How To Install MySQL On CENTOS 7

Below instructions are steps to install mysql server on CentOS 7.

The default replacement for mysql server is MariaDB. MariaDB is a community-developed fork of the MySQL relational database management system. For whatever reasons you might like to install the previous MySQL server, this guide walk you through the process of the installation. The steps:

Setup MySQL repository

[root@localhost ~]# sudo rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm

Install Server:

[root@localhost ~]# yum install mysql-server

Start Server:

[root@localhost ~]# systemctl start mysqld

Enable Server on boot:

[root@localhost ~]# systemctl enable mysqld

Change root password:

[root@localhost ~]# mysqladmin -u root password

Install Keepalived on CentOS 7

Keepalived is a solution that provides a strong & robust health-check framework, and also implementing a Hot Standby protocol. It allows load balancing services to have HA and prevent Single Point of Failure.

The following is a set of instructions on setting up Keepalived service on CentOS7.

Assume network as below:
LB1:Loadbalancer 1:192.168.1.80
LB2:Loadbalancer 2:192.168.1.81
Vip1:Virtual IP:192.168.1.82

We want to use LB1 as the master LB, LB2 as standby. If LB1 fails, LB2 will take over as master. Whoever is the master will take over the Vip of 192.168.1.82.

To configure LB1:192.168.1.80, ssh into LB1:

[root@LB1 ~]# yum install keepalived

To allow kernel binding non-local IP into the hosts and apply the changes:

[root@LB1 ~]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
[root@LB1 ~]# sysctl -p

[root@LB1 ~]# vi /etc/keepalived/keepalived.conf 

! Configuration File for keepalived 

global_defs { 
   notification_email { 
        admin1@domain.com 
   } 
   notification_email_from admin@local 
   smtp_server 192.168.1.99 
   smtp_connect_timeout 30 
} 

vrrp_script chk_curl { 
    script "/usr/bin/curl http://192.168.1.80" 
    interval 2 
    weight -4 
    timeout 5 
    fall 2 
    rise 2 
}

vrrp_instance VI_1 { 
    state MASTER 
    interface eth0 
    virtual_router_id 51 
    priority 101 
    advert_int 1 
    authentication { 
        auth_type PASS 
        auth_pass 1111 
    } 
    virtual_ipaddress { 
        192.168.1.82/32 dev eth0 
    } 
    track_script { 
        chk_curl 
    } 
} 

[root@LB1 ~]# service keepalived start

Next configure LB2:192.168.1.81, ssh into LB2:

[root@LB2 ~]# yum install keepalived

To allow kernel binding non-local IP into the hosts and apply the changes:

[root@LB2 ~]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
[root@LB2 ~]# sysctl -p

[root@LB2 ~]# vi /etc/keepalived/keepalived.conf 

! Configuration File for keepalived 

global_defs { 
   notification_email { 
        admin1@domain.com 
   } 
   notification_email_from admin@local 
   smtp_server 192.168.1.99 
   smtp_connect_timeout 30 
} 

vrrp_script chk_curl { 
    script "/usr/bin/curl http://192.168.1.81" 
    interval 2 
    weight -4 
    timeout 5 
    fall 2 
    rise 2 
}

vrrp_instance VI_1 { 
    state MASTER 
    interface eth0 
    virtual_router_id 51 
    priority 100 
    advert_int 1 
    authentication { 
        auth_type PASS 
        auth_pass 1111 
    } 
    virtual_ipaddress { 
        192.168.1.82/32 dev eth0 
    } 
    track_script { 
        chk_curl 
    } 
} 

[root@LB2 ~]# service keepalived start

chk_curl is a checking script, in above is to check if the httpd service is functioning. 192.168.1.80 is having higher piority(101),1.80 will be master while 1.81 will be backup. If the curl fails, eg httpd down, the vip(192.168.1.82) will swing to 192.168.1.81.

This custom checking script is useful, if you have other checking criteria, you script it in. Basically vrrp_script will check the return value of the script.(eg $? in bash)

Setup LDAP authentication on CentOS 6 with SSSD

To install LDAP authentication on CentOS 6 (with SSSD)

yum install sssd

To get the TLS/SSL cert:

cd /etc/sssd
sftp *389 directory server/cert directory*
mget cacert.asc
chown nobody:nobody cacert.asc

Configuring NSS Services to Use SSSD

# authconfig --enablesssd --update

The services map is not enabled by default when SSSD is enabled with authconfig. To include that map, open the nsswitch.conf file and add the sss module to the services map:

# vim /etc/nsswitch.conf
...
services: file sss

To configure the PAM service. Use authconfig to enable SSSD for system authentication.

# authconfig --update --enablesssd --enablesssdauth

Configure sssd.conf:

vi /etc/sssd/sssd.conf

[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
reconnection_retries = 3
sbus_timeout = 30

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
filter_groups = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75

[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5

[domain/LDAP]
cache_credentials = false
id_provider = ldap
auth_provider = ldap
ldap_uri = ldaps://r65-1.local
ldap_search_base = dc=local
ldap_tls_cacert = /etc/sssd/cacert.asc
debug_level = 9
access_provider = ldap
ldap_access_filter = host=r65-2.local

The last 2 sentences are for Host-Based Access Control (eg old config=>pam_check_host_attr), if you are not using this feature, you can omit these.

Restart sssd and the machine can login using LDAP:

chmod 600 /etc/sssd/sssd.conf
service sssd restart

Setup 389 Directory Server on CentOS 6 (with TLS/SSL/SSSD)

To setup 389 server, we first setup the hostname and domain.

Edit file /etc/sysconfig/network,

# vi /etc/sysconfig/network

HOSTNAME=r65-1

Edit file /etc/hosts/,

# vi /etc/hosts

Add your hostname as shown below.

192.168.1.1   r65-1.local r65-1

To open ports for iptables

vi /etc/sysconfig/iptables

Add the following lines.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT

Restart firewall.

# service iptables restart

Performance and Security tuning for LDAP server Open “/etc/sysctl.conf” file and add the lines.

# vi /etc/sysctl.conf 
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 64000

# sysctl -p

Open “/etc/security/limits.conf” and these lines as shown below

# vi /etc/security/limits.conf 
*               soft     nofile          8192   
*               hard     nofile          8192

Open “/etc/profile” file and add the lines

# vi /etc/profile
ulimit -n 8192

Add the lines at “/etc/pam.d/system-auth” file.

# vi /etc/pam.d/system-auth
session    required     pam_limits.so

Disable selinux

# setenforce 0
# vi /etc/selinux/config

SELINUX=disabled

Reboot the server

Setup EPEL repository

# wget http://mirror.nus.edu.sg/Fedora/epel/6/i386/epel-release-6-8.noarch.rpm

# rpm -ivh epel-release-6-8.noarch.rpm

Now install 389 directory server using command:

# yum install sssd httpd
# chkconfig sssd on
# chkconfig httpd on
# service httpd restart
# authconfig --enablesssd --enablesssdauth --enablelocauthorize --update
# yum install 389-ds

After download, lets do a reboot

# reboot

Configure LDAP server

# setup-ds-admin.pl

==============================================================================
This program will set up the 389 Directory and Administration Servers.


It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
  - Press "Enter" to choose the default and go to the next screen
  - Type "Control-B" then "Enter" to go back to the previous screen
  - Type "Control-C" to cancel the setup program

Would you like to continue with set up? [yes]: ## Press Enter ##

==============================================================================
Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production
environment.

389 Directory Server system tuning analysis version 23-FEBRUARY-2012.

NOTICE : System is x86_64-unknown-linux3.11.10-301.x86_64 (2 processors).

NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
(120 minutes).  This may cause temporary server congestion from lost
client connections.

WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.

WARNING  : The warning messages above should be reviewed before proceeding.

Would you like to continue? [no]: yes  ## Type Yes and Press Enter ##

==============================================================================
Choose a setup type:

   1. Express
       Allows you to quickly set up the servers using the most
       common options and pre-defined defaults. Useful for quick
       evaluation of the products.

   2. Typical
       Allows you to specify common defaults and options.

   3. Custom
       Allows you to specify more advanced options. This is
       recommended for experienced server administrators only.

To accept the default shown in brackets, press the Enter key.

Choose a setup type [2]: ## Press Enter ##

==============================================================================
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: eros.example.com.

To accept the default shown in brackets, press the Enter key.

Warning: This step may take a few minutes if your DNS servers
can not be reached or if DNS is not configured correctly.  If
you would rather not wait, hit Ctrl-C and run this program again
with the following command line option to specify the hostname:

    General.FullMachineName=your.hostname.domain.name

Computer name [r65-1.local]: r65-1.local

==============================================================================
The servers must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.

If you have not yet created a user and group for the servers,
create this user and group using your native operating
system utilities.

System User [nobody]: ## Press Enter ##
System Group [nobody]: ## Press Enter ##

==============================================================================
Server information is stored in the configuration directory server.
This information is used by the console and administration server to
configure and manage your servers.  If you have already set up a
configuration directory server, you should register any servers you
set up or create with the configuration server.  To do so, the
following information about the configuration server is required: the
fully qualified host name of the form
<hostname>.<domainname>(e.g. hostname.example.com), the port number
(default 389), the suffix, the DN and password of a user having
permission to write the configuration information, usually the
configuration directory administrator, and if you are using security
(TLS/SSL).  If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port
number (default 636) instead of the regular LDAP port number, and
provide the CA certificate (in PEM/ASCII format).

If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.

Do you want to register this software with an existing
configuration directory server? [no]: ## Press Enter ##

==============================================================================
Please enter the administrator ID for the configuration directory
server.  This is the ID typically used to log in to the console.  You
will also be prompted for the password.

Configuration directory server
administrator ID [admin]: ## Press Enter ##
Password:
Password (confirm):

==============================================================================
The information stored in the configuration directory server can be
separated into different Administration Domains.  If you are managing
multiple software releases at the same time, or managing information
about multiple domains, you may use the Administration Domain to keep
them separate.

If you are not using administrative domains, press Enter to select the
default.  Otherwise, enter some descriptive, unique name for the
administration domain, such as the name of the organization
responsible for managing the domain.

Administration Domain [local]: ## Press Enter ##

==============================================================================
The standard directory server network port number is 389.  However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use.

Directory server network port [389]: ## Press Enter ##

==============================================================================
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.

Directory server identifier [r65-1]: ## Press Enter ##

==============================================================================
The suffix is the root of your directory tree.  The suffix must be a valid DN.
It is recommended that you use the dc=domaincomponent suffix convention.
For example, if your domain is example.com,
you should use dc=example,dc=com for your suffix.
Setup will create this initial suffix for you,
but you may have more than one suffix.
Use the directory server utilities to create additional suffixes.

Suffix [dc=local]: dc=local

==============================================================================
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
You will also be prompted for the password for this user.  The password must
be at least 8 characters long, and contain no spaces.
Press Control-B or type the word "back", then Enter to back up and start over.

Directory Manager DN [cn=Directory Manager]: ## Press Enter ##
Password:
Password (confirm):

==============================================================================
The Administration Server is separate from any of your web or application
servers since it listens to a different port and access to it is
restricted.

Pick a port number between 1024 and 65535 to run your Administration
Server on. You should NOT use a port number which you plan to
run a web or application server on, rather, select a number which you
will remember and which will not be used for anything else.

Administration port [9830]: ## Press Enter ##
==============================================================================
The interactive phase is complete.  The script will now set up your
servers.  Enter No or go Back if you want to change something.

Are you ready to set up your servers? [yes]: ## Press Enter ##

Creating directory server . . .
Your new DS instance 'r65-1' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: Starting dirsrv-admin:
output:                                                    [  OK  ]

The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupxozWF8.log'

Make the LDAP server daemon to start automatically on every reboot.

# chkconfig dirsrv on
# chkconfig dirsrv-admin on
# chkconfig httpd on

# service dirsrv restart
# service dirsrv-admin restart
# service httpd restart

To test the setup

# ldapsearch -x -b "dc=local"

# extended LDIF
#
# LDAPv3
# base <dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# local
dn: dc=local
objectClass: top
objectClass: domain
dc: local

# Directory Administrators, local
dn: cn=Directory Administrators,dc=local
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
uniqueMember: cn=Directory Manager

# Groups, local
dn: ou=Groups,dc=local
objectClass: top
objectClass: organizationalunit
ou: Groups

# People, local
dn: ou=People,dc=local
objectClass: top
objectClass: organizationalunit
ou: People

# Special Users, local
dn: ou=Special Users,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Special Users

description: Special Administrative Accounts

# Accounting Managers, Groups, local
dn: cn=Accounting Managers,ou=Groups,dc=local
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: cn=Directory Manager

# HR Managers, Groups, local
dn: cn=HR Managers,ou=Groups,dc=local
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
uniqueMember: cn=Directory Manager

# QA Managers, Groups, local
dn: cn=QA Managers,ou=Groups,dc=local
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
uniqueMember: cn=Directory Manager

# PD Managers, Groups, local
dn: cn=PD Managers,ou=Groups,dc=local
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
uniqueMember: cn=Directory Manager

# search result
search: 2
result: 0 Success

# numResponses: 10
# numEntries: 9

To create user and group,goto server gui(eg gnome)

At gnome>application>terminal>

# 389-console

cn=Directory Manager
**directory manager password**
http://192.168.1.31:9830/

(or)

admin
**admin password**
http://192.168.1.31:9830/

local>r65-1.local>Server Group>Directory Server>Open
Directory>


(To create 1 user)
local>People>*right click*>New>User
enter person's information,userid,passwd
click on, enable posix user attributes,enter the attributes


(To create 1 group,link to above user)
local>Groups>*right click*>New>Group
enter group name,include above user as member,enable posix group attributes

close gui, exit 389-console

Creating Directory Server Certificates through the Command Line
Open the directory where the Directory Server certificate databases are stored.

cd /etc/dirsrv/slapd-*instance_name*

Make a backup copy of all of the filed in the directory as a precaution.

tar -cf /tmp/db-backup.tar *

Create a password file for the security token password.( PIN for Internal (Software) Token):

vi /tmp/pwdfile

secretpw

Create the key and certificate databases databases.

certutil -N -d . -f /tmp/pwdfile

Generate the self-signed CA certificate. certutil creates the required key pairs and the certificate. This certificate is used to generate the other server certificates and can be exported for use with other servers and clients.

certutil -S -n "CA certificate" -s "cn=My Org CA cert,dc=local" -2 -x -t "CT,," -m 1000 -v 120 -d . -k rsa -f /tmp/pwdfile

Generate the Directory Server client certificate. Take note,you must specify the resolvable FQDN, eg r65-1.local

certutil -S -n "Server-Cert" -s "cn=r65-1.local" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa -f /tmp/pwdfile

Export the CA certificate for use with other servers and clients. A client usually requires the CA certificate to validate the server certificate in an TLS/SSL connection. Use certutil to export the CA certificate in ASCII/PEM format:

certutil -d . -L -n "CA certificate" -a > cacert.asc

The way that the CA certificate is imported is different for every client. For example, certutil can import a CA certificate into another Directory Server certificate database:

cd /etc/dirsrv/slapd-otherserver
certutil -A -d . -n "CA certificate" -t "CT,," -a -i cacert.asc

Use pk12util to export other server certificates and keys created with certutil so that they can be used on a remote server.

pk12util -d . -o ldap1.p12 -n Server-Cert -w /tmp/pwdfile -k /tmp/pwdfile

The -w argument is the password used to encrypt the .p12 file for transport. The -k argument specifies the password for the key database containing the server certificate being exported to .p12. If the Directory Server will run with TLS/SSL enabled, then create a password file (pin.txt) for the server to use so it will not prompt you for a password every time it restarts. Configuring NSS Services to Use SSSD

# authconfig --enablesssd --update

The services map is not enabled by default when SSSD is enabled with authconfig. To include that map, open the nsswitch.conf file and add the sss module to the services map:

# vim /etc/nsswitch.conf
...
services: file sss

To configure the PAM service. Use authconfig to enable SSSD for system authentication.

# authconfig --update --enablesssd --enablesssdauth

Below is an example for SSSD config file:

 
vi /etc/sssd/sssd.conf

[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP
reconnection_retries = 3
sbus_timeout = 30

[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
filter_groups = root
reconnection_retries = 3
entry_cache_timeout = 300
entry_cache_nowait_percentage = 75

[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5

[domain/LDAP]
cache_credentials = false
id_provider = ldap
auth_provider = ldap
ldap_uri = ldaps://r65-1.local
ldap_search_base = dc=local
ldap_tls_cacert = /etc/dirsrv/slapd-r65-1/cacert.asc
debug_level = 9

Restart SSSD

chmod 600 /etc/sssd/sssd.conf
service sssd restart

To enable TLS/SSL,goto server gui(eg gnome)

At gnome>application>terminal>

# 389-console

cn=Directory Manager
**directory manager password**
http://192.168.1.31:9830/

(or)

admin
**admin password**
http://192.168.1.31:9830/

local>r65-1.local>Server Group>Directory Server>Open
Configuration>Encryption>
Enable SSL for this server
Use this cipher family:RSA internal(software) Server-Cert (save and exit)

Restart dirsrv

service dirsrv restart

It is possible to store the certificate password in a password file. By placing the certificate database password in a file, the server can be started from the Directory Server Console and also restarted automatically when running unattended. The password file must be in the same directory where the other key and certificate databases for Directory Server are stored. This is usually the main configuration directory, /etc/dirsrv/slapd-instance_name. The file should be named pin.txt. The PIN file should be owned by the Directory Server user and set to read-only by the Directory Server user, with no access to anyone other user (mode 0400).

vi /etc/dirsrv/slapd-*instance_name*/pin.txt

Internal (Software) Token:secretpw

chown nobody:nobody /etc/dirsrv/slapd-*instance_name*/pin.txt
chmod 400 /etc/dirsrv/slapd-*instance_name*/pin.txt
service dirsrv restart

Restart SSSD

service sssd restart

==> now you can login to server using the ldap user.

ssh userid@r65-1.local

Create barcodes on CENTOS/FEDORA Linux

To create barcode for Linux, you need to install "barcode" rpm. Suppose you want to create a 13 numbers barcode, and save it to postscript file, and convert the postscript file to pdf, you can do this.

[root@centos6-1 temp]# yum install barcode
[root@centos6-1 temp]# barcode -o test.ps -e EAN -b 9557447805435
[root@centos6-1 temp]# ps2pdf test.ps test.pdf

Enable EPEL and IUS repository for CENTOS6

What is EPEL? Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux Server, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL). First step, download repository rpm from website:

wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Install the rpm:

rpm -Uvh epel-release-6-8.noarch.rpm

What is IUS? The IUS Community Project is an effort to package rpms of the latest stable versions of the most commonly requested software on Red Hat Enterprise Linux and CentOS. IUS provides a better way to upgrade PHP/MySQL/Python/Etc on RHEL or CentOS. The project is run by professional Linux Engineers that are primarily focused on RPM Development in the web hosting industry. Download repository rpm from website:

wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/x86_64/ius-release-1.0-11.ius.el6.noarch.rpm 

Install the rpm:

rpm -Uvh ius-release-1.0-11.ius.el6.noarch.rpm 

Install the latest mysql server on CENTOS6

How to install the latest mysql server on CENTOS6? CENTOS6 shipped with mysql server 5.1.67 version. To install latest mysql server 5.6.10, you can download the rpm from mysql official download site, and install the rpm individually.

Firstly, navigate to "http://www.mysql.com/downloads/mysql/#downloads" , choose "Oracle and Red Hat Linux 6". Download the rpms as shown below:

wget http://www.mysql.com/get/Downloads/MySQL-5.6/MySQL-client-5.6.10-1.el6.x86_64.rpm/from/http://cdn.mysql.com/
wget http://www.mysql.com/get/Downloads/MySQL-5.6/MySQL-shared-5.6.10-1.el6.x86_64.rpm/from/http://cdn.mysql.com/
wget http://www.mysql.com/get/Downloads/MySQL-5.6/MySQL-server-5.6.10-1.el6.x86_64.rpm/from/http://cdn.mysql.com/
wget http://www.mysql.com/get/Downloads/MySQL-5.6/MySQL-shared-compat-5.6.10-1.el6.x86_64.rpm/from/http://cdn.mysql.com/

Then use md5sum, to check md5 hash on the download site:

md5sum MySQL-shared-compat-5.6.10-1.el6.x86_64.rpm
md5sum MySQL-server-5.6.10-1.el6.x86_64.rpm
md5sum MySQL-shared-5.6.10-1.el6.x86_64.rpm
md5sum MySQL-client-5.6.10-1.el6.x86_64.rpm

If the md5 hash is ok, we can install the rpm in following sequence:

rpm -Uvh MySQL-shared-compat-5.6.10-1.el6.x86_64.rpm
rpm -ivh MySQL-shared-5.6.10-1.el6.x86_64.rpm
rpm -ivh MySQL-server-5.6.10-1.el6.x86_64.rpm
rpm -ivh MySQL-client-5.6.10-1.el6.x86_64.rpm

To turn mysql on when boot:

chkconfig mysql on

To start the mysql service:

service mysql start

To obtain the temporary password:

cat /root/.mysql_secret

To change the mysql root password:

mysqladmin -uroot -p password

Login to the newly installed server using its client:

mysql -uroot -p

These are the steps to install latest mysql on CENTOS. Cheers!

Upgrade php53u to php54 on CENTOS5

To upgrade php53/php53u to php54 on CENTOS5.

Enable IUS and EPEL:

[root@example ~]# rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/CentOS/5/x86_64/ius-release-1.0-10.ius.centos5.noarch.rpm
[root@example ~]# rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/CentOS/5/x86_64/epel-release-5-4.noarch.rpm

Install yum replace plugin:

[root@example ~]# yum install yum-plugin-replace

Upgrade php53 to php4:

[root@example ~]# yum replace php53u --replace-with php54

Verify php version:

[root@example ~]# php -v

Restart httpd:

[root@example ~]# service httpd restart

Installing Bacula Console (Gnome) on CENTOS5

If you are using Gnome Desktop, you can access Bacula using Bacula Console (Gnome)

Below are the installation steps:

[root@example bacula-web]# yum install bacula-console-gnome

Change the director ipaddress and password

[root@example bacula-web]# vi /etc/bacula/bgnome-console.conf

Director {

  Name = bacula-dir

  DIRport = 9101

  address = localhost

  Password = "d84c7934a7a7826da3d34d5f7c6c86"

}



ConsoleFont {

  Name = Default

  Font = "LucidaTypewriter 9"

}

Installing Bacula-Web on CENTOS5

Bacula-Web is a monitoring and reporting web gui for Bacula.

[root@example html]# cd /var/www/html/

[root@example html]# yum install php54-common php54-pear php54-pdo php54 php54-gd php54-cli php54-pecl-apc php54-mysql  

[root@example html]# mkdir bacula-web

[root@example html]# cd bacula-web

[root@example bacula-web]# wget http://www.bacula-web.org/tl_files/downloads/bacula-web-5.2.12.tar.gz

[root@example bacula-web]# tar -xzvf bacula-web-5.2.12.tar.gz

[root@example bacula-web]# cd ..

[root@example html]# chown -Rv apache:apache ./bacula-web

[root@example html]# chmod -Rv u=rx,g=rx,o=rx ./bacula-web

[root@example html]# chmod -v ug+w ./bacula-web/application/view/cache

[root@example config]# cd ./bacula-web/application/config

[root@example config]# cp -v config.php.sample config.php

[root@example config]# chown -v apache: config.php

[root@example config]# vi config.php

To test your installation of Bacula-Web, follow this link:

http://ipaddress/bacula-web/test.php

To goto the web:

http://ipaddress/bacula-web

Installing Bacula on CENTOS5

Installing Bacula on CENTOS5 using YUM package-management utility. You have to have root access to install and run Bacula properly. A database server (eg MySQL) is needed to manage backup details. In this case, you will need mysql root access (ie MySQL root password). In this guide, it is assumed that the Bacula Director,File daemon,Storage daemon are installed in the same computer/server. When you want to backup across more computers/servers, just need to declare more clients and update the addresses.

Bacula is an Open Source Network Backup program that allows system admin to backup, recover data from servers and computer. More details can be obtained from its official website. (http://www.bacula.org/en)

Lets start with the yum install:

yum install bacula-client bacula-director-mysql bacula-storage-mysql bacula-traymonitor bacula-common bacula-director-common bacula-storage-common bacula-console

YUM will then go thru the dependency and add additional packages to install. Enter 'y' to proceed to install all required packages.

Is this ok [y/N]: y

Run below scripts to create and link mysql tables to Bacula:

/usr/libexec/bacula/grant_mysql_privileges -uroot -p
/usr/libexec/bacula/create_mysql_database -uroot -p
/usr/libexec/bacula/make_mysql_tables -uroot -p
/usr/libexec/bacula/grant_bacula_privileges -uroot -p

The Bacula is made up of 4 basic components: Director, File daemon(FD), Storage daemon(SD),Console programs. For security, lets change their default password. To generate a password hash:

[root@example ~]# echo "mypassword" |md5sum
d84c7934a7a786d26da3d34d5f7c6c86  -

For simplicity, I am using the above password hash to all password fields in below config files:

vi /etc/bacula/bacula-dir.conf
vi /etc/bacula/bacula-fd.conf
vi /etc/bacula/bacula-sd.conf
vi /etc/bacula/bconsole.conf
vi /etc/bacula/tray-monitor.conf

The default storage location is in /tmp. To change to another directory:

mkdir /bacula-backup

vi /etc/bacula/bacula-sd.conf

change

Archive Device = /tmp

to

Archive Device = /bacula-backup

To update the address of the file daemon:

vi /etc/bacula/bacula-dir.conf

Client {
  Name = bacula-fd
  Address = client.example.com
  FDPort = 9102
  Catalog = MyCatalog

To

Client {
  Name = bacula-fd
  Address = localhost
  FDPort = 9102
  Catalog = MyCatalog

and

Storage {

  Name = File

# Do not use "localhost" here

  Address = XXXXXXXXXX                # N.B. Use a fully qualified name here

  SDPort = 9103

To

Storage {

  Name = File

# Do not use "localhost" here

  Address = localhost                # N.B. Use a fully qualified name here

  SDPort = 9103

(Yes, the comments says do not use "localhost" and I used it. You can replace the address with a FQDN that is used as Bacula backup server.)

To enable the services:

chkconfig bacula-sd on

chkconfig bacula-fd on

chkconfig bacula-dir on

To turn on the services:

service bacula-fd start

service bacula-sd start

service bacula-dir start

To create volumes, run:

[root@example ~]# bconsole
Connecting to Director localhost:9101
1000 OK: bacula-dir Version: 2.4.4 (28 December 2008)
Enter a period to cancel a command.
*label
Automatically selected Catalog: MyCatalog
Using Catalog "MyCatalog"
Automatically selected Storage: File
Enter new Volume name: vol
Defined Pools:
     1: Default
     2: Scratch
Select the Pool (1-2): 1
Connecting to Storage daemon File at localhost:9103 ...
Sending label command for Volume "vol" Slot 0 ...
3000 OK label. VolBytes=195 DVD=0 Volume="vol" Device="FileStorage" (/bacula-backup)
Catalog record for Volume "vol", Slot 0  successfully created.
Requesting to mount FileStorage ...
3906 File device "FileStorage" (/bacula-backup) is always mounted.