Friday, May 31, 2019

Update time and date using chrony

Chrony is an application for a machine to sync with network time protocol servers.

To install chrony
# yum install chrony -y

Then, make sure to include some legit ntp servers in /etc/chrony.conf. In this case, we are using centos ntp pool servers.
# cat /etc/chrony.conf
server iburst
server iburst
server iburst
server iburst


Start chronyd (chrony daemon)
# systemctl start chronyd

Chrony will gradually update the system clock to follow the ntp servers, once chronyd is started. But if you want to chrony to update the time quickly, just use below command
# chronyc makestep

To start chronyd on boot:
# systemctl enable chronyd

To check if the time has been synced (make sure one of the server has ^* on the left hand side)
# chronyc sources -v
^*           0   6     0     -     +0ns[   +0ns] +/-    0ns

Friday, May 24, 2019

Installing Joomla 3.9.6 on Centos 7 with httpd, php 7.3 and mysql 8.0


Install mysql 8.0 repository
# rpm -Uvh

Install mysql-server 8.0
# yum install -y mysql-community-server

Start mysql server
# systemctl start mysqld

Secure mysql server installation, answer yes to all question in the mysql_secure_installation procedure
# grep password /var/log/mysql.log
# mysql_secure_installation

Change mysql default authentication plugin to mysql_native_password. Refer here for more information
# cat >> /etc/my.cnf <<EOF


Restart mysql
# systemctl restart mysqld

Create database for joomla
# mysql -u root -p
mysql> create database joomla;
mysql> create user joomla@localhost identified by 'MyJoomla123!';
mysql> grant all privileges on joomla.* to joomla@localhost;


Install epel and remi repository
# yum install epel-release -y
# rpm -Uvh

Install php73 and required components
yum --enablerepo=remi-php73 install php php-zlib php-xml php-json php-mcrypt php-mysqlnd -y


Install httpd server
# yum install -y httpd

Start httpd
# systemctl start httpd


Download joomla source code
# yum install -y wget
# wget

Create a directory for joomla in httpd's root directory
# mkdir /var/www/html/joomla

Extract the code into the directory in root directory
# tar -xvf Joomla_3-9-6-Stable-Full_Package.tar.gz -C /var/www/html/joomla

Give proper owner to joomla directory
# chown -R apache.apache /var/www/html/joomla

Restart httpd
# systemctl restart httpd

Browse to http://your.ip.add.ress/joomla, to access the installation wizard. Fill in your site's preferences, and click Next

Fill in database details, as per MYSQL section above, and click Next

Fill in ftp configurations, if applicable, and click Next

Click Install

Joomla is now installed

Copy the code in Notice, and paste it in a new file called /var/www/html/joomla/configuration.php

Remove the installation older
# rm -rf /var/www/html/joomla/installation
Click on Site button to view your joomla main page, and click on Administrator button to view your joomla administrator's site.

Tuesday, May 7, 2019

Install openshift origin 3.11 cluster on a single virtualbox VM running CentOS 7

The minimum requirements for openshift origin (OKD) 3.11 is at least 16GB memory, but since my machine does not have that much capacity, I just use 8GB memory, and exclude all hardware checks in my inventory file

For openshift installation to run smoothly, you need a proper, separate DNS server. Refer to my previous post, on how to setup a very easy DNS server. The DNS can be installed in another VM with probably 512MB memory.

Prepare a VM, with:
- 8GB memory
- 50GB hardisk
- 1 vcpu
- bridged network

Install centos 7 on the VM

Since we are going to use ansible, passwordless ssh is necessary, even though it is just only one machine
# ssh-keygen
# ssh-copy-id localhost

Update the operating system, and install base packages
# yum update -y; yum install wget git net-tools bind-utils yum-utils iptables-services bridge-utils bash-completion kexec-tools sos psacct -y; reboot

Install epel repository, and disable the repo by default
# yum install -y epel-release; sed -i 's/enabled=1/enabled=0/' /etc/yum/repos.d/epel.repo

Install ansible and pyOpenSSL
# yum install -y --enablerepo=epel ansible pyOpenSSL

Install docker
# yum install -y docker-1.13.1

Install, enable and restart NetworkManager

# yum install NetworkManager -y
# systemctl enable NetworkManager
# systemctl start NetworkManager

Clone the openshift-origin repository in github. This repository will provide required playbooks and configuration files
# cd
# git clone
# cd openshift-ansible
# git checkout release-3.11

Generate a hashed password for your first user
# openssl passwd -apr1 typeyourpasswordhere

Prepare your inventory file. You can refer here for the meaning of each options in below inventory file. Make sure that every hostname used in this file is DNS resolvable 
# cat > ~/openshift-ansible/inventory.ini <<EOF

'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}]
openshift_master_htpasswd_users={'admin': '$apr1$qpJB3Cls$PN7/HlUNqBXikBl.jnrHF.'}

[masters] openshift_schedulable=true 


[nodes] openshift_schedulable=true openshift_node_group_name="node-config-all-in-one"

Run the prerequisites.yml playbook. This playbook will install required for openshift installation
# cd ~/openshift-ansible
# ansible-playbook -i inventory.ini playbooks/prerequisites.yml

Run the deployment playbook to deploy your openshift cluster
# ansible-playbook -i inventory.ini playbooks/deploy_cluster.yml

Once installation is complete, verify your installation by checking on the nodes
# oc get nodes

and logging in to openshift webconsole which in this case is, providing the username and password as per in your inventory.ini file

Monday, May 6, 2019

Postgresql replication on CentOS

I will use 2 machines to do this. For the sake of practicing, even 2 containers will do. The IP addresses are:

- master
- slave

Install postgresql repo on both machines
# yum install -y

Install postgresql on both machines, in this example, I am using postgres 9.6
# yum install -y postgresql96-server

Initialize both postgres
# su - postgres
$ /usr/pgsql-9.6/bin/initdb -D /var/lib/pgsql/9.6/data/

On master, put in below config
# su - postgres
$ cat >> /var/lib/pgsql/9.6/data/postgresql.conf <<EOF
wal_level = hot_standby
max_wal_senders = 1 # number of slave servers
wal_keep_segments = 100
synchronous_standby_names = 'pgslave'

On master, create a user for replication, called replica
$ psql -c "create user replica replication;"

Allow slave to access master as replica
$ cat >> /var/lib/pgsql/9.6/data/pg_hba.conf <<EOF
host    replication     replica         trust

Restart postgres on master server
# systemctl restart postgresql-9.6

On slave server, stop postgresql
# systemctl stop postgresql-9.6

Clear slave server postgresql data directory
# mv /var/lib/pgsql/9.6/data/ /var/lib/pgsql/9.6/data-old
# sudo -u postgres mkdir /var/lib/pgsql/9.6/data

Copy data from master
# su - postgres
$ pg_basebackup -D /var/lib/pgsql/9.6/data -h -U replica --verbose

Create recovery.conf in slave server
$ cat > /var/lib/pgsql/9.6/data/recovery.conf <<EOF
primary_conninfo='host= port=5432 user=replica application_name=pgslave'

Turn hot_standby to on, on slave server
$ sed -i 's/#hot_standby\ =\ off/ hot_standby\ =\ on/'/var/lib/pgsql/9.6/data/postgresql.conf

Start postgres on slave
# systemct start postgresql-9.6

To check replication status, run below in master server
# su - postgres
$ psql -c "select client_addr, state, sent_location, write_location,flush_location, replay_location from pg_stat_replication;"

Test your replication by adding data/database into master server, and check whether the data/database is replicated to slave.

If a master is down, you need to promote the current slave to master, to allow it to be writable
# su - postgres
$ /usr/pgsql-9.6/bin/pg_ctl promote -D /var/lib/pgsql/9.6/data/

Friday, May 3, 2019

Setup easy DNS server using dnsmasq on CentOS 7

Install dnsmasq

# yum install dnsmasq -y

Put in upstream dns server in /etc/resolv.conf. In this case, I want to use opendns as my upstream dns server.
# cat >> /etc/resolv.conf <<EOF

For dns records, just use /etc/hosts
# cat >> /etc/hosts <<EOF mydns.local myportal.local myworkspace.local

With just these 2 settings, you are good to go. Start dnsmasq, and your dns server should be able to resolve those 3 domains.
# systemctl start dnsmasq

Allow on firewall
# firewall-cmd --add-service dns
# firewall-cmd --add-service dns --permanent

Test with dig
# dig +short @localhost myportal.local

Test from other machine
# dig +short @ myworkspace.local

It can even forward to upstream DNS
# dig +short @