Friday, May 31, 2019

Update time and date using chrony

Chrony is an application for a machine to sync with network time protocol servers.

To install chrony
# yum install chrony -y

Then, make sure to include some legit ntp servers in /etc/chrony.conf. In this case, we are using centos ntp pool servers.
# cat /etc/chrony.conf
...
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

...

Start chronyd (chrony daemon)
# systemctl start chronyd

Chrony will gradually update the system clock to follow the ntp servers, once chronyd is started. But if you want to chrony to update the time quickly, just use below command
# chronyc makestep

To start chronyd on boot:
# systemctl enable chronyd

Friday, May 24, 2019

Installing Joomla 3.9.6 on Centos 7 with httpd, php 7.3 and mysql 8.0

MYSQL

Install mysql 8.0 repository
# rpm -Uvh https://repo.mysql.com/mysql80-community-release-el7-3.noarch.rpm

Install mysql-server 8.0
# yum install -y mysql-community-server

Start mysql server
# systemctl start mysqld

Secure mysql server installation, answer yes to all question in the mysql_secure_installation procedure
# grep password /var/log/mysql.log
# mysql_secure_installation

Change mysql default authentication plugin to mysql_native_password. Refer here for more information
# cat >> /etc/my.cnf <<EOF
[mysqld]
default-authentication-plugin=mysql_native_password

EOF

Restart mysql
# systemctl restart mysqld

Create database for joomla
# mysql -u root -p
mysql> create database joomla;
mysql> create user joomla@localhost identified by 'MyJoomla123!';
mysql> grant all privileges on joomla.* to joomla@localhost;


PHP

Install epel and remi repository
# yum install epel-release -y
# rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-7.rpm

Install php73 and required components
yum --enablerepo=remi-php73 install php php-zlib php-xml php-json php-mcrypt php-mysqlnd -y


HTTPD

Install httpd server
# yum install -y httpd

Start httpd
# systemctl start httpd


JOOMLA

Download joomla source code
# yum install -y wget
# wget https://downloads.joomla.org/cms/joomla3/3-9-6/Joomla_3-9-6-Stable-Full_Package.tar.gz

Create a directory for joomla in httpd's root directory
# mkdir /var/www/html/joomla

Extract the code into the directory in root directory
# tar -xvf Joomla_3-9-6-Stable-Full_Package.tar.gz -C /var/www/html/joomla

Give proper owner to joomla directory
# chown -R apache.apache /var/www/html/joomla

Restart httpd
# systemctl restart httpd

Browse to http://your.ip.add.ress/joomla, to access the installation wizard. Fill in your site's preferences, and click Next

Fill in database details, as per MYSQL section above, and click Next


Fill in ftp configurations, if applicable, and click Next

Click Install

Joomla is now installed

Copy the code in Notice, and paste it in a new file called /var/www/html/joomla/configuration.php


Remove the installation older
# rm -rf /var/www/html/joomla/installation
Click on Site button to view your joomla main page, and click on Administrator button to view your joomla administrator's site.

Tuesday, May 7, 2019

Install openshift origin 3.11 cluster on a single virtualbox VM running CentOS 7

The minimum requirements for openshift origin (OKD) 3.11 is at least 16GB memory, but since my machine does not have that much capacity, I just use 8GB memory, and exclude all hardware checks in my inventory file

For openshift installation to run smoothly, you need a proper, separate DNS server. Refer to my previous post, on how to setup a very easy DNS server. The DNS can be installed in another VM with probably 512MB memory.

Prepare a VM, with:
- 8GB memory
- 50GB hardisk
- 1 vcpu
- bridged network

Install centos 7 on the VM

Since we are going to use ansible, passwordless ssh is necessary, even though it is just only one machine
# ssh-keygen
# ssh-copy-id localhost

Update the operating system, and install base packages
# yum update -y; yum install wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct -y; reboot

Install epel repository, and disable the repo by default
# yum install -y epel-release; sed -i 's/enabled=1/enabled=0/' /etc/yum/repos.d/epel.repo

Install ansible and pyOpenSSL
# yum install -y --enablerepo=epel ansible pyOpenSSL

Install docker
# yum install -y docker-1.13.1

Clone the openshift-origin repository in github. This repository will provide required playbooks and configuration files
# cd
# git clone https://github.com/openshift/openshift-ansible
# cd openshift-ansible
# git checkout release-3.11


Generate a hashed password for your first user
# openssl passwd -apr1 typeyourpasswordhere

Prepare your inventory file. You can refer here for the meaning of each options in below inventory file. Make sure that every hostname used in this file is DNS resolvable 
# cat > ~/openshift-ansible/inventory.ini <<EOF
[OSEv3:children]
masters
nodes
etcd

[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=origin
'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_master_htpasswd_users={'admin': '$apr1$qpJB3Cls$PN7/HlUNqBXikBl.jnrHF.'}

openshift_public_hostname=console.local.my
openshift_master_default_subdomain=apps.console.local.my
openshift_disable_check=disk_availability,docker_storage,memory_availability,docker_image_availability

[masters]
osmaster.local.my openshift_schedulable=true 

[etcd]
osmaster.local.my 

[nodes]
osmaster.local.my openshift_schedulable=true openshift_node_group_name="node-config-all-in-one"
EOF

Run the prerequisites.yml playbook. This playbook will install required for openshift installation
# cd ~/openshift-ansible
# ansible-playbook -i inventory.ini playbook/prerequisites.yml

Run the deployment playbook to deploy your openshift cluster
# ansible-playbook -i inventory.ini playbook/deploy_cluster.yml

Once installation is complete, verify your installation by checking on the nodes
# oc get nodes

and logging in to openshift webconsole which in this case is https://console.local.my:8443, providing the username and password as per in your inventory.ini file

Monday, May 6, 2019

Postgresql replication on CentOS

I will use 2 machines to do this. For the sake of practicing, even 2 containers will do. The IP addresses are:

- master 10.10.10.1
- slave 10.10.10.2

Install postgresql repo on both machines
# yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

Install postgresql on both machines, in this example, I am using postgres 9.6
# yum install -y postgresql96-server

Initialize both postgres
# su - postgres
$ /usr/pgsql-9.6/bin/initdb -D /var/lib/pgsql/9.6/data/

On master, put in below config
# su - postgres
$ cat >> /var/lib/pgsql/9.6/data/postgresql.conf <<EOF
wal_level = hot_standby
max_wal_senders = 1 # number of slave servers
wal_keep_segments = 100
synchronous_standby_names = 'pgslave'
EOF

On master, create a user for replication, called replica
$ psql -c "create user replica replication;"

Allow slave to access master as replica
$ cat >> /var/lib/pgsql/9.6/data/pg_hba.conf <<EOF
host    replication     replica          192.168.1.33/32         trust
EOF

Restart postgres on master server
# systemctl restart postgresql-9.6

On slave server, stop postgresql
# systemctl stop postgresql-9.6

Clear slave server postgresql data directory
# rm -rf /var/lib/pgsql/9.6/data/*

Copy data from master
# su - postgres
$ pg_basebackup -D /var/lib/pgsql/9.6/data -h 10.10.10.1 -U replica --verbose

Create recovery.conf in master server
$ cat > /var/lib/pgsql/9.6/data/recovery.conf <<EOF
standby_mode=on
trigger_file='/tmp/promotedb'
primary_conninfo='host=10.10.10.1 port=5432 user=replica application_name=pgslave'
EOF

Turn hot_standby on
$ sed -i 's/#hot_standby\ =\ off/ hot_standby\ =\ on/'/var/lib/pgsql/9.6/data/postgresql.conf

Start postgres on slave
# systemct restart postgresql-9.6

To check replication status, run below in master server
# su - postgres
$ psql -c "select client_addr, state, sent_location, write_location,flush_location, replay_location from pg_stat_replication;"

Test your replication by adding data/database into master server, and check whether the data/database is replicated to slave.

If a master is down, you need to promote the current slave to master, to allow it to be writable
# su - postgres
$ /usr/pgsql-9.6/bin/pg_ctl promote -D /var/lib/pgsql/9.6/data/
  

Friday, May 3, 2019

Setup easy DNS server using dnsmasq on CentOS 7

Install dnsmasq

# yum install dnsmasq -y

Put in upstream dns server in /etc/resolv.conf. In this case, I want to use opendns as my upstream dns server.
# cat >> /etc/resolv.conf <<EOF
nameserver 208.67.222.222
EOF

For dns records, just use /etc/hosts
# cat >> /etc/hosts <<EOF
192.168.0.99 mydns.local
192.168.0.100 myportal.local
192.168.0.101 myworkspace.local
EOF

With just these 2 settings, you are good to go. Start dnsmasq, and your dns server should be able to resolve those 3 domains.
# systemctl start dnsmasq

Allow on firewall
# firewall-cmd --add-service dns
# firewall-cmd --add-service dns --permanent

Test with dig
# dig +short @localhost myportal.local
192.168.0.100

Test from other machine
# dig +short @192.168.0.99 myworkspace.local
192.168.0.101


It can even forward to upstream DNS
# dig +short @192.168.0.99 www.google.com
216.58.196.36