====== Technical Information: CentOS/RHEL Topics ======
See [[tech:linux:centos:optum|optum-specific details ...]]
===== Distribution Trivia =====
==== Licensing ====
  * Unregister: \\ ''subscription-manager remove --all'' \\ ''subscription-manager unregister'' \\ ''subscription-manager clean''
  * Register: <code>subscription-manager register --username youraccountlogin --password yourpassword</code>
  * Configuration in ''/etc/rhsm/rhsm.conf''
    * Set ''hostname'' to: ''subscription.rhn.redhat.com''
    * Set ''prefix'' to: ''/subscription''
    * Set ''port'' to:  ''443''
    * Set ''baseurl'' to: ''https://cdn.redhat.com''
    * Set ''repo_ca_cert'' to: ''%(ca_cert_dir)sredhat-uep.pem''
    * Set ''full_refresh_on_yum'' to: ''0''
  * Enabling repositories:<code>
subscription-manager list --available
subscription-manager attach --pool=pool_id
subscription-manager list --consumed
subscription-manager repos --list
subscription-manager repos --enable repository</code>

===== Details to intialize for a new instance =====
  * Do a ''yum update''
  * Add ''pathmunge $HOME/bin'' and ''pathmunge /usr/java/bin'' to ''/etc/profile''
  * 

==== If Starting with a Minimal Install ====
  * yum install -y wget rsync git vim curl bzip2 zip unzip xz sharutils
  * yum install -y xterm gvim dejavu-sans-mono-fonts
  * yum install java-1.8.0-openjdk-devel
  * yum groupinstall "X Window System"
  * yum groupinstall "Fonts" //(alternately, dejavu-fonts-common)//
  * yum install tigervnc-server
  * yum install tigervnc
  * yum install xorg-x11-server-devel
  * yum install gcc-c++
  * yum install mariadb-devel
  * yum install centos-release-scl

==== If VirtualBox VM Guest ====
  * ''yum install gcc make perl kernel-devel''
  * Install the VirtualBox Guest Additions
  * Shared folder mounted like: ''mount -t vboxsf -o uid=1000,gid=1000 sharename /home/you/some/folder''

==== If using Docker ====
Docker requires the ''container-selinux'' package, not available in RHEL repos. \\
Get it from: [[http://mirror.centos.org/centos/7/extras/x86_64/Packages|CentOS 7 package mirror]] \\
Then, install Docker with:<code>
yum remove docker docker-common docker-selinux docker-engine
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce
</code>
... alternately ...<code>
yum check-update
curl -fsSL https://get.docker.com/ | sh
systemctl start docker
systemctl status docker
systemctl enable docker
</code>

==== If using ZFS ====
See [[https://github.com/zfsonlinux/zfs/wiki/RHEL-and-CentOS|official documentation]] for further details
  * ''dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm''
  * ''yum install kernel-devel''
  * ''yum install http://download.zfsonlinux.org/epel/zfs-release.el7_4.noarch.rpm''
  * ''gpg --quiet --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-zfsonlinux''
  * In ''/etc/yum.repos.d/zfs.repo'', change:
    * ''enabled=1'' to ''enabled=0'' in the ''[zfs]'' section
    * ''enabled=0'' to ''enabled=1'' in the ''[zfs-kmod]'' section
  * ''yum install zfs''
  * ''systemctl preset zfs-import-cache zfs-import-scan zfs-import.target zfs-mount zfs-share zfs-zed zfs.target''
  * ''modprobe zfs''
==== If using LXC ====
  * ''yum install debootstrap perl libvirt''
  * ''yum install lxc lxc-templates''
  * ''systemctl status lxc.service''
  * ''systemctl start lxc.service''
  * ''systemctl status lxc.service''
  * ''systemctl start libvirtd''
  * ''systemctl status lxc.service''
  * ''lxc-checkconfig''
See also: [[http://www.zenteknix.com/wiki/doku.php?id=tech:lxc:start#centos_rhel_specifics|CentOS/RHEL Specifics for LXC]]
==== If using KVM ====
  * ''grep -E '(vmx|svm)' /proc/cpuinfo''
  * ''systemctl enable libvirtd''
  * x
==== Other packages for new instance ===
  * git
  * gcc-c++
  * wget
  * xterm
  * vim
  * vim-x11
  * java-1.8.0-openjdk-devel
  * gd-devel


==== Update a specific repository ====
''yum --disablerepo="*" --enablerepo="epel" update''


==== Enable TCP listen for X ====
// ... to be added ... //


==== Add firewall rule for HTTP ====
|**List active zone(s):**|''firewall-cmd --get-active-zones'' |
|**Add port (note zone):**|''firewall-cmd --zone=public --add-port=3000/tcp --permanent'' |
|**Refresh:**|''firewall-cmd --reload'' |

==== Change hostname post-installation ====
<code>hostnamectl set-hostname Your-New-Host-Name-Here
hostnamectl set-hostname "Your New Host Name Here" --pretty
hostnamectl set-hostname Your-New-Host-Name-Here --static
hostnamectl set-hostname Your-New-Host-Name-Here --transient</code>

==== ulimit ====
In ''/etc/security/limits.conf'', create a file like ''20-nofile.conf'':
<code>
*        hard    nofile    4096
*        soft    nofile    1024
@users   soft    nofile    2048
rk4n3    hard    nofile    81920
rk4n3    soft    nofile    8192
</code>

------
===== Some Application Trivia =====

==== Routine CLI ====
  * Duplicate SElinux attributes: ''chcon %%--%%reference=oldfileordir newfileordir''
  * Update from specific repo only: ''yum %%--%%disablerepo="*" %%--%%enablerepo="my-repo" update''

==== rsyslog & logrotate ====
  * In ''/etc/rsyslog.d/yourapp.conf''<code>
# Separate yourapp logging into its own file
if $programname == 'yourapp' then /var/log/yourapp.log
& stop</code>
  * In ''/etc/logrotate.d/yourapp'':<code>
/var/log/yourapp.log {
  missingok
  weekly
  size 2G
  copytruncate
  rotate 12
  notifempty
}</code>

==== Wildfly ====
  * Wildfly likes to live at ''/opt/wildfly'', so create a symbolic link at that location to the actual installation directory
  * Set up the logging location:<code>mkdir /var/log/wildfly
chown wildfly:wildfly /var/log/wildfly
chmod 755 /var/log/wildfly</code>
  * Set up the runtime location:<code>mkdir /var/run/wildfly
chown wildfly:wildfly /var/run/wildfly
chmod 755 /var/run/wildfly</code>
  * Create a symbolic link at ''/etc/default/wildfly.conf'' to the ''standalone.conf'' file in the wildfly instance
  * Edit ''/etc/default/wildfly.conf'':
    * Make sure ''JAVA_HOME'' is set to the directory that the java you want to use lives at
    * Make sure ''JBOSS_HOME'' is set to ''/opt/wildfly''
    * Add ''JBOSS_USER'', and ensure its set to the user that you want wildfly to run as
  * Copy ''/opt/wildfly/docs/contrib/scripts/init.d/wildfly-init-redhat.sh'' to ''/etc/init.d/wildfly''
  * Edit ''/opt/wildfly/standalone/configuration/standalone.xml'':
    * Change ''127.0.0.1'' to actual IP address
  * Add an admin user by invoking ''cd /opt/wildfly/bin ; ./add-user.sh''
  * Add as a service:  <code>chkconfig --add wildfly
chkconfig wildfly on''</code>
  * Start with ''service wildfly start'', and stop with ''service wildfly stop''
  * Admin console will be accessible on ''http://hostipaddress:9990/console''
  * HTTP service will be on ''http://hostipaddress:8080'' by default //(unless changed in config file)//

==== Jenkins ====
See CentOS/RHEL section in [[tech:devops:jenkins:start|Jenkins devops page]]

==== Gatling ====
See CentOS/RHEL section in [[tech:devops:gatling:start|Gatling devops page]]

===== Some Issues -> Solutions =====

==== Raw network/socket access ====
  * Allow a program (i.e. ''/usr/bin/ping''): ''setcap cap_net_raw+p /path/to/command''

==== systemd journal ====
  * Clear out journal(s): ''journalctl -m --vacuum-time=1s''

==== Upgrading ====
CentOS will typically require accepting license agreement (again) after a significant upgrade. \\
This can mean that the system will not complete booting until license agreement acceptance is \\
completed on a console. \\
==== Firewall ====
Example:<code>firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --reload</code>

==== LDAP ====
  * Ensure desired grep exists locally (in ''/etc/group'')
  * Add an LDAP user to local copy of LDAP group: ''gpasswd -a ldaplogin localgroup''
==== Permissions ====
  * For some strange reason, under RHEL new user home directories seem to be created with ''drwx------'' permissions, which denies other uses visibility under then entire tree.
  * SELinux can prevent SSH RSA key authentication, typically via file security context
    * Examine file context with:<code>ls -lZd directorypath</code>... or<code>ls -lZ filepath</code>
    * A full remediation might look like:<code>chcon -t root_t /
chcon -t home_root_t /home
chcon -t home_root_t /home/you
chcon -t ssh_home_t /home/you/.ssh
chcon -t ssh_home_t /home/you/.ssh/*</code>
  * SELinux introduces some permissions complexity, so adjustments may need to be made on that level
    * Example - show SELinux context: ''ls -Z /some/dir''
    * Example - apache logs: ''chcon -R -t httpd_log_t /some/log/dir''
    * Example - apache doc root: ''chcon -R -t httpd_sys_content_t /some/www/docroot/dir''
  * SELinux can prohibit network connections, as well - if apache can't connect to a MySQL DB: \\ ''setsebool -P httpd_can_network_connect=1''


==== Mounted filesystem after changing fstab ====
  * If a filesystem won't either unmount or mount in new location after changing ''/etc/fstab'':<code>systemctl daemon-reload</code>

==== CentOS VMs Crash in VNC/Headless Mode ====
This problem seems to be related to IPv6, so disabling IPv6 helps.  Perform installation and first boot-up using the native Qemu GUI console, then disable IPv6 in the guest:
<code>sysctl -a | grep ipv6 | grep disable | sed 's/= 0/= 1/g' > /etc/sysctl.d/ipv6.conf; sysctl -p /etc/sysctl.d/ipv6.conf</code>
... then, the VM can be restarted in headless/VNC mode.

===== Some Hardware Trivia =====


 \\
// Links: [[:tech:linux:start|Linux Info]] ... [[:tech:start|Tech Info]] //