Category: Linux

  • Configure OVH Failover IP in Ubuntu 20.04/22.04

    To configure IP in Ubuntu Server 20.04 guest, create a file

    vi /etc/netplan/50-netwrk.yaml

    add the following content

    network:
    version: 2
    ethernets:
        eth0:
            addresses:
                - YOUR_FO_IP_HERE/32
            nameservers:
                addresses:
                    - 1.1.1.1
                search: []
            optional: true
            routes:
                - to: 0.0.0.0/0
                  via: YOUR_GW_IP_HERE
                  on-link: true

    example

    root@easyengine:~# cat /etc/netplan/50-cloud-init.yaml
network:
    version: 2
    ethernets:
        eth0:
            addresses:
                - 164.132.150.95/32
            nameservers:
                addresses:
                    - 1.1.1.1
                search: []
            optional: true
            routes:
                - to: 0.0.0.0/0
                  via: 51.255.79.254
                  on-link: true
root@easyengine:~#

    “on-link: true” is what makes it work. The “on-link: true” option is used to specify that a specific route should be considered “on-link.” This means that the route is directly reachable on the local network segment, and packets destined for that route should be sent directly to the network interface associated with that network segment, rather than being routed through a gateway.

    Test network config using

    netplan try

    If everything works fine, you can apply the changes with

    netplan apply

    See OVH, netplan

  • Ubuntu Remap keys in the keyboard

    Left Shift key on my keyboard started acting up. It some times work, some times it won’t. I never use the caps lock key on my kayboard, this is just above the shift key. So i decided to use this key as left shift key.

    To re-assign key, you need to edit file /usr/share/X11/xkb/symbols/pc

    Lets take a copy of the file before we edit it

    cp /usr/share/X11/xkb/symbols/pc ~/pc-backup

    Edit

    sudo gedit /usr/share/X11/xkb/symbols/pc

    Find the line

         key  {	[ Caps_Lock		]	};

    This is on line 22

    Replace with

         key  {	[ Shift_L		]	};

    Now you need to restart X-Windows by pressing ALT+F2, then type r. You can also just reboot your computer for the new keymap to work. After restart, i can use Caps lock key as my Left Shift key.

    If you want to disable left shift key, you can comment the line

        key  {	[ Shift_L		]	};

    by adding // at beginning of the line.

    See Ubuntu

  • Red Hat Killing CentOS Linux, Fight for CentOS clone

    Red Hat Killing CentOS Linux, Fight for CentOS clone

    RedHat, parent company of CentOS Linux announce it will stop supporting CentOS 8, the latest version of CentOS. CentOS is build from the source code RHEL, making a free version of stable and well-tested enterprise ready RHEL Linux. CentOS 7 will keep getting security updates until it reaches End Of Life June 30th, 2024. For Red Hat, maintaining CentOS wont help with their business. Now they don’t need to maintain CentOS, this will force many users to pay for Red Hat Enterprise Linux (RHEL).

    RedHat Killing CentOS Linux

    The new version of CentOS known as CentOS Stream is a rolling release. It will be used as a staging version of RHEL. Red Hat expect CentOS Stream to be stable and allow community participation as users will be able to contribute to CentOS Steam. With CentOS, community contribution was limited because it was a copy of RHEL.

    CentOS is populary used in web hosting servers as cpanel only supposed RHEL based Linux. With death of CentOS 8, cpanel have announced they will accelerate investment in development efforts to support additional operating systems. cPanel will suport Ubuntu LTS and expect to deliver a production-ready version in late 2021. After Ubuntu LTS, they will look into supporting Debian. Ubuntu is very popular with Cloud Servers as it come with latest software compared to CentOS. With many developers already using Ubuntu on their Desktop, supporting Ubuntu is wise decision by cpanel.

    With CentOS 8 unexpected demise, many users will be looking for alternative OS. This opens up market for next CentOS clone.

    Rocky Linux

    CentOS co-founder, Gregory Kurtzer announced he will be releasing his own Red Hat Enterprise Linux (RHEL) replacement Rocky Linux. No ETA on release date yet.

    https://rockylinux.org

    You can join discussion on their reddit.com/r/RockyLinux/

    Project Lenix

    Igor Seletskiy, CloudLinux CEO and founder said they will make their own RHEL patch to patch compatible Open Source Linux – Project Lenix.

    CloudLinux is a CentOS based commerical Linux, that is popular amoung web hosting providers as it allow resource limit per user and user isolation with CageFS. They also have support for kernel update with out reboot.

    CloudLinux will be investing more than a million dollar into Project Lenix. CentOS 8 users will be able to convert into Project Lenix or CloudLinux easily with out reboot. In the announcement Igor Seletskiy said “Red Hat’s announcement has left users looking for an alternative with all that CentOS provides and without the disruption of having to move to alternative distributions. We promise to dedicate the resources required to Project Lenix that will ensure impartiality and a not-for-profit community initiative. CloudLinux already has the assets, infrastructure, and experience to carry out the mission, and we promise to be open about the process of developing Project Lenix”.

    See CentOS

  • Oracle Linux

    Oracle Linux

    How to Install MySQL 5.7 on Oracle Linux 7
    How to Migrate CentOS to Oracle Linux
    How to Install PHP 5.6 on Oracle Linux 7
    Updating Kernel on Oracle Linux with Ksplice

  • Ubuntu Server 20.04 set static IP with netplan

    First check if you have file

    /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg

    If the file exists, make sure, you have the following content in it.

    root@ubuntu:~# cat /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
network: {config: disabled}
root@ubuntu:~#

    Edit

    vi /etc/netplan/00-installer-config.yaml

    Replace all content with

    network:
    version: 2
    ethernets:
        eth0:
            addresses: [192.168.1.100/24]
            routes:
                - to: default
                  via: 192.168.1.1
            nameservers:
                addresses: [1.1.1.1, 8.8.8.8]

    In the above cause 192.168.1.100 is your static IP address. 192.168.1.1 is the gateway. eth0 is the network interface name.

    Older versions of netpan used gateway4 instead of routes.

                gateway4: 192.168.1.1

    Now try the changes with

    netplan try

    If all is good, you can make changes permanent with

    netplan apply

    See IP

  • imunify360 find license details

    To check if your imunify360 license is valid, run

    imunify360-agent rstatus

    Example

    [root@ldb002 ~]# imunify360-agent rstatus
OK
[root@ldb002 ~]#

    To get more details of imunify360 license installed on the server

    imunify360-agent rstatus --json --verbose

    Example

    [root@ldb002 ~]# imunify360-agent rstatus --json --verbose
{
  "expiration": null,
  "id": "Imunify360-xxxxxxxx",
  "license": {
    "expiration": null,
    "id": "Imunify360-xxxxxxxx",
    "license_type": "imunify360",
    "message": "",
    "redirect_url": "",
    "status": true,
    "user_count": 5,
    "user_limit": 2147483647
  },
  "license_type": "imunify360",
  "message": "",
  "redirect_url": "",
  "status": true,
  "strategy": "CSF_COOP",
  "user_count": 5,
  "user_limit": 2147483647,
  "version": "5.3.3-1"
}
[root@ldb002 ~]#

  • supervisorctl

    supervisorctl is used to control supervisord.

    To reload all monitored processes, run

    supervisorctl reload

    To restart a monitored process, run

    supervisorctl restart PROCESS_NAME_HERE

    See supervisord

  • pvdisplay

    pvdisplay is used to display all physical volumes on a LVM.

    root@server12:~# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda3
  VG Name               vg
  PV Size               <9.51 GiB / not usable 0   
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              2434
  Free PE               0
  Allocated PE          2434
  PV UUID               VA8sp6-2zKJ-GGtJ-aWe5-cPlm-uTHu-oKpiua
   
  --- Physical volume ---
  PV Name               /dev/sda4
  VG Name               vg
  PV Size               30.00 GiB / not usable 4.98 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              7679
  Free PE               0
  Allocated PE          7679
  PV UUID               LjsCxR-J0lC-5z2P-Fqew-MXoG-59X3-B7dmDP
   
  --- Physical volume ---
  PV Name               /dev/sda5
  VG Name               vg
  PV Size               <40.00 GiB / not usable 3.98 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              10239
  Free PE               0
  Allocated PE          10239
  PV UUID               km0iBF-XakC-s9GF-hFnf-K1b0-4Hec-FAEcwp
   
root@server12:~#

    See LVM

  • lvdisplay

    lvdisplay is used to display logical volumes. You can also use lvs command.

    root@server12:~# lvdisplay
  --- Logical volume ---
  LV Path                /dev/vg/lv_root
  LV Name                lv_root
  VG Name                vg
  LV UUID                aLjP9v-Cc6s-mxS6-kcKz-Fs4e-kW5c-Wuq009
  LV Write Access        read/write
  LV Creation host, time ubuntu-server, 2020-05-19 13:02:06 +0000
  LV Status              available
  # open                 1
  LV Size                78.99 GiB
  Current LE             20222
  Segments               3
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:0
   
  --- Logical volume ---
  LV Path                /dev/vg/lv_swap
  LV Name                lv_swap
  VG Name                vg
  LV UUID                es9Yvn-Tfh1-KO6L-7cAw-N1jg-9NAL-9hd3To
  LV Write Access        read/write
  LV Creation host, time ubuntu-server, 2020-05-19 13:02:07 +0000
  LV Status              available
  # open                 2
  LV Size                520.00 MiB
  Current LE             130
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:1
   
root@server12:~#

    See LVM

  • CentOS 6 Invalid release/repo/arch combination

    CentOS 6 Invalid release/repo/arch combination

    When i run yum update on a CentOS 6 server, i get error “Invalid release/repo/arch combination/”.

    CentOS 6 invalid release

    This error is due to CentOS reaching its End Of Life and no longer supported.

    What you need to do is upgrade your server to the latest supported CentOS versions like CentOS 7 or CentOS 8. Converting to Oracle Linux 6 is another option, it is binary compatible with CentOS/RHEL 6, offers extended support until Jun 2024 and Indefinite Sustaining Support. If you want to convert CentOS 6 to Oracle Linux, see How to Migrate CentOS to Oracle Linux.

    If you just need to fix the error, you need to go through each .repo file in the folder

    /etc/yum.repos.d/

    Comment out lines like

    mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra

    Replace it with centos 6 vault repo URL

    baseurl=https://vault.centos.org/centos/$releasever/os/$basearch/

    You can find modified yum repository files at

    https://github.com/serverok/centos6-repo

    You can replace your existing repository files inside /etc/yum.repos.d folder with files in the above git repository with following commands.

    cd /etc
mv yum.repos.d yum.repos.d-old
git clone https://github.com/serverok/centos6-repo.git yum.repos.d

    If you get git not found error, you may need to manually download files from the repo and place in the directory /etc/yum.repos.d/.

    After this, you will be able to update your system. If you have any other repo installed, you can copy it from yum.repos.d-old folder to make it active again.

    Here is the updated CentOS-Base.repo file

    https://raw.githubusercontent.com/serverok/centos6-repo/main/CentOS-Base.repo

    # CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
baseurl=https://vault.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#released updates 
[updates]
name=CentOS-$releasever - Updates
baseurl=https://vault.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=https://vault.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=https://vault.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
baseurl=https://vault.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

    After updating yum repo, run 

    yum clean all
yum makecache

  • Firewalld

    firewall-cmd is used to manage firewall (iptables). It is used by default on latest version of CentOS, RHEL.

    Check firewall status

    To see if firewall is running of not use

    firewall-cmd --state

    or

    systemctl status firewalld

    To disable firewalls

    systemctl stop firewalld
systemctl disable firewalld

    Open a port in firewall

    To allow HTTP and HTTPS traffic, run

    firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=ssh
firewall-cmd --permanent --zone=public --add-port=25/tcp
firewall-cmd --reload

    Permanent option make the changes permanant. You need to reload firewall after using –permanent. If you want to open a port in current session and make it permanant, run the command with and with out –permanent.

    Open a port range in firewall

    firewall-cmd --zone=public --add-port=22-65535/tcp

    Close a port in firewall

    To close a port, you can use command same as you open with –add replaced with –remove.

    firewall-cmd --permanent --zone=public --remove-service http
firewall-cmd --permanent --zone=public --remove-port 25/tcp

    Whitelist an IP address

    firewall-cmd --zone=trusted --add-source=IP_ADDR_HERE

    To remove an IP, use

    firewall-cmd --zone=trusted --remove-source=IP_ADDR_HERE

    Firewalld Zones

    Zone is a collection of rules that can be applied to a specific interface. Some useful commands are

    firewall-cmd --get-active-zones
firewall-cmd --get-default-zone
firewall-cmd --list-all-zones
firewall-cmd --info-zone=public

    Zones are stored in /usr/lib/firewalld/zones

    Services

    Services are pre-made rules for a specific application. Some useful commands are

    firewall-cmd --get-services
firewall-cmd --info-service SERVICE_NAME_HERE

    Services are stoed in /usr/lib/firewalld/services/ or /etc/firewalld/services/

    On AlmaLinux 9, cpanel server used following service file

    https://gist.github.com/serverok/4433cbc84b90f41ddf60031896cf8475

    Save run time configuration into permanant

    firewall-cmd --runtime-to-permanent

    iptables

    See firewall

  • Firewalld list all open ports

    Firewalld list all open ports

    To list all open ports in firealld, run

    firewall-cmd --list-ports

    You may need to also use 

    [root@oc1 ~]# firewall-cmd --list-services
http https ssh
[root@oc1 ~]#

    Example

    firewalld list ports

    See firewalld