Category Archives: DevOps

Remove kernel in CentOS

kernel
After unsuccessful upgrade of kernel you have to fix linux OS.
To delete invalid kernel in case of CentOS do next steps.

1. Show kernel list:

  rpm -q kernel

And you’ll see output:

  kernel-3.10.0-229.14.1.el7.x86_64
  kernel-3.10.0-229.20.1.el7.x86_64
  kernel-3.10.0-327.3.1.el7.x86_64
  kernel-3.10.0-327.4.4.el7.x86_64
  kernel-3.10.0-327.22.2.el7.x86_64

2. Delete corrupted kernel:

  rpm -e kernel-3.10.0-327.22.2.el7.x86_64

3. Reboot.
So, you system downgraded!

Thanx to http://blog.zwiegnet.com/linux-server/delete-oldcorrupt-linux-kernel-centos/

Execute command from other user in Linux

linux-sudo
Linux OS is fluent to run commands under different user if you are logged as root.
Here are two ways to do it:

1. Using “SUDO” command:

  sudo -u <username> "<commands>"

Example: sudo -u www-data php occ

2. Using “SU” command:

  su - <username> -c "<commands>"

Example: su – www-data -c ‘php /var/www/html/console.php files:scan –all’

Thanx to http://askubuntu.com/a/606149

OwnCloud connection to server error

Owncloud-logo
The OwnCloud is great replacement of google, yandex, dropbox disks. It is really useful and convenient tool to manage your private data.

There are few ways to connect to you server:
- web dav directly from OS
- browser access
- iOS/Android mobile OS

If you OwnCloud service is behind the Nginx server with SSL protection, you can see the next error when access from mobile client:

it is not possible to connect to the server at this time

After spending few days in searching the solution on forum https://forum.owncloud.org no one fix helped.

I paid attention in Admin panel on “Security & setup warnings” section:

The "Strict-Transport-Security" HTTP header 
is not configured to least "15768000" seconds. 
For enhanced security we recommend enabling HSTS 
as described in our security tips.

So, go ahead!

Just add the header to Nginx config (Strict-Transport-Security):

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

Restart Nginx and voila – mobile client will ask you to accept SSL certificate!

Xrdp configuration to connect existing session

xrdp
The RDP protocol is very convenient to manage windows and linux servers. But if you use Xrdp as terminal server, you may notice new session always creates when connection established.

The CentOS (RedHat) rdp server implementation is more useful, because can connect to existing session by default. But Ubuntu (Debian) always creates new session if you configure it as “port=-1” setting in xrdp.ini file:

[xrdp2]
name=test-name
...
port=-1

But if you set port to certain value, connection problem occurs.
To fix the problem I recommend to create two different xrdp configurations in xrdp.ini file:

[xrdp1]
name=existing-session
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=5910

[xrdp2]
name=new-session
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1

So, for the first connection you have to use “new-session” configuration, and the next one will be used “existing-session” configuration by default.
Make sure, you are connecting to 5910 port (in my case).

Docker containers dependencies

composer
As a rule, you have more then one docker containers. It can be one base container (parent) and many other (children).
To connect they in docker-compose you can use the next snippets:

1. Using “links” – in common case is the most popular method. Here are network ports and volumes from parent container shares to child one.
docker-compose.yml

...
  links:
    - base
...

2. Using “volumes_from” – only volumes from parent container shares to child.
docker-compose.yml

...
  volumes_from:
    - base
...

The second way is useful when you connect your docker contaner network is applied to host network. The “links” directive cannot be used (since docker-compose v1.9).
docker-compose.yml

...
  net: "host"
...

Also, http://docs.docker.com/compose/compose-file

Generating SSL certificate

ssl
To apply SSL connection in your server you have to use SSL certificate.
Here are the steps to create Self-Signed SSL certificate:

1. Install openssl.

yum install -y openssl

2. Create shell script add_ssl.sh:

#!/bin/bash
set -e

prefix=$1

# Generate private key
openssl genrsa -out $prefix.key 2048

# Generate CSR
echo -e "[LOCALE]\n[COUNTRY]\n[CITY]\n[COMPANY]\nSSL\n$prefix\n[EMAIL]\n\n\n\n" \
	| (openssl req -new -key $prefix.key -out $prefix.csr)

# Generate Self Signed Key
openssl x509 -req -days 365 -in $prefix.csr -signkey $prefix.key -out $prefix.crt

# Copy the files to the correct locations
mv $prefix.crt /etc/ssl
mv $prefix.key /etc/ssl
mv $prefix.csr /etc/ssl

Replace [LOCALE], [COUNTRY], [CITY], [COMPANY], [EMAIL] with your values.

3. Run script example:

./add_ssl.sh gik.firetrot.com

Why Docker?

docker
Docker is the most simple and clear method to isolate your services. DevOps can in significantly convenient way deploy and control their services in server environment.
Docker is nothing new but wrapper over LXC. There are two concepts when you start working with docker:

  • Docker image is what you build
  • Docker container is what you run

Docker uses layer system very similar to Version Control System. After restart container all data will be lost if not commited!
So, to run a docker container you have to create a docker image. There are two methods to create docker image. The first, you can get base docker image of your favorite linux OS, run and login to it and manually install whatever. After that commit image to save changes. It is old and hardcore way. I prefer the second one, create docker image from so called “Dockerfile” – describes all to compose image.

Example usage:

  1. Create folder “base”.
  2. Create “Dockerfile” in it with the following contents:
    FROM centos:7
    MAINTAINER "FireTrot Studio" <admin@firetrot.com>
    
    # ENV
    ENV container=docker
    
    # IMPORT
    RUN rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7
    
    # INSTALL
    RUN yum -y install net-tools
    
    # RUN
    CMD ["ping", "localhost"]
    
  3. Build docker image with command:
    docker build -t base .
    
  4. Run docker container with command:
    docker run -it --name=base docker_base
    

And then you’ll see the output of container work.