Category Archives: Server project

PostgreSQL on CentOS 7 – Howto

In this post I’ll try to show you how to install PostgreSQL 9.6 on CentOS 7.3 which is the current versions of PostgreSQL and CentOS.

The default PostgreSQL version on CentOS 7.3 is PostgreSQL 9.2 which is still maintained, but in case you’re more for a “cutting edge” technology, try to follow the next steps

First, remove the already installed version (in case you installed the default version)

yum remove postgresql-server postgresql-contrib

Install official PostgreSQL Yum repo with

yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

which will create a new repo file /etc/yum.repos.d/pgdg-96-centos.repo with the next content

[pgdg96]
name=PostgreSQL 9.6 $releasever - $basearch
baseurl=https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-$releasever-$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-96
 
[pgdg96-source]
name=PostgreSQL 9.6 $releasever - $basearch - Source
failovermethod=priority
baseurl=https://download.postgresql.org/pub/repos/yum/srpms/9.6/redhat/rhel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-96
 
[pgdg96-updates-testing]
name=PostgreSQL 9.6 $releasever - $basearch
baseurl=https://download.postgresql.org/pub/repos/yum/testing/9.6/redhat/rhel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-96
 
[pgdg96-source-updates-testing]
name=PostgreSQL 9.6 $releasever - $basearch - Source
failovermethod=priority
baseurl=https://download.postgresql.org/pub/repos/yum/srpms/testing/9.6/redhat/rhel-$releasever-$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG-96

Now install PostgreSQL with

yum -y groupinstall "PostgreSQL Database Server 9.6 PGDG"

and initialize it with

/usr/pgsql-9.6/bin/postgresql96-setup initdb

Start and enable service with

systemctl start postgresql-9.6.service
systemctl enable postgresql-9.6.service

Switch to the postgres user with

su postgres -

and connect to the server (currently running only on localhost)

psql

Check the installed version with

SELECT version();

You should get something like

...
                                                 version                                                 
---------------------------------------------------------------------------------------------------------
 PostgreSQL 9.6.1 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-4), 64-bit
(1 row)
....

The default PostgreSQL installation listens only on localhost so if you want to connect from the remote host you’ll need to change a few things.

Open /var/lib/pgsql/9.6/data/postgresql.conf and find the line #listen_addresses = ‘localhost’… and replace it with the listen_addresses = ‘*’

Before

#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
 
# - Connection Settings -
 
#listen_addresses = 'localhost'         # what IP address(es) to listen on;
                                        # comma-separated list of addresses;
                                        # defaults to 'localhost'; use '*' for all
                                        # (change requires restart)
#port = 5432                            # (change requires restart)
max_connections = 100                   # (change requires restart)

after

#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
 
# - Connection Settings -
 
#listen_addresses = 'localhost'         # what IP address(es) to listen on;
listen_addresses = '*'
                                        # comma-separated list of addresses;
                                        # defaults to 'localhost'; use '*' for all
                                        # (change requires restart)
#port = 5432                            # (change requires restart)
max_connections = 100                   # (change requires restart)

Now open /var/lib/pgsql/9.6/data/pg_hba.conf and add at the end

host    all             all             YOUR_CLIENT_IP_ADDRESS/32            md5

save the file and restart service with

systemctl restart postgresql-9.6.service

The last step before you test it is to change the password for postgres user with

su postgres -
 
bash-4.2$ psql
psql (9.6.1)
Type "help" for help.
 
postgres=# \password
Enter new password:
Enter it again:
postgres=# \q
exit

Now add new server in pgAdmin and test it

Huawei E1552/E1800/E173 on CentOS 6

Today I had a chance to test Huawei E173 USB dongle and it works perfectly on my Mint Linux. All I had to do was to plug it in and turn on via network manager applet.

I wanted to test this dongle with CentOS 6 and the main idea was to use this device for SMS monitoring. Using online SMS providers is much cheaper and easier (a bunch of APIs) but the online services are useless when your network is disconnected.

There are a lot differences between RH based server distros and the new/cutting edge distro like Mint. To be honest, I expected the problems with CentOS.

The first thing was to check the USB dongle

[root@server ~]# dmesg |grep usb
....
usb 2-4: new high speed USB device number 2 using ehci_hcd
usb 2-4: New USB device found, idVendor=12d1, idProduct=1446
usb 2-4: New USB device strings: Mfr=3, Product=2, SerialNumber=0
usb 2-4: Product: HUAWEI Mobile
usb 2-4: Manufacturer: HUAWEI Technology
usb 2-4: configuration #1 chosen from 1 choice
usb-storage: device found at 2
usb-storage: waiting for device to settle before scanning
usb-storage: device found at 2
usb-storage: waiting for device to settle before scanning
usbcore: registered new interface driver usb-storage
usb-storage: device scan complete
usb-storage: device scan complete
...

Ops… the device is detected as USB storage which I didn’t expect (and I don’t want).

[root@server ~]# lsusb
...
Bus 002 Device 002: ID 12d1:1446 Huawei Technologies Co., Ltd. E1552/E1800/E173 (HSPA modem)

After some googling I discovered that the first thing I need to do is to install usb_modeswitch and smstools packages. The first package will be used to switch USB dongle from usb storage into modem mode. The second one will be used for SMS operations.

In the moment I tested this, I was far away from the server and I couldn’t try the simple plug/unplug method. The solution was to invoke the next command

[root@server ~]# usb_modeswitch -c /etc/usb_modeswitch.d/12d1\:1446 -v 0x12d1 -p 0x1446
 
Looking for target devices ...
 No devices in target mode or class found
Looking for default devices ...
   found matching product ID
   adding device
 Found device in default mode, class or configuration (1)
Accessing device 002 on bus 002 ...
Getting the current device configuration ...
 OK, got current device configuration (1)
Using first interface: 0x00
Using endpoints 0x01 (out) and 0x81 (in)
Inquiring device details; driver will be detached ...
Looking for active driver ...
 No driver found. Either detached before or never attached
 
SCSI inquiry data (for identification)
-------------------------
  Vendor String: HUAWEI  
   Model String: Mass Storage    
Revision String: 2.31
-------------------------
 
USB description data (for identification)
-------------------------
Manufacturer: HUAWEI Technology
     Product: HUAWEI Mobile
  Serial No.: not provided
-------------------------
Setting up communication with interface 0
Using endpoint 0x01 for message sending ...
Trying to send message 1 to endpoint 0x01 ...
 OK, message successfully sent
Resetting response endpoint 0x81
 Could not reset endpoint (probably harmless): -71
Resetting message endpoint 0x01
 Could not reset endpoint (probably harmless): -19
 Device is gone, skipping any further commands
-> Run lsusb to note any changes. Bye.

As the output recommended, I tried again with lsusb

[root@server ~]# lsusb
....
Bus 002 Device 003: ID 12d1:1001 Huawei Technologies Co., Ltd. E169/E620/E800 HSDPA Modem
...

Also, after this step, you should have

[root@server smsd]# ls /dev/ttyUSB*
/dev/ttyUSB0  /dev/ttyUSB1  /dev/ttyUSB2

I found that the settings file /etc/smsd.conf (for SMSTools) should be something like this:

devices = GSM1
logfile = /var/log/smsd/smsd.log
loglevel = 7
user = smstools
infofile = /var/run/smsd/smsd.working
pidfile = /var/run/smsd/smsd.pid
# 3.1.5 introduced smart logging
# once your configuration is OK, set log level lower (5 is good in most cases)
smart_logging = yes
 
[GSM1]
init = AT+CPMS="ME","ME","ME"
device = /dev/ttyUSB0
incoming = yes

You can find more information about the configuration parameters on the next link http://smstools3.kekekasvi.com/index.php?p=configure

Start smsd service with service smsd start

To send SMS message go into /var/spool/sms/outgoing/ dir and create the file testSMS (for example) and add the next content inside

To: 38765655849
 
fdfgdfgfg

The other option is to use smssend command.

In case that something doesn’t work, check the logs inside /var/log/smsd/ dir.

CentOS – setup utility

For RH based distros, the “setup” utility is a must. With this tool you can easily maintain basic system settings (firewall settings, network, start-up services, etc).

If you choose to install minimum system, this tool won’t be available and you’ll need to add it manually.

yum –y install setuptool system-config-network* system-config-firewall* system-config-securitylevel-tui system-config-keyboard ntsysv

MyDumper – CentOS HowTo

Mydumper – MySQL backup tool created by Domas Mituzas and later supported by several other devs.

The main benefits are multi-threaded and fast backups with almost no locking (if not using non innodb tables), built-in compression, separate files for each table, making it easy to restore single tables or schema. It also has support to hard link files which can reduce the space needed for history of backups. Much faster than mysqldump. The main benefit for separate files is the ability to create backups in multiple threads (the same works for restoring process)

In short – Mydumper is how MySQL DBA and support engineer would imagine mysqldump.

To install mydumper follow the next steps

Install necessary devel libs and cmake

yum install glib2-devel mysql-devel zlib-devel pcre-devel openssl-devel cmake

Download mydumper – https://launchpad.net/mydumper (or directly here https://launchpad.net/mydumper/0.6/0.6.2/+download/mydumper-0.6.2.tar.gz)

Extract the tar.gz archive with

tar -xvzf mydumper-0.6.2.tar.gz
cd mydumper-0.6.2
cmake .
make

Creating backup

mydumper -u USER -p PASSWORD -o /home/DESTINATION_DIR/DATABASE/ -B DATABASE

Note: My advice is to create separate dir for every database.

Restore from backup

myloader -u USER -p PASSWORD -B DATABASE -d /home/SOURCE_DIR/DATABASE/

CentOS server – NFS client/server howto

NFS stands for Network File System and through NFS, a client can read and/or write a remote share on an NFS server (like on local hard disk)

The first step to set up NFS client/server is to install nfs-utils and nfs-utils-lib packages on both systems (server and client)

yum install nfs-utils nfs-utils-lib
chkconfig --levels 235 nfs on 
service nfs start

For example, the server IP is 10.0.0.1 and the client 10.0.0.2.

I’d like to use /test and /var/test directories from the client system. To make them accessible we must “export” them on the server.

From the client system, the NFS share is usually accessed as the user “nobody”. If the directory isn’t owned by nobody, the read/write access from NFS client should be made as root.
In this howto, the /test dir will be used as root while the /var/test will be used as “nobody”. If /var/test directory doesn’t exist, create the dir and change the ownership to the user/group 65534 (nonexistant user/group).

mkdir /var/test
chown 65534:65534 /var/test

The next step (on the server side) is to modify /etc/exports

nano /etc/exports

and add the next lines

/test           10.0.0.2(rw,sync,no_root_squash,no_subtree_check)
/var/test        10.0.0.2(rw,sync,no_subtree_check)

The no_root_squash parameter means access dir as root (all files copied/created from client will be owned by root).

After you modify /etc/exports, run exportfs -a to make the changes effective.

exportfs -a

The next step (on the client side) is to create the directories where you want to mount the NFS shares

mkdir -p /mnt/test
mkdir -p /mnt/var/test

Mount NFS shares with

mount 10.0.0.1:/test /mnt/test
mount 10.0.0.1:/var/test /mnt/var/test

Verify the settings with:

df -h

The result should be something like

[root@client ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
....
10.0.0.1:/test    100G  25G   75G  25% /mnt/test
10.0.0.1:/var/test
                       100G  25G   75G  25% /mnt/var/test

and

mount

The result should be something like

[root@client ~]# mount
....
10.0.0.1:/test on /mnt/test type nfs (rw,addr=10.0.0.1)
10.0.0.1:/var/test on /mnt/var/test type nfs (rw,addr=10.0.0.1)

To mount the NFS shares at boot time, add the next lines in /etc/fstab file

10.0.0.1:/test  /mnt/test   nfs      rw,sync,hard,intr  0     0
10.0.0.1:/var/test  /mnt/var/test   nfs      rw,sync,hard,intr  0     0

Don’t forget to check the settings after reboot

Heart Bleed Bug – OpenSSL

A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption (web applications, e-mail, instant messaging, VPNs, etc).

Essentially, that means a lot of Internet users are affected and passwords and credit card information could be available to hackers.

CentOS released the updated OpenSSL packages which should fix this issue.

# yum update openssl
# service httpd restart

For more information:
http://www.exploit-db.com/exploits/32745/
http://heartbleed.com/

EoIP tunnel on Linux

Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol (stateless and light ethernet point to point tunnel protocol with 28 bytes static overhead) that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel or any other connection capable of transporting IP.

To connect Linux with Mikrotik over EoIP tunnel, you’ll need THIS.

The install procedure:

# wget http://www.serveradminblog.com/wp-content/uploads/2016/03/linux-eoip-0.5.tar.gz
# tar -xvzf linux-eoip-0.5.tar.gz
# cd linux-eoip-0.5
# ./configure
# make
# make install

Copy eoip.cfg to /etc dir, change settings inside according to your needs and save the file. If you use dynamic=1 option, take attention that there is no authorization,
and it is not secure. It is not good idea to use this feature with public ip or insecure(not completely under your control, each host) network.

For not lets suppose you need only one tunnel to remote IP address 1.1.1.1

[zeoip0]
id=1
dst=1.1.1.1

On Mikrotik create EoIP tunnel with the same ID (1) and set your server’s IP address as remote IP.  Run eoio with

# /usr/local/bin/eoip /etc/eoip.cfg

Add IP address to your eoip interface

# /sbin/ifconfig zeoip0 10.254.254.2 netmask 255.255.255.252 up

And optionally add routes (if you have any)

# route add -net 10.2.0.0/16 gw 10.254.254.1

Add the last few lines inside rc.local to enable tunnel after reboot. The eoip interface can be threaten just like any other interface.

# ifconfig
zeoip0    Link encap:Ethernet  HWaddr 5B:25:C9:44:6A:79  
          inet addr:10.254.254.2  Bcast:10.254.254.3  Mask:255.255.255.252
          inet6 addr: fe80::5425:d9ff:fe80:6b79/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:167397 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138861 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:14934574 (14.2 MiB)  TX bytes:12520192 (11.9 MiB)
# ps ax|grep dhcp
5180 ?        Ss     0:02 /usr/sbin/dhcpd eth1 zeoip0
27356 pts/1    S+     0:00 grep dhcp

As you can see, you can run dhcp server on eoip interface. Just open /etc/sysconfig/dhcpd and add DHCPDARGS=”eth1 zeoip0″ inside. Save the file and restart dhcp server.

CentOS server – nginx howto

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Nginx now hosts nearly 12.18% (22.2M) of active sites across all domains. Nginx is known for its high performance and low resource consumption.

To add nginx yum repository, create a file named /etc/yum.repos.d/nginx.repo and paste one of the configurations below:

For CentOS

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

For RHEL

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/$releasever/$basearch/
gpgcheck=0
enabled=1

Due to differences between how CentOS, RHEL, and Scientific Linux populate the $releasever variable, it is necessary to manually replace $releasever with either “5” (for 5.x) or “6” (for 6.x), depending upon your OS version.

Now, be sure that apache is not started

#service httpd stop
#chkconfig --level 235 httpd off

and install nginx with

#yum install nginx

Why PostgreSQL is not so popular? (howto part 2)

So… After the first part (Link) where we talk about the installation,
the next step would be to create root user and to change postgres and root password.

[root@XTdata init.d]# su postgres
bash-3.2$ createuser -s root
bash-3.2$ createdb root --owner=root
exit
 
[root@XTdata data]# psql
psql (9.2.4)
Type "help" for help.
 
root=# ALTER USER postgres WITH PASSWORD 'SomePAASWDe348';
ALTER ROLE
root=# ALTER USER root WITH PASSWORD 'SomePAASWDe3489898';
ALTER ROLE
root=# \q

Now, the next step would be to allow remote connections.

postgresql.conf is the main PostgreSQL config file. To be able to reach the server remotely, find the commented line

#listen_addresses = 'localhost'         # what IP address(es) to listen on;

uncomment the line and replace the localhost with the servers IP address. (or replace it with * which means – listen on all interfaces)

listen_addresses = '*'         # what IP address(es) to listen on;

PostgreSQL, by default, refuses all connections it receives from any remote host. The remote hosts can be controled via pg_hba.conf file (located in the same dir like postgresql.conf).

Add the next line

host    all             all             192.168.10.57/32         md5

where 192.168.10.57 is the remote host IP address.

Also, you can allow any host by replacing the 192.168.10.57/32 with 0.0.0.0/0.

The line syntax is

local      DATABASE  USER  METHOD  [OPTIONS]
host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]

which is documented inside the pg_hba.conf. Save the file and restart the server.

I prefer the pgAdmin III tool which can be used for remote management. Fire it up, select File, Add Server… Enter name, host, Username and password.

This should be enough for now…

Logrotate settings

As you probably know, the default logrotate period on RH based distros is 7 days. From my point of view, this number is to big for production servers (files can became extremely large so grep through them can be very slow).

To change this behavior, open /etc/logrotate.conf and replace weekly line with daily. Also, increase the number of files you would like to keep from 4 to something larger (for example 40 or 50 which means 40 or 50 days)

It should looks a like

# see "man logrotate" for details
# rotate log files weekly
#weekly
daily
 
# keep 4 weeks worth of backlogs
rotate 70