ... OSSEC HIDS Notification. 2020 May 04 11:13:54 Received From: opensourceecology->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/boot/grub2/grub.cfg' Size changed from '7091' to '7946' Old md5sum was: '92a75a7735d86e6c9a680e208f48dcb4' New md5sum is : '76a86393c5fc7ec80201114aab136281' Old sha1sum was: '1da2ac9dfd955220b81c73cff3747bd398a14350' New sha1sum is : 'ef3d1e9e520f1f805cb69fc31134d814d13b6191'x`
- ...
- unrelated: there was an outage with imap.gmail.com for a few hours today
- https://support.google.com/mail/thread/44318228?hl=en
- https://news.ycombinator.com/item?id=23066561
- Google's Gsuite uptime page didn't even register it, and no explination for the worldwide issue was given. Pretty shitty.
- While I was investigating, I was poking around the admin.google.com Gsuite setttings and I decided to enforce a password policy of >10 characters
Tue Apr 28, 2020
- now that I have ironed-out the commands for the yum update on prod, let me re-do them exactly on staging https://wiki.opensourceecology.org/wiki/CHG-2020-05-04_yum_update#Change_Steps
- first I did a sync
[root@opensourceecology ~]# date && time nice /root/bin/syncToStaging.sh &> /var/log/syncToStaging.log Tue Apr 28 08:40:15 UTC 2020 real 17m14.524s user 2m52.861s sys 0m34.959s [root@opensourceecology ~]#
- then rebooted staging
[root@osestaging1 ~]# reboot PolicyKit daemon disconnected from the bus. We are no longer a registered authentication agent. Connection to 10.241.189.11 closed by remote host. Connection to 10.241.189.11 closed. user@ose:~/tmp$
- the preformed the CHG
[maltfield@osestaging1 ~]$ # become root [maltfield@osestaging1 ~]$ sudo su - Last login: Mon Apr 27 20:26:09 UTC 2020 on pts/0 [root@osestaging1 ~]# [root@osestaging1 ~]# # create dir for logging the change [root@osestaging1 ~]# tmpDir="/var/tmp/CHG-2020-05-04_yum_update" [root@osestaging1 ~]# mkdir -p $tmpDir [root@osestaging1 ~]# [root@osestaging1 ~]# # begin to gracefully shutdown nginx in the background [root@osestaging1 ~]# time nice /sbin/nginx -s quit nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.openbuildinginstitute.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 nginx: [warn] conflicting server name "_" on 10.241.189.11:443, ignored real 0m0.092s user 0m0.032s sys 0m0.030s [root@osestaging1 ~]# [root@osestaging1 ~]# # first record the set of packages currently installed [root@osestaging1 ~]# time nice rpm -qa &> "${tmpDir}/before.log" real 0m1.082s user 0m0.889s sys 0m0.131s [root@osestaging1 ~]# cat $tmpDir/before.log firewalld-filesystem-0.4.4.4-6.el7.noarch kernel-headers-3.10.0-693.2.2.el7.x86_64 libevent-2.0.21-4.el7.x86_64 perl-Carp-1.26-244.el7.noarch ncurses-base-5.9-14.20130511.el7_4.noarch perl-File-Temp-0.23.01-3.el7.noarch perl-Encode-Locale-1.03-5.el7.noarch glibc-2.17-196.el7.x86_64 perl-Filter-1.49-3.el7.x86_64 python-cffi-1.6.0-5.el7.x86_64 sysvinit-tools-2.88-14.dsf.el7.x86_64 perl-Switch-2.16-7.el7.noarch libselinux-2.5-11.el7.x86_64 acl-2.2.51-12.el7.x86_64 perl-FCGI-0.74-8.el7.x86_64 libcap-2.22-9.el7.x86_64 ustr-1.0.4-16.el7.x86_64 perl-Business-ISBN-Data-20120719.001-2.el7.noarch libblkid-2.23.2-43.el7.x86_64 perl-Geo-IP-1.43-3.el7.x86_64 gmp-6.0.0-15.el7.x86_64 perl-HTTP-Cookies-6.01-5.el7.noarch libX11-1.6.5-1.el7.x86_64 php-paragonie-random-compat-2.0.18-1.el7.noarch perl-IO-Socket-SSL-1.94-6.el7.noarch shared-mime-info-1.8-3.el7.x86_64 pkcs11-helper-1.11-3.el7.x86_64 nss-pem-1.0.3-4.el7.x86_64 perl-Mozilla-CA-20130114-5.el7.noarch varnish-libs-4.0.5-1.el7.x86_64 readline-6.2-10.el7.x86_64 nginx-filesystem-1.16.1-1.el7.noarch libXi-1.7.9-1.el7.x86_64 nginx-mod-http-xslt-filter-1.16.1-1.el7.x86_64 gd-2.0.35-26.el7.x86_64 mesa-libglapi-17.0.1-6.20170307.el7.x86_64 sudo-1.8.23-4.el7.x86_64 apr-1.4.8-3.el7.x86_64 iptables-1.4.21-18.0.1.el7.centos.x86_64 liboath-2.6.2-1.el7.x86_64 ca-certificates-2017.2.14-71.el7.noarch perl-Clipboard-0.21-1.el7.1.noarch gpm-libs-1.20.7-5.el7.x86_64 ethtool-4.8-1.el7.x86_64 sqlite-3.7.17-8.el7.x86_64 pytz-2016.10-2.el7.noarch ntpdate-4.2.6p5-25.el7.centos.2.x86_64 cacti-1.2.11-1.el7.noarch perl-Data-Dumper-2.145-3.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 perl-IO-Compress-2.061-2.el7.noarch bind-libs-lite-9.9.4-51.el7.x86_64 perl-DBD-MySQL-4.023-5.el7.x86_64 php-symfony-process-2.8.12-2.el7.noarch fipscheck-1.4.1-6.el7.x86_64 libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 nmap-6.40-7.el7.x86_64 json-c-0.11-4.el7_0.x86_64 php-symfony-config-2.8.12-2.el7.noarch gettext-0.19.8.1-2.el7.x86_64 gobject-introspection-1.50.0-1.el7.x86_64 libthai-0.1.14-9.el7.x86_64 pyxattr-0.5.1-5.el7.x86_64 php-symfony-var-dumper-2.8.12-2.el7.noarch libXxf86vm-1.1.4-1.el7.x86_64 enchant-1.6.0-8.el7.x86_64 libcurl-7.29.0-42.el7.x86_64 php-password-compat-1.0.4-1.el7.noarch openldap-2.4.44-5.el7.x86_64 php-symfony-console-2.8.12-2.el7.noarch libXft-2.3.2-2.el7.x86_64 nano-2.3.1-10.el7.x86_64 rpm-python-4.11.3-25.el7.x86_64 python-repoze-lru-0.4-3.el7.noarch passwd-0.79-4.el7.x86_64 net-snmp-libs-5.7.2-28.el7_4.1.x86_64 libselinux-utils-2.5-11.el7.x86_64 python2-backports-functools_lru_cache-1.2.1-4.el7.noarch net-snmp-5.7.2-28.el7_4.1.x86_64 device-mapper-persistent-data-0.7.0-0.1.rc6.el7.x86_64 php56w-mbstring-5.6.33-1.w7.x86_64 alsa-lib-1.1.3-3.el7.x86_64 php56w-ldap-5.6.33-1.w7.x86_64 dmidecode-3.0-5.el7.x86_64 dejavu-sans-mono-fonts-2.33-6.el7.noarch glibc-devel-2.17-196.el7.x86_64 parted-3.1-28.el7.x86_64 php56w-enchant-5.6.33-1.w7.x86_64 libICE-1.0.9-9.el7.x86_64 perl-Crypt-DES-2.05-20.el7.x86_64 elfutils-default-yama-scope-0.168-8.el7.noarch rrdtool-perl-1.4.8-9.el7.x86_64 policycoreutils-2.5-17.1.el7.x86_64 mt-st-1.1-14.el7.x86_64 perl-Socket6-0.23-15.el7.x86_64 cryptsetup-libs-1.7.4-3.el7.x86_64 bacula-director-5.2.13-23.1.el7.x86_64 perl-Sys-Syslog-0.33-3.el7.x86_64 kmod-20-15.el7_4.2.x86_64 hunspell-1.3.2-15.el7.x86_64 pyliblzma-0.5.3-11.el7.x86_64 perl-Package-DeprecationManager-0.13-7.el7.noarch iputils-20160308-10.el7.x86_64 zip-3.0-11.el7.x86_64 perl-Email-Date-Format-1.002-15.el7.noarch httpd-2.4.6-67.el7.centos.2.x86_64 postfix-2.10.1-6.el7.x86_64 perl-Net-Server-2.007-2.el7.noarch device-mapper-event-1.02.140-8.el7.x86_64 perl-Package-Stash-XS-0.26-3.el7.x86_64 mesa-libEGL-17.0.1-6.20170307.el7.x86_64 fontpackages-filesystem-1.44-8.el7.noarch perl-MIME-Lite-3.030-1.el7.noarch policycoreutils-python-2.5-17.1.el7.x86_64 bzip2-1.0.6-13.el7.x86_64 perl-Mail-Sender-0.8.23-1.el7.noarch mariadb-5.5.56-2.el7.x86_64 perl-Crypt-Rijndael-1.12-1.el7.x86_64 gdisk-0.8.6-5.el7.x86_64 perl-DateTime-TimeZone-1.63-2.el7.noarch dhclient-4.2.5-58.el7.centos.x86_64 perl-Clone-0.34-5.el7.x86_64 perl-Log-Dispatch-FileRotate-1.19-13.el7.noarch git-1.8.3.1-12.el7_4.x86_64 perl-HTML-Template-2.95-1.el7.noarch plymouth-scripts-0.8.9-0.28.20140113.el7.centos.x86_64 perl-TermReadKey-2.30-20.el7.x86_64 findutils-4.5.11-5.el7.x86_64 varnish-libs-devel-4.0.5-1.el7.x86_64 fontconfig-2.10.95-11.el7.x86_64 perl-Error-0.17020-2.el7.noarch tzdata-java-2017b-1.el7.noarch pyOpenSSL-0.13.1-3.el7.x86_64 groff-base-1.22.2-8.el7.x86_64 mod_security_crs-2.2.9-1.el7.noarch python2-six-1.9.0-0.el7.noarch librsvg2-2.40.16-1.el7.x86_64 nettle-2.7.1-8.el7.x86_64 libsepol-2.5-6.el7.x86_64 snappy-1.1.0-3.el7.x86_64 gnutls-3.3.26-9.el7.x86_64 libproxy-0.4.11-10.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 python-idna-2.4-1.el7.noarch libaio-0.3.109-13.el7.x86_64 lvm2-2.02.171-8.el7.x86_64 kernel-3.10.0-693.2.2.el7.x86_64 python-zope-interface-4.0.5-4.el7.x86_64 dbus-python-1.1.1-9.el7.x86_64 libyaml-0.1.4-11.el7_0.x86_64 iptables-services-1.4.21-18.0.1.el7.centos.x86_64 setools-libs-3.3.8-1.1.el7.x86_64 ncftp-3.2.5-7.el7.x86_64 biosdevname-0.7.2-2.el7.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 nss-softokn-3.36.0-5.el7_5.x86_64 vim-enhanced-7.4.160-2.el7.x86_64 python-backports-1.0-8.el7.x86_64 gcc-c++-4.8.5-16.el7.x86_64 xz-5.2.2-1.el7.x86_64 python2-josepy-1.1.0-1.el7.noarch e2fsprogs-1.42.9-10.el7.x86_64 coreutils-8.22-18.el7.x86_64 python-requests-toolbelt-0.8.0-1.el7.noarch haveged-1.9.1-1.el7.x86_64 python-lxml-3.2.1-4.el7.x86_64 python2-psutil-2.2.1-2.el7.x86_64 java-1.8.0-openjdk-1.8.0.181-3.b13.el7_5.x86_64 python-ply-3.4-11.el7.noarch python2-iso8601-0.1.11-7.el7.noarch perl-parent-0.225-244.el7.noarch wget-1.14-15.el7.x86_64 python-virtualenv-15.1.0-2.el7.noarch btrfs-progs-4.9.1-1.el7.x86_64 libgcc-4.8.5-16.el7.x86_64 libsodium13-1.0.5-1.el7.x86_64 ncurses-5.9-14.20130511.el7_4.x86_64 grub2-pc-modules-2.02-0.64.el7.centos.noarch perl-constant-1.27-2.el7.noarch libreport-filesystem-2.1.11-38.el7.centos.x86_64 php56w-pear-1.10.4-1.w7.noarch perl-Time-HiRes-1.9725-3.el7.x86_64 bash-4.2.46-29.el7_4.x86_64 diffutils-3.3-4.el7.x86_64 perl-LWP-MediaTypes-6.02-2.el7.noarch perl-File-Path-2.09-2.el7.noarch htop-2.2.0-3.el7.x86_64 libstdc++-4.8.5-16.el7.x86_64 which-2.20-7.el7.x86_64 perl-Net-IP-1.26-4.el7.noarch perl-Pod-Simple-3.28-4.el7.noarch libcom_err-1.42.9-10.el7.x86_64 perl-File-Listing-6.04-7.el7.noarch audit-libs-2.7.6-3.el7.x86_64 libicu-50.1.2-15.el7.x86_64 perl-Net-DNS-0.72-6.el7.x86_64 freetype-2.4.11-15.el7.x86_64 libestr-0.1.9-2.el7.x86_64 perl-WWW-RobotRules-6.02-5.el7.noarch python-urlgrabber-3.10-8.el7.noarch libgcrypt-1.5.3-14.el7.x86_64 cracklib-dicts-2.9.0-11.el7.x86_64 perl-HTML-Parser-3.71-4.el7.x86_64 perl-Encode-Detect-1.01-13.el7.x86_64 libXrender-0.9.10-1.el7.x86_64 python-configobj-4.7.2-7.el7.noarch perl-IO-Socket-IP-0.21-4.el7.noarch gnupg2-2.0.22-4.el7.x86_64 libcroco-0.6.11-1.el7.x86_64 redhat-rpm-config-9.1.0-76.el7.centos.noarch centos-indexhtml-7-9.el7.centos.noarch libgomp-4.8.5-16.el7.x86_64 libev-4.15-7.el7.x86_64 make-3.82-23.el7.x86_64 nginx-mod-stream-1.16.1-1.el7.x86_64 binutils-2.25.1-32.base.el7_4.1.x86_64 gperftools-libs-2.4-8.el7.x86_64 python-slip-0.4.0-2.el7.noarch nginx-all-modules-1.16.1-1.el7.noarch perl-libs-5.16.3-292.el7.x86_64 apr-util-1.5.2-6.el7.x86_64 mutt-1.5.21-28.el7_5.x86_64 iproute-3.10.0-87.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 php-getid3-1.9.19-1.el7.noarch openssl-libs-1.0.2k-8.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 links-2.20.2-1.el7.x86_64 mariadb-libs-5.5.56-2.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 os-prober-1.58-9.el7.x86_64 python-perf-3.10.0-693.2.2.el7.x86_64 ncdu-1.14.2-2.el7.x86_64 libselinux-python-2.5-11.el7.x86_64 perl-Net-Daemon-0.48-5.el7.noarch bind-libs-9.9.4-51.el7.x86_64 php-PsrLog-1.0.2-2.el7.noarch httpd-tools-2.4.6-67.el7.centos.2.x86_64 libpipeline-1.2.3-3.el7.x86_64 php-symfony-filesystem-2.8.12-2.el7.noarch subversion-libs-1.7.14-11.el7_4.x86_64 cracklib-2.9.0-11.el7.x86_64 python-gobject-base-3.22.0-1.el7.x86_64 yum-metadata-parser-1.1.4-10.el7.x86_64 php-symfony-browser-kit-2.8.12-2.el7.noarch cpp-4.8.5-16.el7.x86_64 libuser-0.60-7.el7_1.x86_64 php-seld-cli-prompt-1.0.3-1.el7.noarch curl-7.29.0-42.el7.x86_64 crontabs-1.11-6.20121102git.el7.noarch php-IDNA_Convert-0.8.0-2.el7.noarch php-symfony-event-dispatcher-2.8.12-2.el7.noarch awstats-7.6-4.el7.noarch yum-plugin-fastestmirror-1.1.31-42.el7.noarch php56w-common-5.6.33-1.w7.x86_64 python2-jsonschema-2.5.1-3.el7.noarch vim-minimal-7.4.160-2.el7.x86_64 rootfiles-8.1-11.el7.noarch net-snmp-agent-libs-5.7.2-28.el7_4.1.x86_64 python2-texttable-1.3.1-1.el7.noarch graphite2-1.3.10-1.el7_3.x86_64 php56w-process-5.6.33-1.w7.x86_64 ntp-4.2.6p5-25.el7.centos.2.x86_64 libseccomp-2.3.1-3.el7.x86_64 sed-4.2.2-5.el7.x86_64 php56w-xml-5.6.33-1.w7.x86_64 webtatic-release-7-3.noarch jasper-libs-1.900.1-31.el7.x86_64 libacl-2.2.51-12.el7.x86_64 dejavu-fonts-common-2.33-6.el7.noarch gcc-4.8.5-16.el7.x86_64 php56w-5.6.33-1.w7.x86_64 ipset-libs-6.29-1.el7.x86_64 gdbm-1.10-8.el7.x86_64 perl-Try-Tiny-0.12-2.el7.noarch elfutils-libs-0.168-8.el7.x86_64 perl-Sub-Install-0.926-6.el7.noarch perl-Sys-CPU-0.54-4.el7.x86_64 openssh-7.4p1-12.el7_4.x86_64 perl-Params-Validate-1.08-4.el7.x86_64 perl-Date-Manip-6.41-2.el7.noarch kpartx-0.4.9-111.el7.x86_64 munin-common-2.0.33-1.el7.noarch bacula-storage-5.2.13-23.1.el7.x86_64 systemd-219-42.el7_4.1.x86_64 libutempter-1.1.6-4.el7.x86_64 perl-XML-LibXML-2.0018-5.el7.x86_64 whois-5.1.1-2.el7.x86_64 initscripts-9.49.39-1.el7.x86_64 perl-DateTime-Locale-0.45-6.el7.noarch grub2-tools-minimal-2.02-0.64.el7.centos.x86_64 perl-IO-Multiplex-1.13-6.el7.noarch xorg-x11-font-utils-7.5-20.el7.x86_64 lvm2-libs-2.02.171-8.el7.x86_64 perl-Net-CIDR-0.18-1.el7.noarch grub2-tools-2.02-0.64.el7.centos.x86_64 perl-MIME-Types-1.38-2.el7.noarch perl-File-Copy-Recursive-0.38-14.el7.noarch rsync-3.0.9-18.el7.x86_64 perl-Class-Singleton-1.4-14.el7.noarch perl-Digest-MD5-2.52-3.el7.x86_64 dracut-network-033-502.el7.x86_64 perl-Log-Dispatch-2.41-1.el7.1.noarch xclip-0.12-5.el7.x86_64 selinux-policy-3.13.1-166.el7_4.4.noarch popt-1.13-16.el7.x86_64 perl-Log-Log4perl-1.42-2.el7.noarch perl-Term-ReadLine-Gnu-1.26-2.el7.x86_64 plymouth-0.8.9-0.28.20140113.el7.centos.x86_64 setup-2.8.71-7.el7.noarch python-libs-2.7.5-69.el7_5.x86_64 kpcli-2.7-3.el7.noarch cairo-1.14.8-2.el7.x86_64 python2-future-0.16.0-6.el7.noarch kbd-misc-1.15.5-13.el7.noarch hostname-3.13-3.el7.x86_64 pakchois-0.4-10.el7.x86_64 php-pear-Mail-Mime-1.10.2-1.el7.noarch libmodman-2.0.1-8.el7.x86_64 mariadb-server-5.5.56-2.el7.x86_64 python2-uritemplate-3.0.0-1.el7.noarch python2-gflags-2.0-5.el7.noarch perl-Socket-2.010-4.el7.x86_64 rsyslog-8.24.0-12.el7.x86_64 librsync-1.0.0-1.el7.x86_64 openssh-server-7.4p1-12.el7_4.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 pexpect-2.3-11.el7.noarch nspr-4.19.0-1.el7_5.x86_64 python-ipaddress-1.0.16-2.el7.noarch mdadm-4.0-5.el7.x86_64 trickle-1.07-19.el7.x86_64 nss-sysinit-3.36.0-5.el7_5.x86_64 python-zope-component-4.1.0-3.el7.noarch ipset-6.29-1.el7.x86_64 file-libs-5.11-33.el7.x86_64 python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch iprutils-2.4.14.1-1.el7.x86_64 python-ndg_httpsclient-0.3.2-1.el7.noarch python2-requests-2.6.0-0.el7.noarch python-pycparser-2.14-1.el7.noarch python-javapackages-3.4.1-11.el7.noarch python2-pyrfc3339-1.0-2.el7.noarch bind-utils-9.9.4-51.el7.x86_64 mailx-12.5-16.el7.x86_64 libffi-3.0.13-18.el7.x86_64 python-httplib2-0.9.2-1.el7.noarch perl-Digest-SHA-5.85-4.el7.x86_64 perl-Pod-Perldoc-3.20-4.el7.noarch perl-Pod-Usage-1.63-3.el7.noarch bind-license-9.9.4-51.el7.noarch perl-Exporter-5.68-3.el7.noarch xfsprogs-4.5.0-12.el7.x86_64 procmail-3.22-36.el7.x86_64 php56w-pecl-libsodium-1.0.6-1.w7.x86_64 perl-Time-Local-1.2300-2.el7.noarch yum-cron-3.4.3-154.el7.centos.noarch linux-firmware-20170606-56.gitc990aae.el7.noarch php-PHPMailer-5.2.27-1.el7.noarch perl-PathTools-3.40-5.el7.x86_64 ssldump-0.9-0.9.b3.el7.x86_64 glibc-common-2.17-196.el7.x86_64 perl-threads-shared-1.43-6.el7.x86_64 perl-Net-LibIDN-0.12-15.el7.x86_64 ncurses-libs-5.9-14.20130511.el7_4.x86_64 perl-Getopt-Long-2.40-2.el7.noarch less-458-9.el7.x86_64 perl-HTTP-Date-6.02-8.el7.noarch chkconfig-1.7.4-1.el7.x86_64 ntfs-3g-2017.3.23-11.el7.x86_64 perl-Digest-HMAC-1.03-5.el7.noarch qrencode-libs-3.4.1-3.el7.x86_64 perl-URI-1.60-9.el7.noarch grep-2.20-3.el7.x86_64 python-pycurl-7.19.0-19.el7.x86_64 perl-HTTP-Message-6.06-6.el7.noarch cpio-2.11-25.el7_4.x86_64 mozjs17-17.0.0-19.el7.x86_64 python-iniparse-0.4-9.el7.noarch perl-HTTP-Negotiate-6.01-5.el7.noarch libmount-2.23.2-43.el7.x86_64 pinentry-0.8.1-17.el7.x86_64 perl-libwww-perl-6.05-2.el7.noarch openvpn-2.4.7-1.el7.x86_64 dwz-0.11-3.el7.x86_64 libsemanage-2.5-8.el7.x86_64 php-justinrainbow-json-schema5-5.2.9-1.el7.noarch varnish-4.0.5-1.el7.x86_64 gzip-1.5-9.el7.x86_64 nginx-mod-http-image-filter-1.16.1-1.el7.x86_64 kernel-3.10.0-327.18.2.el7.x86_64 libunwind-1.2-2.el7.x86_64 e2fsprogs-libs-1.42.9-10.el7.x86_64 nginx-mod-http-perl-1.16.1-1.el7.x86_64 perl-macros-5.16.3-292.el7.x86_64 dbus-libs-1.6.12-17.el7.x86_64 urlview-0.9-15.20121210git6cfcad.el7.x86_64 libtasn1-4.10-1.el7.x86_64 jbigkit-libs-2.0-11.el7.x86_64 nload-0.7.4-4.el7.x86_64 krb5-libs-1.15.1-8.el7.x86_64 dbus-1.6.12-17.el7.x86_64 php-composer-semver-1.5.1-1.el7.noarch openssl-1.0.2k-8.el7.x86_64 polkit-pkla-compat-0.1-4.el7.x86_64 php-composer-spdx-licenses-1.5.3-1.el7.noarch libsemanage-python-2.5-8.el7.x86_64 libassuan-2.1.0-3.el7.x86_64 libpciaccess-0.13.4-3.el7_3.x86_64 composer-1.10.5-1.el7.noarch perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 pkgconfig-0.27.1-4.el7.x86_64 python-linux-procfs-0.4.9-3.el7.noarch perl-PlRPC-0.2020-14.el7.noarch php-symfony-class-loader-2.8.12-2.el7.noarch libc-client-2007f-16.el7.x86_64 gpg-pubkey-352c64e5-52ae6884 php-symfony-finder-2.8.12-2.el7.noarch libXtst-1.2.3-1.el7.x86_64 gpg-pubkey-11f63c51-3c7dc11d php-symfony-dom-crawler-2.8.12-2.el7.noarch libXpm-3.5.12-1.el7.x86_64 php-symfony-dependency-injection-2.8.12-2.el7.noarch grubby-8.28-23.el7.x86_64 php-jsonlint-1.6.1-1.el7.noarch rpm-libs-4.11.3-25.el7.x86_64 php-simplepie-1.3.1-4.el7.noarch php-symfony-http-foundation-2.8.12-2.el7.noarch libXcomposite-0.4.4-4.1.el7.x86_64 p7zip-16.02-10.el7.x86_64 python2-cached_property-1.3.0-7.el7.noarch lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64 tar-1.26-32.el7.x86_64 kernel-3.10.0-514.26.2.el7.x86_64 net-snmp-utils-5.7.2-28.el7_4.1.x86_64 harfbuzz-1.3.2-1.el7.x86_64 php56w-pdo-5.6.33-1.w7.x86_64 libpcap-1.5.3-9.el7.x86_64 gpg-pubkey-62e74ca5-539c878e php56w-intl-5.6.33-1.w7.x86_64 gdk-pixbuf2-2.36.5-1.el7.x86_64 libidn-1.28-4.el7.x86_64 libfastjson-0.99.4-2.el7.x86_64 webmin-1.850-1.noarch libnfnetlink-1.0.1-4.el7.x86_64 perl-List-MoreUtils-0.33-9.el7.x86_64 vim-common-7.4.160-2.el7.x86_64 bacula-libs-5.2.13-23.1.el7.x86_64 sysstat-10.1.5-12.el7.x86_64 systemd-libs-219-42.el7_4.1.x86_64 autogen-libopts-5.18-5.el7.x86_64 perl-Module-Implementation-0.06-6.el7.noarch dhcp-libs-4.2.5-58.el7.centos.x86_64 perl-Sys-MemInfo-0.91-7.el7.x86_64 perl-Params-Util-1.07-6.el7.x86_64 device-mapper-libs-1.02.140-8.el7.x86_64 bacula-client-5.2.13-23.1.el7.x86_64 perl-XML-SAX-0.99-9.el7.noarch dracut-033-502.el7.x86_64 libXext-1.3.3-3.el7.x86_64 perl-IO-Socket-INET6-2.69-5.el7.noarch device-mapper-event-libs-1.02.140-8.el7.x86_64 libSM-1.2.2-2.el7.x86_64 perl-Cache-Cache-1.06-12.el7.noarch grub2-tools-extra-2.02-0.64.el7.centos.x86_64 libmpc-1.0.1-3.el7.x86_64 perl-MailTools-2.12-2.el7.noarch mesa-libGL-17.0.1-6.20170307.el7.x86_64 perl-Class-Load-0.20-3.el7.noarch grub2-pc-2.02-0.64.el7.centos.x86_64 kernel-devel-3.10.0-514.26.2.el7.x86_64 xorg-x11-fonts-Type1-7.5-9.el7.noarch perl-Taint-Runtime-0.03-19.el7.x86_64 cronie-anacron-1.4.11-17.el7.x86_64 perl-Digest-1.17-245.el7.noarch munin-node-2.0.33-1.el7.noarch trousers-0.3.14-2.el7.x86_64 perl-File-KeePass-2.03-10.el7.noarch screen-4.1.0-0.23.20120314git3c2946.el7_2.x86_64 basesystem-10.0-7.el7.centos.noarch perl-Mail-Sendmail-0.79-21.el7.noarch openssh-clients-7.4p1-12.el7_4.x86_64 libXmu-1.1.2-2.el7.x86_64 GeoIP-1.5.0-11.el7.x86_64 perl-XML-DOM-1.44-19.el7.noarch virt-what-1.13-10.el7.x86_64 perl-Capture-Tiny-0.24-1.el7.noarch libgpg-error-1.12-3.el7.x86_64 python-pyudev-0.15-9.el7.noarch perl-Sort-Naturally-1.03-8.el7.noarch filesystem-3.2-21.el7.x86_64 python-2.7.5-69.el7_5.x86_64 pango-1.40.4-1.el7.x86_64 python2-parsedatetime-2.4-5.el7.noarch tcp_wrappers-libs-7.6-77.el7.x86_64 kbd-1.15.5-13.el7.x86_64 mod_evasive-1.10.1-22.el7.x86_64 python-chardet-2.2.1-1.el7_1.noarch selinux-policy-targeted-3.13.1-166.el7_4.4.noarch zlib-1.2.7-17.el7.x86_64 python2-mock-1.0.1-9.el7.noarch hardlink-1.0-19.el7.x86_64 python2-pyasn1-modules-0.1.9-7.el7.noarch python-GnuPGInterface-0.3.2-11.el7.noarch subversion-1.7.14-11.el7_4.x86_64 irqbalance-1.0.7-10.el7.x86_64 expat-2.1.0-10.el7_3.x86_64 chrony-3.1-2.el7.centos.x86_64 gawk-4.0.2-4.el7_3.1.x86_64 nss-util-3.36.0-1.el7_5.x86_64 grub2-tools-efi-2.02-0.64.el7.centos.x86_64 python-zope-event-4.0.3-2.el7.noarch nss-3.36.0-5.el7_5.x86_64 libXt-1.1.5-3.el7.x86_64 python-augeas-0.5.0-2.el7.noarch file-5.11-33.el7.x86_64 python-setuptools-0.9.8-7.el7.noarch tcpdump-4.9.0-5.el7.x86_64 python-urllib3-1.10.2-5.el7.noarch php56w-mysql-5.6.31-1.w7.x86_64 python2-acme-0.25.1-1.el7.noarch man-db-2.6.3-9.el7.x86_64 yum-3.4.3-158.el7.centos.noarch shadow-utils-4.1.5.1-24.el7.x86_64 javapackages-tools-3.4.1-11.el7.noarch python2-dialog-3.3.0-6.el7.noarch tuned-2.9.0-1.el7.noarch perl-Net-SSLeay-1.55-6.el7.x86_64 python2-keyring-5.0-3.el7.noarch perl-podlators-2.5.1-3.el7.noarch perl-Pod-Escapes-1.04-292.el7.noarch libxshmfence-1.2-1.el7.x86_64 php56w-pecl-xdebug-2.5.5-2.w7.x86_64 perl-Encode-2.51-7.el7.x86_64 centos-release-7-4.1708.el7.centos.x86_64 python2-certbot-0.26.1-2.el7.noarch perl-Storable-2.45-3.el7.x86_64 augeas-libs-1.4.0-2.el7_4.1.x86_64 vim-filesystem-7.4.160-2.el7.x86_64 info-5.1-4.el7.x86_64 hunspell-en-US-0.20121024-6.el7.noarch kbd-legacy-1.15.5-13.el7.noarch php56w-pecl-geoip-1.1.1-1.w7.x86_64 perl-Scalar-List-Utils-1.27-248.el7.x86_64 libsodium-1.0.17-1.el7.x86_64 libedit-3.0-12.20121213cvs.el7.x86_64 perl-HTML-Tagset-3.20-15.el7.noarch perl-threads-1.87-4.el7.x86_64 pcre-8.32-17.el7.x86_64 lzo-2.06-8.el7.x86_64 perl-TimeDate-2.30-2.el7.noarch libdb-5.3.21-20.el7.x86_64 perl-CGI-3.63-4.el7.noarch libuuid-2.23.2-43.el7.x86_64 libmnl-1.0.3-7.el7.x86_64 perl-Business-ISBN-2.06-2.el7.noarch php-fedora-autoloader-1.0.0-1.el7.noarch elfutils-libelf-0.168-8.el7.x86_64 perl-IO-HTML-1.00-2.el7.noarch libxcb-1.12-1.el7.x86_64 perl-HTTP-Daemon-6.01-5.el7.noarch glib2-2.50.3-3.el7.x86_64 perl-Net-HTTP-6.06-2.el7.noarch lz4-1.7.5-3.el7.x86_64 perl-srpm-macros-1-8.el7.noarch perl-LWP-Protocol-https-6.04-4.el7.noarch cyrus-sasl-lib-2.1.26-21.el7.x86_64 gpgme-1.3.2-5.el7.x86_64 jemalloc-3.6.0-1.el7.x86_64 nginx-mod-mail-1.16.1-1.el7.x86_64 p11-kit-0.23.5-3.el7.x86_64 lksctp-tools-1.0.17-2.el7.x86_64 nginx-1.16.1-1.el7.x86_64 logrotate-3.8.6-14.el7.x86_64 pixman-0.34.0-1.el7.x86_64 tokyocabinet-1.4.48-3.el7.x86_64 perl-5.16.3-292.el7.x86_64 mailcap-2.1.41-2.el7.noarch oathtool-2.6.2-1.el7.x86_64 p11-kit-trust-0.23.5-3.el7.x86_64 epel-release-7-11.noarch php-seld-phar-utils-1.0.2-1.el7.noarch libpng-1.5.13-7.el7_2.x86_64 polkit-0.112-12.el7_3.x86_64 pciutils-libs-3.5.1-2.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libzip-0.10.1-8.el7.x86_64 php-composer-xdebug-handler-1.4.1-1.el7.noarch audit-libs-python-2.7.6-3.el7.x86_64 php-composer-ca-bundle-1.2.7-1.el7.noarch pyparsing-1.5.6-9.el7.noarch perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 ebtables-2.0.10-15.el7.x86_64 python-schedutils-0.4-6.el7.x86_64 php-symfony-common-2.8.12-2.el7.noarch perl-DBI-1.627-4.el7.x86_64 fipscheck-lib-1.4.1-6.el7.x86_64 php-symfony-yaml-2.8.12-2.el7.noarch nmap-ncat-6.40-7.el7.x86_64 gettext-libs-0.19.8.1-2.el7.x86_64 php-symfony-debug-2.8.12-2.el7.noarch libgnome-keyring-3.12.0-1.el7.x86_64 centos-logos-70.0.6-3.el7.centos.noarch php-symfony-css-selector-2.8.12-2.el7.noarch libXfixes-5.0.3-1.el7.x86_64 php-symfony-expression-language-2.8.12-2.el7.noarch libdb-utils-5.3.21-20.el7.x86_64 libxslt-1.1.28-5.el7.x86_64 libXdamage-1.1.4-4.1.el7.x86_64 rpm-4.11.3-25.el7.x86_64 pygpgme-0.3-9.el7.x86_64 php-symfony-polyfill-1.5.0-1.el7.noarch t1lib-5.1.2-14.el7.x86_64 php-symfony-http-kernel-2.8.12-2.el7.noarch rpm-build-libs-4.11.3-25.el7.x86_64 libss-1.42.9-10.el7.x86_64 php56w-cli-5.6.33-1.w7.x86_64 python2-docopt-0.6.2-7.el7.noarch libstdc++-devel-4.8.5-16.el7.x86_64 php56w-snmp-5.6.33-1.w7.x86_64 kmod-libs-20-15.el7_4.2.x86_64 php56w-imap-5.6.33-1.w7.x86_64 lsscsi-0.27-6.el7.x86_64 php56w-gd-5.6.33-1.w7.x86_64 yum-plugin-replace-0.2.7-1.ius.el7.noarch glibc-headers-2.17-196.el7.x86_64 rrdtool-1.4.8-9.el7.x86_64 kernel-tools-libs-3.10.0-693.2.2.el7.x86_64 libunistring-0.9.3-9.el7.x86_64 perl-Digest-SHA1-2.13-9.el7.x86_64 libfontenc-1.1.3-3.el7.x86_64 perl-XML-SAX-Base-1.08-7.el7.noarch bacula-common-5.2.13-23.1.el7.x86_64 util-linux-2.23.2-43.el7.x86_64 libverto-0.2.5-4.el7.x86_64 perl-Module-Runtime-0.013-4.el7.noarch bacula-libs-sql-5.2.13-23.1.el7.x86_64 procps-ng-3.3.10-16.el7.x86_64 pth-2.0.7-23.el7.x86_64 perl-Net-SNMP-6.0.1-7.el7.noarch logwatch-7.4.0-32.20130522svn140.el7.noarch device-mapper-1.02.140-8.el7.x86_64 libpwquality-1.2.3-4.el7.x86_64 perl-XML-NamespaceSupport-1.11-10.el7.noarch bacula-console-5.2.13-23.1.el7.x86_64 unzip-6.0-16.el7.x86_64 libdrm-2.4.74-1.el7.x86_64 perl-Data-OptList-0.107-9.el7.noarch systemd-sysv-219-42.el7_4.1.x86_64 kernel-3.10.0-327.13.1.el7.x86_64 perl-IPC-ShareLite-0.17-12.el7.x86_64 giflib-4.1.6-9.el7.x86_64 mpfr-3.1.1-4.el7.x86_64 mod_ssl-2.4.6-67.el7.centos.2.x86_64 perl-Net-SMTP-SSL-1.01-13.el7.noarch mesa-libgbm-17.0.1-6.20170307.el7.x86_64 perl-Package-Stash-0.34-2.el7.noarch ttmkfdir-3.0.9-42.el7.x86_64 libcgroup-0.41-13.el7.x86_64 perl-DBD-Pg-2.19.3-4.el7.x86_64 mod_security-2.7.3-5.el7.x86_64 cronie-1.4.11-17.el7.x86_64 hdparm-9.43-5.el7.x86_64 perl-XML-Parser-2.41-10.el7.x86_64 dhcp-common-4.2.5-58.el7.centos.x86_64 perl-DateTime-1.04-6.el7.x86_64 perl-Git-1.8.3.1-12.el7_4.noarch perl-XML-RegExp-0.04-2.el7.noarch perl-Term-ShellUI-0.92-2.el7.noarch plymouth-core-libs-0.8.9-0.28.20140113.el7.centos.x86_64 munin-2.0.33-1.el7.noarch perl-version-0.99.07-2.el7.x86_64 lyx-fonts-2.2.3-1.el7.noarch libcap-ng-0.7.5-4.el7.x86_64 php56w-pecl-apcu-4.0.11-2.w7.x86_64 python-six-1.9.0-2.el7.noarch copy-jdk-configs-2.2-3.el7.noarch python-sqlalchemy-0.9.8-2.el7.x86_64 tzdata-2017b-1.el7.noarch lsof-4.87-4.el7.x86_64 dbus-glib-0.100-7.el7.x86_64 kexec-tools-2.0.14-17.el7.x86_64 numactl-libs-2.0.9-6.el7_2.x86_64 python2-configargparse-0.11.0-1.el7.noarch neon-0.30.0-3.el7.x86_64 grub2-2.02-0.64.el7.centos.x86_64 python-lockfile-0.9.1-4.el7.centos.noarch python2-pyasn1-0.1.9-7.el7.noarch audit-2.7.6-3.el7.x86_64 checkpolicy-2.5-4.el7.x86_64 hwdata-0.252-8.6.el7.x86_64 PyYAML-3.10-11.el7.x86_64 acpid-2.0.19-8.el7.x86_64 lua-5.1.4-15.el7.x86_64 nss-softokn-freebl-3.36.0-5.el7_5.x86_64 libXfont-1.5.2-1.el7.x86_64 python-decorator-3.4.0-3.el7.noarch kernel-tools-3.10.0-693.2.2.el7.x86_64 libtiff-4.0.3-27.el7_3.x86_64 python2-cryptography-1.7.2-2.el7.x86_64 python-requests-2.6.0-1.el7_1.noarch pam-1.1.8-18.el7.x86_64 python-IPy-0.75-6.el7.noarch postgresql-libs-9.2.23-1.el7_4.x86_64 gpg-pubkey-f4a80eb5-53a7ff4b java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el7_5.x86_64 dialog-1.2-4.20130523.el7.x86_64 nss-tools-3.36.0-5.el7_5.x86_64 python-enum34-1.0.4-1.el7.noarch perl-HTTP-Tiny-0.033-3.el7.noarch python-devel-2.7.5-69.el7_5.x86_64 kernel-devel-3.10.0-693.2.2.el7.x86_64 perl-Text-ParseWords-3.29-4.el7.noarch grub2-common-2.02-0.64.el7.centos.noarch telnet-0.17-64.el7.x86_64 certbot-0.26.1-2.el7.noarch libX11-common-1.6.5-1.el7.noarch [root@osestaging1 ~]# [root@osestaging1 ~]# # install yum-utils [root@osestaging1 ~]# time nice yum -y install yum-utils-1.1.31-53.el7 &> "${tmpDir}/yum-utils.log" real 0m11.383s user 0m3.010s sys 0m1.242s [root@osestaging1 ~]# cat $tmpDir/yum-utils.log Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: mirror.plustech.de * epel: mirrors.n-ix.net * extras: mirror.alpix.eu * updates: linux.darkpenguin.net * webtatic: uk.repo.webtatic.com Resolving Dependencies --> Running transaction check ---> Package yum-utils.noarch 0:1.1.31-53.el7 will be installed --> Processing Dependency: python-kitchen for package: yum-utils-1.1.31-53.el7.noarch --> Processing Dependency: libxml2-python for package: yum-utils-1.1.31-53.el7.noarch --> Running transaction check ---> Package libxml2-python.x86_64 0:2.9.1-6.el7.4 will be installed --> Processing Dependency: libxml2 = 2.9.1-6.el7.4 for package: libxml2-python-2.9.1-6.el7.4.x86_64 ---> Package python-kitchen.noarch 0:1.1.1-5.el7 will be installed --> Running transaction check ---> Package libxml2.x86_64 0:2.9.1-6.el7_2.3 will be updated ---> Package libxml2.x86_64 0:2.9.1-6.el7.4 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: yum-utils noarch 1.1.31-53.el7 base 122 k Installing for dependencies: libxml2-python x86_64 2.9.1-6.el7.4 base 247 k python-kitchen noarch 1.1.1-5.el7 base 267 k Updating for dependencies: libxml2 x86_64 2.9.1-6.el7.4 base 668 k Transaction Summary ================================================================================ Install 1 Package (+2 Dependent packages) Upgrade ( 1 Dependent package) Total download size: 1.3 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. -------------------- Total 3.8 MB/s | 1.3 MB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : python-kitchen-1.1.1-5.el7.noarch 1/5 Updating : libxml2-2.9.1-6.el7.4.x86_64 2/5 Installing : libxml2-python-2.9.1-6.el7.4.x86_64 3/5 Installing : yum-utils-1.1.31-53.el7.noarch 4/5 Cleanup : libxml2-2.9.1-6.el7_2.3.x86_64 5/5 Verifying : libxml2-2.9.1-6.el7.4.x86_64 1/5 Verifying : yum-utils-1.1.31-53.el7.noarch 2/5 Verifying : libxml2-python-2.9.1-6.el7.4.x86_64 3/5 Verifying : python-kitchen-1.1.1-5.el7.noarch 4/5 Verifying : libxml2-2.9.1-6.el7_2.3.x86_64 5/5 Installed: yum-utils.noarch 0:1.1.31-53.el7 Dependency Installed: libxml2-python.x86_64 0:2.9.1-6.el7.4 python-kitchen.noarch 0:1.1.1-5.el7 Dependency Updated: libxml2.x86_64 0:2.9.1-6.el7.4 Complete! [root@osestaging1 ~]# [root@osestaging1 ~]# # update packages [root@osestaging1 ~]# time nice yum -y update-to GeoIP-1.5.0-14.el7 acl-2.2.51-15.el7 acpid-2.0.19-9.el7 alsa-lib-1.1.8-1.el7 apr-1.4.8-5.el7 audit-2.8.5-4.el7 audit-libs-2.8.5-4.el7 audit-libs-python-2.8.5-4.el7 augeas-libs-1.4.0-9.el7_7.1 awstats-7.7-1.el7 bash-4.2.46-34.el7 bind-libs-9.11.4-16.P2.el7_8.2 bind-libs-lite-9.11.4-16.P2.el7_8.2 bind-license-9.11.4-16.P2.el7_8.2 bind-utils-9.11.4-16.P2.el7_8.2 binutils-2.27-43.base.el7 biosdevname-0.7.3-2.el7 ca-certificates-2019.2.32-76.el7_7 cairo-1.15.12-4.el7 centos-release-7-8.2003.0.el7.centos certbot-1.3.0-1.el7 checkpolicy-2.5-8.el7 chrony-3.4-1.el7 copy-jdk-configs-3.3-10.el7_5 coreutils-8.22-24.el7 cpio-2.11-27.el7 cpp-4.8.5-39.el7 cronie-1.4.11-23.el7 cronie-anacron-1.4.11-23.el7 cryptsetup-libs-2.0.3-6.el7 curl-7.29.0-57.el7 cyrus-sasl-lib-2.1.26-23.el7 dbus-1.10.24-13.el7_6 dbus-libs-1.10.24-13.el7_6 device-mapper-1.02.164-7.el7_8.1 device-mapper-event-1.02.164-7.el7_8.1 device-mapper-event-libs-1.02.164-7.el7_8.1 device-mapper-libs-1.02.164-7.el7_8.1 device-mapper-persistent-data-0.8.5-2.el7 dhclient-4.2.5-79.el7.centos dhcp-common-4.2.5-79.el7.centos dhcp-libs-4.2.5-79.el7.centos dialog-1.2-5.20130523.el7 diffutils-3.3-5.el7 dmidecode-3.2-3.el7 dracut-033-568.el7 dracut-network-033-568.el7 e2fsprogs-1.42.9-17.el7 e2fsprogs-libs-1.42.9-17.el7 ebtables-2.0.10-16.el7 elfutils-default-yama-scope-0.176-4.el7 elfutils-libelf-0.176-4.el7 elfutils-libs-0.176-4.el7 epel-release-7-12 ethtool-4.8-10.el7 expat-2.1.0-11.el7 file-5.11-36.el7 file-libs-5.11-36.el7 filesystem-3.2-25.el7 findutils-4.5.11-6.el7 firewalld-filesystem-0.6.3-8.el7_8.1 fontconfig-2.13.0-4.3.el7 freetype-2.8-14.el7 gcc-4.8.5-39.el7 gcc-c++-4.8.5-39.el7 gdisk-0.8.10-3.el7 gdk-pixbuf2-2.36.12-3.el7 gettext-0.19.8.1-3.el7 gettext-libs-0.19.8.1-3.el7 git-1.8.3.1-21.el7_7 glib2-2.56.1-5.el7 glibc-2.17-307.el7.1 glibc-common-2.17-307.el7.1 glibc-devel-2.17-307.el7.1 glibc-headers-2.17-307.el7.1 gnupg2-2.0.22-5.el7_5 gnutls-3.3.29-9.el7_6 gobject-introspection-1.56.1-1.el7 gperftools-libs-2.6.1-1.el7 gpm-libs-1.20.7-6.el7 grub2-2.02-0.81.el7.centos grub2-common-2.02-0.81.el7.centos grub2-pc-2.02-0.81.el7.centos grub2-pc-modules-2.02-0.81.el7.centos grub2-tools-2.02-0.81.el7.centos grub2-tools-extra-2.02-0.81.el7.centos grub2-tools-minimal-2.02-0.81.el7.centos grubby-8.28-26.el7 gzip-1.5-10.el7 harfbuzz-1.7.5-2.el7 hostname-3.13-3.el7_7.1 httpd-2.4.6-93.el7.centos httpd-tools-2.4.6-93.el7.centos hwdata-0.252-9.5.el7 info-5.1-5.el7 initscripts-9.49.49-1.el7 iproute-4.11.0-25.el7_7.2 iprutils-2.4.17.1-3.el7_7 ipset-7.1-1.el7 ipset-libs-7.1-1.el7 iptables-1.4.21-34.el7 iptables-services-1.4.21-34.el7 irqbalance-1.0.7-12.el7 jasper-libs-1.900.1-33.el7 java-1.8.0-openjdk-1.8.0.242.b08-1.el7 java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7 kbd-1.15.5-15.el7 kbd-legacy-1.15.5-15.el7 kbd-misc-1.15.5-15.el7 kernel-3.10.0-1127.el7 kernel-devel-3.10.0-1127.el7 kernel-headers-3.10.0-1127.el7 kernel-tools-3.10.0-1127.el7 kernel-tools-libs-3.10.0-1127.el7 kexec-tools-2.0.15-43.el7 kmod-20-28.el7 kmod-libs-20-28.el7 kpartx-0.4.9-131.el7 krb5-libs-1.15.1-46.el7 libX11-1.6.7-2.el7 libX11-common-1.6.7-2.el7 libXfont-1.5.4-1.el7 libacl-2.2.51-15.el7 libattr-2.4.46-13.el7 libblkid-2.23.2-63.el7 libcap-2.22-11.el7 libcgroup-0.41-21.el7 libcom_err-1.42.9-17.el7 libcroco-0.6.12-4.el7 libcurl-7.29.0-57.el7 libdb-5.3.21-25.el7 libdb-utils-5.3.21-25.el7 libdrm-2.4.97-2.el7 libfastjson-0.99.4-3.el7 libffi-3.0.13-19.el7 libgcc-4.8.5-39.el7 libgomp-4.8.5-39.el7 libicu-50.2-4.el7_7 libjpeg-turbo-1.2.90-8.el7 libmount-2.23.2-63.el7 libpcap-1.5.3-12.el7 libpciaccess-0.14-1.el7 libproxy-0.4.11-11.el7 libpwquality-1.2.3-5.el7 libreport-filesystem-2.1.11-53.el7.centos librsvg2-2.40.20-1.el7 librsync-2.0.2-1.el7 libseccomp-2.3.1-4.el7 libselinux-2.5-15.el7 libselinux-python-2.5-15.el7 libselinux-utils-2.5-15.el7 libsemanage-2.5-14.el7 libsemanage-python-2.5-14.el7 libsepol-2.5-10.el7 libsodium-1.0.18-1.el7 libss-1.42.9-17.el7 libssh2-1.8.0-3.el7 libstdc++-4.8.5-39.el7 libstdc++-devel-4.8.5-39.el7 libtiff-4.0.3-32.el7 libuser-0.60-9.el7 libuuid-2.23.2-63.el7 libxcb-1.13-1.el7 libxml2-2.9.1-6.el7.4 linux-firmware-20191203-76.gite8a0f4c.el7 lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7 logrotate-3.8.6-19.el7 logwatch-7.4.0-35.20130522svn140.el7_5 lsof-4.87-6.el7 lvm2-2.02.186-7.el7_8.1 lvm2-libs-2.02.186-7.el7_8.1 mailx-12.5-19.el7 make-3.82-24.el7 man-db-2.6.3-11.el7 mariadb-5.5.65-1.el7 mariadb-libs-5.5.65-1.el7 mariadb-server-5.5.65-1.el7 mdadm-4.1-4.el7 mesa-libEGL-18.3.4-7.el7 mesa-libGL-18.3.4-7.el7 mesa-libgbm-18.3.4-7.el7 mesa-libglapi-18.3.4-7.el7 mod_security-2.9.2-1.el7 mod_ssl-2.4.6-93.el7.centos mozjs17-17.0.0-20.el7 munin-2.0.54-1.el7 munin-common-2.0.54-1.el7 munin-node-2.0.54-1.el7 mutt-1.5.21-29.el7 neon-0.30.0-4.el7 net-snmp-5.7.2-48.el7_8 net-snmp-agent-libs-5.7.2-48.el7_8 net-snmp-libs-5.7.2-48.el7_8 net-snmp-utils-5.7.2-48.el7_8 nmap-6.40-19.el7 nmap-ncat-6.40-19.el7 nspr-4.21.0-1.el7 nss-3.44.0-7.el7_7 nss-pem-1.0.3-7.el7 nss-softokn-3.44.0-8.el7_7 nss-softokn-freebl-3.44.0-8.el7_7 nss-sysinit-3.44.0-7.el7_7 nss-tools-3.44.0-7.el7_7 nss-util-3.44.0-4.el7_7 ntp-4.2.6p5-29.el7.centos ntpdate-4.2.6p5-29.el7.centos numactl-libs-2.0.12-5.el7 openldap-2.4.44-21.el7_6 openssh-7.4p1-21.el7 openssh-clients-7.4p1-21.el7 openssh-server-7.4p1-21.el7 openssl-1.0.2k-19.el7 openssl-libs-1.0.2k-19.el7 openvpn-2.4.8-1.el7 pam-1.1.8-23.el7 pango-1.42.4-4.el7_7 parted-3.1-32.el7 passwd-0.79-6.el7 pciutils-libs-3.5.1-3.el7 perl-5.16.3-295.el7 perl-DBD-MySQL-4.023-6.el7 perl-DateTime-TimeZone-1.70-2.el7 perl-Getopt-Long-2.40-3.el7 perl-Git-1.8.3.1-21.el7_7 perl-HTTP-Daemon-6.01-8.el7 perl-IO-Socket-IP-0.21-5.el7 perl-IO-Socket-SSL-1.94-7.el7 perl-Net-CIDR-0.20-1.el7 perl-Pod-Escapes-1.04-295.el7 perl-Socket-2.010-5.el7 perl-libs-5.16.3-295.el7 perl-macros-5.16.3-295.el7 perl-version-0.99.07-6.el7 php-PsrLog-1.1.3-1.el7 php-fedora-autoloader-1.0.1-2.el7 php-seld-phar-utils-1.1.0-1.el7 php56w-5.6.40-1.w7 php56w-cli-5.6.40-1.w7 php56w-common-5.6.40-1.w7 php56w-enchant-5.6.40-1.w7 php56w-gd-5.6.40-1.w7 php56w-imap-5.6.40-1.w7 php56w-intl-5.6.40-1.w7 php56w-ldap-5.6.40-1.w7 php56w-mbstring-5.6.40-1.w7 php56w-mysql-5.6.40-1.w7 php56w-pdo-5.6.40-1.w7 php56w-process-5.6.40-1.w7 php56w-snmp-5.6.40-1.w7 php56w-xml-5.6.40-1.w7 plymouth-0.8.9-0.33.20140113.el7.centos plymouth-core-libs-0.8.9-0.33.20140113.el7.centos plymouth-scripts-0.8.9-0.33.20140113.el7.centos policycoreutils-2.5-34.el7 policycoreutils-python-2.5-34.el7 polkit-0.112-26.el7 postfix-2.10.1-9.el7 postgresql-libs-9.2.24-2.el7_7 procmail-3.22-36.el7_4.1 procps-ng-3.3.10-27.el7 pyOpenSSL-0.13.1-4.el7 python-2.7.5-88.el7 python-chardet-2.2.1-3.el7 python-devel-2.7.5-88.el7 python-gobject-base-3.22.0-1.el7_4.1 python-libs-2.7.5-88.el7 python-linux-procfs-0.4.11-4.el7 python-perf-3.10.0-1127.el7 python-requests-2.6.0-9.el7_8 python-slip-0.4.0-4.el7 python-urlgrabber-3.10-10.el7 python-urllib3-1.10.2-7.el7 python-virtualenv-15.1.0-4.el7_7 python-zope-component-4.1.0-5.el7 python2-acme-1.3.0-1.el7 python2-cached_property-1.5.1-2.el7 python2-certbot-1.3.0-1.el7 python2-docopt-0.6.2-8.el7 python2-future-0.18.2-2.el7 python2-iso8601-0.1.11-8.el7 python2-josepy-1.3.0-2.el7 python2-jsonschema-2.5.1-4.el7 python2-keyring-5.0-4.el7 python2-mock-1.0.1-10.el7 python2-parsedatetime-2.4-6.el7 python2-psutil-5.6.7-1.el7 python2-texttable-1.6.2-1.el7 readline-6.2-11.el7 redhat-rpm-config-9.1.0-88.el7.centos rpm-4.11.3-43.el7 rpm-build-libs-4.11.3-43.el7 rpm-libs-4.11.3-43.el7 rpm-python-4.11.3-43.el7 rsync-3.1.2-10.el7 rsyslog-8.24.0-52.el7 screen-4.1.0-0.25.20120314git3c2946.el7 sed-4.2.2-6.el7 selinux-policy-3.13.1-266.el7 selinux-policy-targeted-3.13.1-266.el7 setools-libs-3.3.8-4.el7 setup-2.8.71-11.el7 shadow-utils-4.6-5.el7 shared-mime-info-1.8-5.el7 sqlite-3.7.17-8.el7_7.1 subversion-1.7.14-14.el7 subversion-libs-1.7.14-14.el7 sudo-1.8.23-9.el7 sysstat-10.1.5-19.el7 systemd-219-73.el7_8.5 systemd-libs-219-73.el7_8.5 systemd-sysv-219-73.el7_8.5 tar-1.26-35.el7 tcpdump-4.9.2-4.el7_7.1 telnet-0.17-65.el7_8 tuned-2.11.0-8.el7 tzdata-2019c-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 util-linux-2.23.2-63.el7 vim-common-7.4.629-6.el7 vim-enhanced-7.4.629-6.el7 vim-filesystem-7.4.629-6.el7 vim-minimal-7.4.629-6.el7 virt-what-1.18-4.el7 webmin-1.941-1 wget-1.14-18.el7_6.1 xfsprogs-4.5.0-20.el7 xorg-x11-font-utils-7.5-21.el7 yum-3.4.3-167.el7.centos yum-cron-3.4.3-167.el7.centos yum-plugin-fastestmirror-1.1.31-53.el7 zlib-1.2.7-18.el7 &> "${tmpDir}/update.log" real 10m9.596s user 3m12.720s sys 1m19.348s [root@osestaging1 ~]# cat $tmpDir/update.log Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: mirror.plustech.de * epel: mirrors.n-ix.net * extras: mirror.alpix.eu * updates: linux.darkpenguin.net * webtatic: uk.repo.webtatic.com No Match for argument: libxcbp-5.6.40-1.w7 No package libxcbp-5.6.40-1.w7 available. Resolving Dependencies --> Running transaction check ---> Package GeoIP.x86_64 0:1.5.0-11.el7 will be updated ---> Package GeoIP.x86_64 0:1.5.0-14.el7 will be an update --> Processing Dependency: geoipupdate for package: GeoIP-1.5.0-14.el7.x86_64 ---> Package acl.x86_64 0:2.2.51-12.el7 will be updated ---> Package acl.x86_64 0:2.2.51-15.el7 will be an update ---> Package acpid.x86_64 0:2.0.19-8.el7 will be updated ---> Package acpid.x86_64 0:2.0.19-9.el7 will be an update ---> Package alsa-lib.x86_64 0:1.1.3-3.el7 will be updated ---> Package alsa-lib.x86_64 0:1.1.8-1.el7 will be an update ---> Package apr.x86_64 0:1.4.8-3.el7 will be updated ---> Package apr.x86_64 0:1.4.8-5.el7 will be an update ---> Package audit.x86_64 0:2.7.6-3.el7 will be updated ---> Package audit.x86_64 0:2.8.5-4.el7 will be an update ---> Package audit-libs.x86_64 0:2.7.6-3.el7 will be updated ---> Package audit-libs.x86_64 0:2.8.5-4.el7 will be an update ---> Package audit-libs-python.x86_64 0:2.7.6-3.el7 will be updated ---> Package audit-libs-python.x86_64 0:2.8.5-4.el7 will be an update ---> Package augeas-libs.x86_64 0:1.4.0-2.el7_4.1 will be updated ---> Package augeas-libs.x86_64 0:1.4.0-9.el7_7.1 will be an update ---> Package awstats.noarch 0:7.6-4.el7 will be updated ---> Package awstats.noarch 0:7.7-1.el7 will be an update ---> Package bash.x86_64 0:4.2.46-29.el7_4 will be updated ---> Package bash.x86_64 0:4.2.46-34.el7 will be an update ---> Package bind-libs.x86_64 32:9.9.4-51.el7 will be updated ---> Package bind-libs.x86_64 32:9.11.4-16.P2.el7_8.2 will be an update ---> Package bind-libs-lite.x86_64 32:9.9.4-51.el7 will be updated ---> Package bind-libs-lite.x86_64 32:9.11.4-16.P2.el7_8.2 will be an update ---> Package bind-license.noarch 32:9.9.4-51.el7 will be updated ---> Package bind-license.noarch 32:9.11.4-16.P2.el7_8.2 will be an update ---> Package bind-utils.x86_64 32:9.9.4-51.el7 will be updated ---> Package bind-utils.x86_64 32:9.11.4-16.P2.el7_8.2 will be an update ---> Package binutils.x86_64 0:2.25.1-32.base.el7_4.1 will be updated ---> Package binutils.x86_64 0:2.27-43.base.el7 will be an update ---> Package biosdevname.x86_64 0:0.7.2-2.el7 will be updated ---> Package biosdevname.x86_64 0:0.7.3-2.el7 will be an update ---> Package ca-certificates.noarch 0:2017.2.14-71.el7 will be updated ---> Package ca-certificates.noarch 0:2019.2.32-76.el7_7 will be an update ---> Package cairo.x86_64 0:1.14.8-2.el7 will be updated ---> Package cairo.x86_64 0:1.15.12-4.el7 will be an update ---> Package centos-release.x86_64 0:7-4.1708.el7.centos will be updated ---> Package centos-release.x86_64 0:7-8.2003.0.el7.centos will be an update ---> Package certbot.noarch 0:0.26.1-2.el7 will be updated ---> Package certbot.noarch 0:1.3.0-1.el7 will be an update ---> Package checkpolicy.x86_64 0:2.5-4.el7 will be updated ---> Package checkpolicy.x86_64 0:2.5-8.el7 will be an update ---> Package chrony.x86_64 0:3.1-2.el7.centos will be updated ---> Package chrony.x86_64 0:3.4-1.el7 will be an update ---> Package copy-jdk-configs.noarch 0:2.2-3.el7 will be updated ---> Package copy-jdk-configs.noarch 0:3.3-10.el7_5 will be an update ---> Package coreutils.x86_64 0:8.22-18.el7 will be updated ---> Package coreutils.x86_64 0:8.22-24.el7 will be an update ---> Package cpio.x86_64 0:2.11-25.el7_4 will be updated ---> Package cpio.x86_64 0:2.11-27.el7 will be an update ---> Package cpp.x86_64 0:4.8.5-16.el7 will be updated ---> Package cpp.x86_64 0:4.8.5-39.el7 will be an update ---> Package cronie.x86_64 0:1.4.11-17.el7 will be updated ---> Package cronie.x86_64 0:1.4.11-23.el7 will be an update ---> Package cronie-anacron.x86_64 0:1.4.11-17.el7 will be updated ---> Package cronie-anacron.x86_64 0:1.4.11-23.el7 will be an update ---> Package cryptsetup-libs.x86_64 0:1.7.4-3.el7 will be updated ---> Package cryptsetup-libs.x86_64 0:2.0.3-6.el7 will be an update ---> Package curl.x86_64 0:7.29.0-42.el7 will be updated ---> Package curl.x86_64 0:7.29.0-57.el7 will be an update ---> Package cyrus-sasl-lib.x86_64 0:2.1.26-21.el7 will be updated ---> Package cyrus-sasl-lib.x86_64 0:2.1.26-23.el7 will be an update ---> Package dbus.x86_64 1:1.6.12-17.el7 will be updated ---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update ---> Package dbus-libs.x86_64 1:1.6.12-17.el7 will be updated ---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update ---> Package device-mapper.x86_64 7:1.02.140-8.el7 will be updated ---> Package device-mapper.x86_64 7:1.02.164-7.el7_8.1 will be an update ---> Package device-mapper-event.x86_64 7:1.02.140-8.el7 will be updated --> Processing Dependency: device-mapper-event = 7:1.02.140-8.el7 for package: 7:lvm2-libs-2.02.171-8.el7.x86_64 ---> Package device-mapper-event.x86_64 7:1.02.164-7.el7_8.1 will be an update ---> Package device-mapper-event-libs.x86_64 7:1.02.140-8.el7 will be updated ---> Package device-mapper-event-libs.x86_64 7:1.02.164-7.el7_8.1 will be an update ---> Package device-mapper-libs.x86_64 7:1.02.140-8.el7 will be updated ---> Package device-mapper-libs.x86_64 7:1.02.164-7.el7_8.1 will be an update ---> Package device-mapper-persistent-data.x86_64 0:0.7.0-0.1.rc6.el7 will be updated ---> Package device-mapper-persistent-data.x86_64 0:0.8.5-2.el7 will be an update ---> Package dhclient.x86_64 12:4.2.5-58.el7.centos will be updated ---> Package dhclient.x86_64 12:4.2.5-79.el7.centos will be an update --> Processing Dependency: libisc-export.so.169()(64bit) for package: 12:dhclient-4.2.5-79.el7.centos.x86_64 --> Processing Dependency: libdns-export.so.1102()(64bit) for package: 12:dhclient-4.2.5-79.el7.centos.x86_64 ---> Package dhcp-common.x86_64 12:4.2.5-58.el7.centos will be updated ---> Package dhcp-common.x86_64 12:4.2.5-79.el7.centos will be an update ---> Package dhcp-libs.x86_64 12:4.2.5-58.el7.centos will be updated ---> Package dhcp-libs.x86_64 12:4.2.5-79.el7.centos will be an update ---> Package dialog.x86_64 0:1.2-4.20130523.el7 will be updated ---> Package dialog.x86_64 0:1.2-5.20130523.el7 will be an update ---> Package diffutils.x86_64 0:3.3-4.el7 will be updated ---> Package diffutils.x86_64 0:3.3-5.el7 will be an update ---> Package dmidecode.x86_64 1:3.0-5.el7 will be updated ---> Package dmidecode.x86_64 1:3.2-3.el7 will be an update ---> Package dracut.x86_64 0:033-502.el7 will be updated ---> Package dracut.x86_64 0:033-568.el7 will be an update ---> Package dracut-network.x86_64 0:033-502.el7 will be updated ---> Package dracut-network.x86_64 0:033-568.el7 will be an update ---> Package e2fsprogs.x86_64 0:1.42.9-10.el7 will be updated ---> Package e2fsprogs.x86_64 0:1.42.9-17.el7 will be an update ---> Package e2fsprogs-libs.x86_64 0:1.42.9-10.el7 will be updated ---> Package e2fsprogs-libs.x86_64 0:1.42.9-17.el7 will be an update ---> Package ebtables.x86_64 0:2.0.10-15.el7 will be updated ---> Package ebtables.x86_64 0:2.0.10-16.el7 will be an update ---> Package elfutils-default-yama-scope.noarch 0:0.168-8.el7 will be updated ---> Package elfutils-default-yama-scope.noarch 0:0.176-4.el7 will be an update ---> Package elfutils-libelf.x86_64 0:0.168-8.el7 will be updated ---> Package elfutils-libelf.x86_64 0:0.176-4.el7 will be an update ---> Package elfutils-libs.x86_64 0:0.168-8.el7 will be updated ---> Package elfutils-libs.x86_64 0:0.176-4.el7 will be an update ---> Package epel-release.noarch 0:7-11 will be updated ---> Package epel-release.noarch 0:7-12 will be an update ---> Package ethtool.x86_64 2:4.8-1.el7 will be updated ---> Package ethtool.x86_64 2:4.8-10.el7 will be an update ---> Package expat.x86_64 0:2.1.0-10.el7_3 will be updated ---> Package expat.x86_64 0:2.1.0-11.el7 will be an update ---> Package file.x86_64 0:5.11-33.el7 will be updated ---> Package file.x86_64 0:5.11-36.el7 will be an update ---> Package file-libs.x86_64 0:5.11-33.el7 will be updated ---> Package file-libs.x86_64 0:5.11-36.el7 will be an update ---> Package filesystem.x86_64 0:3.2-21.el7 will be updated ---> Package filesystem.x86_64 0:3.2-25.el7 will be an update ---> Package findutils.x86_64 1:4.5.11-5.el7 will be updated ---> Package findutils.x86_64 1:4.5.11-6.el7 will be an update ---> Package firewalld-filesystem.noarch 0:0.4.4.4-6.el7 will be updated ---> Package firewalld-filesystem.noarch 0:0.6.3-8.el7_8.1 will be an update ---> Package fontconfig.x86_64 0:2.10.95-11.el7 will be updated ---> Package fontconfig.x86_64 0:2.13.0-4.3.el7 will be an update --> Processing Dependency: dejavu-sans-fonts for package: fontconfig-2.13.0-4.3.el7.x86_64 ---> Package freetype.x86_64 0:2.4.11-15.el7 will be updated ---> Package freetype.x86_64 0:2.8-14.el7 will be an update ---> Package gcc.x86_64 0:4.8.5-16.el7 will be updated ---> Package gcc.x86_64 0:4.8.5-39.el7 will be an update ---> Package gcc-c++.x86_64 0:4.8.5-16.el7 will be updated ---> Package gcc-c++.x86_64 0:4.8.5-39.el7 will be an update ---> Package gdisk.x86_64 0:0.8.6-5.el7 will be updated ---> Package gdisk.x86_64 0:0.8.10-3.el7 will be an update ---> Package gdk-pixbuf2.x86_64 0:2.36.5-1.el7 will be updated ---> Package gdk-pixbuf2.x86_64 0:2.36.12-3.el7 will be an update ---> Package gettext.x86_64 0:0.19.8.1-2.el7 will be updated ---> Package gettext.x86_64 0:0.19.8.1-3.el7 will be an update ---> Package gettext-libs.x86_64 0:0.19.8.1-2.el7 will be updated ---> Package gettext-libs.x86_64 0:0.19.8.1-3.el7 will be an update ---> Package git.x86_64 0:1.8.3.1-12.el7_4 will be updated --> Processing Dependency: git = 1.8.3.1-12.el7_4 for package: perl-Git-1.8.3.1-12.el7_4.noarch ---> Package git.x86_64 0:1.8.3.1-21.el7_7 will be an update ---> Package glib2.x86_64 0:2.50.3-3.el7 will be updated ---> Package glib2.x86_64 0:2.56.1-5.el7 will be an update ---> Package glibc.x86_64 0:2.17-196.el7 will be updated ---> Package glibc.x86_64 0:2.17-307.el7.1 will be an update ---> Package glibc-common.x86_64 0:2.17-196.el7 will be updated ---> Package glibc-common.x86_64 0:2.17-307.el7.1 will be an update ---> Package glibc-devel.x86_64 0:2.17-196.el7 will be updated ---> Package glibc-devel.x86_64 0:2.17-307.el7.1 will be an update ---> Package glibc-headers.x86_64 0:2.17-196.el7 will be updated ---> Package glibc-headers.x86_64 0:2.17-307.el7.1 will be an update ---> Package gnupg2.x86_64 0:2.0.22-4.el7 will be updated ---> Package gnupg2.x86_64 0:2.0.22-5.el7_5 will be an update ---> Package gnutls.x86_64 0:3.3.26-9.el7 will be updated ---> Package gnutls.x86_64 0:3.3.29-9.el7_6 will be an update ---> Package gobject-introspection.x86_64 0:1.50.0-1.el7 will be updated ---> Package gobject-introspection.x86_64 0:1.56.1-1.el7 will be an update ---> Package gperftools-libs.x86_64 0:2.4-8.el7 will be updated ---> Package gperftools-libs.x86_64 0:2.6.1-1.el7 will be an update ---> Package gpm-libs.x86_64 0:1.20.7-5.el7 will be updated ---> Package gpm-libs.x86_64 0:1.20.7-6.el7 will be an update ---> Package grub2.x86_64 1:2.02-0.64.el7.centos will be updated ---> Package grub2.x86_64 1:2.02-0.64.el7.centos will be obsoleted ---> Package grub2.x86_64 1:2.02-0.81.el7.centos will be obsoleting ---> Package grub2-common.noarch 1:2.02-0.64.el7.centos will be updated ---> Package grub2-common.noarch 1:2.02-0.81.el7.centos will be an update ---> Package grub2-pc.x86_64 1:2.02-0.64.el7.centos will be updated ---> Package grub2-pc.x86_64 1:2.02-0.81.el7.centos will be an update ---> Package grub2-pc-modules.noarch 1:2.02-0.64.el7.centos will be updated ---> Package grub2-pc-modules.noarch 1:2.02-0.81.el7.centos will be an update ---> Package grub2-tools.x86_64 1:2.02-0.64.el7.centos will be obsoleted ---> Package grub2-tools.x86_64 1:2.02-0.64.el7.centos will be updated ---> Package grub2-tools.x86_64 1:2.02-0.81.el7.centos will be obsoleting ---> Package grub2-tools-efi.x86_64 1:2.02-0.64.el7.centos will be obsoleted ---> Package grub2-tools-extra.x86_64 1:2.02-0.64.el7.centos will be updated ---> Package grub2-tools-extra.x86_64 1:2.02-0.81.el7.centos will be obsoleting ---> Package grub2-tools-minimal.x86_64 1:2.02-0.64.el7.centos will be updated ---> Package grub2-tools-minimal.x86_64 1:2.02-0.81.el7.centos will be obsoleting ---> Package grubby.x86_64 0:8.28-23.el7 will be updated ---> Package grubby.x86_64 0:8.28-26.el7 will be an update ---> Package gzip.x86_64 0:1.5-9.el7 will be updated ---> Package gzip.x86_64 0:1.5-10.el7 will be an update ---> Package harfbuzz.x86_64 0:1.3.2-1.el7 will be updated ---> Package harfbuzz.x86_64 0:1.7.5-2.el7 will be an update ---> Package hostname.x86_64 0:3.13-3.el7 will be updated ---> Package hostname.x86_64 0:3.13-3.el7_7.1 will be an update ---> Package httpd.x86_64 0:2.4.6-67.el7.centos.2 will be updated --> Processing Dependency: httpd = 2.4.6-67.el7.centos.2 for package: 1:mod_ssl-2.4.6-67.el7.centos.2.x86_64 ---> Package httpd.x86_64 0:2.4.6-93.el7.centos will be an update ---> Package httpd-tools.x86_64 0:2.4.6-67.el7.centos.2 will be updated ---> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be an update ---> Package hwdata.x86_64 0:0.252-8.6.el7 will be updated ---> Package hwdata.x86_64 0:0.252-9.5.el7 will be an update ---> Package info.x86_64 0:5.1-4.el7 will be updated ---> Package info.x86_64 0:5.1-5.el7 will be an update ---> Package initscripts.x86_64 0:9.49.39-1.el7 will be updated ---> Package initscripts.x86_64 0:9.49.49-1.el7 will be an update ---> Package iproute.x86_64 0:3.10.0-87.el7 will be updated ---> Package iproute.x86_64 0:4.11.0-25.el7_7.2 will be an update ---> Package iprutils.x86_64 0:2.4.14.1-1.el7 will be updated ---> Package iprutils.x86_64 0:2.4.17.1-3.el7_7 will be an update ---> Package ipset.x86_64 0:6.29-1.el7 will be updated ---> Package ipset.x86_64 0:7.1-1.el7 will be an update ---> Package ipset-libs.x86_64 0:6.29-1.el7 will be updated ---> Package ipset-libs.x86_64 0:7.1-1.el7 will be an update ---> Package iptables.x86_64 0:1.4.21-18.0.1.el7.centos will be updated ---> Package iptables.x86_64 0:1.4.21-34.el7 will be an update ---> Package iptables-services.x86_64 0:1.4.21-18.0.1.el7.centos will be updated ---> Package iptables-services.x86_64 0:1.4.21-34.el7 will be an update ---> Package irqbalance.x86_64 3:1.0.7-10.el7 will be updated ---> Package irqbalance.x86_64 3:1.0.7-12.el7 will be an update ---> Package jasper-libs.x86_64 0:1.900.1-31.el7 will be updated ---> Package jasper-libs.x86_64 0:1.900.1-33.el7 will be an update ---> Package java-1.8.0-openjdk.x86_64 1:1.8.0.181-3.b13.el7_5 will be updated ---> Package java-1.8.0-openjdk.x86_64 1:1.8.0.242.b08-1.el7 will be an update --> Processing Dependency: gtk2(x86-64) for package: 1:java-1.8.0-openjdk-1.8.0.242.b08-1.el7.x86_64 ---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.181-3.b13.el7_5 will be updated ---> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.242.b08-1.el7 will be an update --> Processing Dependency: pcsc-lite-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7.x86_64 --> Processing Dependency: cups-libs(x86-64) for package: 1:java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7.x86_64 ---> Package kbd.x86_64 0:1.15.5-13.el7 will be updated ---> Package kbd.x86_64 0:1.15.5-15.el7 will be an update ---> Package kbd-legacy.noarch 0:1.15.5-13.el7 will be updated ---> Package kbd-legacy.noarch 0:1.15.5-15.el7 will be an update ---> Package kbd-misc.noarch 0:1.15.5-13.el7 will be updated ---> Package kbd-misc.noarch 0:1.15.5-15.el7 will be an update ---> Package kernel.x86_64 0:3.10.0-1127.el7 will be installed --> Processing Dependency: linux-firmware >= 20190429-72 for package: kernel-3.10.0-1127.el7.x86_64 ---> Package kernel-devel.x86_64 0:3.10.0-1127.el7 will be installed ---> Package kernel-headers.x86_64 0:3.10.0-693.2.2.el7 will be updated ---> Package kernel-headers.x86_64 0:3.10.0-1127.el7 will be an update ---> Package kernel-tools.x86_64 0:3.10.0-693.2.2.el7 will be updated ---> Package kernel-tools.x86_64 0:3.10.0-1127.el7 will be an update ---> Package kernel-tools-libs.x86_64 0:3.10.0-693.2.2.el7 will be updated ---> Package kernel-tools-libs.x86_64 0:3.10.0-1127.el7 will be an update ---> Package kexec-tools.x86_64 0:2.0.14-17.el7 will be updated ---> Package kexec-tools.x86_64 0:2.0.15-43.el7 will be an update ---> Package kmod.x86_64 0:20-15.el7_4.2 will be updated ---> Package kmod.x86_64 0:20-28.el7 will be an update ---> Package kmod-libs.x86_64 0:20-15.el7_4.2 will be updated ---> Package kmod-libs.x86_64 0:20-28.el7 will be an update ---> Package kpartx.x86_64 0:0.4.9-111.el7 will be updated ---> Package kpartx.x86_64 0:0.4.9-131.el7 will be an update ---> Package krb5-libs.x86_64 0:1.15.1-8.el7 will be updated ---> Package krb5-libs.x86_64 0:1.15.1-46.el7 will be an update ---> Package libX11.x86_64 0:1.6.5-1.el7 will be updated ---> Package libX11.x86_64 0:1.6.7-2.el7 will be an update ---> Package libX11-common.noarch 0:1.6.5-1.el7 will be updated ---> Package libX11-common.noarch 0:1.6.7-2.el7 will be an update ---> Package libXfont.x86_64 0:1.5.2-1.el7 will be updated ---> Package libXfont.x86_64 0:1.5.4-1.el7 will be an update ---> Package libacl.x86_64 0:2.2.51-12.el7 will be updated ---> Package libacl.x86_64 0:2.2.51-15.el7 will be an update ---> Package libattr.x86_64 0:2.4.46-12.el7 will be updated ---> Package libattr.x86_64 0:2.4.46-13.el7 will be an update ---> Package libblkid.x86_64 0:2.23.2-43.el7 will be updated ---> Package libblkid.x86_64 0:2.23.2-63.el7 will be an update ---> Package libcap.x86_64 0:2.22-9.el7 will be updated ---> Package libcap.x86_64 0:2.22-11.el7 will be an update ---> Package libcgroup.x86_64 0:0.41-13.el7 will be updated ---> Package libcgroup.x86_64 0:0.41-21.el7 will be an update ---> Package libcom_err.x86_64 0:1.42.9-10.el7 will be updated ---> Package libcom_err.x86_64 0:1.42.9-17.el7 will be an update ---> Package libcroco.x86_64 0:0.6.11-1.el7 will be updated ---> Package libcroco.x86_64 0:0.6.12-4.el7 will be an update ---> Package libcurl.x86_64 0:7.29.0-42.el7 will be updated ---> Package libcurl.x86_64 0:7.29.0-57.el7 will be an update --> Processing Dependency: nss-pem(x86-64) >= 1.0.3-5 for package: libcurl-7.29.0-57.el7.x86_64 ---> Package libdb.x86_64 0:5.3.21-20.el7 will be updated ---> Package libdb.x86_64 0:5.3.21-25.el7 will be an update ---> Package libdb-utils.x86_64 0:5.3.21-20.el7 will be updated ---> Package libdb-utils.x86_64 0:5.3.21-25.el7 will be an update ---> Package libdrm.x86_64 0:2.4.74-1.el7 will be updated ---> Package libdrm.x86_64 0:2.4.97-2.el7 will be an update ---> Package libfastjson.x86_64 0:0.99.4-2.el7 will be updated ---> Package libfastjson.x86_64 0:0.99.4-3.el7 will be an update ---> Package libffi.x86_64 0:3.0.13-18.el7 will be updated ---> Package libffi.x86_64 0:3.0.13-19.el7 will be an update ---> Package libgcc.x86_64 0:4.8.5-16.el7 will be updated ---> Package libgcc.x86_64 0:4.8.5-39.el7 will be an update ---> Package libgomp.x86_64 0:4.8.5-16.el7 will be updated ---> Package libgomp.x86_64 0:4.8.5-39.el7 will be an update ---> Package libicu.x86_64 0:50.1.2-15.el7 will be updated ---> Package libicu.x86_64 0:50.2-4.el7_7 will be an update ---> Package libjpeg-turbo.x86_64 0:1.2.90-5.el7 will be updated ---> Package libjpeg-turbo.x86_64 0:1.2.90-8.el7 will be an update ---> Package libmount.x86_64 0:2.23.2-43.el7 will be updated ---> Package libmount.x86_64 0:2.23.2-63.el7 will be an update ---> Package libpcap.x86_64 14:1.5.3-9.el7 will be updated ---> Package libpcap.x86_64 14:1.5.3-12.el7 will be an update ---> Package libpciaccess.x86_64 0:0.13.4-3.el7_3 will be updated ---> Package libpciaccess.x86_64 0:0.14-1.el7 will be an update ---> Package libproxy.x86_64 0:0.4.11-10.el7 will be updated ---> Package libproxy.x86_64 0:0.4.11-11.el7 will be an update ---> Package libpwquality.x86_64 0:1.2.3-4.el7 will be updated ---> Package libpwquality.x86_64 0:1.2.3-5.el7 will be an update ---> Package libreport-filesystem.x86_64 0:2.1.11-38.el7.centos will be updated ---> Package libreport-filesystem.x86_64 0:2.1.11-53.el7.centos will be an update ---> Package librsvg2.x86_64 0:2.40.16-1.el7 will be updated ---> Package librsvg2.x86_64 0:2.40.20-1.el7 will be an update ---> Package librsync.x86_64 0:1.0.0-1.el7 will be updated ---> Package librsync.x86_64 0:2.0.2-1.el7 will be an update ---> Package libseccomp.x86_64 0:2.3.1-3.el7 will be updated ---> Package libseccomp.x86_64 0:2.3.1-4.el7 will be an update ---> Package libselinux.x86_64 0:2.5-11.el7 will be updated ---> Package libselinux.x86_64 0:2.5-15.el7 will be an update ---> Package libselinux-python.x86_64 0:2.5-11.el7 will be updated ---> Package libselinux-python.x86_64 0:2.5-15.el7 will be an update ---> Package libselinux-utils.x86_64 0:2.5-11.el7 will be updated ---> Package libselinux-utils.x86_64 0:2.5-15.el7 will be an update ---> Package libsemanage.x86_64 0:2.5-8.el7 will be updated ---> Package libsemanage.x86_64 0:2.5-14.el7 will be an update ---> Package libsemanage-python.x86_64 0:2.5-8.el7 will be updated ---> Package libsemanage-python.x86_64 0:2.5-14.el7 will be an update ---> Package libsepol.x86_64 0:2.5-6.el7 will be updated ---> Package libsepol.x86_64 0:2.5-10.el7 will be an update ---> Package libsodium.x86_64 0:1.0.17-1.el7 will be updated ---> Package libsodium.x86_64 0:1.0.18-1.el7 will be an update ---> Package libss.x86_64 0:1.42.9-10.el7 will be updated ---> Package libss.x86_64 0:1.42.9-17.el7 will be an update ---> Package libssh2.x86_64 0:1.4.3-10.el7_2.1 will be updated ---> Package libssh2.x86_64 0:1.8.0-3.el7 will be an update ---> Package libstdc++.x86_64 0:4.8.5-16.el7 will be updated ---> Package libstdc++.x86_64 0:4.8.5-39.el7 will be an update ---> Package libstdc++-devel.x86_64 0:4.8.5-16.el7 will be updated ---> Package libstdc++-devel.x86_64 0:4.8.5-39.el7 will be an update ---> Package libtiff.x86_64 0:4.0.3-27.el7_3 will be updated ---> Package libtiff.x86_64 0:4.0.3-32.el7 will be an update ---> Package libuser.x86_64 0:0.60-7.el7_1 will be updated ---> Package libuser.x86_64 0:0.60-9.el7 will be an update ---> Package libuuid.x86_64 0:2.23.2-43.el7 will be updated ---> Package libuuid.x86_64 0:2.23.2-63.el7 will be an update ---> Package php56w-mbstring.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-mbstring.x86_64 0:5.6.40-1.w7 will be an update --> Processing Dependency: php56w-common(x86-64) = 5.6.40-1.w7 for package: php56w-mbstring-5.6.40-1.w7.x86_64 ---> Package php56w-mysql.x86_64 0:5.6.31-1.w7 will be updated ---> Package php56w-mysql.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-pdo.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-pdo.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-process.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-process.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-snmp.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-snmp.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-xml.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-xml.x86_64 0:5.6.40-1.w7 will be an update ---> Package plymouth.x86_64 0:0.8.9-0.28.20140113.el7.centos will be updated ---> Package plymouth.x86_64 0:0.8.9-0.33.20140113.el7.centos will be an update ---> Package plymouth-core-libs.x86_64 0:0.8.9-0.28.20140113.el7.centos will be updated ---> Package plymouth-core-libs.x86_64 0:0.8.9-0.33.20140113.el7.centos will be an update ---> Package plymouth-scripts.x86_64 0:0.8.9-0.28.20140113.el7.centos will be updated ---> Package plymouth-scripts.x86_64 0:0.8.9-0.33.20140113.el7.centos will be an update ---> Package policycoreutils.x86_64 0:2.5-17.1.el7 will be updated ---> Package policycoreutils.x86_64 0:2.5-34.el7 will be an update ---> Package policycoreutils-python.x86_64 0:2.5-17.1.el7 will be updated ---> Package policycoreutils-python.x86_64 0:2.5-34.el7 will be an update ---> Package polkit.x86_64 0:0.112-12.el7_3 will be updated ---> Package polkit.x86_64 0:0.112-26.el7 will be an update ---> Package postfix.x86_64 2:2.10.1-6.el7 will be updated ---> Package postfix.x86_64 2:2.10.1-9.el7 will be an update ---> Package postgresql-libs.x86_64 0:9.2.23-1.el7_4 will be updated ---> Package postgresql-libs.x86_64 0:9.2.24-2.el7_7 will be an update ---> Package procmail.x86_64 0:3.22-36.el7 will be updated ---> Package procmail.x86_64 0:3.22-36.el7_4.1 will be an update ---> Package procps-ng.x86_64 0:3.3.10-16.el7 will be updated ---> Package procps-ng.x86_64 0:3.3.10-27.el7 will be an update ---> Package pyOpenSSL.x86_64 0:0.13.1-3.el7 will be updated ---> Package pyOpenSSL.x86_64 0:0.13.1-4.el7 will be an update ---> Package python.x86_64 0:2.7.5-69.el7_5 will be updated ---> Package python.x86_64 0:2.7.5-88.el7 will be an update ---> Package python-chardet.noarch 0:2.2.1-1.el7_1 will be updated ---> Package python-chardet.noarch 0:2.2.1-3.el7 will be an update ---> Package python-devel.x86_64 0:2.7.5-69.el7_5 will be updated ---> Package python-devel.x86_64 0:2.7.5-88.el7 will be an update --> Processing Dependency: python2-rpm-macros > 3-30 for package: python-devel-2.7.5-88.el7.x86_64 --> Processing Dependency: python-rpm-macros > 3-30 for package: python-devel-2.7.5-88.el7.x86_64 ---> Package python-gobject-base.x86_64 0:3.22.0-1.el7 will be updated ---> Package python-gobject-base.x86_64 0:3.22.0-1.el7_4.1 will be an update ---> Package python-libs.x86_64 0:2.7.5-69.el7_5 will be updated ---> Package python-libs.x86_64 0:2.7.5-88.el7 will be an update ---> Package python-linux-procfs.noarch 0:0.4.9-3.el7 will be updated ---> Package python-linux-procfs.noarch 0:0.4.11-4.el7 will be an update ---> Package python-perf.x86_64 0:3.10.0-693.2.2.el7 will be updated ---> Package python-perf.x86_64 0:3.10.0-1127.el7 will be an update ---> Package python-requests.noarch 0:2.6.0-1.el7_1 will be updated ---> Package python-requests.noarch 0:2.6.0-9.el7_8 will be obsoleting ---> Package python-slip.noarch 0:0.4.0-2.el7 will be updated ---> Package python-slip.noarch 0:0.4.0-4.el7 will be an update ---> Package python-urlgrabber.noarch 0:3.10-8.el7 will be updated ---> Package python-urlgrabber.noarch 0:3.10-10.el7 will be an update ---> Package python-urllib3.noarch 0:1.10.2-5.el7 will be updated ---> Package python-urllib3.noarch 0:1.10.2-7.el7 will be an update ---> Package python-virtualenv.noarch 0:15.1.0-2.el7 will be updated ---> Package python-virtualenv.noarch 0:15.1.0-4.el7_7 will be an update ---> Package python-zope-component.noarch 1:4.1.0-3.el7 will be updated ---> Package python-zope-component.noarch 1:4.1.0-5.el7 will be an update ---> Package python2-acme.noarch 0:0.25.1-1.el7 will be updated ---> Package python2-acme.noarch 0:1.3.0-1.el7 will be an update ---> Package python2-cached_property.noarch 0:1.3.0-7.el7 will be updated ---> Package python2-cached_property.noarch 0:1.5.1-2.el7 will be an update ---> Package python2-certbot.noarch 0:0.26.1-2.el7 will be updated ---> Package python2-certbot.noarch 0:1.3.0-1.el7 will be an update --> Processing Dependency: python2-distro >= 1.0.1 for package: python2-certbot-1.3.0-1.el7.noarch ---> Package python2-docopt.noarch 0:0.6.2-7.el7 will be updated ---> Package python2-docopt.noarch 0:0.6.2-8.el7 will be an update ---> Package python2-future.noarch 0:0.16.0-6.el7 will be updated ---> Package python2-future.noarch 0:0.18.2-2.el7 will be an update ---> Package python2-iso8601.noarch 0:0.1.11-7.el7 will be updated ---> Package python2-iso8601.noarch 0:0.1.11-8.el7 will be an update ---> Package python2-josepy.noarch 0:1.1.0-1.el7 will be updated ---> Package python2-josepy.noarch 0:1.3.0-2.el7 will be an update ---> Package python2-jsonschema.noarch 0:2.5.1-3.el7 will be updated ---> Package python2-jsonschema.noarch 0:2.5.1-4.el7 will be an update ---> Package python2-keyring.noarch 0:5.0-3.el7 will be updated ---> Package python2-keyring.noarch 0:5.0-4.el7 will be an update ---> Package python2-mock.noarch 0:1.0.1-9.el7 will be updated ---> Package python2-mock.noarch 0:1.0.1-10.el7 will be an update ---> Package python2-parsedatetime.noarch 0:2.4-5.el7 will be updated ---> Package python2-parsedatetime.noarch 0:2.4-6.el7 will be an update ---> Package python2-psutil.x86_64 0:2.2.1-2.el7 will be updated ---> Package python2-psutil.x86_64 0:5.6.7-1.el7 will be an update ---> Package python2-requests.noarch 0:2.6.0-0.el7 will be obsoleted ---> Package python2-texttable.noarch 0:1.3.1-1.el7 will be updated ---> Package python2-texttable.noarch 0:1.6.2-1.el7 will be an update ---> Package readline.x86_64 0:6.2-10.el7 will be updated ---> Package readline.x86_64 0:6.2-11.el7 will be an update ---> Package redhat-rpm-config.noarch 0:9.1.0-76.el7.centos will be updated ---> Package redhat-rpm-config.noarch 0:9.1.0-88.el7.centos will be an update --> Processing Dependency: python-srpm-macros for package: redhat-rpm-config-9.1.0-88.el7.centos.noarch ---> Package rpm.x86_64 0:4.11.3-25.el7 will be updated ---> Package rpm.x86_64 0:4.11.3-43.el7 will be an update ---> Package rpm-build-libs.x86_64 0:4.11.3-25.el7 will be updated ---> Package rpm-build-libs.x86_64 0:4.11.3-43.el7 will be an update ---> Package rpm-libs.x86_64 0:4.11.3-25.el7 will be updated ---> Package rpm-libs.x86_64 0:4.11.3-43.el7 will be an update ---> Package rpm-python.x86_64 0:4.11.3-25.el7 will be updated ---> Package rpm-python.x86_64 0:4.11.3-43.el7 will be an update ---> Package rsync.x86_64 0:3.0.9-18.el7 will be updated ---> Package rsync.x86_64 0:3.1.2-10.el7 will be an update ---> Package rsyslog.x86_64 0:8.24.0-12.el7 will be updated ---> Package rsyslog.x86_64 0:8.24.0-52.el7 will be an update ---> Package screen.x86_64 0:4.1.0-0.23.20120314git3c2946.el7_2 will be updated ---> Package screen.x86_64 0:4.1.0-0.25.20120314git3c2946.el7 will be an update ---> Package sed.x86_64 0:4.2.2-5.el7 will be updated ---> Package sed.x86_64 0:4.2.2-6.el7 will be an update ---> Package selinux-policy.noarch 0:3.13.1-166.el7_4.4 will be updated ---> Package selinux-policy.noarch 0:3.13.1-266.el7 will be an update ---> Package selinux-policy-targeted.noarch 0:3.13.1-166.el7_4.4 will be updated ---> Package selinux-policy-targeted.noarch 0:3.13.1-266.el7 will be an update ---> Package setools-libs.x86_64 0:3.3.8-1.1.el7 will be updated ---> Package setools-libs.x86_64 0:3.3.8-4.el7 will be an update ---> Package setup.noarch 0:2.8.71-7.el7 will be updated ---> Package setup.noarch 0:2.8.71-11.el7 will be an update ---> Package shadow-utils.x86_64 2:4.1.5.1-24.el7 will be updated ---> Package shadow-utils.x86_64 2:4.6-5.el7 will be an update ---> Package shared-mime-info.x86_64 0:1.8-3.el7 will be updated ---> Package shared-mime-info.x86_64 0:1.8-5.el7 will be an update ---> Package sqlite.x86_64 0:3.7.17-8.el7 will be updated ---> Package sqlite.x86_64 0:3.7.17-8.el7_7.1 will be an update ---> Package subversion.x86_64 0:1.7.14-11.el7_4 will be updated ---> Package subversion.x86_64 0:1.7.14-14.el7 will be an update ---> Package subversion-libs.x86_64 0:1.7.14-11.el7_4 will be updated ---> Package subversion-libs.x86_64 0:1.7.14-14.el7 will be an update ---> Package sudo.x86_64 0:1.8.23-4.el7 will be updated ---> Package sudo.x86_64 0:1.8.23-9.el7 will be an update ---> Package sysstat.x86_64 0:10.1.5-12.el7 will be updated ---> Package sysstat.x86_64 0:10.1.5-19.el7 will be an update ---> Package systemd.x86_64 0:219-42.el7_4.1 will be updated ---> Package systemd.x86_64 0:219-73.el7_8.5 will be an update ---> Package systemd-libs.x86_64 0:219-42.el7_4.1 will be updated ---> Package systemd-libs.x86_64 0:219-73.el7_8.5 will be an update ---> Package systemd-sysv.x86_64 0:219-42.el7_4.1 will be updated ---> Package systemd-sysv.x86_64 0:219-73.el7_8.5 will be an update ---> Package tar.x86_64 2:1.26-32.el7 will be updated ---> Package tar.x86_64 2:1.26-35.el7 will be an update ---> Package tcpdump.x86_64 14:4.9.0-5.el7 will be updated ---> Package tcpdump.x86_64 14:4.9.2-4.el7_7.1 will be an update ---> Package telnet.x86_64 1:0.17-64.el7 will be updated ---> Package telnet.x86_64 1:0.17-65.el7_8 will be an update ---> Package tuned.noarch 0:2.9.0-1.el7 will be updated ---> Package tuned.noarch 0:2.11.0-8.el7 will be an update ---> Package tzdata.noarch 0:2017b-1.el7 will be updated ---> Package tzdata.noarch 0:2019c-1.el7 will be an update ---> Package tzdata-java.noarch 0:2017b-1.el7 will be updated ---> Package tzdata-java.noarch 0:2019c-1.el7 will be an update ---> Package unzip.x86_64 0:6.0-16.el7 will be updated ---> Package unzip.x86_64 0:6.0-21.el7 will be an update ---> Package util-linux.x86_64 0:2.23.2-43.el7 will be updated ---> Package util-linux.x86_64 0:2.23.2-63.el7 will be an update --> Processing Dependency: libsmartcols = 2.23.2-63.el7 for package: util-linux-2.23.2-63.el7.x86_64 --> Processing Dependency: libsmartcols.so.1(SMARTCOLS_2.25)(64bit) for package: util-linux-2.23.2-63.el7.x86_64 --> Processing Dependency: libsmartcols.so.1()(64bit) for package: util-linux-2.23.2-63.el7.x86_64 ---> Package vim-common.x86_64 2:7.4.160-2.el7 will be updated ---> Package vim-common.x86_64 2:7.4.629-6.el7 will be an update ---> Package vim-enhanced.x86_64 2:7.4.160-2.el7 will be updated ---> Package vim-enhanced.x86_64 2:7.4.629-6.el7 will be an update ---> Package vim-filesystem.x86_64 2:7.4.160-2.el7 will be updated ---> Package vim-filesystem.x86_64 2:7.4.629-6.el7 will be an update ---> Package vim-minimal.x86_64 2:7.4.160-2.el7 will be updated ---> Package vim-minimal.x86_64 2:7.4.629-6.el7 will be an update ---> Package virt-what.x86_64 0:1.13-10.el7 will be updated ---> Package virt-what.x86_64 0:1.18-4.el7 will be an update ---> Package webmin.noarch 0:1.850-1 will be updated ---> Package webmin.noarch 0:1.941-1 will be an update ---> Package wget.x86_64 0:1.14-15.el7 will be updated ---> Package wget.x86_64 0:1.14-18.el7_6.1 will be an update ---> Package xfsprogs.x86_64 0:4.5.0-12.el7 will be updated ---> Package xfsprogs.x86_64 0:4.5.0-20.el7 will be an update ---> Package xorg-x11-font-utils.x86_64 1:7.5-20.el7 will be updated ---> Package xorg-x11-font-utils.x86_64 1:7.5-21.el7 will be an update ---> Package yum.noarch 0:3.4.3-158.el7.centos will be updated ---> Package yum.noarch 0:3.4.3-167.el7.centos will be an update ---> Package yum-cron.noarch 0:3.4.3-154.el7.centos will be updated ---> Package yum-cron.noarch 0:3.4.3-167.el7.centos will be an update ---> Package yum-plugin-fastestmirror.noarch 0:1.1.31-42.el7 will be updated ---> Package yum-plugin-fastestmirror.noarch 0:1.1.31-53.el7 will be an update ---> Package zlib.x86_64 0:1.2.7-17.el7 will be updated ---> Package zlib.x86_64 0:1.2.7-18.el7 will be an update --> Running transaction check ---> Package bind-export-libs.x86_64 32:9.11.4-16.P2.el7_8.2 will be installed ---> Package cups-libs.x86_64 1:1.6.3-43.el7 will be installed --> Processing Dependency: libavahi-common.so.3()(64bit) for package: 1:cups-libs-1.6.3-43.el7.x86_64 --> Processing Dependency: libavahi-client.so.3()(64bit) for package: 1:cups-libs-1.6.3-43.el7.x86_64 ---> Package dejavu-sans-fonts.noarch 0:2.33-6.el7 will be installed ---> Package geoipupdate.x86_64 0:2.5.0-1.el7 will be installed ---> Package gtk2.x86_64 0:2.24.31-1.el7 will be installed --> Processing Dependency: libXrandr >= 1.2.99.4-2 for package: gtk2-2.24.31-1.el7.x86_64 --> Processing Dependency: atk >= 1.29.4-2 for package: gtk2-2.24.31-1.el7.x86_64 --> Processing Dependency: hicolor-icon-theme for package: gtk2-2.24.31-1.el7.x86_64 --> Processing Dependency: gtk-update-icon-cache for package: gtk2-2.24.31-1.el7.x86_64 --> Processing Dependency: libatk-1.0.so.0()(64bit) for package: gtk2-2.24.31-1.el7.x86_64 --> Processing Dependency: libXrandr.so.2()(64bit) for package: gtk2-2.24.31-1.el7.x86_64 --> Processing Dependency: libXinerama.so.1()(64bit) for package: gtk2-2.24.31-1.el7.x86_64 --> Processing Dependency: libXcursor.so.1()(64bit) for package: gtk2-2.24.31-1.el7.x86_64 ---> Package libsmartcols.x86_64 0:2.23.2-63.el7 will be installed ---> Package linux-firmware.noarch 0:20170606-56.gitc990aae.el7 will be updated ---> Package linux-firmware.noarch 0:20191203-76.gite8a0f4c.el7 will be an update ---> Package lvm2-libs.x86_64 7:2.02.171-8.el7 will be updated --> Processing Dependency: lvm2-libs = 7:2.02.171-8.el7 for package: 7:lvm2-2.02.171-8.el7.x86_64 ---> Package lvm2-libs.x86_64 7:2.02.186-7.el7_8.1 will be an update ---> Package mod_ssl.x86_64 1:2.4.6-67.el7.centos.2 will be updated ---> Package mod_ssl.x86_64 1:2.4.6-93.el7.centos will be an update ---> Package nss-pem.x86_64 0:1.0.3-4.el7 will be updated ---> Package nss-pem.x86_64 0:1.0.3-7.el7 will be an update ---> Package pcsc-lite-libs.x86_64 0:1.8.8-8.el7 will be installed ---> Package perl-Git.noarch 0:1.8.3.1-12.el7_4 will be updated ---> Package perl-Git.noarch 0:1.8.3.1-21.el7_7 will be an update ---> Package php56w-common.x86_64 0:5.6.33-1.w7 will be updated --> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-enchant-5.6.33-1.w7.x86_64 --> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-5.6.33-1.w7.x86_64 --> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-cli-5.6.33-1.w7.x86_64 --> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-intl-5.6.33-1.w7.x86_64 --> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-ldap-5.6.33-1.w7.x86_64 --> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-gd-5.6.33-1.w7.x86_64 --> Processing Dependency: php56w-common(x86-64) = 5.6.33-1.w7 for package: php56w-imap-5.6.33-1.w7.x86_64 ---> Package php56w-common.x86_64 0:5.6.40-1.w7 will be an update ---> Package python-rpm-macros.noarch 0:3-32.el7 will be installed ---> Package python-srpm-macros.noarch 0:3-32.el7 will be installed ---> Package python2-distro.noarch 0:1.2.0-3.el7 will be installed ---> Package python2-rpm-macros.noarch 0:3-32.el7 will be installed --> Running transaction check ---> Package atk.x86_64 0:2.28.1-2.el7 will be installed ---> Package avahi-libs.x86_64 0:0.6.31-20.el7 will be installed ---> Package gtk-update-icon-cache.x86_64 0:3.22.30-5.el7 will be installed ---> Package hicolor-icon-theme.noarch 0:0.12-7.el7 will be installed ---> Package libXcursor.x86_64 0:1.1.15-1.el7 will be installed ---> Package libXinerama.x86_64 0:1.1.3-2.1.el7 will be installed ---> Package libXrandr.x86_64 0:1.5.1-2.el7 will be installed ---> Package lvm2.x86_64 7:2.02.171-8.el7 will be updated ---> Package lvm2.x86_64 7:2.02.186-7.el7_8.1 will be an update ---> Package php56w.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-cli.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-cli.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-enchant.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-enchant.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-gd.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-gd.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-imap.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-imap.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-intl.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-intl.x86_64 0:5.6.40-1.w7 will be an update ---> Package php56w-ldap.x86_64 0:5.6.33-1.w7 will be updated ---> Package php56w-ldap.x86_64 0:5.6.40-1.w7 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: grub2 x86_64 1:2.02-0.81.el7.centos base 31 k replacing grub2.x86_64 1:2.02-0.64.el7.centos grub2-tools x86_64 1:2.02-0.81.el7.centos base 1.8 M replacing grub2-tools.x86_64 1:2.02-0.64.el7.centos replacing grub2-tools-efi.x86_64 1:2.02-0.64.el7.centos grub2-tools-extra x86_64 1:2.02-0.81.el7.centos base 996 k replacing grub2-tools.x86_64 1:2.02-0.64.el7.centos grub2-tools-minimal x86_64 1:2.02-0.81.el7.centos base 173 k replacing grub2-tools.x86_64 1:2.02-0.64.el7.centos kernel x86_64 3.10.0-1127.el7 base 50 M kernel-devel x86_64 3.10.0-1127.el7 base 18 M python-requests noarch 2.6.0-9.el7_8 updates 94 k replacing python2-requests.noarch 2.6.0-0.el7 Updating: GeoIP x86_64 1.5.0-14.el7 base 1.5 M acl x86_64 2.2.51-15.el7 base 81 k acpid x86_64 2.0.19-9.el7 base 69 k alsa-lib x86_64 1.1.8-1.el7 base 425 k apr x86_64 1.4.8-5.el7 base 103 k audit x86_64 2.8.5-4.el7 base 256 k audit-libs x86_64 2.8.5-4.el7 base 102 k audit-libs-python x86_64 2.8.5-4.el7 base 76 k augeas-libs x86_64 1.4.0-9.el7_7.1 updates 357 k awstats noarch 7.7-1.el7 epel 2.3 M bash x86_64 4.2.46-34.el7 base 1.0 M bind-libs x86_64 32:9.11.4-16.P2.el7_8.2 updates 155 k bind-libs-lite x86_64 32:9.11.4-16.P2.el7_8.2 updates 1.1 M bind-license noarch 32:9.11.4-16.P2.el7_8.2 updates 89 k bind-utils x86_64 32:9.11.4-16.P2.el7_8.2 updates 259 k binutils x86_64 2.27-43.base.el7 base 5.9 M biosdevname x86_64 0.7.3-2.el7 base 38 k ca-certificates noarch 2019.2.32-76.el7_7 base 399 k cairo x86_64 1.15.12-4.el7 base 741 k centos-release x86_64 7-8.2003.0.el7.centos base 26 k certbot noarch 1.3.0-1.el7 epel 42 k checkpolicy x86_64 2.5-8.el7 base 295 k chrony x86_64 3.4-1.el7 base 251 k copy-jdk-configs noarch 3.3-10.el7_5 base 21 k coreutils x86_64 8.22-24.el7 base 3.3 M cpio x86_64 2.11-27.el7 base 211 k cpp x86_64 4.8.5-39.el7 base 5.9 M cronie x86_64 1.4.11-23.el7 base 92 k cronie-anacron x86_64 1.4.11-23.el7 base 36 k cryptsetup-libs x86_64 2.0.3-6.el7 base 339 k curl x86_64 7.29.0-57.el7 base 270 k cyrus-sasl-lib x86_64 2.1.26-23.el7 base 155 k dbus x86_64 1:1.10.24-13.el7_6 base 245 k dbus-libs x86_64 1:1.10.24-13.el7_6 base 169 k device-mapper x86_64 7:1.02.164-7.el7_8.1 updates 295 k device-mapper-event x86_64 7:1.02.164-7.el7_8.1 updates 191 k device-mapper-event-libs x86_64 7:1.02.164-7.el7_8.1 updates 190 k device-mapper-libs x86_64 7:1.02.164-7.el7_8.1 updates 324 k device-mapper-persistent-data x86_64 0.8.5-2.el7 base 422 k dhclient x86_64 12:4.2.5-79.el7.centos base 286 k dhcp-common x86_64 12:4.2.5-79.el7.centos base 176 k dhcp-libs x86_64 12:4.2.5-79.el7.centos base 133 k dialog x86_64 1.2-5.20130523.el7 base 208 k diffutils x86_64 3.3-5.el7 base 322 k dmidecode x86_64 1:3.2-3.el7 base 81 k dracut x86_64 033-568.el7 base 329 k dracut-network x86_64 033-568.el7 base 103 k e2fsprogs x86_64 1.42.9-17.el7 base 699 k e2fsprogs-libs x86_64 1.42.9-17.el7 base 168 k ebtables x86_64 2.0.10-16.el7 base 123 k elfutils-default-yama-scope noarch 0.176-4.el7 base 33 k elfutils-libelf x86_64 0.176-4.el7 base 195 k elfutils-libs x86_64 0.176-4.el7 base 291 k epel-release noarch 7-12 epel 15 k ethtool x86_64 2:4.8-10.el7 base 127 k expat x86_64 2.1.0-11.el7 base 81 k file x86_64 5.11-36.el7 base 57 k file-libs x86_64 5.11-36.el7 base 340 k filesystem x86_64 3.2-25.el7 base 1.0 M findutils x86_64 1:4.5.11-6.el7 base 559 k firewalld-filesystem noarch 0.6.3-8.el7_8.1 updates 51 k fontconfig x86_64 2.13.0-4.3.el7 base 254 k freetype x86_64 2.8-14.el7 base 380 k gcc x86_64 4.8.5-39.el7 base 16 M gcc-c++ x86_64 4.8.5-39.el7 base 7.2 M gdisk x86_64 0.8.10-3.el7 base 190 k gdk-pixbuf2 x86_64 2.36.12-3.el7 base 570 k gettext x86_64 0.19.8.1-3.el7 base 1.0 M gettext-libs x86_64 0.19.8.1-3.el7 base 502 k git x86_64 1.8.3.1-21.el7_7 base 4.4 M glib2 x86_64 2.56.1-5.el7 base 2.5 M glibc x86_64 2.17-307.el7.1 base 3.6 M glibc-common x86_64 2.17-307.el7.1 base 11 M glibc-devel x86_64 2.17-307.el7.1 base 1.1 M glibc-headers x86_64 2.17-307.el7.1 base 689 k gnupg2 x86_64 2.0.22-5.el7_5 base 1.5 M gnutls x86_64 3.3.29-9.el7_6 base 680 k gobject-introspection x86_64 1.56.1-1.el7 base 241 k gperftools-libs x86_64 2.6.1-1.el7 base 272 k gpm-libs x86_64 1.20.7-6.el7 base 32 k grub2-common noarch 1:2.02-0.81.el7.centos base 729 k grub2-pc x86_64 1:2.02-0.81.el7.centos base 31 k grub2-pc-modules noarch 1:2.02-0.81.el7.centos base 847 k grubby x86_64 8.28-26.el7 base 71 k gzip x86_64 1.5-10.el7 base 130 k harfbuzz x86_64 1.7.5-2.el7 base 267 k hostname x86_64 3.13-3.el7_7.1 base 17 k httpd x86_64 2.4.6-93.el7.centos base 2.7 M httpd-tools x86_64 2.4.6-93.el7.centos base 92 k hwdata x86_64 0.252-9.5.el7 base 2.4 M info x86_64 5.1-5.el7 base 233 k initscripts x86_64 9.49.49-1.el7 base 440 k iproute x86_64 4.11.0-25.el7_7.2 base 803 k iprutils x86_64 2.4.17.1-3.el7_7 updates 243 k ipset x86_64 7.1-1.el7 base 39 k ipset-libs x86_64 7.1-1.el7 base 64 k iptables x86_64 1.4.21-34.el7 base 432 k iptables-services x86_64 1.4.21-34.el7 base 52 k irqbalance x86_64 3:1.0.7-12.el7 base 45 k jasper-libs x86_64 1.900.1-33.el7 base 150 k java-1.8.0-openjdk x86_64 1:1.8.0.242.b08-1.el7 base 293 k java-1.8.0-openjdk-headless x86_64 1:1.8.0.242.b08-1.el7 base 32 M kbd x86_64 1.15.5-15.el7 base 348 k kbd-legacy noarch 1.15.5-15.el7 base 466 k kbd-misc noarch 1.15.5-15.el7 base 1.4 M kernel-headers x86_64 3.10.0-1127.el7 base 8.9 M kernel-tools x86_64 3.10.0-1127.el7 base 8.0 M kernel-tools-libs x86_64 3.10.0-1127.el7 base 7.9 M kexec-tools x86_64 2.0.15-43.el7 base 349 k kmod x86_64 20-28.el7 base 123 k kmod-libs x86_64 20-28.el7 base 51 k kpartx x86_64 0.4.9-131.el7 base 80 k krb5-libs x86_64 1.15.1-46.el7 base 809 k libX11 x86_64 1.6.7-2.el7 base 607 k libX11-common noarch 1.6.7-2.el7 base 164 k libXfont x86_64 1.5.4-1.el7 base 153 k libacl x86_64 2.2.51-15.el7 base 27 k libattr x86_64 2.4.46-13.el7 base 18 k libblkid x86_64 2.23.2-63.el7 base 182 k libcap x86_64 2.22-11.el7 base 47 k libcgroup x86_64 0.41-21.el7 base 66 k libcom_err x86_64 1.42.9-17.el7 base 42 k libcroco x86_64 0.6.12-4.el7 base 105 k libcurl x86_64 7.29.0-57.el7 base 223 k libdb x86_64 5.3.21-25.el7 base 720 k libdb-utils x86_64 5.3.21-25.el7 base 132 k libdrm x86_64 2.4.97-2.el7 base 151 k libfastjson x86_64 0.99.4-3.el7 base 27 k libffi x86_64 3.0.13-19.el7 base 30 k libgcc x86_64 4.8.5-39.el7 base 102 k libgomp x86_64 4.8.5-39.el7 base 158 k libicu x86_64 50.2-4.el7_7 updates 6.9 M libjpeg-turbo x86_64 1.2.90-8.el7 base 135 k libmount x86_64 2.23.2-63.el7 base 184 k libpcap x86_64 14:1.5.3-12.el7 base 139 k libpciaccess x86_64 0.14-1.el7 base 26 k libproxy x86_64 0.4.11-11.el7 base 64 k libpwquality x86_64 1.2.3-5.el7 base 85 k libreport-filesystem x86_64 2.1.11-53.el7.centos base 41 k librsvg2 x86_64 2.40.20-1.el7 base 132 k librsync x86_64 2.0.2-1.el7 epel 56 k libseccomp x86_64 2.3.1-4.el7 base 56 k libselinux x86_64 2.5-15.el7 base 162 k libselinux-python x86_64 2.5-15.el7 base 236 k libselinux-utils x86_64 2.5-15.el7 base 151 k libsemanage x86_64 2.5-14.el7 base 151 k libsemanage-python x86_64 2.5-14.el7 base 113 k libsepol x86_64 2.5-10.el7 base 297 k libsodium x86_64 1.0.18-1.el7 epel 147 k libss x86_64 1.42.9-17.el7 base 46 k libssh2 x86_64 1.8.0-3.el7 base 88 k libstdc++ x86_64 4.8.5-39.el7 base 305 k libstdc++-devel x86_64 4.8.5-39.el7 base 1.5 M libtiff x86_64 4.0.3-32.el7 base 171 k libuser x86_64 0.60-9.el7 base 400 k libuuid x86_64 2.23.2-63.el7 base 83 k php56w-mbstring x86_64 5.6.40-1.w7 webtatic 545 k php56w-mysql x86_64 5.6.40-1.w7 webtatic 125 k php56w-pdo x86_64 5.6.40-1.w7 webtatic 115 k php56w-process x86_64 5.6.40-1.w7 webtatic 46 k php56w-snmp x86_64 5.6.40-1.w7 webtatic 38 k php56w-xml x86_64 5.6.40-1.w7 webtatic 171 k plymouth x86_64 0.8.9-0.33.20140113.el7.centos base 116 k plymouth-core-libs x86_64 0.8.9-0.33.20140113.el7.centos base 108 k plymouth-scripts x86_64 0.8.9-0.33.20140113.el7.centos base 39 k policycoreutils x86_64 2.5-34.el7 base 917 k policycoreutils-python x86_64 2.5-34.el7 base 457 k polkit x86_64 0.112-26.el7 base 170 k postfix x86_64 2:2.10.1-9.el7 base 2.4 M postgresql-libs x86_64 9.2.24-2.el7_7 updates 234 k procmail x86_64 3.22-36.el7_4.1 base 171 k procps-ng x86_64 3.3.10-27.el7 base 291 k pyOpenSSL x86_64 0.13.1-4.el7 base 135 k python x86_64 2.7.5-88.el7 base 96 k python-chardet noarch 2.2.1-3.el7 base 227 k python-devel x86_64 2.7.5-88.el7 base 398 k python-gobject-base x86_64 3.22.0-1.el7_4.1 base 294 k python-libs x86_64 2.7.5-88.el7 base 5.6 M python-linux-procfs noarch 0.4.11-4.el7 base 33 k python-perf x86_64 3.10.0-1127.el7 base 8.0 M python-slip noarch 0.4.0-4.el7 base 31 k python-urlgrabber noarch 3.10-10.el7 base 108 k python-urllib3 noarch 1.10.2-7.el7 base 103 k python-virtualenv noarch 15.1.0-4.el7_7 updates 1.7 M python-zope-component noarch 1:4.1.0-5.el7 epel 228 k python2-acme noarch 1.3.0-1.el7 epel 75 k python2-cached_property noarch 1.5.1-2.el7 epel 18 k python2-certbot noarch 1.3.0-1.el7 epel 365 k python2-docopt noarch 0.6.2-8.el7 epel 28 k python2-future noarch 0.18.2-2.el7 epel 806 k python2-iso8601 noarch 0.1.11-8.el7 epel 20 k python2-josepy noarch 1.3.0-2.el7 epel 89 k python2-jsonschema noarch 2.5.1-4.el7 epel 75 k python2-keyring noarch 5.0-4.el7 epel 116 k python2-mock noarch 1.0.1-10.el7 epel 92 k python2-parsedatetime noarch 2.4-6.el7 epel 78 k python2-psutil x86_64 5.6.7-1.el7 epel 399 k python2-texttable noarch 1.6.2-1.el7 epel 22 k readline x86_64 6.2-11.el7 base 193 k redhat-rpm-config noarch 9.1.0-88.el7.centos base 81 k rpm x86_64 4.11.3-43.el7 base 1.2 M rpm-build-libs x86_64 4.11.3-43.el7 base 107 k rpm-libs x86_64 4.11.3-43.el7 base 278 k rpm-python x86_64 4.11.3-43.el7 base 84 k rsync x86_64 3.1.2-10.el7 base 404 k rsyslog x86_64 8.24.0-52.el7 base 620 k screen x86_64 4.1.0-0.25.20120314git3c2946.el7 base 552 k sed x86_64 4.2.2-6.el7 base 231 k selinux-policy noarch 3.13.1-266.el7 base 497 k selinux-policy-targeted noarch 3.13.1-266.el7 base 7.0 M setools-libs x86_64 3.3.8-4.el7 base 620 k setup noarch 2.8.71-11.el7 base 166 k shadow-utils x86_64 2:4.6-5.el7 base 1.2 M shared-mime-info x86_64 1.8-5.el7 base 312 k sqlite x86_64 3.7.17-8.el7_7.1 base 394 k subversion x86_64 1.7.14-14.el7 base 1.0 M subversion-libs x86_64 1.7.14-14.el7 base 922 k sudo x86_64 1.8.23-9.el7 base 842 k sysstat x86_64 10.1.5-19.el7 base 315 k systemd x86_64 219-73.el7_8.5 updates 5.1 M systemd-libs x86_64 219-73.el7_8.5 updates 416 k systemd-sysv x86_64 219-73.el7_8.5 updates 93 k tar x86_64 2:1.26-35.el7 base 846 k tcpdump x86_64 14:4.9.2-4.el7_7.1 base 422 k telnet x86_64 1:0.17-65.el7_8 updates 64 k tuned noarch 2.11.0-8.el7 base 268 k tzdata noarch 2019c-1.el7 base 493 k tzdata-java noarch 2019c-1.el7 base 187 k unzip x86_64 6.0-21.el7 base 171 k util-linux x86_64 2.23.2-63.el7 base 2.0 M vim-common x86_64 2:7.4.629-6.el7 base 5.9 M vim-enhanced x86_64 2:7.4.629-6.el7 base 1.1 M vim-filesystem x86_64 2:7.4.629-6.el7 base 11 k vim-minimal x86_64 2:7.4.629-6.el7 base 443 k virt-what x86_64 1.18-4.el7 base 29 k webmin noarch 1.941-1 Webmin 22 M wget x86_64 1.14-18.el7_6.1 base 547 k xfsprogs x86_64 4.5.0-20.el7 base 896 k xorg-x11-font-utils x86_64 1:7.5-21.el7 base 104 k yum noarch 3.4.3-167.el7.centos base 1.2 M yum-cron noarch 3.4.3-167.el7.centos base 65 k yum-plugin-fastestmirror noarch 1.1.31-53.el7 base 34 k zlib x86_64 1.2.7-18.el7 base 90 k Installing for dependencies: atk x86_64 2.28.1-2.el7 base 263 k avahi-libs x86_64 0.6.31-20.el7 base 62 k bind-export-libs x86_64 32:9.11.4-16.P2.el7_8.2 updates 1.1 M cups-libs x86_64 1:1.6.3-43.el7 base 358 k dejavu-sans-fonts noarch 2.33-6.el7 base 1.4 M geoipupdate x86_64 2.5.0-1.el7 base 35 k gtk-update-icon-cache x86_64 3.22.30-5.el7 base 27 k gtk2 x86_64 2.24.31-1.el7 base 3.4 M hicolor-icon-theme noarch 0.12-7.el7 base 42 k libXcursor x86_64 1.1.15-1.el7 base 30 k libXinerama x86_64 1.1.3-2.1.el7 base 14 k libXrandr x86_64 1.5.1-2.el7 base 27 k libsmartcols x86_64 2.23.2-63.el7 base 142 k pcsc-lite-libs x86_64 1.8.8-8.el7 base 34 k python-rpm-macros noarch 3-32.el7 base 8.8 k python-srpm-macros noarch 3-32.el7 base 8.4 k python2-distro noarch 1.2.0-3.el7 epel 29 k python2-rpm-macros noarch 3-32.el7 base 7.7 k Updating for dependencies: linux-firmware noarch 20191203-76.gite8a0f4c.el7 base 81 M lvm2 x86_64 7:2.02.186-7.el7_8.1 updates 1.3 M lvm2-libs x86_64 7:2.02.186-7.el7_8.1 updates 1.1 M mod_ssl x86_64 1:2.4.6-93.el7.centos base 113 k nss-pem x86_64 1.0.3-7.el7 base 74 k perl-Git noarch 1.8.3.1-21.el7_7 base 55 k php56w x86_64 5.6.40-1.w7 webtatic 2.9 M php56w-cli x86_64 5.6.40-1.w7 webtatic 2.9 M php56w-common x86_64 5.6.40-1.w7 webtatic 1.3 M php56w-enchant x86_64 5.6.40-1.w7 webtatic 21 k php56w-gd x86_64 5.6.40-1.w7 webtatic 158 k php56w-imap x86_64 5.6.40-1.w7 webtatic 60 k php56w-intl x86_64 5.6.40-1.w7 webtatic 200 k php56w-ldap x86_64 5.6.40-1.w7 webtatic 43 k Transaction Summary ================================================================================ Install 7 Packages (+18 Dependent packages) Upgrade 243 Packages (+14 Dependent packages) Total download size: 424 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. -------------------- Total 11 MB/s | 424 MB 00:39 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : libgcc-4.8.5-39.el7.x86_64 1/546 Updating : centos-release-7-8.2003.0.el7.centos.x86_64 2/546 Updating : 1:grub2-common-2.02-0.81.el7.centos.noarch 3/546 Updating : setup-2.8.71-11.el7.noarch 4/546 warning: /etc/group created as /etc/group.rpmnew warning: /etc/shadow created as /etc/shadow.rpmnew Updating : filesystem-3.2-25.el7.x86_64 5/546 Updating : 32:bind-license-9.11.4-16.P2.el7_8.2.noarch 6/546 Installing : python-srpm-macros-3-32.el7.noarch 7/546 Installing : python-rpm-macros-3-32.el7.noarch 8/546 Updating : 1:grub2-pc-modules-2.02-0.81.el7.centos.noarch 9/546 Updating : kbd-legacy-1.15.5-15.el7.noarch 10/546 Updating : kernel-headers-3.10.0-1127.el7.x86_64 11/546 Updating : kbd-misc-1.15.5-15.el7.noarch 12/546 Updating : libX11-common-1.6.7-2.el7.noarch 13/546 [root@osestaging1 ~]# [root@osestaging1 ~]# # log the post-state packages and versions [root@osestaging1 ~]# time nice rpm -qa &> "${tmpDir}/after.log" real 0m1.626s user 0m1.362s sys 0m0.224s [root@osestaging1 ~]# cat $tmpDir/after.log perl-Carp-1.26-244.el7.noarch rsync-3.1.2-10.el7.x86_64 perl-Filter-1.49-3.el7.x86_64 perl-Switch-2.16-7.el7.noarch cups-libs-1.6.3-43.el7.x86_64 perl-Business-ISBN-Data-20120719.001-2.el7.noarch libpcap-1.5.3-12.el7.x86_64 gmp-6.0.0-15.el7.x86_64 perl-HTTP-Cookies-6.01-5.el7.noarch kernel-tools-3.10.0-1127.el7.x86_64 pkcs11-helper-1.11-3.el7.x86_64 php56w-5.6.40-1.w7.x86_64 nginx-filesystem-1.16.1-1.el7.noarch kernel-3.10.0-1127.el7.x86_64 mesa-libglapi-17.0.1-6.20170307.el7.x86_64 bind-utils-9.11.4-16.P2.el7_8.2.x86_64 perl-Clipboard-0.21-1.el7.1.noarch php56w-imap-5.6.40-1.w7.x86_64 e2fsprogs-1.42.9-17.el7.x86_64 ntpdate-4.2.6p5-25.el7.centos.2.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 libxml2-2.9.1-6.el7.4.x86_64 perl-IO-Compress-2.061-2.el7.noarch python2-cached_property-1.5.1-2.el7.noarch fipscheck-1.4.1-6.el7.x86_64 bind-license-9.11.4-16.P2.el7_8.2.noarch nmap-6.40-7.el7.x86_64 php-symfony-config-2.8.12-2.el7.noarch xorg-x11-font-utils-7.5-21.el7.x86_64 tzdata-java-2019c-1.el7.noarch php-symfony-var-dumper-2.8.12-2.el7.noarch augeas-libs-1.4.0-9.el7_7.1.x86_64 libselinux-2.5-15.el7.x86_64 php-password-compat-1.0.4-1.el7.noarch firewalld-filesystem-0.6.3-8.el7_8.1.noarch freetype-2.8-14.el7.x86_64 nano-2.3.1-10.el7.x86_64 python-repoze-lru-0.4-3.el7.noarch passwd-0.79-4.el7.x86_64 coreutils-8.22-24.el7.x86_64 net-snmp-5.7.2-28.el7_4.1.x86_64 file-libs-5.11-36.el7.x86_64 python-2.7.5-88.el7.x86_64 ca-certificates-2019.2.32-76.el7_7.noarch rrdtool-perl-1.4.8-9.el7.x86_64 iproute-4.11.0-25.el7_7.2.x86_64 bacula-director-5.2.13-23.1.el7.x86_64 perl-Sys-Syslog-0.33-3.el7.x86_64 hunspell-1.3.2-15.el7.x86_64 pyliblzma-0.5.3-11.el7.x86_64 iputils-20160308-10.el7.x86_64 python-gobject-base-3.22.0-1.el7_4.1.x86_64 perl-Email-Date-Format-1.002-15.el7.noarch libsemanage-python-2.5-14.el7.x86_64 perl-Package-Stash-XS-0.26-3.el7.x86_64 httpd-tools-2.4.6-93.el7.centos.x86_64 perl-Mail-Sender-0.8.23-1.el7.noarch perl-Crypt-Rijndael-1.12-1.el7.x86_64 alsa-lib-1.1.8-1.el7.x86_64 perl-Log-Dispatch-FileRotate-1.19-13.el7.noarch device-mapper-persistent-data-0.8.5-2.el7.x86_64 varnish-libs-devel-4.0.5-1.el7.x86_64 perl-Error-0.17020-2.el7.noarch groff-base-1.22.2-8.el7.x86_64 kmod-libs-20-28.el7.x86_64 nettle-2.7.1-8.el7.x86_64 snappy-1.1.0-3.el7.x86_64 glibc-devel-2.17-307.el7.1.x86_64 xz-libs-5.2.2-1.el7.x86_64 kernel-3.10.0-693.2.2.el7.x86_64 nss-pem-1.0.3-7.el7.x86_64 libyaml-0.1.4-11.el7_0.x86_64 geoipupdate-2.5.0-1.el7.x86_64 python-backports-1.0-8.el7.x86_64 yum-3.4.3-167.el7.centos.noarch xz-5.2.2-1.el7.x86_64 python-requests-toolbelt-0.8.0-1.el7.noarch haveged-1.9.1-1.el7.x86_64 dracut-033-568.el7.x86_64 python-ply-3.4-11.el7.noarch initscripts-9.49.49-1.el7.x86_64 btrfs-progs-4.9.1-1.el7.x86_64 httpd-2.4.6-93.el7.centos.x86_64 perl-constant-1.27-2.el7.noarch php56w-pear-1.10.4-1.w7.noarch perl-Time-HiRes-1.9725-3.el7.x86_64 perl-LWP-MediaTypes-6.02-2.el7.noarch perl-File-Path-2.09-2.el7.noarch htop-2.2.0-3.el7.x86_64 which-2.20-7.el7.x86_64 perl-Net-IP-1.26-4.el7.noarch perl-Pod-Simple-3.28-4.el7.noarch perl-File-Listing-6.04-7.el7.noarch perl-Net-DNS-0.72-6.el7.x86_64 libestr-0.1.9-2.el7.x86_64 perl-WWW-RobotRules-6.02-5.el7.noarch libgcrypt-1.5.3-14.el7.x86_64 cracklib-dicts-2.9.0-11.el7.x86_64 perl-HTML-Parser-3.71-4.el7.x86_64 perl-Encode-Detect-1.01-13.el7.x86_64 libXrender-0.9.10-1.el7.x86_64 python-configobj-4.7.2-7.el7.noarch perl-IO-Socket-IP-0.21-4.el7.noarch centos-indexhtml-7-9.el7.centos.noarch libev-4.15-7.el7.x86_64 make-3.82-23.el7.x86_64 nginx-mod-stream-1.16.1-1.el7.x86_64 nginx-all-modules-1.16.1-1.el7.noarch perl-libs-5.16.3-292.el7.x86_64 apr-util-1.5.2-6.el7.x86_64 mutt-1.5.21-28.el7_5.x86_64 php-getid3-1.9.19-1.el7.noarch openssl-libs-1.0.2k-8.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 links-2.20.2-1.el7.x86_64 mariadb-libs-5.5.56-2.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 os-prober-1.58-9.el7.x86_64 ncdu-1.14.2-2.el7.x86_64 python-kitchen-1.1.1-5.el7.noarch perl-Net-Daemon-0.48-5.el7.noarch libgcc-4.8.5-39.el7.x86_64 php-PsrLog-1.0.2-2.el7.noarch filesystem-3.2-25.el7.x86_64 libpipeline-1.2.3-3.el7.x86_64 php-symfony-filesystem-2.8.12-2.el7.noarch grub2-pc-modules-2.02-0.81.el7.centos.noarch cracklib-2.9.0-11.el7.x86_64 libX11-common-1.6.7-2.el7.noarch yum-metadata-parser-1.1.4-10.el7.x86_64 php-symfony-browser-kit-2.8.12-2.el7.noarch tzdata-2019c-1.el7.noarch php-seld-cli-prompt-1.0.3-1.el7.noarch libsepol-2.5-10.el7.x86_64 crontabs-1.11-6.20121102git.el7.noarch php-IDNA_Convert-0.8.0-2.el7.noarch audit-libs-2.8.5-4.el7.x86_64 php-symfony-event-dispatcher-2.8.12-2.el7.noarch libuuid-2.23.2-63.el7.x86_64 libX11-1.6.7-2.el7.x86_64 libacl-2.2.51-15.el7.x86_64 rootfiles-8.1-11.el7.noarch net-snmp-agent-libs-5.7.2-28.el7_4.1.x86_64 libjpeg-turbo-1.2.90-8.el7.x86_64 graphite2-1.3.10-1.el7_3.x86_64 ntp-4.2.6p5-25.el7.centos.2.x86_64 findutils-4.5.11-6.el7.x86_64 webtatic-release-7-3.noarch libsemanage-2.5-14.el7.x86_64 dejavu-fonts-common-2.33-6.el7.noarch python-libs-2.7.5-88.el7.x86_64 glib2-2.56.1-5.el7.x86_64 gdbm-1.10-8.el7.x86_64 perl-Try-Tiny-0.12-2.el7.noarch libgomp-4.8.5-39.el7.x86_64 perl-Sub-Install-0.926-6.el7.noarch perl-Sys-CPU-0.54-4.el7.x86_64 python2-josepy-1.3.0-2.el7.noarch openssh-7.4p1-12.el7_4.x86_64 perl-Params-Validate-1.08-4.el7.x86_64 perl-Date-Manip-6.41-2.el7.noarch iptables-1.4.21-34.el7.x86_64 munin-common-2.0.33-1.el7.noarch bacula-storage-5.2.13-23.1.el7.x86_64 libutempter-1.1.6-4.el7.x86_64 perl-XML-LibXML-2.0018-5.el7.x86_64 whois-5.1.1-2.el7.x86_64 perl-DateTime-Locale-0.45-6.el7.noarch perl-IO-Multiplex-1.13-6.el7.noarch perl-Net-CIDR-0.18-1.el7.noarch perl-MIME-Types-1.38-2.el7.noarch perl-File-Copy-Recursive-0.38-14.el7.noarch perl-Class-Singleton-1.4-14.el7.noarch perl-Digest-MD5-2.52-3.el7.x86_64 perl-Log-Dispatch-2.41-1.el7.1.noarch xclip-0.12-5.el7.x86_64 popt-1.13-16.el7.x86_64 perl-Log-Log4perl-1.42-2.el7.noarch perl-Term-ReadLine-Gnu-1.26-2.el7.x86_64 kpcli-2.7-3.el7.noarch pakchois-0.4-10.el7.x86_64 php-pear-Mail-Mime-1.10.2-1.el7.noarch libmodman-2.0.1-8.el7.x86_64 mariadb-server-5.5.56-2.el7.x86_64 python2-uritemplate-3.0.0-1.el7.noarch python2-gflags-2.0-5.el7.noarch perl-Socket-2.010-4.el7.x86_64 openssh-server-7.4p1-12.el7_4.x86_64 pexpect-2.3-11.el7.noarch nspr-4.19.0-1.el7_5.x86_64 python-ipaddress-1.0.16-2.el7.noarch mdadm-4.0-5.el7.x86_64 trickle-1.07-19.el7.x86_64 nss-sysinit-3.36.0-5.el7_5.x86_64 python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch python-ndg_httpsclient-0.3.2-1.el7.noarch python-pycparser-2.14-1.el7.noarch python-javapackages-3.4.1-11.el7.noarch python2-pyrfc3339-1.0-2.el7.noarch mailx-12.5-16.el7.x86_64 python-httplib2-0.9.2-1.el7.noarch perl-Digest-SHA-5.85-4.el7.x86_64 perl-Pod-Perldoc-3.20-4.el7.noarch perl-Pod-Usage-1.63-3.el7.noarch perl-Exporter-5.68-3.el7.noarch lvm2-libs-2.02.186-7.el7_8.1.x86_64 perl-Git-1.8.3.1-21.el7_7.noarch libpciaccess-0.14-1.el7.x86_64 gtk2-2.24.31-1.el7.x86_64 dmidecode-3.2-3.el7.x86_64 kernel-tools-libs-3.10.0-1127.el7.x86_64 policycoreutils-python-2.5-34.el7.x86_64 tcpdump-4.9.2-4.el7_7.1.x86_64 lvm2-2.02.186-7.el7_8.1.x86_64 mod_ssl-2.4.6-93.el7.centos.x86_64 subversion-1.7.14-14.el7.x86_64 iptables-services-1.4.21-34.el7.x86_64 acpid-2.0.19-9.el7.x86_64 redhat-rpm-config-9.1.0-88.el7.centos.noarch php56w-gd-5.6.40-1.w7.x86_64 php56w-xml-5.6.40-1.w7.x86_64 vim-enhanced-7.4.629-6.el7.x86_64 sudo-1.8.23-9.el7.x86_64 python2-jsonschema-2.5.1-4.el7.noarch python2-docopt-0.6.2-8.el7.noarch kernel-devel-3.10.0-1127.el7.x86_64 libXfont-1.5.4-1.el7.x86_64 libproxy-0.4.11-11.el7.x86_64 procmail-3.22-36.el7_4.1.x86_64 dialog-1.2-5.20130523.el7.x86_64 libreport-filesystem-2.1.11-53.el7.centos.x86_64 gettext-libs-0.19.8.1-3.el7.x86_64 gobject-introspection-1.56.1-1.el7.x86_64 python-urlgrabber-3.10-10.el7.noarch python2-distro-1.2.0-3.el7.noarch python2-acme-1.3.0-1.el7.noarch audit-libs-python-2.8.5-4.el7.x86_64 jasper-libs-1.900.1-33.el7.x86_64 bind-export-libs-9.11.4-16.P2.el7_8.2.x86_64 vim-minimal-7.4.629-6.el7.x86_64 libXcursor-1.1.15-1.el7.x86_64 libstdc++-devel-4.8.5-39.el7.x86_64 libssh2-1.8.0-3.el7.x86_64 webmin-1.941-1.noarch glibc-headers-2.17-307.el7.1.x86_64 vim-common-7.4.629-6.el7.x86_64 libseccomp-2.3.1-4.el7.x86_64 php56w-pdo-5.6.40-1.w7.x86_64 rpm-4.11.3-43.el7.x86_64 bind-libs-9.11.4-16.P2.el7_8.2.x86_64 yum-plugin-fastestmirror-1.1.31-53.el7.noarch device-mapper-1.02.164-7.el7_8.1.x86_64 cryptsetup-libs-2.0.3-6.el7.x86_64 systemd-libs-219-73.el7_8.5.x86_64 elfutils-default-yama-scope-0.176-4.el7.noarch cronie-anacron-1.4.11-23.el7.x86_64 grub2-tools-2.02-0.81.el7.centos.x86_64 dhclient-4.2.5-79.el7.centos.x86_64 php56w-pecl-libsodium-1.0.6-1.w7.x86_64 perl-Time-Local-1.2300-2.el7.noarch php-PHPMailer-5.2.27-1.el7.noarch perl-PathTools-3.40-5.el7.x86_64 ssldump-0.9-0.9.b3.el7.x86_64 perl-threads-shared-1.43-6.el7.x86_64 perl-Net-LibIDN-0.12-15.el7.x86_64 ncurses-libs-5.9-14.20130511.el7_4.x86_64 perl-Getopt-Long-2.40-2.el7.noarch less-458-9.el7.x86_64 perl-HTTP-Date-6.02-8.el7.noarch chkconfig-1.7.4-1.el7.x86_64 ntfs-3g-2017.3.23-11.el7.x86_64 perl-Digest-HMAC-1.03-5.el7.noarch qrencode-libs-3.4.1-3.el7.x86_64 perl-URI-1.60-9.el7.noarch grep-2.20-3.el7.x86_64 python-pycurl-7.19.0-19.el7.x86_64 perl-HTTP-Message-6.06-6.el7.noarch mozjs17-17.0.0-19.el7.x86_64 python-iniparse-0.4-9.el7.noarch perl-HTTP-Negotiate-6.01-5.el7.noarch pinentry-0.8.1-17.el7.x86_64 perl-libwww-perl-6.05-2.el7.noarch openvpn-2.4.7-1.el7.x86_64 dwz-0.11-3.el7.x86_64 php-justinrainbow-json-schema5-5.2.9-1.el7.noarch varnish-4.0.5-1.el7.x86_64 nginx-mod-http-image-filter-1.16.1-1.el7.x86_64 kernel-3.10.0-327.18.2.el7.x86_64 libunwind-1.2-2.el7.x86_64 nginx-mod-http-perl-1.16.1-1.el7.x86_64 perl-macros-5.16.3-292.el7.x86_64 urlview-0.9-15.20121210git6cfcad.el7.x86_64 libtasn1-4.10-1.el7.x86_64 jbigkit-libs-2.0-11.el7.x86_64 nload-0.7.4-4.el7.x86_64 php-composer-semver-1.5.1-1.el7.noarch openssl-1.0.2k-8.el7.x86_64 polkit-pkla-compat-0.1-4.el7.x86_64 php-composer-spdx-licenses-1.5.3-1.el7.noarch libassuan-2.1.0-3.el7.x86_64 composer-1.10.5-1.el7.noarch perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 pkgconfig-0.27.1-4.el7.x86_64 yum-utils-1.1.31-53.el7.noarch perl-PlRPC-0.2020-14.el7.noarch php-symfony-class-loader-2.8.12-2.el7.noarch libc-client-2007f-16.el7.x86_64 setup-2.8.71-11.el7.noarch gpg-pubkey-352c64e5-52ae6884 php-symfony-finder-2.8.12-2.el7.noarch libXtst-1.2.3-1.el7.x86_64 python-rpm-macros-3-32.el7.noarch gpg-pubkey-11f63c51-3c7dc11d kbd-misc-1.15.5-15.el7.noarch php-symfony-dom-crawler-2.8.12-2.el7.noarch libXpm-3.5.12-1.el7.x86_64 python2-rpm-macros-3-32.el7.noarch php-symfony-dependency-injection-2.8.12-2.el7.noarch bash-4.2.46-34.el7.x86_64 php-jsonlint-1.6.1-1.el7.noarch info-5.1-5.el7.x86_64 php-simplepie-1.3.1-4.el7.noarch php-symfony-http-foundation-2.8.12-2.el7.noarch libXcomposite-0.4.4-4.1.el7.x86_64 libdb-5.3.21-25.el7.x86_64 sed-4.2.2-6.el7.x86_64 p7zip-16.02-10.el7.x86_64 libcap-2.22-11.el7.x86_64 lm_sensors-libs-3.4.0-4.20160601gitf9185e5.el7.x86_64 kernel-3.10.0-514.26.2.el7.x86_64 net-snmp-utils-5.7.2-28.el7_4.1.x86_64 gpg-pubkey-62e74ca5-539c878e libidn-1.28-4.el7.x86_64 libnfnetlink-1.0.1-4.el7.x86_64 perl-List-MoreUtils-0.33-9.el7.x86_64 bacula-libs-5.2.13-23.1.el7.x86_64 autogen-libopts-5.18-5.el7.x86_64 perl-Module-Implementation-0.06-6.el7.noarch perl-Sys-MemInfo-0.91-7.el7.x86_64 perl-Params-Util-1.07-6.el7.x86_64 bacula-client-5.2.13-23.1.el7.x86_64 perl-XML-SAX-0.99-9.el7.noarch libXext-1.3.3-3.el7.x86_64 perl-IO-Socket-INET6-2.69-5.el7.noarch libSM-1.2.2-2.el7.x86_64 perl-Cache-Cache-1.06-12.el7.noarch libmpc-1.0.1-3.el7.x86_64 perl-MailTools-2.12-2.el7.noarch mesa-libGL-17.0.1-6.20170307.el7.x86_64 perl-Class-Load-0.20-3.el7.noarch kernel-devel-3.10.0-514.26.2.el7.x86_64 xorg-x11-fonts-Type1-7.5-9.el7.noarch perl-Taint-Runtime-0.03-19.el7.x86_64 perl-Digest-1.17-245.el7.noarch munin-node-2.0.33-1.el7.noarch trousers-0.3.14-2.el7.x86_64 perl-File-KeePass-2.03-10.el7.noarch basesystem-10.0-7.el7.centos.noarch perl-Mail-Sendmail-0.79-21.el7.noarch openssh-clients-7.4p1-12.el7_4.x86_64 libXmu-1.1.2-2.el7.x86_64 perl-XML-DOM-1.44-19.el7.noarch perl-Capture-Tiny-0.24-1.el7.noarch libgpg-error-1.12-3.el7.x86_64 python-pyudev-0.15-9.el7.noarch perl-Sort-Naturally-1.03-8.el7.noarch pango-1.40.4-1.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 mod_evasive-1.10.1-22.el7.x86_64 hardlink-1.0-19.el7.x86_64 python2-pyasn1-modules-0.1.9-7.el7.noarch python-GnuPGInterface-0.3.2-11.el7.noarch gawk-4.0.2-4.el7_3.1.x86_64 nss-util-3.36.0-1.el7_5.x86_64 python-zope-event-4.0.3-2.el7.noarch nss-3.36.0-5.el7_5.x86_64 libXt-1.1.5-3.el7.x86_64 python-augeas-0.5.0-2.el7.noarch python-setuptools-0.9.8-7.el7.noarch man-db-2.6.3-9.el7.x86_64 javapackages-tools-3.4.1-11.el7.noarch python2-dialog-3.3.0-6.el7.noarch perl-Net-SSLeay-1.55-6.el7.x86_64 perl-podlators-2.5.1-3.el7.noarch perl-Pod-Escapes-1.04-292.el7.noarch libxshmfence-1.2-1.el7.x86_64 php56w-pecl-xdebug-2.5.5-2.w7.x86_64 perl-Encode-2.51-7.el7.x86_64 perl-Storable-2.45-3.el7.x86_64 selinux-policy-3.13.1-266.el7.noarch git-1.8.3.1-21.el7_7.x86_64 libdrm-2.4.97-2.el7.x86_64 plymouth-core-libs-0.8.9-0.33.20140113.el7.centos.x86_64 virt-what-1.18-4.el7.x86_64 pcsc-lite-libs-1.8.8-8.el7.x86_64 certbot-1.3.0-1.el7.noarch rsyslog-8.24.0-52.el7.x86_64 grub2-2.02-0.81.el7.centos.x86_64 sysstat-10.1.5-19.el7.x86_64 audit-2.8.5-4.el7.x86_64 awstats-7.7-1.el7.noarch biosdevname-0.7.3-2.el7.x86_64 php56w-mysql-5.6.40-1.w7.x86_64 php56w-process-5.6.40-1.w7.x86_64 php56w-enchant-5.6.40-1.w7.x86_64 gcc-c++-4.8.5-39.el7.x86_64 python-virtualenv-15.1.0-4.el7_7.noarch python2-psutil-5.6.7-1.el7.x86_64 python2-keyring-5.0-4.el7.noarch xfsprogs-4.5.0-20.el7.x86_64 gdisk-0.8.10-3.el7.x86_64 gnutls-3.3.29-9.el7_6.x86_64 libsodium-1.0.18-1.el7.x86_64 libpwquality-1.2.3-5.el7.x86_64 libblkid-2.23.2-63.el7.x86_64 sqlite-3.7.17-8.el7_7.1.x86_64 apr-1.4.8-5.el7.x86_64 libffi-3.0.13-19.el7.x86_64 libmount-2.23.2-63.el7.x86_64 gzip-1.5-10.el7.x86_64 pyOpenSSL-0.13.1-4.el7.x86_64 binutils-2.27-43.base.el7.x86_64 python-urllib3-1.10.2-7.el7.noarch libuser-0.60-9.el7.x86_64 python2-mock-1.0.1-10.el7.noarch python-linux-procfs-0.4.11-4.el7.noarch python-requests-2.6.0-9.el7_8.noarch python-perf-3.10.0-1127.el7.x86_64 setools-libs-3.3.8-4.el7.x86_64 grubby-8.28-26.el7.x86_64 acl-2.2.51-15.el7.x86_64 libXrandr-1.5.1-2.el7.x86_64 libicu-50.2-4.el7_7.x86_64 cpp-4.8.5-39.el7.x86_64 unzip-6.0-21.el7.x86_64 cairo-1.15.12-4.el7.x86_64 copy-jdk-configs-3.3-10.el7_5.noarch ipset-libs-7.1-1.el7.x86_64 php56w-common-5.6.40-1.w7.x86_64 rpm-libs-4.11.3-43.el7.x86_64 bind-libs-lite-9.11.4-16.P2.el7_8.2.x86_64 rpm-python-4.11.3-43.el7.x86_64 kpartx-0.4.9-131.el7.x86_64 device-mapper-libs-1.02.164-7.el7_8.1.x86_64 elfutils-libs-0.176-4.el7.x86_64 dbus-1.10.24-13.el7_6.x86_64 policycoreutils-2.5-34.el7.x86_64 grub2-tools-minimal-2.02-0.81.el7.centos.x86_64 dhcp-common-4.2.5-79.el7.centos.x86_64 hunspell-en-US-0.20121024-6.el7.noarch php56w-pecl-geoip-1.1.1-1.w7.x86_64 perl-Scalar-List-Utils-1.27-248.el7.x86_64 libedit-3.0-12.20121213cvs.el7.x86_64 perl-HTML-Tagset-3.20-15.el7.noarch perl-threads-1.87-4.el7.x86_64 pcre-8.32-17.el7.x86_64 lzo-2.06-8.el7.x86_64 perl-TimeDate-2.30-2.el7.noarch perl-CGI-3.63-4.el7.noarch libmnl-1.0.3-7.el7.x86_64 perl-Business-ISBN-2.06-2.el7.noarch php-fedora-autoloader-1.0.0-1.el7.noarch perl-IO-HTML-1.00-2.el7.noarch libxcb-1.12-1.el7.x86_64 perl-HTTP-Daemon-6.01-5.el7.noarch perl-Net-HTTP-6.06-2.el7.noarch lz4-1.7.5-3.el7.x86_64 perl-srpm-macros-1-8.el7.noarch perl-LWP-Protocol-https-6.04-4.el7.noarch gpgme-1.3.2-5.el7.x86_64 jemalloc-3.6.0-1.el7.x86_64 nginx-mod-mail-1.16.1-1.el7.x86_64 p11-kit-0.23.5-3.el7.x86_64 lksctp-tools-1.0.17-2.el7.x86_64 nginx-1.16.1-1.el7.x86_64 logrotate-3.8.6-14.el7.x86_64 pixman-0.34.0-1.el7.x86_64 tokyocabinet-1.4.48-3.el7.x86_64 perl-5.16.3-292.el7.x86_64 mailcap-2.1.41-2.el7.noarch oathtool-2.6.2-1.el7.x86_64 p11-kit-trust-0.23.5-3.el7.x86_64 php-seld-phar-utils-1.0.2-1.el7.noarch libpng-1.5.13-7.el7_2.x86_64 pciutils-libs-3.5.1-2.el7.x86_64 libzip-0.10.1-8.el7.x86_64 php-composer-xdebug-handler-1.4.1-1.el7.noarch php-composer-ca-bundle-1.2.7-1.el7.noarch pyparsing-1.5.6-9.el7.noarch perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 libxml2-python-2.9.1-6.el7.4.x86_64 python-schedutils-0.4-6.el7.x86_64 php-symfony-common-2.8.12-2.el7.noarch perl-DBI-1.627-4.el7.x86_64 grub2-common-2.02-0.81.el7.centos.noarch fipscheck-lib-1.4.1-6.el7.x86_64 php-symfony-yaml-2.8.12-2.el7.noarch nmap-ncat-6.40-7.el7.x86_64 python-srpm-macros-3-32.el7.noarch php-symfony-debug-2.8.12-2.el7.noarch kernel-headers-3.10.0-1127.el7.x86_64 libgnome-keyring-3.12.0-1.el7.x86_64 centos-logos-70.0.6-3.el7.centos.noarch php-symfony-css-selector-2.8.12-2.el7.noarch vim-filesystem-7.4.629-6.el7.x86_64 libXfixes-5.0.3-1.el7.x86_64 php-symfony-expression-language-2.8.12-2.el7.noarch glibc-2.17-307.el7.1.x86_64 libxslt-1.1.28-5.el7.x86_64 libXdamage-1.1.4-4.1.el7.x86_64 zlib-1.2.7-18.el7.x86_64 pygpgme-0.3-9.el7.x86_64 php-symfony-polyfill-1.5.0-1.el7.noarch t1lib-5.1.2-14.el7.x86_64 libstdc++-4.8.5-39.el7.x86_64 php-symfony-http-kernel-2.8.12-2.el7.noarch expat-2.1.0-11.el7.x86_64 libattr-2.4.46-13.el7.x86_64 krb5-libs-1.15.1-46.el7.x86_64 readline-6.2-11.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 lsscsi-0.27-6.el7.x86_64 yum-plugin-replace-0.2.7-1.ius.el7.noarch diffutils-3.3-5.el7.x86_64 rrdtool-1.4.8-9.el7.x86_64 libunistring-0.9.3-9.el7.x86_64 perl-Digest-SHA1-2.13-9.el7.x86_64 libfontenc-1.1.3-3.el7.x86_64 perl-XML-SAX-Base-1.08-7.el7.noarch bacula-common-5.2.13-23.1.el7.x86_64 libverto-0.2.5-4.el7.x86_64 perl-Module-Runtime-0.013-4.el7.noarch bacula-libs-sql-5.2.13-23.1.el7.x86_64 pth-2.0.7-23.el7.x86_64 perl-Net-SNMP-6.0.1-7.el7.noarch logwatch-7.4.0-32.20130522svn140.el7.noarch perl-XML-NamespaceSupport-1.11-10.el7.noarch bacula-console-5.2.13-23.1.el7.x86_64 perl-Data-OptList-0.107-9.el7.noarch kernel-3.10.0-327.13.1.el7.x86_64 perl-IPC-ShareLite-0.17-12.el7.x86_64 giflib-4.1.6-9.el7.x86_64 mpfr-3.1.1-4.el7.x86_64 perl-Net-SMTP-SSL-1.01-13.el7.noarch mesa-libgbm-17.0.1-6.20170307.el7.x86_64 perl-Package-Stash-0.34-2.el7.noarch ttmkfdir-3.0.9-42.el7.x86_64 perl-DBD-Pg-2.19.3-4.el7.x86_64 mod_security-2.7.3-5.el7.x86_64 hdparm-9.43-5.el7.x86_64 perl-XML-Parser-2.41-10.el7.x86_64 perl-DateTime-1.04-6.el7.x86_64 perl-XML-RegExp-0.04-2.el7.noarch perl-Term-ShellUI-0.92-2.el7.noarch munin-2.0.33-1.el7.noarch perl-version-0.99.07-2.el7.x86_64 lyx-fonts-2.2.3-1.el7.noarch libcap-ng-0.7.5-4.el7.x86_64 php56w-pecl-apcu-4.0.11-2.w7.x86_64 python-six-1.9.0-2.el7.noarch python-sqlalchemy-0.9.8-2.el7.x86_64 lsof-4.87-4.el7.x86_64 dbus-glib-0.100-7.el7.x86_64 numactl-libs-2.0.9-6.el7_2.x86_64 python2-configargparse-0.11.0-1.el7.noarch neon-0.30.0-3.el7.x86_64 python-lockfile-0.9.1-4.el7.centos.noarch python2-pyasn1-0.1.9-7.el7.noarch PyYAML-3.10-11.el7.x86_64 lua-5.1.4-15.el7.x86_64 nss-softokn-freebl-3.36.0-5.el7_5.x86_64 python-decorator-3.4.0-3.el7.noarch python2-cryptography-1.7.2-2.el7.x86_64 pam-1.1.8-18.el7.x86_64 python-IPy-0.75-6.el7.noarch gpg-pubkey-f4a80eb5-53a7ff4b nss-tools-3.36.0-5.el7_5.x86_64 python-enum34-1.0.4-1.el7.noarch perl-HTTP-Tiny-0.033-3.el7.noarch kernel-devel-3.10.0-693.2.2.el7.x86_64 perl-Text-ParseWords-3.29-4.el7.noarch grub2-pc-2.02-0.81.el7.centos.x86_64 polkit-0.112-26.el7.x86_64 libcgroup-0.41-21.el7.x86_64 avahi-libs-0.6.31-20.el7.x86_64 plymouth-scripts-0.8.9-0.33.20140113.el7.centos.x86_64 libfastjson-0.99.4-3.el7.x86_64 java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7.x86_64 java-1.8.0-openjdk-1.8.0.242.b08-1.el7.x86_64 tuned-2.11.0-8.el7.noarch kexec-tools-2.0.15-43.el7.x86_64 yum-cron-3.4.3-167.el7.centos.noarch kbd-1.15.5-15.el7.x86_64 chrony-3.4-1.el7.x86_64 irqbalance-1.0.7-12.el7.x86_64 php56w-ldap-5.6.40-1.w7.x86_64 php56w-intl-5.6.40-1.w7.x86_64 php56w-snmp-5.6.40-1.w7.x86_64 librsvg2-2.40.20-1.el7.x86_64 python-slip-0.4.0-4.el7.noarch python2-texttable-1.6.2-1.el7.noarch python2-iso8601-0.1.11-8.el7.noarch postgresql-libs-9.2.24-2.el7_7.x86_64 wget-1.14-18.el7_6.1.x86_64 iprutils-2.4.17.1-3.el7_7.x86_64 telnet-0.17-65.el7_8.x86_64 epel-release-7-12.noarch file-5.11-36.el7.x86_64 libcroco-0.6.12-4.el7.x86_64 hostname-3.13-3.el7_7.1.x86_64 libtiff-4.0.3-32.el7.x86_64 ethtool-4.8-10.el7.x86_64 atk-2.28.1-2.el7.x86_64 python-zope-component-4.1.0-5.el7.noarch python2-parsedatetime-2.4-6.el7.noarch python-chardet-2.2.1-3.el7.noarch python-devel-2.7.5-88.el7.x86_64 subversion-libs-1.7.14-14.el7.x86_64 gtk-update-icon-cache-3.22.30-5.el7.x86_64 hicolor-icon-theme-0.12-7.el7.noarch libXinerama-1.1.3-2.1.el7.x86_64 libdb-utils-5.3.21-25.el7.x86_64 e2fsprogs-libs-1.42.9-17.el7.x86_64 libselinux-utils-2.5-15.el7.x86_64 fontconfig-2.13.0-4.3.el7.x86_64 gcc-4.8.5-39.el7.x86_64 gpm-libs-1.20.7-6.el7.x86_64 libcurl-7.29.0-57.el7.x86_64 curl-7.29.0-57.el7.x86_64 GeoIP-1.5.0-14.el7.x86_64 rpm-build-libs-4.11.3-43.el7.x86_64 libsmartcols-2.23.2-63.el7.x86_64 procps-ng-3.3.10-27.el7.x86_64 kmod-20-28.el7.x86_64 systemd-219-73.el7_8.5.x86_64 systemd-sysv-219-73.el7_8.5.x86_64 device-mapper-event-libs-1.02.164-7.el7_8.1.x86_64 dhcp-libs-4.2.5-79.el7.centos.x86_64 grub2-tools-extra-2.02-0.81.el7.centos.x86_64 device-mapper-event-1.02.164-7.el7_8.1.x86_64 libevent-2.0.21-4.el7.x86_64 ncurses-base-5.9-14.20130511.el7_4.noarch perl-File-Temp-0.23.01-3.el7.noarch perl-Encode-Locale-1.03-5.el7.noarch hwdata-0.252-9.5.el7.x86_64 python-cffi-1.6.0-5.el7.x86_64 sysvinit-tools-2.88-14.dsf.el7.x86_64 perl-FCGI-0.74-8.el7.x86_64 plymouth-0.8.9-0.33.20140113.el7.centos.x86_64 ustr-1.0.4-16.el7.x86_64 perl-Geo-IP-1.43-3.el7.x86_64 checkpolicy-2.5-8.el7.x86_64 php-paragonie-random-compat-2.0.18-1.el7.noarch perl-IO-Socket-SSL-1.94-6.el7.noarch selinux-policy-targeted-3.13.1-266.el7.noarch perl-Mozilla-CA-20130114-5.el7.noarch varnish-libs-4.0.5-1.el7.x86_64 postfix-2.10.1-9.el7.x86_64 libXi-1.7.9-1.el7.x86_64 nginx-mod-http-xslt-filter-1.16.1-1.el7.x86_64 gd-2.0.35-26.el7.x86_64 ebtables-2.0.10-16.el7.x86_64 liboath-2.6.2-1.el7.x86_64 php56w-mbstring-5.6.40-1.w7.x86_64 ipset-7.1-1.el7.x86_64 pytz-2016.10-2.el7.noarch cacti-1.2.11-1.el7.noarch perl-Data-Dumper-2.145-3.el7.x86_64 harfbuzz-1.7.5-2.el7.x86_64 centos-release-7-8.2003.0.el7.centos.x86_64 perl-DBD-MySQL-4.023-5.el7.x86_64 php-symfony-process-2.8.12-2.el7.noarch screen-4.1.0-0.25.20120314git3c2946.el7.x86_64 libnetfilter_conntrack-1.0.6-1.el7_3.x86_64 json-c-0.11-4.el7_0.x86_64 kbd-legacy-1.15.5-15.el7.noarch gperftools-libs-2.6.1-1.el7.x86_64 libthai-0.1.14-9.el7.x86_64 pyxattr-0.5.1-5.el7.x86_64 libXxf86vm-1.1.4-1.el7.x86_64 glibc-common-2.17-307.el7.1.x86_64 enchant-1.6.0-8.el7.x86_64 librsync-2.0.2-1.el7.x86_64 openldap-2.4.44-5.el7.x86_64 libcom_err-1.42.9-17.el7.x86_64 php-symfony-console-2.8.12-2.el7.noarch libXft-2.3.2-2.el7.x86_64 elfutils-libelf-0.176-4.el7.x86_64 net-snmp-libs-5.7.2-28.el7_4.1.x86_64 python2-backports-functools_lru_cache-1.2.1-4.el7.noarch cpio-2.11-27.el7.x86_64 shadow-utils-4.6-5.el7.x86_64 dejavu-sans-mono-fonts-2.33-6.el7.noarch parted-3.1-28.el7.x86_64 libICE-1.0.9-9.el7.x86_64 shared-mime-info-1.8-5.el7.x86_64 perl-Crypt-DES-2.05-20.el7.x86_64 libselinux-python-2.5-15.el7.x86_64 mt-st-1.1-14.el7.x86_64 perl-Socket6-0.23-15.el7.x86_64 gettext-0.19.8.1-3.el7.x86_64 perl-Package-DeprecationManager-0.13-7.el7.noarch zip-3.0-11.el7.x86_64 python2-future-0.18.2-2.el7.noarch perl-Net-Server-2.007-2.el7.noarch mesa-libEGL-17.0.1-6.20170307.el7.x86_64 python2-certbot-1.3.0-1.el7.noarch fontpackages-filesystem-1.44-8.el7.noarch perl-MIME-Lite-3.030-1.el7.noarch bzip2-1.0.6-13.el7.x86_64 mariadb-5.5.56-2.el7.x86_64 gdk-pixbuf2-2.36.12-3.el7.x86_64 perl-DateTime-TimeZone-1.63-2.el7.noarch perl-Clone-0.34-5.el7.x86_64 tar-1.26-35.el7.x86_64 perl-HTML-Template-2.95-1.el7.noarch perl-TermReadKey-2.30-20.el7.x86_64 libss-1.42.9-17.el7.x86_64 mod_security_crs-2.2.9-1.el7.noarch python2-six-1.9.0-0.el7.noarch dejavu-sans-fonts-2.33-6.el7.noarch python-idna-2.4-1.el7.noarch libaio-0.3.109-13.el7.x86_64 linux-firmware-20191203-76.gite8a0f4c.el7.noarch python-zope-interface-4.0.5-4.el7.x86_64 dbus-python-1.1.1-9.el7.x86_64 php56w-cli-5.6.40-1.w7.x86_64 ncftp-3.2.5-7.el7.x86_64 nss-softokn-3.36.0-5.el7_5.x86_64 gnupg2-2.0.22-5.el7_5.x86_64 util-linux-2.23.2-63.el7.x86_64 python-lxml-3.2.1-4.el7.x86_64 dbus-libs-1.10.24-13.el7_6.x86_64 perl-parent-0.225-244.el7.noarch cronie-1.4.11-23.el7.x86_64 libsodium13-1.0.5-1.el7.x86_64 ncurses-5.9-14.20130511.el7_4.x86_64 dracut-network-033-568.el7.x86_64 [root@osestaging1 ~]# [root@osestaging1 ~]# # check to see what changes require a reboot, if any [root@osestaging1 ~]# time nice needs-restarting &> "${tmpDir}/needs-restarting.log" real 0m1.645s user 0m1.198s sys 0m0.436s [root@osestaging1 ~]# cat $tmpDir/needs-restarting.log 2615 : sshd: maltfield [priv] 20444 : su - 20443 : sudo su - 1082 : /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a 127.0.0.1:6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -u varnish -g varnish -s malloc,40G 335 : /usr/sbin/sshd -D 554 : /var/ossec/bin/ossec-logcollector 2636 : sshd: maltfield@pts/0 14916 : sshd: maltfield@pts/1 2440 : /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock 1 : /usr/lib/systemd/systemd --system --deserialize 19 46 : /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation 1075 : /usr/sbin/varnishd -P /var/run/varnish.pid -f /etc/varnish/default.vcl -a 127.0.0.1:6081 -T 127.0.0.1:6082 -S /etc/varnish/secret -u varnish -g varnish -s malloc,40G 3195 : su - 11409 : sshd: maltfield [priv] 407 : /usr/bin/perl -wT /usr/sbin/munin-node 540 : /var/ossec/bin/ossec-analysisd 520 : /var/ossec/bin/ossec-execd 738 : /var/ossec/bin/ossec-syscheckd 349 : /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220 751 : /var/ossec/bin/ossec-monitord 440 : /bin/sh /usr/bin/mysqld_safe --basedir=/usr 2647 : -bash 265 : /sbin/dhclient -1 -q -lf /var/lib/dhclient/dhclient--eth0.lease -pf /var/run/dhclient-eth0.pid -H osestaging1 eth0 19 : /usr/lib/systemd/systemd-journald 54 : /usr/lib/systemd/systemd-logind 3196 : -bash 355 : /usr/sbin/openvpn --suppress-timestamps --nobind --config /etc/openvpn/client/client.conf 3194 : sudo su - [root@osestaging1 ~]# [root@osestaging1 ~]# time nice needs-restarting -r &> "${tmpDir}/needs-reboot.log" real 0m0.362s user 0m0.235s sys 0m0.124s [root@osestaging1 ~]# cat $tmpDir/needs-reboot.log Core libraries or services have been updated: dbus -> 1:1.10.24-13.el7_6 kernel -> 3.10.0-1127.el7 glibc -> 2.17-307.el7.1 linux-firmware -> 20191203-76.gite8a0f4c.el7 gnutls -> 3.3.29-9.el7_6 systemd -> 219-73.el7_8.5 Reboot is required to ensure that your system benefits from these updates. More information: https://access.redhat.com/solutions/27943 [root@osestaging1 ~]# [root@osestaging1 ~]# # reboot the system to apply kernel changes [root@osestaging1 ~]# reboot
- after reboot, I tried to visit www.opensourceecology.org on the staging server, but I was immediately met with an https error indicating that the cert expired September 4, 2018. Strange, the sync should have updated the cert. Did the package updates cause some issue?
- hmm, the cert says it was updated last on April 13 (~2 weeks ago)
[root@osestaging1 conf.d]# ls -lah /etc/letsencrypt/live/ total 16K drwx------. 4 root root 4.0K Nov 27 2017 . drwxr-xr-x. 9 root root 4.0K Mar 9 16:57 .. drwxr-xr-x. 2 root root 4.0K Apr 13 04:20 openbuildinginstitute.org drwxr-xr-x. 2 root root 4.0K Apr 13 04:20 opensourceecology.org [root@osestaging1 conf.d]# ls -lah /etc/letsencrypt/live/opensourceecology.org/ total 12K drwxr-xr-x. 2 root root 4.0K Apr 13 04:20 . drwx------. 4 root root 4.0K Nov 27 2017 .. lrwxrwxrwx. 1 root root 46 Apr 13 04:20 cert.pem -> ../../archive/opensourceecology.org/cert29.pem lrwxrwxrwx. 1 root root 47 Apr 13 04:20 chain.pem -> ../../archive/opensourceecology.org/chain29.pem lrwxrwxrwx. 1 root root 51 Apr 13 04:20 fullchain.pem -> ../../archive/opensourceecology.org/fullchain29.pem lrwxrwxrwx. 1 root root 49 Apr 13 04:20 privkey.pem -> ../../archive/opensourceecology.org/privkey29.pem -rw-r--r--. 1 root root 543 Nov 27 2017 README [root@osestaging1 conf.d]#
- hmm...nginx won't even restart at all
[root@osestaging1 conf.d]# systemctl restart nginx Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details. [root@osestaging1 conf.d]#
- the error log suggests that there's a conflict when trying to bind() to the server's tun0 (vpn) IP on port 443
[root@osestaging1 ~]# journalctl -f ... Apr 28 12:11:24 osestaging1 nginx[23616]: nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/ssl.opensourceecology.org.include:11 Apr 28 12:11:24 osestaging1 nginx[23616]: nginx: [warn] conflicting server name "_" on 10.241.189.11:443, ignored Apr 28 12:11:24 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use) Apr 28 12:11:25 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use) Apr 28 12:11:25 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use) Apr 28 12:11:26 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use) Apr 28 12:11:26 osestaging1 nginx[23616]: nginx: [emerg] bind() to 10.241.189.11:443 failed (98: Address already in use) Apr 28 12:11:27 osestaging1 nginx[23616]: nginx: [emerg] still could not bind() Apr 28 12:11:27 osestaging1 systemd[1]: nginx.service: control process exited, code=exited status=1 Apr 28 12:11:27 osestaging1 systemd[1]: Failed to start The nginx HTTP and reverse proxy server. Apr 28 12:11:27 osestaging1 systemd[1]: Unit nginx.service entered failed state. Apr 28 12:11:27 osestaging1 systemd[1]: nginx.service failed. Apr 28 12:11:27 osestaging1 polkitd[52]: Unregistered Authentication Agent for unix-process:23608:1631663499 (system bus name :1.176, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) ^C [root@osestaging1 ~]#
- interesting, it looks like apache is now listening on 443?
[root@osestaging1 conf.d]# ss -plan | grep 443 tcp LISTEN 0 128 [::]:443 [::]:* users:(("httpd",pid=21969,fd=8),("httpd",pid=589,fd=8),("httpd",pid=584,fd=8),("httpd",pid=583,fd=8),("httpd",pid=582,fd=8),("httpd",pid=580,fd=8),("httpd",pid=341,fd=8)) [root@osestaging1 conf.d]#
- woah, there's 5x new files in /etc/httpd/conf.d
- here's the staging server's 33 files
[root@osestaging1 conf.d]# ls -1 | wc -l 33 [root@osestaging1 conf.d]# ls 000-www.opensourceecology.org.conf mod_security.conf 00-fef.opensourceecology.org.conf mod_security.wordpress.include 00-forum.opensourceecology.org.conf munin.20180304.bak 00-microfactory.opensourceecology.org.conf munin.opensourceecology.org.conf 00-oswh.opensourceecology.org.conf php.conf 00-phplist.opensourceecology.org.conf README 00-seedhome.openbuildinginstitute.org.conf ssl.conf 00-store.opensourceecology.org.conf ssl.conf.disabled 00-wiki.opensourceecology.org.conf ssl.conf.orig 00-www.openbuildinginstitute.org.conf ssl.openbuildinginstitute.org autoindex.conf ssl.opensourceecology.org awstats.conf staging.openbuildinginstitute.org.conf.bak awstats.openbuildinginstitute.org.conf staging.opensourceecology.org.conf awstats.opensourceecology.org.conf userdir.conf cacti.conf varnishTest.conf.disabled certbot.conf welcome.conf mod_evasive.conf [root@osestaging1 conf.d]#
- and here's the prod server's 28 files
[root@opensourceecology conf.d]# pwd /etc/httpd/conf.d [root@opensourceecology conf.d]# ls -1 | wc -l 28 [root@opensourceecology conf.d]# ls 000-www.opensourceecology.org.conf mod_evasive.conf 00-fef.opensourceecology.org.conf mod_security.conf 00-forum.opensourceecology.org.conf mod_security.wordpress.include 00-microfactory.opensourceecology.org.conf munin.20180304.bak 00-oswh.opensourceecology.org.conf munin.opensourceecology.org.conf 00-phplist.opensourceecology.org.conf php.conf 00-seedhome.openbuildinginstitute.org.conf README 00-store.opensourceecology.org.conf ssl.conf.disabled 00-wiki.opensourceecology.org.conf ssl.conf.orig 00-www.openbuildinginstitute.org.conf ssl.openbuildinginstitute.org awstats.openbuildinginstitute.org.conf ssl.opensourceecology.org awstats.opensourceecology.org.conf staging.openbuildinginstitute.org.conf.bak cacti.conf staging.opensourceecology.org.conf certbot.conf varnishTest.conf.disabled [root@opensourceecology conf.d]#
- A diff shows the following new files popped-up on the staging server after the package updates
autoindex.conf awstats.conf ssl.conf userdir.conf welcome.conf
- As well as listening on 443, these files create a bunch of new Directory and Location blocks that expose parts of our server. Bleh, let's remove all them
[root@osestaging1 conf.d]# mv /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/autoindex.conf.`date "+%Y%m%d_%H%M%S"`.disabled [root@osestaging1 conf.d]# mv /etc/httpd/conf.d/awstats.conf /etc/httpd/conf.d/awstats.conf.`date "+%Y%m%d_%H%M%S"`.disabled [root@osestaging1 conf.d]# mv /etc/httpd/conf.d/ssl.conf.disabled /etc/httpd/conf.d/ssl.conf.disabled.old [root@osestaging1 conf.d]# mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.`date "+%Y%m%d_%H%M%S"`.disabled [root@osestaging1 conf.d]# mv /etc/httpd/conf.d/userdir.conf /etc/httpd/conf.d/userdir.conf.`date "+%Y%m%d_%H%M%S"`.disabled [root@osestaging1 conf.d]# mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.`date "+%Y%m%d_%H%M%S"`.disabled [root@osestaging1 conf.d]# systemctl restart httpd [root@osestaging1 conf.d]# systemctl restart nginx [root@osestaging1 conf.d]#
- ok that worked. I guess the cert was some old self-signed cert distributed by apache. Now the site is accessible ☺
- I confirmed that all the other sites were good too. Except phplist, whoose 'is_staging' file didn't exist because its docrooot is named 'public_html' instead of the usual 'htdocs' expected in the syncToStaging.sh script. I fixed that
#runOnStaging 'for docroot in $(sudo find /var/www/html/* -maxdepth 1 -name htdocs -type d); do echo 'true' | sudo tee "$docroot/is_staging"; done' runOnStaging 'for docroot in $(sudo find /var/www/html/* -maxdepth 1 -regextype awk -regex ".*(htdocs|public_html)" -type d); do echo "true" | sudo tee "$docroot/is_staging"; done'
- I confirmed that I could also edit a page (and purge the cache) on the osemain site
- I confimred that I could also access both the awstats & munin sites
- And finally I confirmed that I could login and make a change on the wiki
- That concludes the testing; I think this is ready for prod on Monday
Mon Apr 27, 2020
- I want to do a `yum update` to upgrade all of the packages installed on our production server to their latest versions and give the server a reboot (t apply, eg, kernel upgrades)
- I began to checkout some nginx graphs to determine what would be a good dey & time to do this change with minimal impact from the downtime
- stragnely, I noticed a huge ever-growig spike in the "writing" processes of the "nginx status" weekly graph
File:Munin_nginx_week.20200427.gif File:Munin_nginx_month.20200427.gif File:Munin_nginx_year.20200427.gif
- the yearly graphs shows that it was near-zero through the entire months of Feb & March, then it spiked in April. Really strange..
- hmm..apparently our requests graph shows requests on port 80; we should be looking at port 443 https://munin.opensourceecology.org:4443/localhost/localhost/nginx_wiki_opensourceecology_org_request.html
- A quick curl shows the current status. 60 writing!
[root@opensourceecology munin]# pwd /etc/munin [root@opensourceecology munin]# ls plugin-conf.d/ amavis df fw_ hddtemp_smartctl munin-node postfix postgres sendmail zzz-ose [root@opensourceecology munin]# cat plugin-conf.d/zzz-ose # ose-specific configs go here per this doc # * http://guide.munin-monitoring.org/en/latest/plugin/use.html#configuring [nginx_wiki.opensourceecology.org_*] env.url https://wiki.opensourceecology.org/nginx_status env.graph_title graph title env.graph_info graph info goes here [nginx_www.opensourceecology.org_*] env.url https://www.opensourceecology.org/nginx_status [mysql*] user root group wheel env.mysqlopts -u munin_user -pqd2qQiFdeNGepvhv5dsQx4rVt7pRyFJ [multips_memory] env.names varnishd mysqld httpd varnishlog systemd-journal rsyslogd b2 nginx munin munin-node ssh sshd openvpn tuned ossec-analysisd bash vim screen tail gpg gpg2 polkitd tuned [root@opensourceecology munin]# curl https://wiki.opensourceecology.org/nginx_status Active connections: 77 server accepts handled requests 18190954 18190954 24376179 Reading: 0 Writing: 60 Waiting: 15 [root@opensourceecology munin]#
- I woulde expect "waiting" to be high due to keep-alive, but writing? I'd expect reading to be higher than writing, and they should be about the same. But here "reading" is flat zero.
- actually, it looks like "writing" is usually much higher than "reading" probably because it's the case that a server's connection is much more stable than a client's, so the server has to stay in the "writing" state until clients with poor connections confirm the transactions https://nginx.org/en/docs/http/ngx_http_stub_status_module.html
- this serverfault question shows a similar type of graph--where reading is near-zero and writing is this sawtooth climbing-falling shape month-to-month https://serverfault.com/questions/675971/is-it-normal-for-nginx-to-accumulate-connections-in-writing-state
- the conclusion was that it was a faulty implementaton of protocols SPDY and HTTP/2, but it's been fixed since our current version (1.16.1
[root@opensourceecology munin]# nginx -v nginx version: nginx/1.16.1 [root@opensourceecology munin]#
- what I really don't understand s what changed in April when this started to climb. It's possible that an attack or crawl started then?
- anyway, this doesn't appear to be impacting our uptime in any way. The server's still basically idle. If it becomes an actual issue, then perhaps I can track what the client IPs are for nginx processes stuck in the "writing" state and also the pages they're accessing and maybe adjust 'keepalive_timeout'
- looks like this climb started on the 2020-04-20. But I didn't do anything OSE-related from 2020-04-11 until 2020-04-22. Not sure what happend on the 20th..
- A quick check at awstats shows the following IPs as our top clients for wiki.opensourceecology.org (note that munin nginx stats are blended together for all sites, but the awstats logs are distinct, so the wiki is just a best guess)
2a02:8109:98c0:36a8:8e7c:495c:68c:e4e4 31.13.191.173 47.133.48.12 51.15.246.137 66.102.6.130 68.56.114.230 71.85.148.111 76.189.142.119 78.113.133.139 130.185.155.59 152.44.74.166 167.114.92.59 167.88.7.134 173.249.10.94 173.48.239.135 180.150.113.19 185.59.207.9 196.196.244.93 216.235.121.70 2001:985:2ce:1:36f:9c55:3f0d:3ac
- geo lookups show those IPs in Sweeden, US (Chicago, New York, Michigan, Missouri, North Carolina, Massachusetts, Washington, Google), France (Paris), Canada (Montreal), Germany (Nurnberg, Berlin), Austrailia (Adelaide), UK (Waterlooville), Neatherlands (Amsterdam)
- ahh, I found the Tor exit node = 167.88.7.134
[maltfield@opensourceecology log]$ sudo grep -irl '167.88.7.134' [sudo] password for maltfield: nginx/wiki.opensourceecology.org/access.log-20200427 nginx/www.openbuildinginstitute.org/access.log-20200427 nginx/awstats.opensourceecology.org/access.log-20200427 nginx/www.opensourceecology.org/access.log-20200427 secure [maltfield@opensourceecology log]$
- We actually don't appear to have a very strong sine graph on our hourly usage day-to-day. In munin it's really hard to see, but in awstats it looks like our wiki's traffic is generally a bit less between the hours of 23-7 (it's most busy between 15-22). So maybe we do the upgrade at ~05:00? The backups run at 04:20
- It's not clear when the backup finishes exactly, so I updated our backup.sh script to echo out the timestamp just before it exits. If it's too close to 07:00, I may want to just manually kick-off a backup at ~01:00 UTC, make my change, reboot the server, and then hope that another backup is kicked-off again after the change is complete.
- I sent an email to Marcin about this, asking if there's any times where I should *not* do the CHG
Hey Marcin, When would be a good time to do a update of all the packages installed on our production server? This process may involve some downtime. As a prereq to doing the Docker/Discourse install on our production server, I'd like to go ahead and upgrade all of the yum-installed packages on the server. It's probably been more than a year since I've done this (except for security-critical updates, which are preformed automatically), so there will be a *lot* of updates. After the update, I'd like to reboot the server to apply all the changes, which may include kernel updates. The reboot means this change will necessarily include downtime. And if there's any substantial package changes, more complications could arise. So it would be wise to schedule this change wisely (ie: not in the middle of a workshop). Our server doesn't have an especially obvious daily sine usage graph, but it appears that the lowest traffic to the wiki is between the hours of 23:00-07:00-ish UTC. Are there any days/times that I should *not* preform this CHG? Thank you, Michael Altfield Senior System Administrator PGP Fingerprint: 8A4B 0AF8 162F 3B6A 79B7 70D2 AA3E DF71 60E2 D97B Open Source Ecology www.opensourceecology.org
- I couldn't find any other coorelation in munin graphs, but our 'rss' graph finally has some useful data in it that hasn't been uploaded to the wiki yet, so I downloaded those.
- note the take-away is that our biggest RAM consumers are varnish, mysql, and apache. Nginx is surprisingly low. And the cycle of apache and varnish is pretty wild and useful to know
- ...
- Anyway, back to upgrading the yum packages on prod. I created a CHG ticket for this, tenativley scheduled for Monday (1 week from today) at 07:00 UTC https://wiki.opensourceecology.org/wiki/CHG-2020-05-04_yum_update
- Marcin replied to my email, saying "that sounds good to me" regarding my scheduling
- ok, let me go through this process on Staging. First I'll do a sync from prod to staging and reboot the staging server
- after the sync & reboot, I started poking at `man yum`
- I want to get a single command now on statging that will define a set of pacakges and versions to be updated so that I can duplicate what I'm doing on staging (which has been validated) exactly on production. As such, I should not just do a `yum update` as that could easily produce different results from one second to the next
- It looks like I want to use `yum update-to <list of packages w/ versions>`
- there doesn't appear to be an easy way to get a list of packages from yum that are to be updated in the format that it wants for the `yum update-to X Y Z` command. The output for `yum --assumeno update...` and `yum list updates` all appear to be human readable, with the package name, arch, and version in distinct columns. What I need is <package name>-<version>.<arch>
- let's see if I can hack this together with the unzip command, for example
[root@osestaging1 ~]# yum --assumeno update | grep 'will be an update' | grep unzip ---> Package unzip.x86_64 0:6.0-21.el7 will be an update [root@osestaging1 ~]#
- And
[root@osestaging1 ~]# yum list updates | grep unzip unzip.x86_64 6.0-21.el7 base [root@osestaging1 ~]#
- Unfortunately they wedge the package name and arch together. If they were actually different fields than this simple awk would work
[root@osestaging1 ~]# yum list updates | grep unzip | awk '{print $1 "-" $2}' unzip.x86_64-6.0-21.el7 [root@osestaging1 ~]# yum list updates | grep unzip | awk '{print $1 "-" $2}' | xargs yum update-to Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: mirror.plustech.de * epel: mirrors.n-ix.net * extras: mirror.alpix.eu * updates: mirror.alpix.eu * webtatic: uk.repo.webtatic.com No Match for argument: unzip.x86_64-6.0-21.el7 No package unzip.x86_64-6.0-21.el7 available. No packages marked for update [root@osestaging1 ~]#
- some sed/awk magic makes this useable
[root@osestaging1 ~]# yum list updates | grep unzip | awk '{print $1 "|" $2}' | sed 's/\..*|/-/' unzip-6.0-21.el7 [root@osestaging1 ~]# yum list updates | grep unzip | awk '{print $1 "|" $2}' | sed 's/\..*|/-/' | xargs yum update-to Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: mirror.plustech.de * epel: mirrors.n-ix.net * extras: mirror.alpix.eu * updates: mirror.alpix.eu * webtatic: uk.repo.webtatic.com Resolving Dependencies --> Running transaction check ---> Package unzip.x86_64 0:6.0-16.el7 will be updated ---> Package unzip.x86_64 0:6.0-21.el7 will be an update --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Updating: unzip x86_64 6.0-21.el7 base 171 k Transaction Summary ======================================================================================================= Upgrade 1 Package Total download size: 171 k Is this ok [y/d/N]: Exiting on user command Your transaction was saved, rerun it with: yum load-transaction /tmp/yum_save_tx.2020-04-27.17-38.npl2_x.yumtx [root@osestaging1 ~]#
- And here's a lst of all the packages to be installed for passing directly to `yum update-to`
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | awk '{print $1 "|" $2}' | sed 's/\..*|/-/' | tr "\n" " " GeoIP-1.5.0-14.el7 acl-2.2.51-15.el7 acpid-2.0.19-9.el7 alsa-lib-1.1.8-1.el7 apr-1.4.8-5.el7 audit-2.8.5-4.el7 audit-libs-2.8.5-4.el7 audit-libs-python-2.8.5-4.el7 augeas-libs-1.4.0-9.el7_7.1 awstats-7.7-1.el7 bash-4.2.46-34.el7 bind-libs-32:9.11.4-16.P2.el7_8.2 bind-libs-lite-32:9.11.4-16.P2.el7_8.2 bind-license-32:9.11.4-16.P2.el7_8.2 bind-utils-32:9.11.4-16.P2.el7_8.2 binutils-2.27-43.base.el7 biosdevname-0.7.3-2.el7 ca-certificates-2019.2.32-76.el7_7 cairo-1.15.12-4.el7 centos-release-7-8.2003.0.el7.centos certbot-1.3.0-1.el7 checkpolicy-2.5-8.el7 chrony-3.4-1.el7 copy-jdk-configs-3.3-10.el7_5 coreutils-8.22-24.el7 cpio-2.11-27.el7 cpp-4.8.5-39.el7 cronie-1.4.11-23.el7 cronie-anacron-1.4.11-23.el7 cryptsetup-libs-2.0.3-6.el7 curl-7.29.0-57.el7 cyrus-sasl-lib-2.1.26-23.el7 dbus-1:1.10.24-13.el7_6 dbus-libs-1:1.10.24-13.el7_6 device-mapper-7:1.02.164-7.el7_8.1 device-mapper-event-7:1.02.164-7.el7_8.1 device-mapper-event-libs-7:1.02.164-7.el7_8.1 device-mapper-libs-7:1.02.164-7.el7_8.1 device-mapper-persistent-data-0.8.5-2.el7 dhclient-12:4.2.5-79.el7.centos dhcp-common-12:4.2.5-79.el7.centos dhcp-libs-12:4.2.5-79.el7.centos dialog-1.2-5.20130523.el7 diffutils-3.3-5.el7 dmidecode-1:3.2-3.el7 dracut-033-568.el7 dracut-network-033-568.el7 e2fsprogs-1.42.9-17.el7 e2fsprogs-libs-1.42.9-17.el7 ebtables-2.0.10-16.el7 elfutils-default-yama-scope-0.176-4.el7 elfutils-libelf-0.176-4.el7 elfutils-libs-0.176-4.el7 epel-release-7-12 ethtool-2:4.8-10.el7 expat-2.1.0-11.el7 file-5.11-36.el7 file-libs-5.11-36.el7 filesystem-3.2-25.el7 findutils-1:4.5.11-6.el7 firewalld-filesystem-0.6.3-8.el7_8.1 fontconfig-2.13.0-4.3.el7 freetype-2.8-14.el7 gcc-4.8.5-39.el7 gcc-c++-4.8.5-39.el7 gdisk-0.8.10-3.el7 gdk-pixbuf2-2.36.12-3.el7 gettext-0.19.8.1-3.el7 gettext-libs-0.19.8.1-3.el7 git-1.8.3.1-21.el7_7 glib2-2.56.1-5.el7 glibc-2.17-307.el7.1 glibc-common-2.17-307.el7.1 glibc-devel-2.17-307.el7.1 glibc-headers-2.17-307.el7.1 gnupg2-2.0.22-5.el7_5 gnutls-3.3.29-9.el7_6 gobject-introspection-1.56.1-1.el7 gperftools-libs-2.6.1-1.el7 gpm-libs-1.20.7-6.el7 grub2-1:2.02-0.81.el7.centos grub2-common-1:2.02-0.81.el7.centos grub2-pc-1:2.02-0.81.el7.centos grub2-pc-modules-1:2.02-0.81.el7.centos grub2-tools-1:2.02-0.81.el7.centos grub2-tools-extra-1:2.02-0.81.el7.centos grub2-tools-minimal-1:2.02-0.81.el7.centos grubby-8.28-26.el7 gzip-1.5-10.el7 harfbuzz-1.7.5-2.el7 hostname-3.13-3.el7_7.1 httpd-2.4.6-93.el7.centos httpd-tools-2.4.6-93.el7.centos hwdata-0.252-9.5.el7 info-5.1-5.el7 initscripts-9.49.49-1.el7 iproute-4.11.0-25.el7_7.2 iprutils-2.4.17.1-3.el7_7 ipset-7.1-1.el7 ipset-libs-7.1-1.el7 iptables-1.4.21-34.el7 iptables-services-1.4.21-34.el7 irqbalance-3:1.0.7-12.el7 jasper-libs-1.900.1-33.el7 java-1-1:1.8.0.242.b08-1.el7 java-1-1:1.8.0.242.b08-1.el7 kbd-1.15.5-15.el7 kbd-legacy-1.15.5-15.el7 kbd-misc-1.15.5-15.el7 kernel-3.10.0-1127.el7 kernel-devel-3.10.0-1127.el7 kernel-headers-3.10.0-1127.el7 kernel-tools-3.10.0-1127.el7 kernel-tools-libs-3.10.0-1127.el7 kexec-tools-2.0.15-43.el7 kmod-20-28.el7 kmod-libs-20-28.el7 kpartx-0.4.9-131.el7 krb5-libs-1.15.1-46.el7 libX11-1.6.7-2.el7 libX11-common-1.6.7-2.el7 libXfont-1.5.4-1.el7 libacl-2.2.51-15.el7 libattr-2.4.46-13.el7 libblkid-2.23.2-63.el7 libcap-2.22-11.el7 libcgroup-0.41-21.el7 libcom_err-1.42.9-17.el7 libcroco-0.6.12-4.el7 libcurl-7.29.0-57.el7 libdb-5.3.21-25.el7 libdb-utils-5.3.21-25.el7 libdrm-2.4.97-2.el7 libfastjson-0.99.4-3.el7 libffi-3.0.13-19.el7 libgcc-4.8.5-39.el7 libgomp-4.8.5-39.el7 libicu-50.2-4.el7_7 libjpeg-turbo-1.2.90-8.el7 libmount-2.23.2-63.el7 libpcap-14:1.5.3-12.el7 libpciaccess-0.14-1.el7 libproxy-0.4.11-11.el7 libpwquality-1.2.3-5.el7 libreport-filesystem-2.1.11-53.el7.centos librsvg2-2.40.20-1.el7 librsync-2.0.2-1.el7 libseccomp-2.3.1-4.el7 libselinux-2.5-15.el7 libselinux-python-2.5-15.el7 libselinux-utils-2.5-15.el7 libsemanage-2.5-14.el7 libsemanage-python-2.5-14.el7 libsepol-2.5-10.el7 libsodium-1.0.18-1.el7 libss-1.42.9-17.el7 libssh2-1.8.0-3.el7 libstdc++-4.8.5-39.el7 libstdc++-devel-4.8.5-39.el7 libtiff-4.0.3-32.el7 libuser-0.60-9.el7 libuuid-2.23.2-63.el7 libxcb-1.13-1.el7 libxml2-2.9.1-6.el7.4 linux-firmware-20191203-76.gite8a0f4c.el7 lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7 logrotate-3.8.6-19.el7 logwatch-7.4.0-35.20130522svn140.el7_5 lsof-4.87-6.el7 lvm2-7:2.02.186-7.el7_8.1 lvm2-libs-7:2.02.186-7.el7_8.1 mailx-12.5-19.el7 make-1:3.82-24.el7 man-db-2.6.3-11.el7 mariadb-1:5.5.65-1.el7 mariadb-libs-1:5.5.65-1.el7 mariadb-server-1:5.5.65-1.el7 mdadm-4.1-4.el7 mesa-libEGL-18.3.4-7.el7 mesa-libGL-18.3.4-7.el7 mesa-libgbm-18.3.4-7.el7 mesa-libglapi-18.3.4-7.el7 mod_security-2.9.2-1.el7 mod_ssl-1:2.4.6-93.el7.centos mozjs17-17.0.0-20.el7 munin-2.0.54-1.el7 munin-common-2.0.54-1.el7 munin-node-2.0.54-1.el7 mutt-5:1.5.21-29.el7 neon-0.30.0-4.el7 net-snmp-1:5.7.2-48.el7_8 net-snmp-agent-libs-1:5.7.2-48.el7_8 net-snmp-libs-1:5.7.2-48.el7_8 net-snmp-utils-1:5.7.2-48.el7_8 nmap-2:6.40-19.el7 nmap-ncat-2:6.40-19.el7 nspr-4.21.0-1.el7 nss-3.44.0-7.el7_7 nss-pem-1.0.3-7.el7 nss-softokn-3.44.0-8.el7_7 nss-softokn-freebl-3.44.0-8.el7_7 nss-sysinit-3.44.0-7.el7_7 nss-tools-3.44.0-7.el7_7 nss-util-3.44.0-4.el7_7 ntp-4.2.6p5-29.el7.centos ntpdate-4.2.6p5-29.el7.centos numactl-libs-2.0.12-5.el7 openldap-2.4.44-21.el7_6 openssh-7.4p1-21.el7 openssh-clients-7.4p1-21.el7 openssh-server-7.4p1-21.el7 openssl-1:1.0.2k-19.el7 openssl-libs-1:1.0.2k-19.el7 openvpn-2.4.8-1.el7 pam-1.1.8-23.el7 pango-1.42.4-4.el7_7 parted-3.1-32.el7 passwd-0.79-6.el7 pciutils-libs-3.5.1-3.el7 perl-4:5.16.3-295.el7 perl-DBD-MySQL-4.023-6.el7 perl-DateTime-TimeZone-1.70-2.el7 perl-Getopt-Long-2.40-3.el7 perl-Git-1.8.3.1-21.el7_7 perl-HTTP-Daemon-6.01-8.el7 perl-IO-Socket-IP-0.21-5.el7 perl-IO-Socket-SSL-1.94-7.el7 perl-Net-CIDR-0.20-1.el7 perl-Pod-Escapes-1:1.04-295.el7 perl-Socket-2.010-5.el7 perl-libs-4:5.16.3-295.el7 perl-macros-4:5.16.3-295.el7 perl-version-3:0.99.07-6.el7 php-PsrLog-1.1.3-1.el7 php-fedora-autoloader-1.0.1-2.el7 php-seld-phar-utils-1.1.0-1.el7 php56w-5.6.40-1.w7 php56w-cli-5.6.40-1.w7 php56w-common-5.6.40-1.w7 php56w-enchant-5.6.40-1.w7 php56w-gd-5.6.40-1.w7 php56w-imap-5.6.40-1.w7 php56w-intl-5.6.40-1.w7 php56w-ldap-5.6.40-1.w7 php56w-mbstring-5.6.40-1.w7 php56w-mysql-5.6.40-1.w7 php56w-pdo-5.6.40-1.w7 php56w-process-5.6.40-1.w7 php56w-snmp-5.6.40-1.w7 php56w-xml-5.6.40-1.w7 plymouth-0.8.9-0.33.20140113.el7.centos plymouth-core-libs-0.8.9-0.33.20140113.el7.centos plymouth-scripts-0.8.9-0.33.20140113.el7.centos policycoreutils-2.5-34.el7 policycoreutils-python-2.5-34.el7 polkit-0.112-26.el7 postfix-2:2.10.1-9.el7 postgresql-libs-9.2.24-2.el7_7 procmail-3.22-36.el7_4.1 procps-ng-3.3.10-27.el7 pyOpenSSL-0.13.1-4.el7 python-2.7.5-88.el7 python-chardet-2.2.1-3.el7 python-devel-2.7.5-88.el7 python-gobject-base-3.22.0-1.el7_4.1 python-libs-2.7.5-88.el7 python-linux-procfs-0.4.11-4.el7 python-perf-3.10.0-1127.el7 python-requests-2.6.0-9.el7_8 python-slip-0.4.0-4.el7 python-urlgrabber-3.10-10.el7 python-urllib3-1.10.2-7.el7 python-virtualenv-15.1.0-4.el7_7 python-zope-component-1:4.1.0-5.el7 python2-acme-1.3.0-1.el7 python2-cached_property-1.5.1-2.el7 python2-certbot-1.3.0-1.el7 python2-docopt-0.6.2-8.el7 python2-future-0.18.2-2.el7 python2-iso8601-0.1.11-8.el7 python2-josepy-1.3.0-2.el7 python2-jsonschema-2.5.1-4.el7 python2-keyring-5.0-4.el7 python2-mock-1.0.1-10.el7 python2-parsedatetime-2.4-6.el7 python2-psutil-5.6.7-1.el7 python2-texttable-1.6.2-1.el7 readline-6.2-11.el7 redhat-rpm-config-9.1.0-88.el7.centos rpm-4.11.3-43.el7 rpm-build-libs-4.11.3-43.el7 rpm-libs-4.11.3-43.el7 rpm-python-4.11.3-43.el7 rsync-3.1.2-10.el7 rsyslog-8.24.0-52.el7 screen-4.1.0-0.25.20120314git3c2946.el7 sed-4.2.2-6.el7 selinux-policy-3.13.1-266.el7 selinux-policy-targeted-3.13.1-266.el7 setools-libs-3.3.8-4.el7 setup-2.8.71-11.el7 shadow-utils-2:4.6-5.el7 shared-mime-info-1.8-5.el7 sqlite-3.7.17-8.el7_7.1 subversion-1.7.14-14.el7 subversion-libs-1.7.14-14.el7 sudo-1.8.23-9.el7 sysstat-10.1.5-19.el7 systemd-219-73.el7_8.5 systemd-libs-219-73.el7_8.5 systemd-sysv-219-73.el7_8.5 tar-2:1.26-35.el7 tcpdump-14:4.9.2-4.el7_7.1 telnet-1:0.17-65.el7_8 tuned-2.11.0-8.el7 tzdata-2019c-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 util-linux-2.23.2-63.el7 vim-common-2:7.4.629-6.el7 vim-enhanced-2:7.4.629-6.el7 vim-filesystem-2:7.4.629-6.el7 vim-minimal-2:7.4.629-6.el7 virt-what-1.18-4.el7 webmin-1.941-1 wget-1.14-18.el7_6.1 xfsprogs-4.5.0-20.el7 xorg-x11-font-utils-1:7.5-21.el7 yum-3.4.3-167.el7.centos yum-cron-3.4.3-167.el7.centos yum-plugin-fastestmirror-1.1.31-53.el7 zlib-1.2.7-18.el7 [root@osestaging1 ~]#
- and pass it. Unfortunately that doesn't work for manay packages. FOr example, dbus
[root@osestaging1 ~]# pkgs=`yum -q list updates 2>&1 | tail -n+2 | awk '{print $1 "|" $2}' | sed 's/\..*|/-/' | tr "\n" " "` [root@osestaging1 ~]# yum update-to $pkgs Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: mirror.plustech.de * epel: mirrors.n-ix.net * extras: mirror.alpix.eu * updates: mirror.alpix.eu * webtatic: uk.repo.webtatic.com No Match for argument: bind-libs-32:9.11.4-16.P2.el7_8.2 No package bind-libs-32:9.11.4-16.P2.el7_8.2 available. No Match for argument: bind-libs-lite-32:9.11.4-16.P2.el7_8.2 No package bind-libs-lite-32:9.11.4-16.P2.el7_8.2 available. No Match for argument: bind-license-32:9.11.4-16.P2.el7_8.2 No package bind-license-32:9.11.4-16.P2.el7_8.2 available. No Match for argument: bind-utils-32:9.11.4-16.P2.el7_8.2 No package bind-utils-32:9.11.4-16.P2.el7_8.2 available. No Match for argument: dbus-1:1.10.24-13.el7_6 ...
- Here's what it says about that dbus package
[root@osestaging1 ~]# yum -q list updates 2>&1 | grep dbus dbus.x86_64 1:1.10.24-13.el7_6 base dbus-libs.x86_64 1:1.10.24-13.el7_6 base [root@osestaging1 ~]# yum update dbus Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: mirror.plustech.de * epel: mirrors.n-ix.net * extras: mirror.alpix.eu * updates: mirror.alpix.eu * webtatic: uk.repo.webtatic.com Resolving Dependencies --> Running transaction check ---> Package dbus.x86_64 1:1.6.12-17.el7 will be updated ---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update --> Processing Dependency: dbus-libs(x86-64) = 1:1.10.24-13.el7_6 for package: 1:dbus-1.10.24-13.el7_6.x86_64 --> Processing Dependency: libdbus-1.so.3(LIBDBUS_PRIVATE_1.10.24)(64bit) for package: 1:dbus-1.10.24-13.el7_6.x86_64 --> Processing Dependency: libdbus-1.so.3(LIBDBUS_1_3)(64bit) for package: 1:dbus-1.10.24-13.el7_6.x86_64 --> Running transaction check ---> Package dbus-libs.x86_64 1:1.6.12-17.el7 will be updated ---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Updating: dbus x86_64 1:1.10.24-13.el7_6 base 245 k Updating for dependencies: dbus-libs x86_64 1:1.10.24-13.el7_6 base 169 k Transaction Summary ======================================================================================================= Upgrade 1 Package (+1 Dependent package) Total download size: 414 k Is this ok [y/d/N]:
- I guess it doesn't like the "1:" preceeding the version. No idea what that even is
[root@osestaging1 ~]# yum update-to dbus-1:1.10.24-13 Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: mirror.plustech.de * epel: mirrors.n-ix.net * extras: mirror.alpix.eu * updates: mirror.alpix.eu * webtatic: uk.repo.webtatic.com No Match for argument: dbus-1:1.10.24-13 No package dbus-1:1.10.24-13 available. No packages marked for update [root@osestaging1 ~]# yum update-to dbus-1.10.24-13.el7_6 Loaded plugins: fastestmirror, replace Loading mirror speeds from cached hostfile * base: mirror.plustech.de * epel: mirrors.n-ix.net * extras: mirror.alpix.eu * updates: mirror.alpix.eu * webtatic: uk.repo.webtatic.com Resolving Dependencies --> Running transaction check ---> Package dbus.x86_64 1:1.6.12-17.el7 will be updated ---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update --> Processing Dependency: dbus-libs(x86-64) = 1:1.10.24-13.el7_6 for package: 1:dbus-1.10.24-13.el7_6.x86_64 --> Processing Dependency: libdbus-1.so.3(LIBDBUS_PRIVATE_1.10.24)(64bit) for package: 1:dbus-1.10.24-13.el7_6.x86_64 --> Processing Dependency: libdbus-1.so.3(LIBDBUS_1_3)(64bit) for package: 1:dbus-1.10.24-13.el7_6.x86_64 --> Running transaction check ---> Package dbus-libs.x86_64 1:1.6.12-17.el7 will be updated ---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update --> Finished Dependency Resolution Dependencies Resolved ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Updating: dbus x86_64 1:1.10.24-13.el7_6 base 245 k Updating for dependencies: dbus-libs x86_64 1:1.10.24-13.el7_6 base 169 k Transaction Summary ======================================================================================================= Upgrade 1 Package (+1 Dependent package) Total download size: 414 k Is this ok [y/d/N]: ^C
- ok, with the same logic as the previous awk/sed for stripping the arch, we can do it here too
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | grep -E 'unzip|dbus' | awk '{print $1 "|" $2}' | sed 's/\..*|.*\:/-/' | sed 's/\..*|/-/' dbus-1.10.24-13.el7_6 dbus-libs-1.10.24-13.el7_6 unzip-6.0-21.el7 [root@osestaging1 ~]#
- close, but there's still problems with 2x packages
[root@osestaging1 ~]# yum update-to $pkgs 2>&1 ... No Match for argument: java-1-1.8.0.242.b08-1.el7 No package java-1-1.8.0.242.b08-1.el7 available. No Match for argument: java-1-1.8.0.242.b08-1.el7 No package java-1-1.8.0.242.b08-1.el7 available.
- Here's the java packages currently installed
[root@osestaging1 ~]# rpm -qa | grep -i java tzdata-java-2017b-1.el7.noarch java-1.8.0-openjdk-1.8.0.181-3.b13.el7_5.x86_64 python-javapackages-3.4.1-11.el7.noarch javapackages-tools-3.4.1-11.el7.noarch java-1.8.0-openjdk-headless-1.8.0.181-3.b13.el7_5.x86_64 [root@osestaging1 ~]#
- Here's our parsing of the package from `yum list updates`. It looks fine to me
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | grep java | awk '{print $1 "|" $2}' | sed 's/\..*|.*\:/-/' | sed 's/\..*|/-/' java-1-1.8.0.242.b08-1.el7 java-1-1.8.0.242.b08-1.el7 tzdata-java-2019c-1.el7 [root@osestaging1 ~]#
- But if I just try to `yum update java` then I can see what it *should* be. Yeah, this is an issue because it's not an arch that I'm removing after the period. Ugh `yum` should just have a fucking way to output the package name as it wants to recieve it without all this damn hacking
======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Updating: java-1.8.0-openjdk x86_64 1:1.8.0.242.b08-1.el7 base 293 k Installing for dependencies: atk x86_64 2.28.1-2.el7 base 263 k avahi-libs x86_64 0.6.31-20.el7 base 62 k cups-libs x86_64 1:1.6.3-43.el7 base 358 k gtk-update-icon-cache x86_64 3.22.30-5.el7 base 27 k gtk2 x86_64 2.24.31-1.el7 base 3.4 M hicolor-icon-theme noarch 0.12-7.el7 base 42 k libXcursor x86_64 1.1.15-1.el7 base 30 k libXinerama x86_64 1.1.3-2.1.el7 base 14 k libXrandr x86_64 1.5.1-2.el7 base 27 k pcsc-lite-libs x86_64 1.8.8-8.el7 base 34 k Updating for dependencies: copy-jdk-configs noarch 3.3-10.el7_5 base 21 k dbus x86_64 1:1.10.24-13.el7_6 base 245 k dbus-libs x86_64 1:1.10.24-13.el7_6 base 169 k java-1.8.0-openjdk-headless x86_64 1:1.8.0.242.b08-1.el7 base 32 M Transaction Summary ======================================================================================================= Install ( 10 Dependent packages) Upgrade 1 Package (+ 4 Dependent packages) Total download size: 37 M Is this ok [y/d/N]:
- This is stupid; I created a serverfault question on this https://serverfault.com/questions/1014455/how-to-list-packages-needing-update-in-format-for-yum-update-to
- Meanwhile, this may work
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | grep -E 'unzip|dbus|java' | awk '{print $1 "|" $2}' | sed 's/\..*|\(.*\:\)*/-/' dbus-1.10.24-13.el7_6 dbus-libs-1.10.24-13.el7_6 java-1-1.8.0.242.b08-1.el7 java-1-1.8.0.242.b08-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 [root@osestaging1 ~]#
- no, it still fails
No Match for argument: java-1-1.8.0.242.b08-1.el7 No Match for argument: java-1-1.8.0.242.b08-1.el7 No package java-1-1.8.0.242.b08-1.el7 available. No package java-1-1.8.0.242.b08-1.el7 available. Resolving Dependencies
- I guess it wants java-1.8.0-openjdk-1.8.0.242.b08-1.el7
[root@osestaging1 ~]# yum update java-1.8.0-openjdk-1.8.0.242.b08-1.el7 ... Dependencies Resolved ======================================================================================================= Package Arch Version Repository Size ======================================================================================================= Updating: java-1.8.0-openjdk x86_64 1:1.8.0.242.b08-1.el7 base 293 k Installing for dependencies: atk x86_64 2.28.1-2.el7 base 263 k avahi-libs x86_64 0.6.31-20.el7 base 62 k cups-libs x86_64 1:1.6.3-43.el7 base 358 k gtk-update-icon-cache x86_64 3.22.30-5.el7 base 27 k gtk2 x86_64 2.24.31-1.el7 base 3.4 M hicolor-icon-theme noarch 0.12-7.el7 base 42 k libXcursor x86_64 1.1.15-1.el7 base 30 k libXinerama x86_64 1.1.3-2.1.el7 base 14 k libXrandr x86_64 1.5.1-2.el7 base 27 k pcsc-lite-libs x86_64 1.8.8-8.el7 base 34 k Updating for dependencies: copy-jdk-configs noarch 3.3-10.el7_5 base 21 k dbus x86_64 1:1.10.24-13.el7_6 base 245 k dbus-libs x86_64 1:1.10.24-13.el7_6 base 169 k java-1.8.0-openjdk-headless x86_64 1:1.8.0.242.b08-1.el7 base 32 M Transaction Summary ======================================================================================================= Install ( 10 Dependent packages) Upgrade 1 Package (+ 4 Dependent packages) Total download size: 37 M Is this ok [y/d/N]: ^Cn Exiting on user command Your transaction was saved, rerun it with: yum load-transaction /tmp/yum_save_tx.2020-04-27.19-23.34MI63.yumtx [root@osestaging1 ~]#
- ok so the sed was clobbering at the first '.' so I fixed that
[root@osestaging1 ~]# yum -q list updates 2>&1 | tail -n+2 | grep -E 'unzip|dbus|java' | awk '{print $1 "|" $2}' | sed 's/\.[^.]*|\(.*\:\)*/-/' dbus-1.10.24-13.el7_6 dbus-libs-1.10.24-13.el7_6 java-1.8.0-openjdk-1.8.0.242.b08-1.el7 java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 [root@osestaging1 ~]#
- And, finally, here's our update command
yum update-to GeoIP-1.5.0-14.el7 acl-2.2.51-15.el7 acpid-2.0.19-9.el7 alsa-lib-1.1.8-1.el7 apr-1.4.8-5.el7 audit-2.8.5-4.el7 audit-libs-2.8.5-4.el7 audit-libs-python-2.8.5-4.el7 augeas-libs-1.4.0-9.el7_7.1 awstats-7.7-1.el7 bash-4.2.46-34.el7 bind-libs-9.11.4-16.P2.el7_8.2 bind-libs-lite-9.11.4-16.P2.el7_8.2 bind-license-9.11.4-16.P2.el7_8.2 bind-utils-9.11.4-16.P2.el7_8.2 binutils-2.27-43.base.el7 biosdevname-0.7.3-2.el7 ca-certificates-2019.2.32-76.el7_7 cairo-1.15.12-4.el7 centos-release-7-8.2003.0.el7.centos certbot-1.3.0-1.el7 checkpolicy-2.5-8.el7 chrony-3.4-1.el7 copy-jdk-configs-3.3-10.el7_5 coreutils-8.22-24.el7 cpio-2.11-27.el7 cpp-4.8.5-39.el7 cronie-1.4.11-23.el7 cronie-anacron-1.4.11-23.el7 cryptsetup-libs-2.0.3-6.el7 curl-7.29.0-57.el7 cyrus-sasl-lib-2.1.26-23.el7 dbus-1.10.24-13.el7_6 dbus-libs-1.10.24-13.el7_6 device-mapper-1.02.164-7.el7_8.1 device-mapper-event-1.02.164-7.el7_8.1 device-mapper-event-libs-1.02.164-7.el7_8.1 device-mapper-libs-1.02.164-7.el7_8.1 device-mapper-persistent-data-0.8.5-2.el7 dhclient-4.2.5-79.el7.centos dhcp-common-4.2.5-79.el7.centos dhcp-libs-4.2.5-79.el7.centos dialog-1.2-5.20130523.el7 diffutils-3.3-5.el7 dmidecode-3.2-3.el7 dracut-033-568.el7 dracut-network-033-568.el7 e2fsprogs-1.42.9-17.el7 e2fsprogs-libs-1.42.9-17.el7 ebtables-2.0.10-16.el7 elfutils-default-yama-scope-0.176-4.el7 elfutils-libelf-0.176-4.el7 elfutils-libs-0.176-4.el7 epel-release-7-12 ethtool-4.8-10.el7 expat-2.1.0-11.el7 file-5.11-36.el7 file-libs-5.11-36.el7 filesystem-3.2-25.el7 findutils-4.5.11-6.el7 firewalld-filesystem-0.6.3-8.el7_8.1 fontconfig-2.13.0-4.3.el7 freetype-2.8-14.el7 gcc-4.8.5-39.el7 gcc-c++-4.8.5-39.el7 gdisk-0.8.10-3.el7 gdk-pixbuf2-2.36.12-3.el7 gettext-0.19.8.1-3.el7 gettext-libs-0.19.8.1-3.el7 git-1.8.3.1-21.el7_7 glib2-2.56.1-5.el7 glibc-2.17-307.el7.1 glibc-common-2.17-307.el7.1 glibc-devel-2.17-307.el7.1 glibc-headers-2.17-307.el7.1 gnupg2-2.0.22-5.el7_5 gnutls-3.3.29-9.el7_6 gobject-introspection-1.56.1-1.el7 gperftools-libs-2.6.1-1.el7 gpm-libs-1.20.7-6.el7 grub2-2.02-0.81.el7.centos grub2-common-2.02-0.81.el7.centos grub2-pc-2.02-0.81.el7.centos grub2-pc-modules-2.02-0.81.el7.centos grub2-tools-2.02-0.81.el7.centos grub2-tools-extra-2.02-0.81.el7.centos grub2-tools-minimal-2.02-0.81.el7.centos grubby-8.28-26.el7 gzip-1.5-10.el7 harfbuzz-1.7.5-2.el7 hostname-3.13-3.el7_7.1 httpd-2.4.6-93.el7.centos httpd-tools-2.4.6-93.el7.centos hwdata-0.252-9.5.el7 info-5.1-5.el7 initscripts-9.49.49-1.el7 iproute-4.11.0-25.el7_7.2 iprutils-2.4.17.1-3.el7_7 ipset-7.1-1.el7 ipset-libs-7.1-1.el7 iptables-1.4.21-34.el7 iptables-services-1.4.21-34.el7 irqbalance-1.0.7-12.el7 jasper-libs-1.900.1-33.el7 java-1.8.0-openjdk-1.8.0.242.b08-1.el7 java-1.8.0-openjdk-headless-1.8.0.242.b08-1.el7 kbd-1.15.5-15.el7 kbd-legacy-1.15.5-15.el7 kbd-misc-1.15.5-15.el7 kernel-3.10.0-1127.el7 kernel-devel-3.10.0-1127.el7 kernel-headers-3.10.0-1127.el7 kernel-tools-3.10.0-1127.el7 kernel-tools-libs-3.10.0-1127.el7 kexec-tools-2.0.15-43.el7 kmod-20-28.el7 kmod-libs-20-28.el7 kpartx-0.4.9-131.el7 krb5-libs-1.15.1-46.el7 libX11-1.6.7-2.el7 libX11-common-1.6.7-2.el7 libXfont-1.5.4-1.el7 libacl-2.2.51-15.el7 libattr-2.4.46-13.el7 libblkid-2.23.2-63.el7 libcap-2.22-11.el7 libcgroup-0.41-21.el7 libcom_err-1.42.9-17.el7 libcroco-0.6.12-4.el7 libcurl-7.29.0-57.el7 libdb-5.3.21-25.el7 libdb-utils-5.3.21-25.el7 libdrm-2.4.97-2.el7 libfastjson-0.99.4-3.el7 libffi-3.0.13-19.el7 libgcc-4.8.5-39.el7 libgomp-4.8.5-39.el7 libicu-50.2-4.el7_7 libjpeg-turbo-1.2.90-8.el7 libmount-2.23.2-63.el7 libpcap-1.5.3-12.el7 libpciaccess-0.14-1.el7 libproxy-0.4.11-11.el7 libpwquality-1.2.3-5.el7 libreport-filesystem-2.1.11-53.el7.centos librsvg2-2.40.20-1.el7 librsync-2.0.2-1.el7 libseccomp-2.3.1-4.el7 libselinux-2.5-15.el7 libselinux-python-2.5-15.el7 libselinux-utils-2.5-15.el7 libsemanage-2.5-14.el7 libsemanage-python-2.5-14.el7 libsepol-2.5-10.el7 libsodium-1.0.18-1.el7 libss-1.42.9-17.el7 libssh2-1.8.0-3.el7 libstdc++-4.8.5-39.el7 libstdc++-devel-4.8.5-39.el7 libtiff-4.0.3-32.el7 libuser-0.60-9.el7 libuuid-2.23.2-63.el7 libxcb-1.13-1.el7 libxml2-2.9.1-6.el7.4 linux-firmware-20191203-76.gite8a0f4c.el7 lm_sensors-libs-3.4.0-8.20160601gitf9185e5.el7 logrotate-3.8.6-19.el7 logwatch-7.4.0-35.20130522svn140.el7_5 lsof-4.87-6.el7 lvm2-2.02.186-7.el7_8.1 lvm2-libs-2.02.186-7.el7_8.1 mailx-12.5-19.el7 make-3.82-24.el7 man-db-2.6.3-11.el7 mariadb-5.5.65-1.el7 mariadb-libs-5.5.65-1.el7 mariadb-server-5.5.65-1.el7 mdadm-4.1-4.el7 mesa-libEGL-18.3.4-7.el7 mesa-libGL-18.3.4-7.el7 mesa-libgbm-18.3.4-7.el7 mesa-libglapi-18.3.4-7.el7 mod_security-2.9.2-1.el7 mod_ssl-2.4.6-93.el7.centos mozjs17-17.0.0-20.el7 munin-2.0.54-1.el7 munin-common-2.0.54-1.el7 munin-node-2.0.54-1.el7 mutt-1.5.21-29.el7 neon-0.30.0-4.el7 net-snmp-5.7.2-48.el7_8 net-snmp-agent-libs-5.7.2-48.el7_8 net-snmp-libs-5.7.2-48.el7_8 net-snmp-utils-5.7.2-48.el7_8 nmap-6.40-19.el7 nmap-ncat-6.40-19.el7 nspr-4.21.0-1.el7 nss-3.44.0-7.el7_7 nss-pem-1.0.3-7.el7 nss-softokn-3.44.0-8.el7_7 nss-softokn-freebl-3.44.0-8.el7_7 nss-sysinit-3.44.0-7.el7_7 nss-tools-3.44.0-7.el7_7 nss-util-3.44.0-4.el7_7 ntp-4.2.6p5-29.el7.centos ntpdate-4.2.6p5-29.el7.centos numactl-libs-2.0.12-5.el7 openldap-2.4.44-21.el7_6 openssh-7.4p1-21.el7 openssh-clients-7.4p1-21.el7 openssh-server-7.4p1-21.el7 openssl-1.0.2k-19.el7 openssl-libs-1.0.2k-19.el7 openvpn-2.4.8-1.el7 pam-1.1.8-23.el7 pango-1.42.4-4.el7_7 parted-3.1-32.el7 passwd-0.79-6.el7 pciutils-libs-3.5.1-3.el7 perl-5.16.3-295.el7 perl-DBD-MySQL-4.023-6.el7 perl-DateTime-TimeZone-1.70-2.el7 perl-Getopt-Long-2.40-3.el7 perl-Git-1.8.3.1-21.el7_7 perl-HTTP-Daemon-6.01-8.el7 perl-IO-Socket-IP-0.21-5.el7 perl-IO-Socket-SSL-1.94-7.el7 perl-Net-CIDR-0.20-1.el7 perl-Pod-Escapes-1.04-295.el7 perl-Socket-2.010-5.el7 perl-libs-5.16.3-295.el7 perl-macros-5.16.3-295.el7 perl-version-0.99.07-6.el7 php-PsrLog-1.1.3-1.el7 php-fedora-autoloader-1.0.1-2.el7 php-seld-phar-utils-1.1.0-1.el7 php56w-5.6.40-1.w7 php56w-cli-5.6.40-1.w7 php56w-common-5.6.40-1.w7 php56w-enchant-5.6.40-1.w7 php56w-gd-5.6.40-1.w7 php56w-imap-5.6.40-1.w7 php56w-intl-5.6.40-1.w7 php56w-ldap-5.6.40-1.w7 php56w-mbstring-5.6.40-1.w7 php56w-mysql-5.6.40-1.w7 php56w-pdo-5.6.40-1.w7 php56w-process-5.6.40-1.w7 php56w-snmp-5.6.40-1.w7 php56w-xml-5.6.40-1.w7 plymouth-0.8.9-0.33.20140113.el7.centos plymouth-core-libs-0.8.9-0.33.20140113.el7.centos plymouth-scripts-0.8.9-0.33.20140113.el7.centos policycoreutils-2.5-34.el7 policycoreutils-python-2.5-34.el7 polkit-0.112-26.el7 postfix-2.10.1-9.el7 postgresql-libs-9.2.24-2.el7_7 procmail-3.22-36.el7_4.1 procps-ng-3.3.10-27.el7 pyOpenSSL-0.13.1-4.el7 python-2.7.5-88.el7 python-chardet-2.2.1-3.el7 python-devel-2.7.5-88.el7 python-gobject-base-3.22.0-1.el7_4.1 python-libs-2.7.5-88.el7 python-linux-procfs-0.4.11-4.el7 python-perf-3.10.0-1127.el7 python-requests-2.6.0-9.el7_8 python-slip-0.4.0-4.el7 python-urlgrabber-3.10-10.el7 python-urllib3-1.10.2-7.el7 python-virtualenv-15.1.0-4.el7_7 python-zope-component-4.1.0-5.el7 python2-acme-1.3.0-1.el7 python2-cached_property-1.5.1-2.el7 python2-certbot-1.3.0-1.el7 python2-docopt-0.6.2-8.el7 python2-future-0.18.2-2.el7 python2-iso8601-0.1.11-8.el7 python2-josepy-1.3.0-2.el7 python2-jsonschema-2.5.1-4.el7 python2-keyring-5.0-4.el7 python2-mock-1.0.1-10.el7 python2-parsedatetime-2.4-6.el7 python2-psutil-5.6.7-1.el7 python2-texttable-1.6.2-1.el7 readline-6.2-11.el7 redhat-rpm-config-9.1.0-88.el7.centos rpm-4.11.3-43.el7 rpm-build-libs-4.11.3-43.el7 rpm-libs-4.11.3-43.el7 rpm-python-4.11.3-43.el7 rsync-3.1.2-10.el7 rsyslog-8.24.0-52.el7 screen-4.1.0-0.25.20120314git3c2946.el7 sed-4.2.2-6.el7 selinux-policy-3.13.1-266.el7 selinux-policy-targeted-3.13.1-266.el7 setools-libs-3.3.8-4.el7 setup-2.8.71-11.el7 shadow-utils-4.6-5.el7 shared-mime-info-1.8-5.el7 sqlite-3.7.17-8.el7_7.1 subversion-1.7.14-14.el7 subversion-libs-1.7.14-14.el7 sudo-1.8.23-9.el7 sysstat-10.1.5-19.el7 systemd-219-73.el7_8.5 systemd-libs-219-73.el7_8.5 systemd-sysv-219-73.el7_8.5 tar-1.26-35.el7 tcpdump-4.9.2-4.el7_7.1 telnet-0.17-65.el7_8 tuned-2.11.0-8.el7 tzdata-2019c-1.el7 tzdata-java-2019c-1.el7 unzip-6.0-21.el7 util-linux-2.23.2-63.el7 vim-common-7.4.629-6.el7 vim-enhanced-7.4.629-6.el7 vim-filesystem-7.4.629-6.el7 vim-minimal-7.4.629-6.el7 virt-what-1.18-4.el7 webmin-1.941-1 wget-1.14-18.el7_6.1 xfsprogs-4.5.0-20.el7 xorg-x11-font-utils-7.5-21.el7 yum-3.4.3-167.el7.centos yum-cron-3.4.3-167.el7.centos yum-plugin-fastestmirror-1.1.31-53.el7 zlib-1.2.7-18.el7
- I'll add the command to install yum-utils so we get the 'needs-restarting' command
yum install yum-utils-1.1.31-53.el7
- I ran the above commands but realized I should have gotten a dump of `rpm -qa` first. I updated the CHG ticket with these commands and I'll redo them on staging tomorrow https://wiki.opensourceecology.org/wiki/CHG-2020-05-04_yum_update#Change_Steps
- strangely, this was the output after the install before I rebooted and it didn't change after I rebooted
[root@osestaging1 ~]# needs-restarting -r Core libraries or services have been updated: dbus -> 1:1.10.24-13.el7_6 systemd -> 219-73.el7_8.5 kernel -> 3.10.0-1127.el7 linux-firmware -> 20191203-76.gite8a0f4c.el7 openssl-libs -> 1:1.0.2k-19.el7 gnutls -> 3.3.29-9.el7_6 glibc -> 2.17-307.el7.1 Reboot is required to ensure that your system benefits from these updates. More information: https://access.redhat.com/solutions/27943 [root@osestaging1 ~]#
Thr Apr 23, 2020
- since yesterday, it appears that the sudo package has been automatically updated by `unattended-upgrades` triggered by our cron job. Horray!
root@osestaging1-discourse-ose:/etc/nginx# dpkg -l | grep -i sudo ii sudo 1.8.27-1+deb10u2 amd64 Provide limited super user privileges to specific users root@osestaging1-discourse-ose:/etc/nginx#
- My cron job was set to trigger it to go off a 04:20
root@osestaging1-discourse-ose:/var/log/nginx# cat /etc/cron.d/unattended-upgrades ################################################################################ # File: /etc/cron.d/unattended-upgrades # Version: 0.1 # Purpose: run unattended-upgrades in lieu of systemd. For more info see # * https://wiki.opensourceecology.org/wiki/Discourse # * https://meta.discourse.org/t/does-discourse-container-use-unattended-upgrades/136296/3 # Author: Michael Altfield <michael@opensourceecology.org> # Created: 2020-03-23 # Updated: 2020-03-23 ################################################################################ 20 04 * * * root /usr/bin/nice /usr/bin/unattended-upgrades --debug root@osestaging1-discourse-ose:/var/log/nginx#
- sure enough, there's an unattended-upgrades log with an entry starting at 04:20. Looks like it installed a hell of a lot more security-critical updates than just sudo, though
==> /var/log/unattended-upgrades/unattended-upgrades.log <== 2020-04-23 04:20:03,462 INFO Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery. 2020-04-23 04:20:03,524 INFO Initial blacklist : 2020-04-23 04:20:03,524 INFO Initial whitelist: 2020-04-23 04:20:03,524 INFO Starting unattended upgrades script 2020-04-23 04:20:03,524 INFO Allowed origins are: origin=Debian,codename=buster,label=Debian, origin=Debian,codename=buster,label=Debian-Security 2020-04-23 04:20:06,461 DEBUG Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^linux-image-unsigned-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*|^linux-buildinfo-[0-9]+\.[0-9\.]+-.*|^linux-source-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages 2020-04-23 04:20:06,481 DEBUG Using (^linux-image-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-headers-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-image-extra-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-modules-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-modules-extra-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-signed-image-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-image-unsigned-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^kfreebsd-image-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^kfreebsd-headers-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^gnumach-image-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^.*-modules-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^.*-kernel-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-backports-modules-.*-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-modules-.*-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-tools-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-cloud-tools-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-buildinfo-3\.10\.0\-957\.21\.3\.el7\.x86_64$|^linux-source-3\.10\.0\-957\.21\.3\.el7\.x86_64$) regexp to find running kernel packages 2020-04-23 04:20:07,539 DEBUG Checking: git ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:07,793 DEBUG Checking: git-man ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:08,054 DEBUG Checking: icu-devtools ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:08,415 DEBUG Checking: libgnutls-dane0 ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:08,597 DEBUG Checking: libgnutls30 ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:08,811 DEBUG Checking: libicu-dev ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:09,000 DEBUG Checking: libicu63 ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:09,314 DEBUG Checking: libssl-dev ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:09,566 DEBUG Checking: libssl1.1 ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:09,819 DEBUG Checking: nodejs ([<Origin component:'main' archive:'' origin:'Node Source' label:'Node Source' site:'deb.nodesource.com' isTrusted:True>]) 2020-04-23 04:20:09,821 DEBUG adjusting candidate version: nodejs=10.15.2~dfsg-2 2020-04-23 04:20:09,855 DEBUG Checking: openssl ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian-Security' site:'security.debian.org' isTrusted:True>]) 2020-04-23 04:20:10,330 DEBUG Checking: sudo ([<Origin component:'main' archive:'stable' origin:'Debian' label:'Debian' site:'deb.debian.org' isTrusted:True>]) 2020-04-23 04:20:11,364 DEBUG pkgs that look like they should be upgraded: git git-man icu-devtools libgnutls-dane0 libgnutls30 libicu-dev libicu63 libssl-dev libssl1.1 openssl sudo 2020-04-23 04:20:14,287 DEBUG fetch.run() result: 0 2020-04-23 04:20:14,863 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 316560 DestFile:'/var/cache/apt/archives/libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/gnutls28/libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb' ID:2 ErrorText: ''> 2020-04-23 04:20:14,875 DEBUG check_conffile_prompt(/var/cache/apt/archives/libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb) 2020-04-23 04:20:14,877 DEBUG found pkg: libgnutls-dane0 2020-04-23 04:20:14,878 DEBUG No conffiles in deb /var/cache/apt/archives/libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb (There is no member named 'conffiles') 2020-04-23 04:20:14,879 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1124428 DestFile:'/var/cache/apt/archives/libgnutls30_3.6.7-4+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u3_amd64.deb' ID:3 ErrorText: ''> 2020-04-23 04:20:14,879 DEBUG check_conffile_prompt(/var/cache/apt/archives/libgnutls30_3.6.7-4+deb10u3_amd64.deb) 2020-04-23 04:20:14,880 DEBUG found pkg: libgnutls30 2020-04-23 04:20:14,884 DEBUG No conffiles in deb /var/cache/apt/archives/libgnutls30_3.6.7-4+deb10u3_amd64.deb (There is no member named 'conffiles') 2020-04-23 04:20:14,891 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1793184 DestFile:'/var/cache/apt/archives/libssl-dev_1.1.1d-0+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl-dev_1.1.1d-0+deb10u3_amd64.deb' ID:4 ErrorText: ''> 2020-04-23 04:20:14,891 DEBUG check_conffile_prompt(/var/cache/apt/archives/libssl-dev_1.1.1d-0+deb10u3_amd64.deb) 2020-04-23 04:20:14,893 DEBUG found pkg: libssl-dev 2020-04-23 04:20:14,894 DEBUG No conffiles in deb /var/cache/apt/archives/libssl-dev_1.1.1d-0+deb10u3_amd64.deb (There is no member named 'conffiles') 2020-04-23 04:20:14,894 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1538460 DestFile:'/var/cache/apt/archives/libssl1.1_1.1.1d-0+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1d-0+deb10u3_amd64.deb' ID:5 ErrorText: ''> 2020-04-23 04:20:14,894 DEBUG check_conffile_prompt(/var/cache/apt/archives/libssl1.1_1.1.1d-0+deb10u3_amd64.deb) 2020-04-23 04:20:14,900 DEBUG found pkg: libssl1.1 2020-04-23 04:20:14,911 DEBUG No conffiles in deb /var/cache/apt/archives/libssl1.1_1.1.1d-0+deb10u3_amd64.deb (There is no member named 'conffiles') 2020-04-23 04:20:14,912 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1620352 DestFile:'/var/cache/apt/archives/git-man_1%3a2.20.1-2+deb10u3_all.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/git/git-man_2.20.1-2+deb10u3_all.deb' ID:6 ErrorText: ''> 2020-04-23 04:20:14,912 DEBUG check_conffile_prompt(/var/cache/apt/archives/git-man_1%3a2.20.1-2+deb10u3_all.deb) 2020-04-23 04:20:14,920 DEBUG found pkg: git-man 2020-04-23 04:20:14,923 DEBUG No conffiles in deb /var/cache/apt/archives/git-man_1%3a2.20.1-2+deb10u3_all.deb (There is no member named 'conffiles') 2020-04-23 04:20:14,923 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 5633060 DestFile:'/var/cache/apt/archives/git_1%3a2.20.1-2+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/g/git/git_2.20.1-2+deb10u3_amd64.deb' ID:7 ErrorText: ''> 2020-04-23 04:20:14,923 DEBUG check_conffile_prompt(/var/cache/apt/archives/git_1%3a2.20.1-2+deb10u3_amd64.deb) 2020-04-23 04:20:14,925 DEBUG found pkg: git 2020-04-23 04:20:14,935 DEBUG conffile line: /etc/bash_completion.d/git-prompt 7baac5c3ced94ebf2c0e1dde65c3b1a6 2020-04-23 04:20:14,938 DEBUG current md5: 7baac5c3ced94ebf2c0e1dde65c3b1a6 2020-04-23 04:20:14,938 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 9186164 DestFile:'/var/cache/apt/archives/libicu-dev_63.1-6+deb10u1_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/i/icu/libicu-dev_63.1-6+deb10u1_amd64.deb' ID:8 ErrorText: ''> 2020-04-23 04:20:14,938 DEBUG check_conffile_prompt(/var/cache/apt/archives/libicu-dev_63.1-6+deb10u1_amd64.deb) 2020-04-23 04:20:14,940 DEBUG found pkg: libicu-dev 2020-04-23 04:20:14,942 DEBUG No conffiles in deb /var/cache/apt/archives/libicu-dev_63.1-6+deb10u1_amd64.deb (There is no member named 'conffiles') 2020-04-23 04:20:14,943 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 188624 DestFile:'/var/cache/apt/archives/icu-devtools_63.1-6+deb10u1_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/i/icu/icu-devtools_63.1-6+deb10u1_amd64.deb' ID:9 ErrorText: ''> 2020-04-23 04:20:14,950 DEBUG check_conffile_prompt(/var/cache/apt/archives/icu-devtools_63.1-6+deb10u1_amd64.deb) 2020-04-23 04:20:14,951 DEBUG found pkg: icu-devtools 2020-04-23 04:20:14,953 DEBUG No conffiles in deb /var/cache/apt/archives/icu-devtools_63.1-6+deb10u1_amd64.deb (There is no member named 'conffiles') 2020-04-23 04:20:14,953 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 8300324 DestFile:'/var/cache/apt/archives/libicu63_63.1-6+deb10u1_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/i/icu/libicu63_63.1-6+deb10u1_amd64.deb' ID:10 ErrorText: ''> 2020-04-23 04:20:14,953 DEBUG check_conffile_prompt(/var/cache/apt/archives/libicu63_63.1-6+deb10u1_amd64.deb) 2020-04-23 04:20:14,954 DEBUG found pkg: libicu63 2020-04-23 04:20:14,956 DEBUG No conffiles in deb /var/cache/apt/archives/libicu63_63.1-6+deb10u1_amd64.deb (There is no member named 'conffiles') 2020-04-23 04:20:14,956 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 844404 DestFile:'/var/cache/apt/archives/openssl_1.1.1d-0+deb10u3_amd64.deb' DescURI: 'http://security.debian.org/debian-security/pool/updates/main/o/openssl/openssl_1.1.1d-0+deb10u3_amd64.deb' ID:11 ErrorText: ''> 2020-04-23 04:20:14,957 DEBUG check_conffile_prompt(/var/cache/apt/archives/openssl_1.1.1d-0+deb10u3_amd64.deb) 2020-04-23 04:20:14,960 DEBUG found pkg: openssl 2020-04-23 04:20:14,961 DEBUG conffile line: /etc/ssl/openssl.cnf 8dd4de5642570c91e9071900b6b9d5bc 2020-04-23 04:20:14,971 DEBUG current md5: 8dd4de5642570c91e9071900b6b9d5bc 2020-04-23 04:20:14,971 DEBUG <apt_pkg.AcquireItem object:Status: 2 Complete: 1 Local: 0 IsTrusted: 1 FileSize: 1244824 DestFile:'/var/cache/apt/archives/sudo_1.8.27-1+deb10u2_amd64.deb' DescURI: 'http://deb.debian.org/debian/pool/main/s/sudo/sudo_1.8.27-1+deb10u2_amd64.deb' ID:1 ErrorText: ''> 2020-04-23 04:20:14,971 DEBUG check_conffile_prompt(/var/cache/apt/archives/sudo_1.8.27-1+deb10u2_amd64.deb) 2020-04-23 04:20:14,974 DEBUG found pkg: sudo 2020-04-23 04:20:14,975 DEBUG conffile line: /etc/init.d/sudo 1153f6e6fa7c0e2166779df6ad43f1a8 2020-04-23 04:20:14,993 DEBUG current md5: 1153f6e6fa7c0e2166779df6ad43f1a8 2020-04-23 04:20:14,993 DEBUG conffile line: /etc/pam.d/sudo 85da64f888739f193fc0fa896680030e 2020-04-23 04:20:15,002 DEBUG current md5: 85da64f888739f193fc0fa896680030e 2020-04-23 04:20:15,002 DEBUG conffile line: /etc/sudoers 45437b4e86fba2ab890ac81db2ec3606 2020-04-23 04:20:15,005 DEBUG current md5: 45437b4e86fba2ab890ac81db2ec3606 2020-04-23 04:20:15,005 DEBUG conffile line: /etc/sudoers.d/README 8d3cf36d1713f40a0ddc38e1b21a51b6 2020-04-23 04:20:15,011 DEBUG current md5: 8d3cf36d1713f40a0ddc38e1b21a51b6 2020-04-23 04:20:15,011 DEBUG blacklist: [] 2020-04-23 04:20:15,011 DEBUG whitelist: [] 2020-04-23 04:20:15,011 INFO Packages that will be upgraded: git git-man icu-devtools libgnutls-dane0 libgnutls30 libicu-dev libicu63 libssl-dev libssl1.1 openssl sudo 2020-04-23 04:20:15,027 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log 2020-04-23 04:20:15,419 DEBUG applying set ['libicu63', 'libicu-dev', 'icu-devtools'] ... 2020-04-23 04:20:31,192 DEBUG left to upgrade {'libssl-dev', 'sudo', 'git-man', 'libssl1.1', 'openssl', 'git ', 'libgnutls-dane0', 'libgnutls30'} 2020-04-23 04:20:31,473 DEBUG applying set ['libssl-dev', 'libssl1.1'] ... 2020-04-23 04:20:40,854 DEBUG left to upgrade {'sudo', 'git-man', 'openssl', 'git', 'libgnutls-dane0', 'libg nutls30'} 2020-04-23 04:20:41,256 DEBUG applying set ['sudo'] ... 2020-04-23 04:20:45,311 DEBUG left to upgrade {'git-man', 'openssl', 'git', 'libgnutls-dane0', 'libgnutls30' } 2020-04-23 04:20:45,535 DEBUG applying set ['git-man'] ... 2020-04-23 04:20:48,234 DEBUG left to upgrade {'libgnutls-dane0', 'openssl', 'libgnutls30', 'git'} 2020-04-23 04:20:48,368 DEBUG applying set ['openssl'] ... 2020-04-23 04:20:51,259 DEBUG left to upgrade {'libgnutls-dane0', 'libgnutls30', 'git'} 2020-04-23 04:20:51,453 DEBUG applying set ['git'] ... 2020-04-23 04:20:56,727 DEBUG left to upgrade {'libgnutls-dane0', 'libgnutls30'} 2020-04-23 04:20:56,897 DEBUG applying set ['libgnutls30', 'libgnutls-dane0'] ... 2020-04-23 04:20:59,859 DEBUG left to upgrade set() 2020-04-23 04:20:59,860 INFO All upgrades installed 2020-04-23 04:21:00,337 DEBUG InstCount=0 DelCount=0 BrokenCount=0 2020-04-23 04:21:00,356 DEBUG Extracting content from /var/log/unattended-upgrades/unattended-upgrades-dpkg. log since 2020-04-23 04:20:03 ==> /var/log/unattended-upgrades/unattended-upgrades-dpkg.log <== Log started: 2020-04-23 04:20:15 debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 48062 files and directories currently installed.) Preparing to unpack .../libicu-dev_63.1-6+deb10u1_amd64.deb ... Unpacking libicu-dev:amd64 (63.1-6+deb10u1) over (63.1-6) ... Preparing to unpack .../icu-devtools_63.1-6+deb10u1_amd64.deb ... Unpacking icu-devtools (63.1-6+deb10u1) over (63.1-6) ... Preparing to unpack .../libicu63_63.1-6+deb10u1_amd64.deb ... Unpacking libicu63:amd64 (63.1-6+deb10u1) over (63.1-6) ... Setting up libicu63:amd64 (63.1-6+deb10u1) ... Setting up icu-devtools (63.1-6+deb10u1) ... Setting up libicu-dev:amd64 (63.1-6+deb10u1) ... Processing triggers for libc-bin (2.28-10) ... Log ended: 2020-04-23 04:20:29 ... Log started: 2020-04-23 04:20:31 debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 48062 files and directories currently installed.) Preparing to unpack .../libssl-dev_1.1.1d-0+deb10u3_amd64.deb ... Unpacking libssl-dev:amd64 (1.1.1d-0+deb10u3) over (1.1.1d-0+deb10u2) ... Preparing to unpack .../libssl1.1_1.1.1d-0+deb10u3_amd64.deb ... Unpacking libssl1.1:amd64 (1.1.1d-0+deb10u3) over (1.1.1d-0+deb10u2) ... Setting up libssl1.1:amd64 (1.1.1d-0+deb10u3) ... Setting up libssl-dev:amd64 (1.1.1d-0+deb10u3) ... Processing triggers for libc-bin (2.28-10) ... Log ended: 2020-04-23 04:20:38 ... Log started: 2020-04-23 04:20:41 debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 48062 files and directories currently installed.) Preparing to unpack .../sudo_1.8.27-1+deb10u2_amd64.deb ... Unpacking sudo (1.8.27-1+deb10u2) over (1.8.27-1+deb10u1) ... Setting up sudo (1.8.27-1+deb10u2) ... invoke-rc.d: could not determine current runlevel invoke-rc.d: policy-rc.d denied execution of restart. Processing triggers for systemd (241-7~deb10u3) ... Log ended: 2020-04-23 04:20:43 ... Log started: 2020-04-23 04:20:45 debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 48062 files and directories currently installed.) Preparing to unpack .../git-man_1%3a2.20.1-2+deb10u3_all.deb ... Unpacking git-man (1:2.20.1-2+deb10u3) over (1:2.20.1-2+deb10u1) ... Setting up git-man (1:2.20.1-2+deb10u3) ... Log ended: 2020-04-23 04:20:46 ... Log started: 2020-04-23 04:20:48 debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 48062 files and directories currently installed.) Preparing to unpack .../openssl_1.1.1d-0+deb10u3_amd64.deb ... Unpacking openssl (1.1.1d-0+deb10u3) over (1.1.1d-0+deb10u2) ... Setting up openssl (1.1.1d-0+deb10u3) ... Log ended: 2020-04-23 04:20:49 ... Log started: 2020-04-23 04:20:51 debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 48062 files and directories currently installed.) Preparing to unpack .../git_1%3a2.20.1-2+deb10u3_amd64.deb ... Unpacking git (1:2.20.1-2+deb10u3) over (1:2.20.1-2+deb10u1) ... Setting up git (1:2.20.1-2+deb10u3) ... Log ended: 2020-04-23 04:20:55 ...Log started: 2020-04-23 04:20:57 debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 48070 files and directories currently installed.) Preparing to unpack .../libgnutls-dane0_3.6.7-4+deb10u3_amd64.deb ... Unpacking libgnutls-dane0:amd64 (3.6.7-4+deb10u3) over (3.6.7-4+deb10u2) ... Preparing to unpack .../libgnutls30_3.6.7-4+deb10u3_amd64.deb ... Unpacking libgnutls30:amd64 (3.6.7-4+deb10u3) over (3.6.7-4+deb10u2) ... Setting up libgnutls30:amd64 (3.6.7-4+deb10u3) ... Setting up libgnutls-dane0:amd64 (3.6.7-4+deb10u3) ... Processing triggers for libc-bin (2.28-10) ... Log ended: 2020-04-23 04:20:58
- Interestingly, it appears to have gotten kicked-off at 08:00 again somehow *shurg*
==> /var/log/unattended-upgrades/unattended-upgrades.log <== 2020-04-23 08:00:15,117 INFO Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery. 2020-04-23 08:00:15,125 INFO Initial blacklist : 2020-04-23 08:00:15,125 INFO Initial whitelist: 2020-04-23 08:00:15,126 INFO Starting unattended upgrades script 2020-04-23 08:00:15,126 INFO Allowed origins are: origin=Debian,codename=buster,label=Debian, origin=Debian,codename=buster,label=Debian-Security 2020-04-23 08:00:20,219 INFO Checking if system is running on battery is skipped. Please install powermgmt-base package to check power status and skip installing updates when the system is running on battery. 2020-04-23 08:00:20,222 INFO Initial blacklist : 2020-04-23 08:00:20,223 INFO Initial whitelist: 2020-04-23 08:00:20,223 INFO Starting unattended upgrades script 2020-04-23 08:00:20,223 INFO Allowed origins are: origin=Debian,codename=buster,label=Debian, origin=Debian,codename=buster,label=Debian-Security 2020-04-23 08:00:24,157 INFO No packages found that can be upgraded unattended and no pending auto-removals
- I documented my solution to the cron bug here https://meta.discourse.org/t/cron-in-docker-container-cannot-make-remove-an-entry-for-the-specified-session/148969/2
- And I also documented my solution to fixing the `unattended-upgrades` install with cron here https://meta.discourse.org/t/does-discourse-container-use-unattended-upgrades/136296/9?u=maltfield
- Finally, I crossed-off the 'unattended-upgrades' requirement from the TODO list!
- ...
- the last item on the TODO list that I haven't even begun yet is the hardened file permissions.
- First I just searched their forums (since there's no fucking documentation for Discourse)
- I found this CentOS install guide; it only said to set the owner to 'discourse' for the whole '/var/discourse/' dir. For us it's currently root:root; we don't even have a 'discourse' user on the box https://meta.discourse.org/t/how-to-install-discourse-on-an-isolated-centos-7-server/73538/22
- I couldn't find anything else, so I posted a topic on it https://meta.discourse.org/t/minimum-hardened-file-permissions/148974
- ...
- Meanwhile, I'm going to test the upgrade documentation again https://wiki.opensourceecology.org/wiki/Discourse#Updating_Discoruse
- I had an update conflict with `install-nginx` again, but the documentation was clear enough for me to resolve this and continue
- I made some slight changes to the upgrade documentation, but otherwise it was smooth.
- I'm crossing-off the "Test/document Discourse upgrade process" TODO item!
- ..
- Now, I'm going to do a fresh install following my guide.
- I already have a backup from the upgrade I just did
[root@osestaging1 base]# echo $tmpDir /var/tmp/discourseUpgrade.20200423_11:15:32 [root@osestaging1 base]# ls -lah /var/tmp/discourseUpgrade.20200423_11\:15\:32/ total 184M drwx------. 2 root root 4.0K Apr 23 11:16 . drwxrwxrwt. 59 root root 12K Apr 23 12:13 .. -rw-r--r--. 1 tgriffing tgriffing 70M Apr 23 11:16 discourse-2020-04-23-111614-v20200417183143.tar.gz -rw-r--r--. 1 root root 114M Apr 23 11:16 discourse_files.20200423_11:15:32.tar.gz [root@osestaging1 base]#
- So now I'm going to clobber the staging server's Discourse install by doing a destructive sync from prod to staging
user@ose:~$ ssh oseprod Last login: Mon Mar 16 06:58:53 2020 from 110-44-121-46.vianet.com.np [maltfield@opensourceecology ~]$ screen -dr syncToSt ... [maltfield@opensourceecology ~]$ sudo su - [sudo] password for maltfield: Last login: Mon Mar 16 06:59:11 UTC 2020 on pts/34 [root@opensourceecology ~]# time nice /root/bin/syncToStaging.sh &> /var/log/syncToStaging.log
- I fixed some minor issues with the documentation's smtp section
- I updated the "inner nginx" config section to include the changes for varnish
- oh fuck, looks like I didn't actually save my varnish config before I wiped it. Fortunately I did log it https://wiki.opensourceecology.org/wiki/Maltfield_Log/2020_Q1#Tue_Mar_23.2C_2020
- ugh, apparently I did the same thing to my "outer" ngingx config file. I'll update the wiki install guide now with these, but this will have to be fully tested again..
- ok, I made some other documentation changes to the install guide too
- I was able to restore and access the site successfully!
- Now the only item left is the permissions/ownership of the files/dirs. I'll tackle that and do another whole-install process next week.
Wed Apr 22, 2020
- I'm returning to some OSE work after a brief segway building-out an open-source COVID-19-related project
- ...
- unfortunately it appears that our anacron *still* hasn't kicked-off the upgrade of sudo via unattended-upgrades
root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo ii sudo 1.8.27-1+deb10u1 amd64 Provide limited super user privileges to specific users root@osestaging1-discourse-ose:/var/www/discourse#
- syslog was flooded with these messages all the way up to the top of the `screen` scrollback
root@osestaging1-discourse-ose:/var/www/discourse# tail -f /var/log/syslog /var/log/unattended-upgrades/* ==> /var/log/syslog <== Apr 22 09:35:01 osestaging1-discourse-ose CRON[21770]: Cannot make/remove an entry for the specified session Apr 22 09:45:01 osestaging1-discourse-ose CRON[22402]: Cannot make/remove an entry for the specified session Apr 22 09:55:01 osestaging1-discourse-ose CRON[23038]: Cannot make/remove an entry for the specified session Apr 22 10:05:01 osestaging1-discourse-ose CRON[23673]: Cannot make/remove an entry for the specified session Apr 22 10:15:01 osestaging1-discourse-ose CRON[24307]: Cannot make/remove an entry for the specified session Apr 22 10:17:01 osestaging1-discourse-ose CRON[24440]: Cannot make/remove an entry for the specified session Apr 22 10:25:01 osestaging1-discourse-ose CRON[24947]: Cannot make/remove an entry for the specified session Apr 22 10:35:01 osestaging1-discourse-ose CRON[25584]: Cannot make/remove an entry for the specified session Apr 22 10:45:01 osestaging1-discourse-ose CRON[26215]: Cannot make/remove an entry for the specified session Apr 22 10:55:01 osestaging1-discourse-ose CRON[26857]: Cannot make/remove an entry for the specified session
- I confirmed that my anacron is in-place
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/cron.daily/unattended-upgrades #!/bin/bash ################################################################################ # File: /etc/cron.daily/unattended-upgrades # Version: 0.1 # Purpose: run unattended-upgrades in lieu of systemd. For more info see # * https://wiki.opensourceecology.org/wiki/Discourse # * https://meta.discourse.org/t/does-discourse-container-use-unattended-upgrades/136296/3 # Author: Michael Altfield <michael@opensourceecology.org> # Created: 2020-03-23 # Updated: 2020-03-23 ################################################################################ /usr/bin/nice /usr/bin/unattended-upgrades --debug root@osestaging1-discourse-ose:/var/www/discourse#
- But I don't see an anacron service running..
root@osestaging1-discourse-ose:/var/www/discourse# ps -ef | grep -i cron root 721 715 0 Mar30 ? 00:00:00 runsv cron root 727 721 0 Mar30 ? 00:00:16 cron -f root 27421 1204 0 11:03 pts/1 00:00:00 grep -i cron root@osestaging1-discourse-ose:/var/www/discourse#
- though, of course, anacron is supposed to be started by regular cron
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/cron.d/anacron SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 30 7 * * * root /usr/sbin/anacron -s >/dev/null root@osestaging1-discourse-ose:/var/www/discourse#
- I manually started anacron; we'll see if that does something
root@osestaging1-discourse-ose:/var/www/discourse# /usr/sbin/anacron -s >/dev/null root@osestaging1-discourse-ose:/var/www/discourse# ps -ef | grep -i cron root 721 715 0 Mar30 ? 00:00:00 runsv cron root 727 721 0 Mar30 ? 00:00:16 cron -f root 30691 0 0 11:54 ? 00:00:00 /usr/sbin/anacron -s root 30698 1204 0 11:55 pts/1 00:00:00 grep -i cron root@osestaging1-discourse-ose:/var/www/discourse#
- I could see from the logs this time that anacron's daily jobs got kicked-off, but still sudo didn't get updated
==> /var/log/syslog <== Apr 22 11:45:01 osestaging1-discourse-ose CRON[30055]: Cannot make/remove an entry for the specified session Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Anacron 2.3 started on 2020-04-22 Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Will run job `cron.daily' in 5 min. Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Will run job `cron.weekly' in 10 min. Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Will run job `cron.monthly' in 15 min. Apr 22 11:54:59 osestaging1-discourse-ose anacron[30691]: Jobs will be executed sequentially Apr 22 11:55:01 osestaging1-discourse-ose CRON[30694]: Cannot make/remove an entry for the specified session Apr 22 11:59:59 osestaging1-discourse-ose anacron[30691]: Job `cron.daily' started Apr 22 11:59:59 osestaging1-discourse-ose anacron[31015]: Updated timestamp for job `cron.daily' to 2020-04-22 Apr 22 12:05:01 osestaging1-discourse-ose CRON[31345]: Cannot make/remove an entry for the specified session ... root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo ii sudo 1.8.27-1+deb10u1 amd64 Provide limited super user privileges to specific users root@osestaging1-discourse-ose:/var/www/discourse#
- I commented out that 'session required pam_loginid.so' line that I've read issues about and re-started anacron
- holy shit that worked
root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo ii sudo 1.8.27-1+deb10u2 amd64 Provide limited super user privileges to specific users root@osestaging1-discourse-ose:/var/www/discourse#
- apparently this was a bug that got fixed in Debain recently, but apparently not our Discourse's debian build https://stackoverflow.com/questions/43323754/cannot-make-remove-an-entry-for-the-specified-session-cron
- I rigged up a sed command for this fix and added it to the Docker install documentation https://wiki.opensourceecology.org/wiki/Discourse#unattended-upgrades
- I did a rebuild of the Discourse docker image (including fixing this damn stuck docker container that tells me docker isn't good for production apps at all)
[root@osestaging1 discourse]# time /var/discourse/launcher rebuild discourse_ose ... 2020-04-22 12:54:22.823 UTC [60] LOG: shutting down 173:M 22 Apr 2020 12:54:22.832 * DB saved on disk 173:M 22 Apr 2020 12:54:22.832 # Redis is now ready to exit, bye bye... 2020-04-22 12:54:22.922 UTC [56] LOG: database system is shut down sha256:24e9ff23984a280d4abdac05971d447f55868c477c542b4e9ae7c9b3c15715d4 6cd93242ddfbf37e847697ac3323623a71ea24c1595972e694dcd7b5e990da95 Removing old container + /bin/docker rm discourse_ose Error response from daemon: container 15a32ba3c8e485f9591c7925dcd48ee44ca0216e4df99570a29e3b04990267dd: driver "overlay2" failed to remove root filesystem: unlinkat /var/lib/docker/overlay2/3a9100ce8740fe74bf3e6d0f1ecf6ea9d5ce97a1270a1fc36348f1ddb60e51ab/merged: device or resource busy starting up existing container + /bin/docker start discourse_ose Error response from daemon: container is marked for removal and cannot be started Error: failed to start containers: discourse_ose real 8m32.751s user 0m1.529s sys 0m1.528s [root@osestaging1 discourse]#
- And I downgraded the app
root@osestaging1-discourse-ose:/var/www/discourse# logout [root@osestaging1 sites-enabled]# /var/discourse/launcher enter discourse_ose root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo ii sudo 1.8.27-1+deb10u2 amd64 Provide limited super user privileges to specific users root@osestaging1-discourse-ose:/var/www/discourse#
- finally, to test this, I re-downgraded the sudo package to the insecure version
root@osestaging1-discourse-ose:/var/www/discourse# apt-get install sudo=1.8.27-1+deb10u1 Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be DOWNGRADED: sudo 0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 11 not upgraded. Need to get 1,244 kB of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://security.debian.org/debian-security buster/updates/main amd64 sudo amd64 1.8.27-1+deb10u1 [1,244 kB] Fetched 1,244 kB in 0s (12.6 MB/s) debconf: delaying package configuration, since apt-utils is not installed dpkg: warning: downgrading sudo from 1.8.27-1+deb10u2 to 1.8.27-1+deb10u1 (Reading database ... 48062 files and directories currently installed.) Preparing to unpack .../sudo_1.8.27-1+deb10u1_amd64.deb ... Unpacking sudo (1.8.27-1+deb10u1) over (1.8.27-1+deb10u2) ... Setting up sudo (1.8.27-1+deb10u1) ... invoke-rc.d: could not determine current runlevel invoke-rc.d: policy-rc.d denied execution of restart. Processing triggers for systemd (241-7~deb10u3) ... root@osestaging1-discourse-ose:/var/www/discourse# dpkg -l | grep -i sudo ii sudo 1.8.27-1+deb10u1 amd64 Provide limited super user privileges to specific users root@osestaging1-discourse-ose:/var/www/discourse#
- I confirmed cron is running
root@osestaging1-discourse-ose:/var/www/discourse# ps -ef | grep -i cron root 723 717 0 13:01 ? 00:00:00 runsv cron root 728 723 0 13:01 ? 00:00:00 cron -f root 1309 763 0 13:08 pts/1 00:00:00 grep -i cron root@osestaging1-discourse-ose:/var/www/discourse#
- And our unattended-upgrades cron is in-place
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/cron.d/unattended-upgrades ################################################################################ # File: /etc/cron.d/unattended-upgrades # Version: 0.1 # Purpose: run unattended-upgrades in lieu of systemd. For more info see # * https://wiki.opensourceecology.org/wiki/Discourse # * https://meta.discourse.org/t/does-discourse-container-use-unattended-upgrades/136296/3 # Author: Michael Altfield <michael@opensourceecology.org> # Created: 2020-03-23 # Updated: 2020-03-23 ################################################################################ 20 04 * * * root /usr/bin/nice /usr/bin/unattended-upgrades --debug root@osestaging1-discourse-ose:/var/www/discourse#
- And our patched /etc/pam.d/cron module is fixed
root@osestaging1-discourse-ose:/var/www/discourse# cat /etc/pam.d/cron # The PAM configuration file for the cron daemon @include common-auth # Sets the loginuid process attribute #session required pam_loginuid.so # Read environment variables from pam_env's default files, /etc/environment # and /etc/security/pam_env.conf. session required pam_env.so # In addition, read system locale information session required pam_env.so envfile=/etc/default/locale @include common-account @include common-session-noninteractive # Sets up user limits, please define limits for cron tasks # through /etc/security/limits.conf session required pam_limits.so root@osestaging1-discourse-ose:/var/www/discourse#
- And now I'll wait to see if if my cron job finally actually kicks-off a run of `unattended-upgrades` to upgrade the insecure version of `sudo` within 24 hours!
- ...
- Meanwhile, back to varnish
- All of the varnish config is done *outside* discourse. When I left off, I found some 403 errors after switching to varnish (maybe not related). Anyway, let's deal with those mod_security rules
- Mod_security is setup in the "inner" nginx inside on the Discourse docker container. Here's the current config
root@osestaging1-discourse-ose:/etc/nginx/conf.d# cat modsecurity.include ################################################################################ # File: modsecurity.include # Version: 0.1 # Purpose: Defines mod_security rules for the discourse vhost # This should be included in the server{} blocks nginx vhosts. # Author: Michael Altfield <michael@opensourceecology.org> # Created: 2019-11-12 # Updated: 2019-11-12 ################################################################################ Include "/etc/modsecurity/modsecurity.conf" # OWASP Core Rule Set, installed from the 'modsecurity-crs' package in debian Include /etc/modsecurity/crs/crs-setup.conf Include /usr/share/modsecurity-crs/rules/*.conf SecRuleRemoveById 949110, 942360 root@osestaging1-discourse-ose:/etc/nginx/conf.d#
- I also noticed a "414 Request-URI Too Large" response from a GET my browser made to https://discourse.opensourceecology.org/admin/reports/bulk?reports%5Bdau_by_mau%5D%5Bcache%5D=true&reports%5Bdau_by_mau%5D%5Bfacets%5D%5B%5D=prev_period&reports%5Bdau_by_mau%5D%5Bstart_date%5D=2020-03-21T00%3A00%3A00.000Z&reports%5Bdau_by_mau%5D%5Bend_date%5D=2020-04-21T23%3A59%3A59.999Z&reports%5Bdaily_engaged_users%5D%5Bcache%5D=true&reports%5Bdaily_engaged_users%5D%5Bfacets%5D%5B%5D=prev_period&reports%5Bdaily_engaged_users%5D%5Bstart_date%5D=2020-03-21T00%3A00%3A00.000Z&reports%5Bdaily_engaged_users%5D%5Bend_date%5D=2020-04-21T23%3A59%3A59.999Z&reports%5Bnew_contributors%5D%5Bcache%5D=true&reports%5Bnew_contributors%5D%5Bfacets%5D%5B%5D=prev_period&reports%5Bnew_contributors%5D%5Bstart_date%5D=2020-03-21T00%3A00%3A00.000Z&reports%5Bnew_contributors%5D%5Bend_date%5D=2020-04-21T23%3A59%3A59.999Z&reports%5Bpage_view_total_reqs%5D%5Bcache%5D=true&reports%5Bpage_view_total_reqs%5D%5Bfacets%5D%5B%5D=prev_period&reports%5Bpage_view_total_reqs%5D%5Bstart_date%5D=2020-03-22T00%3A00%3A00.000Z&reports%5Bpage_view_total_reqs%5D%5Bend_date%5D=2020-04-22T23%3A59%3A59.999Z
- fucking hell no wonder. look at that fucking query string. that's insane!
- but that's only half of it; here's a request cookie '_forum_session'
RmZiVjJySDY1NjVvcXE4QnYwdUpIVVRBYkF2c3JqMGw4WTdGeUhEV1NpakpVQzBRTFIyQnhrN3poUzd6YWIxZ1VHSUQ2S09HSXdnaG9ibUZTZkZkVHhjaThIdk9aK0lhUjBwS2dMd1poa29FMDFqS1pPSUFwM0hyOXF6VW5kY0pyZ21VM1QrbmViNjU2LzY5N0xkcTZ3Qy80OHcvZXZKODkvOGlFVjNKbzZHajZGMmlobU1NYktwZlNuQVh6R3A2UnF1L3hzYWpnTzRGY3JKUFE2SzJJNU55K1ZpSHVWVVJtNWJDT1BodkNRc1NROWtQcVR6S251SlZiSTMvaUsrZjEyRTlqbW9xK0NxN092bkxzeGQxejRlUDR5OTFNOW9SN0YzdUpLMVBvU0hQb1BBV1RKdUtFai9xR05lN2t4dU9SWkQ2U2ZpQmEwcXBDaXFPajdPbGdWOThKOFhaT0VQOWlLTzR4VnJ4KzEwWG5aUis1a3JkOEZQQjl5aHJFTUh2cDB4dm5FYTcyR2IzVkVxMjBSRGh5NnFqUWRsMkcyKzN6Y3krQXZQQUpKZHNCR2JGUWYzUE4rbmhaMUFDZmZGRS0tYTZCSmNDRis4WTRpcmJ2aVQ4d3BxQT09--7d65f5962920fd5f668973ee58e468fd9339f62c
- I remember I brought this up to the devs, and they agreed it was silly but didn't commit to fixing it https://meta.discourse.org/t/discourse-session-cookies-400-request-header-or-cookie-too-large/137245
- maybe that's a different issue that I already fixed, but this is a consequence of similarlly inconsiderate development practices..
- so it looks like the option in nginx that would trigger a 414 error is 'large_client_header_buffers'
- indeed, as I pointed out in the meta.discourse.org topic above, I've set this as a DOS protection tuning. It runs fine for all our other webapps, but apparently Discourse likes to do stupid shit like using ridiculous large URIs in a GET instead of a POST...
[root@osestaging1 nginx]# hostname osestaging1 [root@osestaging1 nginx]# pwd /etc/nginx [root@osestaging1 nginx]# grep -ir 'large_client_header_buffers' * nginx.conf: ; [root@osestaging1 nginx]#
- apparently the default is "large_client_header_buffers 4 8k", so I set that in the server block of the nginx config specific to the discourse site (this is the "outer" nginx config running on the docker host)
[root@osestaging1 nginx]# grep -ir 'large_client_header_buffers' * conf.d/discourse.opensourceecology.org.conf: large_client_header_buffers 4 8k; nginx.conf: large_client_header_buffers 2 1k; [root@osestaging1 nginx]# grep -irC5 'large_client_header_buffers' * conf.d/discourse.opensourceecology.org.conf- conf.d/discourse.opensourceecology.org.conf- # resetting this back to its nginx default to override our DOS protection conf.d/discourse.opensourceecology.org.conf- # since the Discourse developers like to store a ton of data on the URI and conf.d/discourse.opensourceecology.org.conf- # directly in client's cookies instead of using POST and server-side storage conf.d/discourse.opensourceecology.org.conf- # * https://meta.discourse.org/t/discourse-session-cookies-400-request-header-or-cookie-too-large/137245/6 conf.d/discourse.opensourceecology.org.conf: large_client_header_buffers 4 8k; conf.d/discourse.opensourceecology.org.conf- conf.d/discourse.opensourceecology.org.conf- # we can't use the global 'secure.include' file for Discourse, which conf.d/discourse.opensourceecology.org.conf- # requires use of the DELETE http method, for example conf.d/discourse.opensourceecology.org.conf- #include conf.d/secure.include; conf.d/discourse.opensourceecology.org.conf- -- nginx.conf- nginx.conf- # prevent buffer overflows nginx.conf- #client_body_buffer_size 1k; nginx.conf- client_body_buffer_size 900k; nginx.conf- client_header_buffer_size 1k; nginx.conf: large_client_header_buffers 2 1k; nginx.conf- nginx.conf- # allow large posts for image uploads nginx.conf- #client_max_body_size 1k; nginx.conf- #client_max_body_size 900k; nginx.conf- client_max_body_size 10M; [root@osestaging1 nginx]#
- that's it. I was able to login. logout. login again. edit some settings. create a new topic. No mod_security issues or otherwise.
- I updated the documentation to use these new nginx config options
- I did a quick check with `varnishstat` to see if varnish is actually caching. At first the number of hits (all the rows of avg(n) in the top-right) remained all zero. But it was because I was logged-in!
- I logged-out, deleted my session cookies, and started clicking around the topics and I saw the hit rate climb to ~0.4 (per 10 requests). Unfortunately it quickly dropped back to zero (after maybe 30-120 seconds) after DIscourse set a session cookie, even without logging-in! Ugh, it's a pretty weak cache, but at least it'll do some of the heavy lifting to prevent our site from going down in reddit hug-of-death thundering herd viral event..
Sat Apr 11, 2020
- Meeting with Robert
Sun Apr 05, 2020
- Researching Robert Hrvol as my potential replacement as OSE Sysadmin
- I added some items to our OSE Server TODO list https://wiki.opensourceecology.org/wiki/OSE_Server#TODO
- emailed Marcin about a potential meeting with us 3 to discuss this transition and begin ramping-up Robert and assigning his first tasks
Fri Apr 03, 2020
- Our monthly backup report came in with issues:
- the first-of-the-month backup is missing for April 1st
- the day before's March 31st's backup is also missing
- the day before that's March 30th's backup is actually present in the file listing, but it says that it thinks the day before yesterday's backup is actually April 1st, not March 30th--this one may be a bug in the backup report script
ATTENTION: BACKUPS MISSING! WARNING: First of this month's backup (20200401) is missing! WARNING: Yesterday's backup (20200402) is missing! WARNING: The day before yesterday's backup (20200401) is missing! See below for the contents of the backblaze b2 bucket = ose-server-backups monthly_hetzner2_20190501_072001.tar.gpg monthly_hetzner2_20190601_072001.tar.gpg monthly_hetzner2_20190701_072001.tar.gpg monthly_hetzner2_20190901_072001.tar.gpg monthly_hetzner2_20191001_072001.tar.gpg monthly_hetzner2_20191101_072001.tar.gpg monthly_hetzner2_20191201_072001.tar.gpg monthly_hetzner2_20200201_072001.tar.gpg monthly_hetzner2_20200301_072001.tar.gpg weekly_hetzner2_20200316_072001.tar.gpg weekly_hetzner2_20200323_072001.tar.gpg weekly_hetzner2_20200330_072001.tar.gpg yearly_hetzner2_20190101_111520.tar.gpg yearly_hetzner2_20200101_072001.tar.gpg --- Note: This report was generated on 20200403_042001 UTC by script '/root/backups/backupReport.sh' This script was triggered by '/etc/cron.d/backup_to_backblaze' For more information about OSE backups, please see the relevant documentation pages on the wiki: * https://wiki.opensourceecology.org/wiki/Backblaze * https://wiki.opensourceecology.org/wiki/OSE_Server#Backup[[https://wiki.opensourceecology.org/wiki/OSE_Server#Backups|s]]