Friday 24 October 2014

How To Install MySQL On CENTOS 7

Below instructions are steps to install mysql server on CentOS 7.

The default replacement for mysql server is MariaDB. MariaDB is a community-developed fork of the MySQL relational database management system. For whatever reasons you might like to install the previous MySQL server, this guide walk you through the process of the installation. The steps:

Setup MySQL repository
[root@localhost ~]# sudo rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
Install Server:
[root@localhost ~]# yum install mysql-server
Start Server:
[root@localhost ~]# systemctl start mysqld
Enable Server on boot:
[root@localhost ~]# systemctl enable mysqld
Change root password:
[root@localhost ~]# mysqladmin -u root password
Posted by at No comments :
Labels: , , , ,

Friday 26 September 2014

Install Keepalived on CentOS 7

Keepalived is a solution that provides a strong & robust health-check framework, and also implementing a Hot Standby protocol. It allows load balancing services to have HA and prevent Single Point of Failure.

The following is a set of instructions on setting up Keepalived service on CentOS7.

Assume network as below:
LB1:Loadbalancer 1:192.168.1.80
LB2:Loadbalancer 2:192.168.1.81
Vip1:Virtual IP:192.168.1.82

We want to use LB1 as the master LB, LB2 as standby. If LB1 fails, LB2 will take over as master. Whoever is the master will take over the Vip of 192.168.1.82.

To configure LB1:192.168.1.80, ssh into LB1:
[root@LB1 ~]# yum install keepalived
To allow kernel binding non-local IP into the hosts and apply the changes: 
[root@LB1 ~]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
[root@LB1 ~]# sysctl -p

[root@LB1 ~]# vi /etc/keepalived/keepalived.conf 


! Configuration File for keepalived 

global_defs { 
   notification_email { 
        admin1@domain.com 
   } 
   notification_email_from admin@local 
   smtp_server 192.168.1.99 
   smtp_connect_timeout 30 
} 

vrrp_script chk_curl { 
    script "/usr/bin/curl http://192.168.1.80" 
    interval 2 
    weight -4 
    timeout 5 
    fall 2 
    rise 2 
}

vrrp_instance VI_1 { 
    state MASTER 
    interface eth0 
    virtual_router_id 51 
    priority 101 
    advert_int 1 
    authentication { 
        auth_type PASS 
        auth_pass 1111 
    } 
    virtual_ipaddress { 
        192.168.1.82/32 dev eth0 
    } 
    track_script { 
        chk_curl 
    } 
} 



[root@LB1 ~]# service keepalived start

Next configure LB2:192.168.1.81, ssh into LB2:
[root@LB2 ~]# yum install keepalived
To allow kernel binding non-local IP into the hosts and apply the changes: 
[root@LB2 ~]# echo "net.ipv4.ip_nonlocal_bind = 1" >> /etc/sysctl.conf
[root@LB2 ~]# sysctl -p

[root@LB2 ~]# vi /etc/keepalived/keepalived.conf 


! Configuration File for keepalived 

global_defs { 
   notification_email { 
        admin1@domain.com 
   } 
   notification_email_from admin@local 
   smtp_server 192.168.1.99 
   smtp_connect_timeout 30 
} 

vrrp_script chk_curl { 
    script "/usr/bin/curl http://192.168.1.81" 
    interval 2 
    weight -4 
    timeout 5 
    fall 2 
    rise 2 
}

vrrp_instance VI_1 { 
    state MASTER 
    interface eth0 
    virtual_router_id 51 
    priority 100 
    advert_int 1 
    authentication { 
        auth_type PASS 
        auth_pass 1111 
    } 
    virtual_ipaddress { 
        192.168.1.82/32 dev eth0 
    } 
    track_script { 
        chk_curl 
    } 
} 

[root@LB2 ~]# service keepalived start
chk_curl is a checking script, in above is to check if the httpd service is functioning. 192.168.1.80 is having higher piority(101),1.80 will be master while 1.81 will be backup. If the curl fails, eg httpd down, the vip(192.168.1.82) will swing to 192.168.1.81.

This custom checking script is useful, if you have other checking criteria, you script it in. Basically vrrp_script will check the return value of the script.(eg $? in bash)
Posted by at 5 comments :
Labels: , , , ,

Centos 7 firewall (firewalld)

Centos 7 is using firewalld instead of iptables. Below are the steps to enable/disable firewalld.

To check the status of the firewall:
#  service firewalld status

To disable the firewall:
#  service firewalld stop

To start the firewall:
#  service firewalld start

To enable firewall on boot:
#  systemctl enable firewalld
To disable firewall on boot:
#  systemctl disable firewalld
To check on how to configure firewall:
#  man firewall-cmd
To get the default zone:
#  firewall-cmd --get-default-zone
To list all services in public zone:
#  firewall-cmd --zone=public --list-all
To accept http service in public zone permanently:
#  cat /etc/firewalld/zones/public.xml
#  firewall-cmd --permanent --zone=public --add-service=http
#  firewall-cmd --reload
#  cat /etc/firewalld/zones/public.xml
To deny http service in public zone permanently:
#  cat /etc/firewalld/zones/public.xml
#  firewall-cmd --permanent --zone=public --remove-service=http
#  firewall-cmd --reload
#  cat /etc/firewalld/zones/public.xml
The GUI screen to control the firewall is available from the menu.

To install using yum:
# yum install firewall-config
To get to Firewall GUI:

Fedora : System > Administration > Firewall
RHEL7/OL7 : Applications > Sundry > Firewall

Posted by at No comments :
Labels: , ,

Friday 18 July 2014

CentOS 7: "-bash: ifconfig: command not found"

After new installed Centos 7, entering network command "ifconfig", caused this error "-bash: ifconfig: command not found". This was due to "net-tools" not installed by default. Install "net-tools" will solve the problem. 
# yum install net-tools
# ifconfig

Posted by at No comments :
Labels:

Friday 16 May 2014

Apache http server ldap authentication (by group)

To setup the apache server to use 389 Directory Server as access manager you will need to make sure the mod_ldap was setup with the apache server: 
yum install mod_ldap

vi /etc/httpd/conf.modules.d/01-ldap.conf

# This file configures the LDAP modules:
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
And that these lines are in the httpd.conf file: 
AuthType Basic
AuthName "Protected Area"
AuthBasicProvider ldap
AuthLDAPURL "ldap://r65-1.local/dc=local"
Require ldap-group cn=Managers,ou=Groups,dc=local
Posted by at No comments :
Labels: , ,

Apache http server ldap authentication (by uid)

To setup the apache server to use 389 Directory Server as access manager you will need to make sure the mod_ldap was setup with the apache server: 
yum install mod_ldap

vi /etc/httpd/conf.modules.d/01-ldap.conf

# This file configures the LDAP modules:
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
And that these lines are in the httpd.conf file: 
AuthType Basic
AuthName "Protected Area"
AuthBasicProvider ldap
AuthLDAPURL "ldap://r65-1.local/dc=local"
Require ldap-user john
Posted by at No comments :
Labels: , ,

Wednesday 14 May 2014

Static IP network configuration on CentOS 6

Below are the templates to configure CentOS for static ip: 
# cat /etc/hosts
127.0.0.1       localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
192.168.1.41    r65-1.local     r65-1

# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=r65-1
GATEWAY=192.168.1.1

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
IPADDR=192.168.1.41
NETMASK=255.255.255.0
ONBOOT=yes
TYPE=Ethernet
PREFIX=24
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DOMAIN=local
DEFROUTE=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"

# cat /etc/resolv.conf
search local
nameserver 192.168.1.1
Posted by at No comments :
Labels: , ,
Subscribe to: Posts ( Atom )

search iomeweekly