How to open check_mk port to specific IP address on CentOS 8

I installed the latest check_mk agent on a CentOS 8 server.

dnf install check-mk-agent-2.0.0p13-1.noarch.rpm

To open check_mk port to specific IP address ( for example: 10.10.10.10 is my check_mk host server ) on CentOS 8 server.

firewall-cmd --permanent --zone=public --add-rich-rule='
  rule family="ipv4"
  source address="10.10.10.10/32"
  port protocol="tcp" port="6556" accept'

Always reload firewalld after changes

firewall-cmd --reload

Postfix qmgr process causes heavy overload on RHEL 6

A RHEL 6 Server running some web service not Email service.

This morning found under heavy I/O delay.

Try check it out by:

free -m
vmstat 1
top
  wa  --order by wait I/O

The Postfix qmgr process causes heavy overload, which doesn't make any sense to me.

Have to check the mail queue.

mailq | wc -l

which give me over 40K queued emails.

by reading them, here is same example:

Message  2:
From root@PRODUCTION.localdomain  Thu Feb  2 16:41:01 2018
Return-Path: <root@PRODUCTION.localdomain>
X-Original-To: root
Delivered-To: root@PRODUCTION.localdomain
From: root@PRODUCTION.localdomain (Cron Daemon)
To: root@PRODUCTION.localdomain
Subject: Cron <root@PRODUCTION> /usr/local/check_status.pl
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <SHELL=/bin/bash>
X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin>
X-Cron-Env: <MAILTO=root>
X-Cron-Env: <HOME=/>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Date: Thu,  2 Feb 2018 16:41:01 -0400 (EST)
Status: RO

It turn's out that one of the cron job runs every minute did not have a proprietary MAIL to settings.

Before:

MAILTO=root
HOME=/

* * * * *   root /usr/local/check_status.pl

I changed after:

MAILTO=""
HOME=/

* * * * *   root /usr/local/check_status.pl >/dev/null 2>&1

Then purge all old emails both postfix queue and local mail:

$ postfix -d ALL

$ mail
& delete *
& q

Just want make it more clean, I try to remove the postfix package:

# chkconfig
# service postfix status
# service postfix stop
# chkconfig postfix off
# chkconfig

# yum erase postfix
But it also want remove
cronie
cronie-anacron
crontabs

Which I still want it.

The cron require at lease one MTA on system.
Because we had smart host Email internal.
I did install my favorite SSMTP inside of sendmail.

First Backup the /etc/postfix

# cp -r /etc/postfix ~/etc_postfix_backup

# yum install ssmtp
# yum erase postfix

Setup the /etc/ssmtp/ssmtp.conf, did small test.

Everything looks good.

Please notice the server is not serve as an EMail server.

Reference:

• Postfix qmgr process causes heavy overload


• Disable the Mail Alert by Crontab


• How to Delete all terminal mail

check_mk agent install on CentOS 7 by systemd

Here is the steps I install check_mk agent on CentOS 7 by systemd only without xinit.

first scp the rpm package to CentOS server, then install it:
rpm -ivh check-mk-agent-1.2.8p18-1.noarch.rpm

Open the port 6556:

firewall-cmd --permanent --add-port=6556/tcp
firewall-cmd --reload

Double check the status:

firewall-cmd --list-ports
firewall-cmd --list-services

Restart to make sure the check_mk_agent start on boot.

Hope this helps.

DIY Deep Learning Machine Nvidia Geforce GTX 750 Ti CUDA

I want build an new Deep Learning Machine to replace the existing old Intel Xeon node.

For Better Power Efficiency, I will build the new GPU system inside of CPU.
The old Intel Xeon just too much for a home lab hydro bill.

Here are the parts list and price I paid in CAD.

[table id=1 /]

The reason I pick Geforce GTX 750 Ti is the performance per watt and performance per dollar.

The GeForce 700 series are first generation Maxwell-based chip.
GM107-chips have 1305.6 Single Precision Gflops on paper.

I could go with GeForce 900 Series, but the price and power consume just not good enough for me.
Do your own math on https://en.wikipedia.org/wiki/List_of_Nvidia_graphics_processing_units
Using [Processing Power]/[TDP]

Also few points:
I choice Standard not the OC [OverClock] version for stable reason.
I choice CentOS 7 for stable reason.

This is how I installed the CUDA 7.5 package.

uname -a
yum update
reboot
uname -a
uname -m && cat /etc/*release

yum install gcc
gcc --version

wget http://developer.download.nvidia.com/compute/cuda/repos/rhel7/x86_64/cuda-repo-rhel7-7.5-18.x86_64.rpm

rpm -i cuda-repo-rhel7-7.5-18.x86_64.rpm 
yum clean all
yum update

yum install kernel-devel
rpm -i cuda-repo-rhel7-7.5-18.x86_64.rpm 

wget https://dl.fedoraproject.org/pub/epel/7/x86_64/d/dkms-2.2.0.3-30.git.7c3e7c5.el7.noarch.rpm
rpm -i dkms-2.2.0.3-30.git.7c3e7c5.el7.noarch.rpm 

yum install cuda

rpm -qa|grep nvidia|sort
rpm -qa|grep cuda|sort
cd /usr/local/

cd cuda
ls

cd /etc/ld.so.conf.d/
cat nvidia-lib64.conf 
cat /proc/driver/nvidia/version

cd nvidia/

vi .bash_profile 

Then install the CUDA samples:

cuda-install-samples-7.5.sh /home/cuda/
cd /home/cuda/

cd NVIDIA_CUDA-7.5_Samples/

make

Check the device:

[root@itx release]# ./deviceQuery
./deviceQuery Starting...

 CUDA Device Query (Runtime API) version (CUDART static linking)

Detected 1 CUDA Capable device(s)

Device 0: "GeForce GTX 750 Ti"
  CUDA Driver Version / Runtime Version          7.5 / 7.5
  CUDA Capability Major/Minor version number:    5.0
  Total amount of global memory:                 2048 MBytes (2147287040 bytes)
  ( 5) Multiprocessors, (128) CUDA Cores/MP:     640 CUDA Cores
  GPU Max Clock rate:                            1084 MHz (1.08 GHz)
  Memory Clock rate:                             2700 Mhz
  Memory Bus Width:                              128-bit
  L2 Cache Size:                                 2097152 bytes
  Maximum Texture Dimension Size (x,y,z)         1D=(65536), 2D=(65536, 65536), 3D=(4096, 4096, 4096)
  Maximum Layered 1D Texture Size, (num) layers  1D=(16384), 2048 layers
  Maximum Layered 2D Texture Size, (num) layers  2D=(16384, 16384), 2048 layers
  Total amount of constant memory:               65536 bytes
  Total amount of shared memory per block:       49152 bytes
  Total number of registers available per block: 65536
  Warp size:                                     32
  Maximum number of threads per multiprocessor:  2048
  Maximum number of threads per block:           1024
  Max dimension size of a thread block (x,y,z): (1024, 1024, 64)
  Max dimension size of a grid size    (x,y,z): (2147483647, 65535, 65535)
  Maximum memory pitch:                          2147483647 bytes
  Texture alignment:                             512 bytes
  Concurrent copy and kernel execution:          Yes with 1 copy engine(s)
  Run time limit on kernels:                     No
  Integrated GPU sharing Host Memory:            No
  Support host page-locked memory mapping:       Yes
  Alignment requirement for Surfaces:            Yes
  Device has ECC support:                        Disabled
  Device supports Unified Addressing (UVA):      Yes
  Device PCI Domain ID / Bus ID / location ID:   0 / 1 / 0
  Compute Mode:
     < Default (multiple host threads can use ::cudaSetDevice() with device simultaneously) >

deviceQuery, CUDA Driver = CUDART, CUDA Driver Version = 7.5, CUDA Runtime Version = 7.5, NumDevs = 1, Device0 = GeForce GTX 750 Ti
Result = PASS

[root@itx ~]# nvidia-smi
Mon Apr 11 15:58:37 2016
+------------------------------------------------------+
| NVIDIA-SMI 352.79     Driver Version: 352.79         |
|-------------------------------+----------------------+----------------------+
| GPU  Name        Persistence-M| Bus-Id        Disp.A | Volatile Uncorr. ECC |
| Fan  Temp  Perf  Pwr:Usage/Cap|         Memory-Usage | GPU-Util  Compute M. |
|===============================+======================+======================|
|   0  GeForce GTX 750 Ti  Off  | 0000:01:00.0     Off |                  N/A |
| 40%   23C    P0     1W /  38W |      7MiB /  2047MiB |      0%      Default |
+-------------------------------+----------------------+----------------------+

+-----------------------------------------------------------------------------+
| Processes:                                                       GPU Memory |
|  GPU       PID  Type  Process name                               Usage      |
|=============================================================================|
|  No running processes found                                                 |
+-----------------------------------------------------------------------------+

[root@itx release]# nvidia-smi -L
GPU 0: GeForce GTX 750 Ti (UUID: GPU-eac6aba8-b464-24e2-12fd-27e57bb6e42c)

Run CUDA nbody performance testing 4X times:

[root@itx release]# ./nbody -benchmark -numbodies=256000 -device=0

NOTE: The CUDA Samples are not meant for performance measurements. Results may vary when GPU Boost is enabled.

> Windowed mode
> Simulation data stored in video memory
> Single precision floating point simulation
> 1 Devices used for simulation
gpuDeviceInit() CUDA Device [0]: "GeForce GTX 750 Ti
> Compute 5.0 CUDA device: [GeForce GTX 750 Ti]
number of bodies = 256000
256000 bodies, total time for 10 iterations: 18766.451 ms
= 34.922 billion interactions per second
= 698.438 single-precision GFLOP/s at 20 flops per interaction

gpuDeviceInit() CUDA Device [0]: "GeForce GTX 750 Ti
> Compute 5.0 CUDA device: [GeForce GTX 750 Ti]
number of bodies = 256000
256000 bodies, total time for 10 iterations: 18790.738 ms
= 34.877 billion interactions per second
= 697.535 single-precision GFLOP/s at 20 flops per interaction

> 1 Devices used for simulation
gpuDeviceInit() CUDA Device [0]: "GeForce GTX 750 Ti
> Compute 5.0 CUDA device: [GeForce GTX 750 Ti]
number of bodies = 256000
256000 bodies, total time for 10 iterations: 18768.137 ms
= 34.919 billion interactions per second
= 698.375 single-precision GFLOP/s at 20 flops per interaction

> 1 Devices used for simulation
gpuDeviceInit() CUDA Device [0]: "GeForce GTX 750 Ti
> Compute 5.0 CUDA device: [GeForce GTX 750 Ti]
number of bodies = 256000
256000 bodies, total time for 10 iterations: 18795.025 ms
= 34.869 billion interactions per second
= 697.376 single-precision GFLOP/s at 20 flops per interaction

Centos 7 check_mk agent quick install

1. First Install the package:




yum install check-mk-agent



2. Then Change the /etc/xinetd.d/check-mk-agent:



# configure the IP address(es) of your Nagios server here:
only_from      = 127.0.0.1 192.168.1.31



3. Start xinetd service:



systemctl start  xinetd.service
systemctl enable xinetd.service



4. Allow firewalld on port 6556:



firewall-cmd --add-port=6556/tcp --permanent
firewall-cmd --reload

Disable CentOS 7 Firewalld replace by iptables

CentOS/RHEL 7 came with the new firewall called Firewalld.

It is bit complicated for me, as I am using iptables firewall from many years. The best part: all Linux came with it and you can use same scrip everywhere.

1. First Disalbe Firewalld



systemctl stop firewalld
systemctl disable firewalld



2. Uninstall it if you are more comfort with iptables



yum erase firewalld



3. Install iptables service



yum install iptables-services



4. Enable it in systemd



systemctl start iptables
systemctl enable iptables



5. Apply some basic rules



iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# Accept packets from trusted IP addresses
iptables -A INPUT -s [MY_IP] -j ACCEPT
iptables -A OUTPUT -d [MY_IP] -j ACCEPT

# Accept local nic
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Accept port 80
iptables -A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -m tcp -p tcp --sport 80 -j ACCEPT

# Allow full outgoing connection but no incomming stuff
iptables -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT



6. Save changes

Please notice the old "service iptables save" does not work anymore.
Please use this command to save the changes:


iptables-save > /etc/sysconfig/iptables

Upgrade docker on CentOS 7 Fix Failed to chown socket at step GROUP: No such process

To have the latest Docker, I first start from Docker's Official Guide: https://docs.docker.com/installation/centos/

wget https://get.docker.com/builds/Linux/x86_64/docker-latest -O docker
chmod +x ./docker
cp ./docker /usr/bin/docker

install the two unit files (service and socket) from the github repository to /etc/systemd/system.

systemctl start docker.socket
service docker start

But hold on, it doesn't work!

# service docker start
Redirecting to /bin/systemctl start  docker.service
A dependency job for docker.service failed. See 'journalctl -xn' for details.

Here is the error log:

# journalctl -xn
-- Logs begin at Tue 2014-12-30 13:07:53 EST, end at Tue 2014-12-30 13:25:23 EST. --
Dec 30 13:12:30 ITX kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Dec 30 13:22:53 ITX systemd[1]: Starting Cleanup of Temporary Directories...
-- Subject: Unit systemd-tmpfiles-clean.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit systemd-tmpfiles-clean.service has begun starting up.
Dec 30 13:22:53 ITX systemd[1]: Started Cleanup of Temporary Directories.
-- Subject: Unit systemd-tmpfiles-clean.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit systemd-tmpfiles-clean.service has finished starting up.
--
-- The start-up result is done.
Dec 30 13:25:23 ITX systemd[1]: Starting Docker Socket for the API.
-- Subject: Unit docker.socket has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.socket has begun starting up.
Dec 30 13:25:23 ITX systemd[1868]: Failed to chown socket at step GROUP: No such process
Dec 30 13:25:23 ITX systemd[1]: docker.socket control process exited, code=exited status=216
Dec 30 13:25:23 ITX systemd[1]: Failed to listen on Docker Socket for the API.
-- Subject: Unit docker.socket has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.socket has failed.
--
-- The result is failed.
Dec 30 13:25:23 ITX systemd[1]: Dependency failed for Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is dependency.
Dec 30 13:25:23 ITX systemd[1]: Unit docker.socket entered failed state.

My easy fix solution, install Docker from YUM first. Then replace the docker file with the latest download:

service docker stop
rm /etc/systemd/system/docker.*
cp ./docker /usr/bin/docker
service docker start

After restart it, everything works fine.
At this moment (Dec 30, 2014), the latest stable Docker is 1.4.1

To enable the service and socket in systemd:

# systemctl list-unit-files | grep docker
docker.service                         disabled
docker.socket                          disabled

# chkconfig docker on
Note: Forwarding request to 'systemctl enable docker.service'.
ln -s '/usr/lib/systemd/system/docker.service' '/etc/systemd/system/multi-user.target.wants/docker.service'

# systemctl list-unit-files|grep docker
docker.service                         enabled
docker.socket                          disabled

# systemctl enable docker.socket
ln -s '/usr/lib/systemd/system/docker.socket' '/etc/systemd/system/sockets.target.wants/docker.socket'

# systemctl list-unit-files|grep docker
docker.service                         enabled
docker.socket                          enabled

Thank you!

CentOS 7 install PostgreSQL 9.2.7 with data files on SSD

CentOS 7 is much much newer than 6, highly recommended fro any new "Enterprise" build.

It came with the PostgreSQL is 9.2.7, the latest stable is 9.3.5 from PostgreSQL.org at this moment.
I say 9.2 is good enough for me considering the works RedHat has been done to make it fit.

To install it is super easy:

yum install postgresql-server.x86_64

Loaded plugins: fastestmirror
base                                                                                                            | 3.6 kB  00:00:00
extras                                                                                                          | 3.4 kB  00:00:00
updates                                                                                                         | 3.4 kB  00:00:00
(1/2): extras/7/x86_64/primary_db                                                                               |  33 kB  00:00:00
(2/2): updates/7/x86_64/primary_db                                                                              | 3.6 MB  00:00:00
Loading mirror speeds from cached hostfile
 * base: centos.mirror.rafal.ca
 * extras: mirror.netflash.net
 * updates: centos.mirror.nexicom.net
Resolving Dependencies
--> Running transaction check
---> Package postgresql-server.x86_64 0:9.2.7-1.el7 will be installed
--> Processing Dependency: postgresql-libs(x86-64) = 9.2.7-1.el7 for package: postgresql-server-9.2.7-1.el7.x86_64
--> Processing Dependency: postgresql(x86-64) = 9.2.7-1.el7 for package: postgresql-server-9.2.7-1.el7.x86_64
--> Processing Dependency: libpq.so.5()(64bit) for package: postgresql-server-9.2.7-1.el7.x86_64
--> Running transaction check
---> Package postgresql.x86_64 0:9.2.7-1.el7 will be installed
---> Package postgresql-libs.x86_64 0:9.2.7-1.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                                Arch                        Version                            Repository                 Size
=======================================================================================================================================
Installing:
 postgresql-server                      x86_64                      9.2.7-1.el7                        base                      3.8 M
Installing for dependencies:
 postgresql                             x86_64                      9.2.7-1.el7                        base                      2.9 M
 postgresql-libs                        x86_64                      9.2.7-1.el7                        base                      229 k

Transaction Summary
=======================================================================================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 6.9 M
Installed size: 32 M
Is this ok [y/d/N]: y
Downloading packages:
(1/3): postgresql-libs-9.2.7-1.el7.x86_64.rpm                                                                   | 229 kB  00:00:00
(2/3): postgresql-9.2.7-1.el7.x86_64.rpm                                                                        | 2.9 MB  00:00:00
(3/3): postgresql-server-9.2.7-1.el7.x86_64.rpm                                                                 | 3.8 MB  00:00:00
---------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                  7.2 MB/s | 6.9 MB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : postgresql-libs-9.2.7-1.el7.x86_64                                                                                  1/3
  Installing : postgresql-9.2.7-1.el7.x86_64                                                                                       2/3
  Installing : postgresql-server-9.2.7-1.el7.x86_64                                                                                3/3
  Verifying  : postgresql-libs-9.2.7-1.el7.x86_64                                                                                  1/3
  Verifying  : postgresql-server-9.2.7-1.el7.x86_64                                                                                2/3
  Verifying  : postgresql-9.2.7-1.el7.x86_64                                                                                       3/3

Installed:
  postgresql-server.x86_64 0:9.2.7-1.el7

Dependency Installed:
  postgresql.x86_64 0:9.2.7-1.el7                                 postgresql-libs.x86_64 0:9.2.7-1.el7

Complete!

Mount the data directory on SSD

First check the permission:

ls -alt /var/lib/pgsql/
drwx------.  2 postgres postgres    6 Jun 10 03:49 backups
drwx------.  2 postgres postgres    6 Jun 10 03:49 data

Add in /etc/fstab:

/dev/mapper/VG_Backup-LV_Backup            /var/lib/pgsql/backups  xfs     defaults        0 0
/dev/mapper/VG_SSD00-LV_SSD_Database       /var/lib/pgsql/data     xfs     defaults        0 0

Mount it manually:

mount /var/lib/pgsql/data
mount /var/lib/pgsql/backups

Change the permission:

chown postgres:postgres /var/lib/pgsql/data
chown postgres:postgres /var/lib/pgsql/backups

And don't forget reboot check permission:

# ls -alt /var/lib/pgsql
total 8
drwxr-xr-x. 26 root     root     4096 Oct 23 16:42 ..
drwx------.  4 postgres postgres   51 Oct 23 16:35 .
drwxr-xr-x.  2 postgres postgres    6 Oct 23 16:29 data
drwxr-xr-x.  2 postgres postgres    6 Oct 23 15:59 backups
-rw-r--r--.  1 postgres postgres   85 Jun 10 03:49 .bash_profile

CentOS 7 Install Open-vm-tools for VMware ESXi

yum install open-vm-tools.x86_64

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror.rafal.ca
 * extras: centos.mirror.nexicom.net
 * updates: centos.mirror.nexicom.net
Resolving Dependencies
--> Running transaction check
---> Package open-vm-tools.x86_64 0:9.4.0-3.el7 will be installed
--> Processing Dependency: libicuuc.so.50()(64bit) for package: open-vm-tools-9.4.0-3.el7.x86_64
--> Processing Dependency: libicui18n.so.50()(64bit) for package: open-vm-tools-9.4.0-3.el7.x86_64
--> Processing Dependency: libicudata.so.50()(64bit) for package: open-vm-tools-9.4.0-3.el7.x86_64
--> Processing Dependency: libdnet.so.1()(64bit) for package: open-vm-tools-9.4.0-3.el7.x86_64
--> Running transaction check
---> Package libdnet.x86_64 0:1.12-13.1.el7 will be installed
---> Package libicu.x86_64 0:50.1.2-11.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================
 Package                             Arch                         Version                             Repository                  Size
=======================================================================================================================================
Installing:
 open-vm-tools                       x86_64                       9.4.0-3.el7                         base                       429 k
Installing for dependencies:
 libdnet                             x86_64                       1.12-13.1.el7                       base                        31 k
 libicu                              x86_64                       50.1.2-11.el7                       base                       6.9 M

Transaction Summary
=======================================================================================================================================
Install  1 Package (+2 Dependent packages)

Total download size: 7.3 M
Installed size: 25 M
Is this ok [y/d/N]: y
Downloading packages:
(1/3): libdnet-1.12-13.1.el7.x86_64.rpm                                                                         |  31 kB  00:00:00
(2/3): open-vm-tools-9.4.0-3.el7.x86_64.rpm                                                                     | 429 kB  00:00:00
(3/3): libicu-50.1.2-11.el7.x86_64.rpm                                                                          | 6.9 MB  00:00:00
---------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                  7.1 MB/s | 7.3 MB  00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libicu-50.1.2-11.el7.x86_64                                                                                         1/3
  Installing : libdnet-1.12-13.1.el7.x86_64                                                                                        2/3
  Installing : open-vm-tools-9.4.0-3.el7.x86_64                                                                                    3/3
  Verifying  : libdnet-1.12-13.1.el7.x86_64                                                                                        1/3
  Verifying  : open-vm-tools-9.4.0-3.el7.x86_64                                                                                    2/3
  Verifying  : libicu-50.1.2-11.el7.x86_64                                                                                         3/3

Installed:
  open-vm-tools.x86_64 0:9.4.0-3.el7

Dependency Installed:
  libdnet.x86_64 0:1.12-13.1.el7                                     libicu.x86_64 0:50.1.2-11.el7

Complete!

FYI: I found have to reboot the VM to get the info from vmware ESXi control center.

CentOS 7 add new SSD in LVM format XFS

Got sometime with CentOS 7 recently.

Try to add an New SSD into system.
I know to get the best performance should avoid LVM, but for easy extend I will using LVM here.

First make sure you are using newer fdisk (added SSD alignment support after 2.17), CentOS 7 came with 2.23.2.

# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xd6b73b64.

Command (m for help): p

Disk /dev/sdc: 214.7 GB, 214748364800 bytes, 419430400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xd6b73b64

   Device Boot      Start         End      Blocks   Id  System

Command (m for help): q

Create partition and change the flag to LVM (e8):

# fdisk -c -u /dev/sdc
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xab948127.

Command (m for help): p

Disk /dev/sdc: 214.7 GB, 214748364800 bytes, 419430400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xab948127

   Device Boot      Start         End      Blocks   Id  System

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-419430399, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-419430399, default 419430399):
Using default value 419430399
Partition 1 of type Linux and of size 200 GiB is set

Command (m for help): p

Disk /dev/sdc: 214.7 GB, 214748364800 bytes, 419430400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xab948127

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1            2048   419430399   209714176   83  Linux

Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 8e
Changed type of partition 'Linux' to 'Linux LVM'

Command (m for help): p

Disk /dev/sdc: 214.7 GB, 214748364800 bytes, 419430400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xab948127

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1            2048   419430399   209714176   8e  Linux LVM

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Create PV

# pvcreate /dev/sdc1
  Physical volume "/dev/sdc1" successfully created

Display PV

# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               centos_milliondollorserver-database
  PV Size               15.51 GiB / not usable 3.00 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              3970
  Free PE               0
  Allocated PE          3970
  PV UUID               tY2Myw-m0hm-sscc-Qc8M-hOfJ-XNA6-fZUIxv

  --- Physical volume ---
  PV Name               /dev/sdb1
  VG Name               VG_Backup
  PV Size               100.00 GiB / not usable 3.00 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              25599
  Free PE               0
  Allocated PE          25599
  PV UUID               wNDnMs-vOAL-WwAX-0N6d-xzsJ-ap85-gDbnik

  "/dev/sdc1" is a new physical volume of "200.00 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/sdc1
  VG Name
  PV Size               200.00 GiB
  Allocatable           NO
  PE Size               0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               o9Hvzz-YDy0-p8pa-aOhJ-nPtA-nNUX-kX1WzF

Create VG

# vgcreate VG_SSD00 /dev/sdc1
  Volume group "VG_SSD00" successfully created

Create LV using all free space available on the VG just created

# lvcreate -l 100%FREE -n LV_SSD_Database VG_SSD00
  Logical volume "LV_SSD_Database" created

Format in XFS

# mkfs.xfs /dev/VG_SSD00/LV_SSD_Database
meta-data=/dev/VG_SSD00/LV_SSD_Database isize=256    agcount=4, agsize=13106944                                                        blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0
data     =                       bsize=4096   blocks=52427776, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=25599, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

Found /dev/mapper for mounting:

# ls /dev/mapper/
centos_milliondollorserver--database-root  control              VG_SSD00-LV_SSD_Database
centos_milliondollorserver--database-swap  VG_Backup-LV_Backup

Update /etc/fstab

# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed Oct 22 20:44:00 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos_milliondollorserver--database-root /                       xfs     defaults        1 1
UUID=b6fc0e61-697f-42db-8be7-a6feabc8e85b /boot                   xfs     defaults        1 2
/dev/mapper/centos_milliondollorserver--database-swap swap                    swap    defaults        0 0
/dev/mapper/VG_Backup-LV_Backup            /backup                 xfs     defaults        0 0
/dev/mapper/VG_SSD00-LV_SSD_Database       /var/ssd                xfs     defaults        0 0

Mount it:

# mount /var/ssd
# df -k

To check SSD alignment:
Looking at the Start Sector, should be 2048 not 63!

# fdisk -l -u /dev/sdc

Disk /dev/sdc: 214.7 GB, 214748364800 bytes, 419430400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xab948127

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1            2048   419430399   209714176   8e  Linux LVM

CentOS 7 How to secure SSH service

Haven't got any time play with CentOS 7 since it launched.

Here are my steps to setup the SSH service on CentOS 7:

1.sudo

2.Configure SSH disable root remote login

vi /etc/ssh/sshd_config

PermitRootLogin no

3.Configure SSH to a bigger random port
Most of the "Port scanning Tools", start from lower ports number: 1,2,3...20,21,22,23...10000.
To make "My Friends"'s work a little bit hard.
To secure the ssh, simply give it an high random number like: 44022

vi /etc/ssh/sshd_config

Port 44022

4.Tell SELinux to pickup the new port

semanage port -a -t ssh_port_t -p tcp 44022

5.Update Firmwalld allow the new port

vi /usr/lib/firewalld/services/ssh.xml

  SSH
  Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.
  

Now restart the ssh and firmwalld daemons

# systemctl restart sshd.service
# firewall-cmd --reload

Reference: http://wiki.centos.org/HowTos/Network/SecuringSSH

[poll id="3"]

Nagios 4.0.5 CentOS RHEL 6 SElinux issue

I always turn on the SELinux on my CentOS RHEL build.

After install the latest Nagios 4.0.5 from source, it shows internal server error.

It’s a permission issue of SELinux, run these two below commands to fix the error.

chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/
chcon -R -t httpd_sys_content_t /usr/local/nagios/share/

How to Lock down the RHEL CentOS OEL version

For some product, they require the specific RHEH/CentOS/OEL Version.

Here is a example on How I lock down OEL to 5.8:

[ol5_u8_base]
name=Oracle Linux $releasever Update 8 installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL5/8/base/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

[ol5_UEK_base]
name=Unbreakable Enterprise Kernel for Oracle Linux $releasever ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL5/UEK/base/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

[ol5_UEK_latest]
name=Latest Unbreakable Enterprise Kernel for Oracle Linux $releasever ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL5/UEK/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0

How to install fonts (.ttf) on CentOS for an individual user

CentOS offical Documents here:http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-x-fonts.html


1.To add fonts system-wide, copy the new fonts into the /usr/share/fonts/ directory. It is a
good idea to create a new subdirectory, such as local/ or similar, to help distinguish between user-installed and default fonts.

To add fonts for an individual user, copy the new fonts into the .fonts/ directory in the user's home directory.

2.Use the fc-cache command to update the font information cache, as in the following example:

fc-cache 

In this command, replace with the directory containing the new fonts (either /usr/share/fonts/local/ or /home//.fonts/).

For Example:

I only have a normal user lambert@milliondollarserver.com
To read Chinese from Firefox:

 # mkdir ~/.fonts
 upload wqy-microhei.ttf to ~/.fonts
 # fc-cache ./.fonts

Start Firefox and enjoy.

How to get rid of GUID Partition Table

After switch between ESXi 5.5 CentOS 6.4 Xubuntu 13 and ESXi 5.1 plus Fedora 16 on my testing machine the other day and Anaconda has installed GPT on the hard drive.

It always tells me fdisk found GPT tables, I lost about 2 GB space.

Now, I want to fall back to MBR. Wildly used tool fdisk was showing a message Warning!! Unsupported GPT (GUID Partition Table) detected. Use GNU Parted. Frankly, I did not like it at all.

My first idea was to get rid of the first few sectors on the hard drive:

dd if=/dev/zero of=/dev/sda bs=512 count=1

Guess what, it did not work. After some time spend on the internet I found out GPT has a "backup" entry at the very end of the disc. I tried to copy zeroes over it, but it did not work too. The trick is quite easy, but it was more difficult to google this time:


parted /dev/sda
mklabel msdos
quit

Finally, the disc is back to traditional MBR. I think I don't like new things, sometimes.

Reference:
http://lukas.zapletalovi.com/2011/12/how-to-get-rid-of-guid-partition-table.html

Upgrade Redmine from 2.0.3 to 2.3.3, ruby 1.9.1 to 2.0

1.First backup everything:

1.1 backup database
1.2 backup redmine folder
1.3 backup /usr/local/ if you installed ruby manually.

2.Stop httpd service:

 service httpd stop

3.Upgrade Rails version to 3.2.13

4.Remove ruby 1.9.1

rm -rf /usr/local/lib/ruby/1.9.1/
rm -rf /usr/local/lib/ruby/gems/1.9.1/
rm -rf /usr/local/include/ruby-1.9.1/

5.Install ruby 2.0

wget http://cache.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p247.tar.gz
tar -xzvf ruby-2.0.0-p247.tar.gz
cd ruby-2.0.0-p247
./configure
make
make install
ruby -v
which ruby

6.Copy redmine config file to New stable 2.3.3

wget http://rubyforge.org/frs/download.php/77138/redmine-2.3.3.tar.gz
tar -xzvf redmine-2.3.3.tar.gz

  cp /var/lib/redmine/config/database.yml ./config/database.yml
  cp /var/lib/redmine/config/configuration.yml.example ./config/configuration.yml
  cp /var/lib/redmine/files/* ./files/
  rm ./files/delete.me

7.Copy plugins (version >= 2.0)

  cp -r /var/lib/redmine/plugins/ ./plugins/

8.Re-compile passenger:

 gem install passenger --no-rdoc --no-ri
 passenger-install-apache2-module

9.Configure Apache mode: /etc/httpd/conf.d/passenger.conf

# Passenger Basic Setting
#
LoadModule passenger_module /usr/local/lib/ruby/gems/2.0.0/gems/passenger-4.0.19/buildout/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/2.0.0/gems/passenger-4.0.19
PassengerDefaultRuby /usr/local/bin/ruby

10.Re-check redmine for Apache: /etc/httpd/conf.d/redmine.conf

   ServerName localhost
   DocumentRoot "/var/www/redmine-2.3.3/public/"
   
      # This relaxes Apache security settings.
      AllowOverride all
      # MultiViews must be turned off.
      Options -MultiViews
   
    ErrorLog logs/redmine-error_log
    CustomLog logs/redmine-access_log common

11.clear the cache and the existing sessions:

rake tmp:cache:clear
rake tmp:sessions:clear

12.ReStart httpd service:

service httpd start

13.Check the error log

cat /var/log/httpd/redmine-error_log

14.Check daily backup tasks

Install libevent for CentOS RHEL OEL

Default way install library will put everything into /usr/local.

To keep it more Redhat looks:

1.First remove the old library to avoid any conflict:

yum erase libevent*

2.Download and uncompress the package:

wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
tar xzvf libevent-2.0.21-stable.tar.gz

3.Compile and install into /usr/lib:

cd libevent-2.0.21-stable
make clean
./configure --prefix=/usr
make
make install

You should have it under /usr/lib, with correct /usr/lib/pkgconfig. Not changes LD_LIBRARY_PATH needed at all!

4.If unhappy with where it installed, uninstall anytime:

cd libevent-2.0.21-stable
make uninstall

proftp install at CentOS 5

Fist of all, I don't like proftp!!!

# yum install proftpd

To add Virtual Users:

#vi /etc/proftpd.conf

Disable Anonymous User Login:
common out all #

#
#  User				ftp
#  Group			ftp
#  UserAlias			anonymous ftp					
#  MaxClients			10						
#  DisplayLogin			welcome.msg					
#  DisplayChdir			.message
#  									
#    DenyAll
#  
#

AuthOrder            mod_auth_file.c
AuthUserFile         /etc/proftpd/ftpd.passwd
AuthGroupFile        /path/to/ftpd.group

http://www.proftpd.org/docs/howto/VirtualUsers.html
http://www.proftpd.org/docs/directives/linked/config_ref_AuthOrder.html

Then add Virtual User:

wget http://www.castaglia.org/proftpd/contrib/ftpasswd /root/ftpasswd
/root/ftpasswd --name=mds --uid=500 --gid=503 --passwd --home=/home/mds/storage --file=/etc/proftpd/ftpd.passwd --shell=/sbin/nologin
/root/ftpasswd --name=mds --group --gid=503 --file=/etc/proftpd/ftpd.group

Start the service:
# service proftpd stop
# chkconfig proftpd on

VSFTP give each user different directory than home directory

Usually when you create user for vsftp, it will go to it's own home folder.

Like user: mds
Home Folder: /home/mds

To change this, What you need to use is a combo of user_config_dir and local_root.
In the main config file /etc/vsftpd/vsftp.conf you have an entry like:

chroot_local_user=YES
user_config_dir=/etc/vsftpd/users

Inside that directory (/etc/vsftpd/users) you have a config file with the same name as the user (/etc/vsftpd/users/mds), and inside that file you have:

local_root=/var/www/sites/
dirlist_enable=YES
download_enable=YES
write_enable=YES

Then the user will be direct to /var/www/sites/ through ftp.
But ssh login folder will not change.

Don't forget remove the [local_root] in the main config file /etc/vsftpd/vsftp.conf.

PHP Warning: require_once(): Unable to allocate memory for pool

I am running Apache 2.2.15 + PHP 5.3.3 + APC php-pecl-apc-3.1.9 on CentOS / RHEL 6.4.
Getting the following warnings in the /var/log/httpd/error.log

[Wed Aug 14 21:12:19 2013] [error] [client 67.204.24.42] PHP Warning:  require(): Unable to allocate memory for pool. in /var/www/mds/wordpress/wp-includes/admin-bar.php on line 25, referer: http://www.milliondollarserver.com/installing-vmware-tools-on-rhel-oel-centos-6-via-yum/
[Wed Aug 14 21:12:19 2013] [error] [client 67.204.24.42] PHP Warning:  require_once(): Unable to allocate memory for pool. in /var/www/mds/wordpress/wp-content/plugins/jetpack/modules/omnisearch/omnisearch-core.php on line 27, referer: http://www.milliondollarserver.com/installing-vmware-tools-on-rhel-oel-centos-6-via-yum/
[Wed Aug 14 21:12:19 2013] [error] [client 67.204.24.42] PHP Warning:  require_once(): Unable to allocate memory for pool. in /var/www/mds/wordpress/wp-content/plugins/jetpack/modules/omnisearch/omnisearch-comments.php on line 4, referer: http://www.milliondollarserver.com/installing-vmware-tools-on-rhel-oel-centos-6-via-yum/
[Wed Aug 14 21:12:19 2013] [error] [client 67.204.24.42] PHP Warning:  require_once(): Unable to allocate memory for pool. in /var/www/mds/wordpress/wp-content/plugins/jetpack/modules/omnisearch/omnisearch-core.php on line 31, referer: http://www.milliondollarserver.com/installing-vmware-tools-on-rhel-oel-centos-6-via-yum/
[Wed Aug 14 21:12:19 2013] [error] [client 67.204.24.42] PHP Warning:  require_once(): Unable to allocate memory for pool. in /var/www/mds/wordpress/wp-content/plugins/jetpack/modules/omnisearch/omnisearch-plugins.php on line 4, referer: http://www.milliondollarserver.com/installing-vmware-tools-on-rhel-oel-centos-6-via-yum/
[Wed Aug 14 21:12:19 2013] [error] [client 67.204.24.42] PHP Warning:  require_once(): Unable to allocate memory for pool. in /var/www/mds/wordpress/wp-content/plugins/jetpack/modules/contact-form/admin.php on line 633, referer: http://www.milliondollarserver.com/installing-vmware-tools-on-rhel-oel-centos-6-via-yum/
[Wed Aug 14 21:12:19 2013] [error] [client 67.204.24.42] PHP Warning:  require_once(): Unable to allocate memory for pool. in /var/www/mds/wordpress/wp-content/plugins/jetpack/class.jetpack-client.php on line 48, referer: http://www.milliondollarserver.com/installing-vmware-tools-on-rhel-oel-centos-6-via-yum/

To fix it:

# vi /etc/php.d/apc.ini
; increased to 128M from 64M
apc.shm_size=128M

Don't forget reboot the apache to apply changes:

# service httpd restart

If you would like to find out your APC memory usage and hit ratio:

# cp /usr/share/php-pecl-apc/apc.php /var/www/html
Edit /var/www/html/apc.php and set the admin password :
defaults('ADMIN_PASSWORD','NEW-PASSWORD');
Save and close the file. Fire a web-browser and type the url:
http://server-ip/apc.php