Category Archives: Red Hat/CentOS

PostgreSQL on CentOS 7 – Howto

In this post I’ll try to show you how to install PostgreSQL 9.6 on CentOS 7.3 which is the current versions of PostgreSQL and CentOS.

The default PostgreSQL version on CentOS 7.3 is PostgreSQL 9.2 which is still maintained, but in case you’re more for a “cutting edge” technology, try to follow the next steps

First, remove the already installed version (in case you installed the default version)

yum remove postgresql-server postgresql-contrib

Install official PostgreSQL Yum repo with

yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

which will create a new repo file /etc/yum.repos.d/pgdg-96-centos.repo with the next content

[pgdg96]
name=PostgreSQL 9.6 $releasever - $basearch
baseurl=https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-$releasever-$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-96
 
[pgdg96-source]
name=PostgreSQL 9.6 $releasever - $basearch - Source
failovermethod=priority
baseurl=https://download.postgresql.org/pub/repos/yum/srpms/9.6/redhat/rhel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-96
 
[pgdg96-updates-testing]
name=PostgreSQL 9.6 $releasever - $basearch
baseurl=https://download.postgresql.org/pub/repos/yum/testing/9.6/redhat/rhel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-96
 
[pgdg96-source-updates-testing]
name=PostgreSQL 9.6 $releasever - $basearch - Source
failovermethod=priority
baseurl=https://download.postgresql.org/pub/repos/yum/srpms/testing/9.6/redhat/rhel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-96

Now install PostgreSQL with

yum -y groupinstall "PostgreSQL Database Server 9.6 PGDG"

and initialize it with

/usr/pgsql-9.6/bin/postgresql96-setup initdb

Start and enable service with

systemctl start postgresql-9.6.service
systemctl enable postgresql-9.6.service

Switch to the postgres user with

su postgres -

and connect to the server (currently running only on localhost)

psql

Check the installed version with

SELECT version();

You should get something like

...
                                                 version                                                 
---------------------------------------------------------------------------------------------------------
 PostgreSQL 9.6.1 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-4), 64-bit
(1 row)
....

The default PostgreSQL installation listens only on localhost so if you want to connect from the remote host you’ll need to change a few things.

Open /var/lib/pgsql/9.6/data/postgresql.conf and find the line #listen_addresses = ‘localhost’… and replace it with the listen_addresses = ‘*’

Before

#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
 
# - Connection Settings -
 
#listen_addresses = 'localhost'         # what IP address(es) to listen on;
                                        # comma-separated list of addresses;
                                        # defaults to 'localhost'; use '*' for all
                                        # (change requires restart)
#port = 5432                            # (change requires restart)
max_connections = 100                   # (change requires restart)

after

#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
 
# - Connection Settings -
 
#listen_addresses = 'localhost'         # what IP address(es) to listen on;
listen_addresses = '*'
                                        # comma-separated list of addresses;
                                        # defaults to 'localhost'; use '*' for all
                                        # (change requires restart)
#port = 5432                            # (change requires restart)
max_connections = 100                   # (change requires restart)

Now open /var/lib/pgsql/9.6/data/pg_hba.conf and add at the end

host    all             all             YOUR_CLIENT_IP_ADDRESS/32            md5

save the file and restart service with

systemctl restart postgresql-9.6.service

The last step before you test it is to change the password for postgres user with

su postgres -
 
bash-4.2$ psql
psql (9.6.1)
Type "help" for help.
 
postgres=# \password
Enter new password:
Enter it again:
postgres=# \q
exit

Now add new server in pgAdmin and test it

CentOS PPTP client Howto

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. Since it is marked as non secure and vulnerable, I don’t recommend it as a “final” VPN solution. The main reason for its popularity is probably the native MS Windows support (since win 95). Also, it can be easily implemented with Mikrotik RouterOS (like I said, use it for internal VPNs only).

To set up your CentOS box as a PPTP clients you’ll need the pptp package.

yum -y pptp

Open /etc/ppp/chap-secrets and add the next line (at the end). Also, replace the userName and password with the correct details:

userName PPTP password *

Create profile file

nano /etc/ppp/peers/myVPN

and paste the next content (replace IP_OR_HOSTNAME with PPTP server IP or hostname)

pty "pptp IP_OR_HOSTNAME --nolaunchpppd"
name userName
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam myVPN

save the file and test the connection with

pppd call myVPN

ifconfig should return something like

....
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.16.18.252  P-t-P:10.16.18.251  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:2192 (2.1 KiB)  TX bytes:631 (631.0 b)
...

also in /var/log/messages you should see something like

Jul 20 10:58:50 mysrv pppd[9352]: pppd 2.4.5 started by root, uid 0
Jul 20 10:58:50 mysrv pppd[9352]: Using interface ppp0
Jul 20 10:58:50 mysrv pppd[9352]: Connect: ppp0 <--> /dev/pts/1
Jul 20 10:58:50 mysrv pptp[9353]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 716).
Jul 20 10:58:51 mysrv pppd[9352]: CHAP authentication succeeded
Jul 20 10:58:51 mysrv pppd[9352]: MPPE 128-bit stateless compression enabled
Jul 20 10:58:51 mysrv pppd[9352]: local  IP address 10.16.18.252
Jul 20 10:58:51 mysrv pppd[9352]: remote IP address 10.16.18.251
Jul 20 10:59:51 mysrv pptp[9361]: anon log[logecho:pptp_ctrl.c:677]: Echo Reply received.

If you check your routes, you’ll probably notice that ppp0 connection is not used by any route(s). This is default behavior and you can easily switch/add default route with:

route add default dev ppp0

In my case, I don’t want to route the complete traffic (this VPN is just for management) so I’ll add only one static route

route add -net 192.168.120.0/24 dev ppp0

To start this connection on boot, add “pppd call myVPN” in rc.local.

Kernel ACPI Error SMBus/IPMI/GenericSerialBus

I found the next error message in the log

May 8 10:48:57 srv kernel: ACPI Error: SMBus/IPMI/GenericSerialBus write requires Buffer of length 66, found length 32 (20130517/exfield-299)
May 8 10:48:57 srv kernel: ACPI Error: Method parse/execution failed [\_SB_.PMI0._PMM] (Node ffff88042949d960), AE_AML_BUFFER_LIMIT (20130517/psparse-536)
May 8 10:48:57 srv kernel: ACPI Exception: AE_AML_BUFFER_LIMIT, Evaluating _PMM (20130517/power_meter-339)

The message is generated every 5 minutes when lm-sensors try to read the values from the power meter sensor(s). HP has ignored the spec for this method and the result is the error shown above.
The problem can be solved on two ways:
– you can ignore this message (it is safely to ignore)
– you can skip the power meter sensors (at least until someone fix this)

Since I already have the latest firmware, I can’t suggest the firmware update (at least for 310 gen8 server).

To reproduce the problem just find the file power1_average and try to read it

find /sys/devices/LNXSYSTM\:00/ |grep ACPI000D

In my case the file is located in /sys/devices/LNXSYSTM:00/device:00/ACPI000D:00/

Read the file

cat /sys/devices/LNXSYSTM:00/device:00/ACPI000D:00/power1_average

The result will be probably 0 and the error will be thrown in the log.

To solve the problem check the exact sensor which is affected with:

[root@srv log]# sensors
...
power_meter-acpi-0
Adapter: ACPI interface
power1:        0.00 W  (interval = 300.00 s)
 
....

As you can see above, the sensor is power_meter-acpi-0. Now disable the sensor by adding

chip "power_meter-acpi-0"
        ignore power1

at the end of the /etc/sensors3.conf file.

The reboot is recommended but it is not necessary.

Check the sensor again with

[root@srv log]# sensors
...
power_meter-acpi-0
Adapter: ACPI interface
....

As you can see, the line “power1….” is missing and the log is empty.

More info
https://bugs.launchpad.net/ubuntu/+source/acpi/+bug/606999
http://www.nexusco.net/frequent-acpi-errors-starting-smbus-ipmi-write-requires-buffer-length-42/

Firmware Bug – The BIOS Has Corrupted Hw-PMU Resources

If you’re trying to install CentOS 7 on HP server and you receive the error from the caption, don’t worry – you’re not alone. According to Google, there are about 48400 results related to this topic

The fix is still not available and according to HP, the problem is related to “Processor Power and Utilization Monitoring” function which should be disabled to fix this mess.

Affected servers:
– All ProLiant Gen8 Servers
– ProLiant DL580 G7
– ProLiant BL620 G7
– ProLiant BL680 G7

How to disable “Processor Power and Utilization Monitoring”:
– enter BIOS (press F9 during boot)
– press CTRL+A (Service Option is hidden by default)
– select “Service Options” -> Processor Power and Utilization Monitoring -> Disable

Press F10 to save and exit and reboot the server.

More information can be found on the next links:
https://bugs.centos.org/view.php?id=5493
http://h20565.www2.hp.com/hpsc/doc/public/display?sp4ts.oid=5227546&docId=emr_na-c03265132&lang=en&cc=us

Edit:
DL380 Gen9 is also affected with this problem. The solution remains the same (disable Processor Power and Utilization Monitoring)

Edit: 2016-03-31 (comment by Jimmy)

There really isn’t any fix needed. It is just an informational message. The system is reserving performance counters for system management and the kernel wants to own all the performance counters regardless. You can disable the ProLiant management features if you really want to stop the message. Other than printing the message during boot, there isn’t any negative impact on the system or performance.

Huawei E1552/E1800/E173 on CentOS 6

Today I had a chance to test Huawei E173 USB dongle and it works perfectly on my Mint Linux. All I had to do was to plug it in and turn on via network manager applet.

I wanted to test this dongle with CentOS 6 and the main idea was to use this device for SMS monitoring. Using online SMS providers is much cheaper and easier (a bunch of APIs) but the online services are useless when your network is disconnected.

There are a lot differences between RH based server distros and the new/cutting edge distro like Mint. To be honest, I expected the problems with CentOS.

The first thing was to check the USB dongle

[root@server ~]# dmesg |grep usb
....
usb 2-4: new high speed USB device number 2 using ehci_hcd
usb 2-4: New USB device found, idVendor=12d1, idProduct=1446
usb 2-4: New USB device strings: Mfr=3, Product=2, SerialNumber=0
usb 2-4: Product: HUAWEI Mobile
usb 2-4: Manufacturer: HUAWEI Technology
usb 2-4: configuration #1 chosen from 1 choice
usb-storage: device found at 2
usb-storage: waiting for device to settle before scanning
usb-storage: device found at 2
usb-storage: waiting for device to settle before scanning
usbcore: registered new interface driver usb-storage
usb-storage: device scan complete
usb-storage: device scan complete
...

Ops… the device is detected as USB storage which I didn’t expect (and I don’t want).

[root@server ~]# lsusb
...
Bus 002 Device 002: ID 12d1:1446 Huawei Technologies Co., Ltd. E1552/E1800/E173 (HSPA modem)

After some googling I discovered that the first thing I need to do is to install usb_modeswitch and smstools packages. The first package will be used to switch USB dongle from usb storage into modem mode. The second one will be used for SMS operations.

In the moment I tested this, I was far away from the server and I couldn’t try the simple plug/unplug method. The solution was to invoke the next command

[root@server ~]# usb_modeswitch -c /etc/usb_modeswitch.d/12d1\:1446 -v 0x12d1 -p 0x1446
 
Looking for target devices ...
 No devices in target mode or class found
Looking for default devices ...
   found matching product ID
   adding device
 Found device in default mode, class or configuration (1)
Accessing device 002 on bus 002 ...
Getting the current device configuration ...
 OK, got current device configuration (1)
Using first interface: 0x00
Using endpoints 0x01 (out) and 0x81 (in)
Inquiring device details; driver will be detached ...
Looking for active driver ...
 No driver found. Either detached before or never attached
 
SCSI inquiry data (for identification)
-------------------------
  Vendor String: HUAWEI  
   Model String: Mass Storage    
Revision String: 2.31
-------------------------
 
USB description data (for identification)
-------------------------
Manufacturer: HUAWEI Technology
     Product: HUAWEI Mobile
  Serial No.: not provided
-------------------------
Setting up communication with interface 0
Using endpoint 0x01 for message sending ...
Trying to send message 1 to endpoint 0x01 ...
 OK, message successfully sent
Resetting response endpoint 0x81
 Could not reset endpoint (probably harmless): -71
Resetting message endpoint 0x01
 Could not reset endpoint (probably harmless): -19
 Device is gone, skipping any further commands
-> Run lsusb to note any changes. Bye.

As the output recommended, I tried again with lsusb

[root@server ~]# lsusb
....
Bus 002 Device 003: ID 12d1:1001 Huawei Technologies Co., Ltd. E169/E620/E800 HSDPA Modem
...

Also, after this step, you should have

[root@server smsd]# ls /dev/ttyUSB*
/dev/ttyUSB0  /dev/ttyUSB1  /dev/ttyUSB2

I found that the settings file /etc/smsd.conf (for SMSTools) should be something like this:

devices = GSM1
logfile = /var/log/smsd/smsd.log
loglevel = 7
user = smstools
infofile = /var/run/smsd/smsd.working
pidfile = /var/run/smsd/smsd.pid
# 3.1.5 introduced smart logging
# once your configuration is OK, set log level lower (5 is good in most cases)
smart_logging = yes
 
[GSM1]
init = AT+CPMS="ME","ME","ME"
device = /dev/ttyUSB0
incoming = yes

You can find more information about the configuration parameters on the next link http://smstools3.kekekasvi.com/index.php?p=configure

Start smsd service with service smsd start

To send SMS message go into /var/spool/sms/outgoing/ dir and create the file testSMS (for example) and add the next content inside

To: 38765655849
 
fdfgdfgfg

The other option is to use smssend command.

In case that something doesn’t work, check the logs inside /var/log/smsd/ dir.

HP B110i, B120i and B320i RAID controller – howto

The RAID functionality for the B120i and B320i controllers in the “e” series ProLiant servers is provided by a software driver (FakeRAID). The driver for these RAID controllers is available in binary form on HP site (Currently only for RHEL and SLES). CentOS users (of course) should download RHEL driver but in this case, do not expect support from HP.

Without drivers, the disks won’t be seen as a parts of RAID array.

Option 1 – disable controller / don’t use it

For systems with the B320i SAS controller

  • Boot the server into System Options
  • Navigate to HP Smart Array B320i Raid Configuration
  • Change to DISABLED

For systems with the B120i SATA controller

  • Boot the server into System Options
  • Navigate to SATA Controller Options -> Embedded SATA Configuration
  • Change it to ENABLE SATA AHCI SUPPORT

Option 2 – install drivers

  1. Click here to download RHEL 6.x driver
  2. In “Software – Driver Update” section you’ll see the latest update (hpvsa-1.2.12-110.rhel6u6.x86_64.dd.gz). Download the file, extract into FAT32 formatted USB drive
  3. Boot Centos 6 from DVD (or how ever you want)
  4. On the main installation menu, plug in the USB drive. Press “ESC” to manually boot
  5. At that “boot” prompt enter the following command: linux dd blacklist=ahci
  6. Hit ENTER and select Yes for driver option. Select the USB drive, select the driver disk image and select OK.
  7. Continue with the OS installation

 

CentOS – setup utility

For RH based distros, the “setup” utility is a must. With this tool you can easily maintain basic system settings (firewall settings, network, start-up services, etc).

If you choose to install minimum system, this tool won’t be available and you’ll need to add it manually.

yum –y install setuptool system-config-network* system-config-firewall* system-config-securitylevel-tui system-config-keyboard ntsysv

SSH2 extension for PHP on CentOS 6

Before we can build and install ssh2 extension, we’ll need a few packages

yum install gcc php-devel php-pear libssh2 libssh2-devel make

Install the extension via pecl

pecl install -f ssh2

On CentOS, PHP will not load extension automatically. To “fix” this, create ssh2.ini file inside /etc/php.d/ and add

extension=ssh2.so

inside.

Restart apache (service httpd restart) and test PHP with

php -m | grep ssh2

As response, you should get ssh2.

MyDumper – CentOS HowTo

Mydumper – MySQL backup tool created by Domas Mituzas and later supported by several other devs.

The main benefits are multi-threaded and fast backups with almost no locking (if not using non innodb tables), built-in compression, separate files for each table, making it easy to restore single tables or schema. It also has support to hard link files which can reduce the space needed for history of backups. Much faster than mysqldump. The main benefit for separate files is the ability to create backups in multiple threads (the same works for restoring process)

In short – Mydumper is how MySQL DBA and support engineer would imagine mysqldump.

To install mydumper follow the next steps

Install necessary devel libs and cmake

yum install glib2-devel mysql-devel zlib-devel pcre-devel openssl-devel cmake

Download mydumper – https://launchpad.net/mydumper (or directly here https://launchpad.net/mydumper/0.6/0.6.2/+download/mydumper-0.6.2.tar.gz)

Extract the tar.gz archive with

tar -xvzf mydumper-0.6.2.tar.gz
cd mydumper-0.6.2
cmake .
make

Creating backup

mydumper -u USER -p PASSWORD -o /home/DESTINATION_DIR/DATABASE/ -B DATABASE

Note: My advice is to create separate dir for every database.

Restore from backup

myloader -u USER -p PASSWORD -B DATABASE -d /home/SOURCE_DIR/DATABASE/

GNU bash Environment Variable Command Injection

You can test your server for bash command injection with

[root@ss ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Update bash with

# yum -y update bash

and you’ll get

[root@ss ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test