Linux Blimp

Docker is an open source and popular operating system-level virtualization (commonly known as “containerization”) technology that primarily runs on Linux and Windows. Docker makes it easier to create, deploy, and run applications by using containers.

With containers, developers (and system administrators) can package up an application with everything needed to run the application – the code, a run-time, libraries, environment variables, and configuration files, and ship it all out as one package. Yes, it’s that great!

In this article, we will show you how to install Docker CE (Community Edition), create and run Docker containers on Ubuntu distribution.

Installing Docker CE (Community Edition) in Ubuntu

1. To install Docker CE, first, you need to remove older versions of Docker were called docker, docker.io, or docker-engine from the system using the following command.

$ sudo apt-get remove docker docker-engine docker.io containerd runc

$ sudo apt-get update
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

3. Update the apt package index and install the latest version of Docker CE using following commands.

$ sudo apt-get update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  aufs-tools cgroupfs-mount pigz
The following NEW packages will be installed:
  aufs-tools cgroupfs-mount containerd.io docker-ce docker-ce-cli pigz
0 upgraded, 6 newly installed, 0 to remove and 167 not upgraded.
Need to get 50.7 MB of archives.
After this operation, 243 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu bionic/universe amd64 pigz amd64 2.4-1 [57.4 kB]
Get:2 https://download.docker.com/linux/ubuntu bionic/stable amd64 containerd.io amd64 1.2.4-1 [19.9 MB]
Get:3 http://archive.ubuntu.com/ubuntu bionic/universe amd64 aufs-tools amd64 1:4.9+20170918-1ubuntu1 [104 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic/universe amd64 cgroupfs-mount all 1.4 [6,320 B]
Get:5 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce-cli amd64 5:18.09.3~3-0~ubuntu-bionic [13.1 MB]
Get:6 https://download.docker.com/linux/ubuntu bionic/stable amd64 docker-ce amd64 5:18.09.3~3-0~ubuntu-bionic [17.4 MB]
Fetched 50.7 MB in 7s (7,779 kB/s)                                     
...

4. After successfully installing the Docker CE package, the service should be auto-started and auto-enabled to start at system boot, you can check its status using the following command.

$ sudo systemctl status docker 

● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-03-06 08:06:42 UTC; 2min 18s ago
     Docs: https://docs.docker.com
 Main PID: 5274 (dockerd)
    Tasks: 8
   CGroup: /system.slice/docker.service
           └─5274 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Mar 06 08:06:41 tecmint dockerd[5274]: time="2019-03-06T08:06:41.562587408Z" level=warning msg="Your kernel does not support cgroup rt runtime"
Mar 06 08:06:41 tecmint dockerd[5274]: time="2019-03-06T08:06:41.562767803Z" level=warning msg="Your kernel does not support cgroup blkio weight"
Mar 06 08:06:41 tecmint dockerd[5274]: time="2019-03-06T08:06:41.562966844Z" level=warning msg="Your kernel does not support cgroup blkio weight_device"
Mar 06 08:06:41 tecmint dockerd[5274]: time="2019-03-06T08:06:41.565298457Z" level=info msg="Loading containers: start."
Mar 06 08:06:41 tecmint dockerd[5274]: time="2019-03-06T08:06:41.950942467Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a prefer
Mar 06 08:06:42 tecmint dockerd[5274]: time="2019-03-06T08:06:42.036964493Z" level=info msg="Loading containers: done."
Mar 06 08:06:42 tecmint dockerd[5274]: time="2019-03-06T08:06:42.156279378Z" level=info msg="Docker daemon" commit=774a1f4 graphdriver(s)=overlay2 version=18.09.3
Mar 06 08:06:42 tecmint dockerd[5274]: time="2019-03-06T08:06:42.157145045Z" level=info msg="Daemon has completed initialization"
Mar 06 08:06:42 tecmint systemd[1]: Started Docker Application Container Engine.
Mar 06 08:06:42 tecmint dockerd[5274]: time="2019-03-06T08:06:42.224229999Z" level=info msg="API listen on /var/run/docker.sock"

5. Finally, verify that Docker CE is installed properly by running the hello-world image.

$ sudo docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

Learn Basic Docker Commands in Ubuntu

6. To get information about Docker, run the following command.

$ sudo docker info

Kernel Version: 5.0.0-050000-generic
Operating System: Ubuntu 18.04.1 LTS
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.452GiB
Name: tecmint
ID: FWSB:IRIF:DYL7:PRB5:Y66E:37MY:ISPO:HZVY:6YJO:2IYL:TO6Y:GNB7
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

7. To get information about Docker version, run the following command.

$ sudo docker version

Client:
 Version:           18.09.3
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        774a1f4
 Built:             Thu Feb 28 06:53:11 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.3
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       774a1f4
  Built:            Thu Feb 28 05:59:55 2019
  OS/Arch:          linux/amd64
  Experimental:     false

8. To get a list of all available Docker commands run docker on your terminal.

$ docker

Usage:	docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/home/tecmint/.docker")
  -D, --debug              Enable debug mode
  -H, --host list          Daemon socket(s) to connect to
  -l, --log-level string   Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/home/tecmint/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/home/tecmint/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/home/tecmint/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  builder     Manage builds
  config      Manage Docker configs
  container   Manage containers
  engine      Manage the docker engine
  image       Manage images
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  trust       Manage trust on Docker images
  volume      Manage volumes
....

Download a Docker Image in Ubuntu

9. To run a Docker container, first, you need to download an image from Docker Hub – provides free images from its repositories.

For example, to download a Docker image called CentOS 7, issue the following command.

$ sudo docker search centos

NAME                               DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
centos                             The official build of CentOS.                   5227                [OK]                
ansible/centos7-ansible            Ansible on Centos7                              120                                     [OK]
jdeathe/centos-ssh                 CentOS-6 6.10 x86_64 / CentOS-7 7.5.1804 x86…   107                                     [OK]
consol/centos-xfce-vnc             Centos container with "headless" VNC session…   81                                      [OK]
imagine10255/centos6-lnmp-php56    centos6-lnmp-php56                              50                                      [OK]
centos/mysql-57-centos7            MySQL 5.7 SQL database server                   47                                      
tutum/centos                       Simple CentOS docker image with SSH access      43                                      
gluster/gluster-centos             Official GlusterFS Image [ CentOS-7 +  Glust…   40                                      [OK]
openshift/base-centos7             A Centos7 derived base image for Source-To-I…   39                                      
centos/postgresql-96-centos7       PostgreSQL is an advanced Object-Relational …   37                                      
centos/python-35-centos7           Platform for building and running Python 3.5…   33                                      
kinogmt/centos-ssh                 CentOS with SSH                                 26                                      [OK]
openshift/jenkins-2-centos7        A Centos7 based Jenkins v2.x image for use w…   20                                      
centos/php-56-centos7              Platform for building and running PHP 5.6 ap…   19                                      
pivotaldata/centos-gpdb-dev        CentOS image for GPDB development. Tag names…   10                                      
openshift/wildfly-101-centos7      A Centos7 based WildFly v10.1 image for use …   6                                       
openshift/jenkins-1-centos7        DEPRECATED: A Centos7 based Jenkins v1.x ima…   4                                       
darksheer/centos                   Base Centos Image -- Updated hourly             3                                       [OK]
pivotaldata/centos                 Base centos, freshened up a little with a Do…   2                                       
pivotaldata/centos-mingw           Using the mingw toolchain to cross-compile t…   2                                       
pivotaldata/centos-gcc-toolchain   CentOS with a toolchain, but unaffiliated wi…   1                                       
openshift/wildfly-81-centos7       A Centos7 based WildFly v8.1 image for use w…   1                                       
blacklabelops/centos               CentOS Base Image! Built and Updates Daily!     1                                       [OK]
smartentry/centos                  centos with smartentry                          0                                       [OK]
jameseckersall/sonarr-centos       Sonarr on CentOS 7                              0                                       [OK]

10. After you determined on what image you want to run based on your requirements, download it locally by running the below command (in this case a CentOS image is downloaded and used).

$ docker pull centos

Using default tag: latest
latest: Pulling from library/centos
a02a4930cb5d: Pull complete 
Digest: sha256:184e5f35598e333bfa7de10d8fb1cebb5ee4df5bc0f970bf2b1e7c7345136426
Status: Downloaded newer image for centos:latest

11. To list all the available Docker images on your host run the following command.

$ sudo docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
hello-world         latest              fce289e99eb9        2 months ago        1.84kB
centos              latest              1e1148e4cc2c        3 months ago        202MB

12. If you don’t want a Docker image anymore and you can remove it using the following command.

$ sudo docker rmi centos

Untagged: centos:latest
Untagged: centos@sha256:184e5f35598e333bfa7de10d8fb1cebb5ee4df5bc0f970bf2b1e7c7345136426
Deleted: sha256:1e1148e4cc2c148c6890a18e3b2d2dde41a6745ceb4e5fe94a923d811bf82ddb
Deleted: sha256:071d8bd765171080d01682844524be57ac9883e53079b6ac66707e192ea25956

Run a Docker Container in Ubuntu

13. In order to create and run a Docker container, first you need to run a command into a downloaded CentOSimage, so a basic command would be to check the distribution version file inside the container using cat command, as shown.

$ docker run centos cat /etc/issue

14. To run the containers again, first you need to get the Container ID or Name by running the following command, which will display a list of the running and stopped containers:

$ sudo docker ps -l

CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS                          PORTS               NAMES
0ddfa81c5779        centos              "cat /etc/issue"    About a minute ago   Exited (0) About a minute ago                       elastic_shirley

15. Once the Container ID or Name has been acquired, you can start the container using the following command:

$ sudo docker start 0ddfa81c5779
OR
$ sudo docker start elastic_shirley

Here, the string 0ddfa81c5779 represents the container ID and elastic_shirley represents the container Name.

16. To stop the running container run docker stop command by specifying the Container ID or Name.

$ sudo docker stop 0ddfa81c5779
OR
$ sudo docker stop elastic_shirley

17. A more better way, so that you don’t have to remember the container ID would be to define a unique name for each container you create by using the --name option as shown.

$ docker run --name myname centos cat /etc/issue

18. In order to connect and run Linux commands into a container issue the following command.

$ docker run -it centos bash

[root@6213ec547863 /]# uname -a
Linux 6213ec547863 5.0.0-050000-generic #201903032031 SMP Mon Mar 4 01:33:18 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@6213ec547863 /]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 

19. To quit and back to host from the running container session you must type exit command as shown.

$ exit

That’s all for basic container manipulation. If you have any questions or comments about this article, use the feedback form below to reach us.

Source

Ansible is an open source, powerful automation software for configuring, managing and deploying software applications on the nodes without any downtime just by using SSH. Today, most of the IT Automation tools runs as a agent in remote host, but ansible just need a SSH connection and Python (2.4 or later) to be installed on the remote nodes to perform it’s action.

How Ansible Works?

There are many similar automation tools available like Puppet, Capistrano, Chef, Salt, Space Walk etc, but Ansible categorize into two types of server: controlling machines and nodes.

The controlling machine, where Ansible is installed and Nodes are managed by this controlling machine over SSH. The location of nodes are specified by controlling machine through its inventory.

The controlling machine (Ansible) deploys modules to nodes using SSH protocol and these modules are stored temporarily on remote nodes and communicate with the Ansible machine through a JSON connection over the standard output.

Playbooks are bunch of commands which can perform multiple tasks and each playbooks are in YAML file format.

What’s the Use of Ansible

Ansible can be used in IT infrastructure to manage and deploy software applications to remote nodes. For example, let’s say you need to deploy a single software or multiple software to 100’s of nodes by a single command, here ansible comes into picture, with the help of Ansible you can deploy as many as applications to many nodes with one single command, but you must have a little programming knowledge for understanding the ansible scripts.

We’ve compiled a series on Ansible, title ‘Preparation for the Deployment of your IT Infrastructure with Ansible IT Automation Tool‘, through parts 1-4 and covers the following topics.

In this article, we will show you how to install ‘Ansible’ on RHEL/CentOS 7/6, Fedora 21-19, Ubuntu 14.10-13.04 and Debian 7/6 systems and also we will go through some basics on how how to manage a server by installing packages, applying updates and much more from basic to pro.

Prerequisites

1. Operating System: RHEL/CentOS/Fedora and Ubuntu/Debian/Linux Mint
2. Jinja2: A modern, fast and easy to use stand-alone template engine for Python.
3. PyYAML: A YAML parser and emitter for the Python programming language.
4. parmiko: A native Python SSHv2 channel library.
5. httplib2: A comprehensive HTTP client library.
6. sshpass: A non-interactive ssh password authentication.

My Environment Setup

Controlling Machine – Ansible

Operating System :	Linux Mint 17.1 Rebecca
IP Address	 :	192.168.0.254
Host-name	 :	tecmint.instrcutor.com
User		 :	tecmint

Remote Nodes

Node 1: 192.168.0.112
Node 2: 192.168.0.113
Node 3: 192.168.0.114

Step 1: Installing Controlling Machine – Ansible

1. Before installing ‘Ansible‘ on the server, let’s first verify the details of the server like hostname and IP Address. Login into server as a root user and execute the below command to confirm system settings that we’re going to use for this setup.

# sudo ifconfig | grep inet

2. Once you confirm your system settings, it’s time to install ‘Ansible’ software on the system.

On Ubuntu/Debian/Linux Mint

Here we are going to use official Ansible PPA repository on the system, just run the below commands to add the repository.

$ sudo apt-add-repository ppa:ansible/ansible -y
$ sudo apt-get update && sudo apt-get install ansible -y

On RHEL/CentOS/Fedora

Unfortunately, there are no official Ansible repository for RedHat based clones, but we can install Ansible by enabling epel repository under RHEL/CentOS 6, 7 and currently supported fedora distributions.

Fedora users can directly install Ansible through default repository, but if you are using RHEL/CentOS 6, 7, you have to enable EPEL repo.

After configuring epel repository, you can install Ansible using following command.

$ sudo yum install ansible -y

After installed successfully, you can verify the version by executing below command.

# ansible --version

Step 2: Preparing SSH Keys to Remote Hosts

4. To perform any deployment or management from the localhost to remote host first we need to create and copy the ssh keys to the remote host. In every remote host there will be a user account tecmint (in your case may be different user).

First let we create a SSH key using below command and copy the key to remote hosts.

# ssh-keygen -t rsa -b 4096 -C "admin@tecmintlocal.com"

5. After creating SSH Key successfully, now copy the created key to all three remote server’s.

# ssh-copy-id tecmint@192.168.0.112
# ssh-copy-id tecmint@192.168.0.113
# ssh-copy-id tecmint@192.168.0.114

6. After copying all SSH Keys to remote host, now perform a ssh key authentication on all remote hosts to check whether authentication working or not.

$ ssh tecmint@192.168.0.112
$ ssh tecmint@192.168.0.113
$ ssh tecmint@192.168.0.114

Step 3: Creating Inventory File for Remote Hosts

Inventory file, This file hold the host information’s like which host we need to get connect from local to remote. Default inventory file will be under /etc/ansible/hosts.

7. Now let’s add these three hosts to inventory file. Open and edit file using your favourite editor, Here I use vim.

# sudo vim /etc/ansible/hosts

Add the following three hosts IP address..

[web-servers]
192.168.0.112
192.168.0.113
192.168.0.114

Note: The ‘web-servers‘ in the brackets indicates as group names, it is used in classifying systems and deciding which systems you are going to controlling at what times and for what reason.

# ansible -m ping web-servers

OR

# ansible -m ping -all

# ansible -m command -a "df -h" web-servers

# ansible -m command -a "free -mt" web-servers

# ansible -m command -a "uptime" web-servers

# ansible -m command -a "arch" web-servers
# ansible -m shell -a "hostname" web-servers

# ansible -m command -a "df -h" web-servers > /tmp/df_outpur.txt

In the previous article of this Ansible series, we explained that Ansible is an agent-less tool that allows you to quickly and efficiently manage multiple machines (also known as nodes – and perform deployments to them as well) from a single system.

After installing the software in the controller machine, creating the keys for passwordless login and copying them to the nodes, it’s time to learn how to optimize the process of managing such remote systems using Ansible.

Ansible Testing Environment

Throughout this article, as well as the next one, we will use the following test environment. All hosts are CentOS 7 boxes:

Controller machine (where Ansible is installed): 192.168.0.19
Node1: 192.168.0.29
Node2: 192.168.0.30

In addition, please note that both nodes have been added in the webservers section of the local /etc/ansible/hosts file:

# ansible -a "/bin/hostnamectl --static" webservers

---
- hosts: webservers
  remote_user: root
  vars:
    variable1: value1
    variable2: value2
  remote_user: root
  tasks:
  - name: description for task1
    task1: parameter1=value_for_parameter1 parameter2=value_for_parameter2
  - name: description for task1
    task2: parameter1=value_for_parameter1 parameter2=value_for_parameter2
  handlers:
    - name: description for handler 1
      service: name=name_of_service state=service_status
- hosts: dbservers
  remote_user: root
  vars:
    variable1: value1
    variable2: value2
…

# mkdir /etc/ansible/playbooks

---
- hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  - name: ensure apache is at the latest version
    yum: pkg=httpd state=latest
  - name: replace default index.html file
    copy: src=/static_files/index.html dest=/var/www/html/ mode=0644
    notify:
    - restart apache
  - name: ensure apache is running (and enable it at boot)
    service: name=httpd state=started enabled=yes
  handlers:
    - name: restart apache
      service: name=httpd state=restarted

# mkdir /static_files

<!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="utf-8"/>
 </script>
 </head>
 <body>
 <h1>Apache was started in this host via Ansible</h1><br>
<h2>Brought to you by Tecmint.com</h2>
 </body>
 </html>

# ansible-playbook /etc/ansible/playbooks/apache.yml

# systemctl stop httpd
# systemctl disable httpd
# systemctl is-active httpd
# systemctl is-enabled httpd

# ansible-playbook /etc/ansible/playbooks/apache.yml

node1: 192.168.0.29
node2: 192.168.0.30

# cd /etc/ansible/playbooks
# ansible-galaxy init wp-dependencies
# ansible-galaxy init wp-install-config

# ls -R /etc/ansible/playbooks

---
# tasks file for wp-dependencies
- name: Update packages (this is equivalent to yum update -y)
  yum: name=* state=latest

- name: Install dependencies for WordPress
  yum: name={{ item }} state=present
  with_items:
        - httpd
        - mariadb-server 
        - mariadb
        - php 
        - php-mysql
        - MySQL-python

- name: Ensure MariaDB is running (and enable it at boot)
  service: name=mariadb state=started enabled=yes

- name: Copy ~/.my.cnf to nodes
  copy: src=/root/.my.cnf dest=/root/.my.cnf

- name: Create MariaDB database
  mysql_db: name={{ wp_mysql_db }} state=present

- name: Create MariaDB username and password
  mysql_user:
        login_user=root
        login_password=YourMariaDBRootPasswordHere
        name={{ wp_mysql_user }}
        password={{ wp_mysql_password }}
        priv=*.*:ALL

---
# defaults file for wp-dependencies
  wp_mysql_db: MyWP
  wp_mysql_user: wpUser
  wp_mysql_password: wpP4ss

---
# tasks file for wp-install-config
- name: Create directory to download WordPress
  command: mkdir -p /opt/source/wordpress

- name: Download WordPress
  get_url: url=https://www.wordpress.org/latest.tar.gz dest=/opt/source/wordpress/wordpress.tar.gz validate_certs=no

- name: Extract WordPress
  command: "tar xzf /opt/source/wordpress/wordpress.tar.gz -C /var/www/html --strip-components 1"

- name: Send config file
  copy: src=/root/wp-config-sample.php dest=/var/www/html/wp-config.php mode=0644

…
/** The name of the database for WordPress */
define('DB_NAME', 'MyWP');

/** MySQL database username */
define('DB_USER', 'wpUser');

/** MySQL database password */
define('DB_PASSWORD', 'wpP4ss');
…

Make sure you use the same password in all hosts, then copy the credentials in /root/.my.cnf (the actual location may differ in your case, but in all instances it needs to match the value of the src parameter for the task Copy ~/.my.cnf to nodes in /etc/ansible/playbooks/wp-dependencies/tasks/main.yml).

In that file (see above) we’ve assumed that the password for root is YourMariaDBRootPassword.

6. Next, our playbook (/etc/ansible/playbooks/playbook.yml) will look much more organized and simple when compared to the previous tutorial:

# cat playbook.yml

- hosts: webservers
  roles:
        - wp-dependencies
        - wp-install-config

Finally, it’s time to run these tasks by invoking our playbook:

# ansible-playbook playbook.yml

Now let’s check if we can access the WordPress Admin page using the IP addresses of node1 192.168.0.29 and node2 192.168.0.30:

You can view the last two steps in the following screencast:

As you can see, you can set up multiple WordPress installations with little to no effort using Ansible. Then you can use the respective Admin user interface to configure each site separately.

Final considerations

If you are using another distribution to deploy WordPress, the packages name may vary, but it comes down to installing the Apache web server, the MariaDB database server, and the Python MySQL module. If that is the case, use your distribution’s software management system to search for the exact package name that you need to install.

Summary

In this series we have explained how to use Ansible to run commands and execute complex tasks in several Linux machines simultaneously.

One of such examples is setting up WordPress, as we have discussed in this guide. Whether you are a system administrator or a blogger, I hope you have found the concepts and examples in this tutorial useful.

Best of luck and do not hesitate to drop us a line if you need help or have any comments or suggestions!

Source

Have you upgraded your kernel and redhat-release packages and you are encountering some issues. Do you want to downgrade to a lower minor release. In this article, we will describe how to do downgrade RHEL or CentOS version to previous minor version.

Note: The following steps will only work for downgrades within the same major version (such as from RHEL/CentOS 7.6 to 7.5) but not between major versions (such as from RHEL/CentOS 7.0 to 6.9).

A minor version is a release of RHEL that does not (in most cases) add new features or content. It focuses on solving minor problems, typically bugs or security issues. Most of what makes a specific minor version is included in the kernel, so you will need to find out which kernels are supported as part of the minor version you are targeting.

For the purpose of this article, we will show how to downgrade from 7.6 to 7.5. Before we proceed, note that the kernel version for 7.5 is 3.10.0-862. Got to Red Hat Enterprise Linux Release Dates for a complete list of minor releases and associated kernel versions.

Let’s check if the required kernel packages “kernel-3.10.0-862” is installed or not, using the following yum command.

 
# yum list kernel-3.10.0-862*

If the output of the previous command shows that the kernel package is not installed, you need to install it on the system.

# yum install kernel-3.10.0-862.el7

Once the kernel installation is compete, to apply the changes, you need to reboot the system.

Then downgrade the redhat-release package to complete the process. The command below targets the latest minor version that is lower than the current running one, such as from 7.6 to 7.5, or from 7.5 o 7.4.

# yum downgrade redhat-release

Finally, confirm the downgrade by checking the contents of /etc/redhat-release using the cat command.

# cat /etc/redhat-release

That’s all! In this article, we have explained how to downgrade RHEL or CentOS distribution to a lower minor release. If you have any queries, use the feedback form below to reach us.

Source

Searching or finding files on a Linux system from the terminal can be a little of a challenge especially for newbies. However, there are several command line tools/utilities for locating files in Linux.

In this article, we will review 5 command line tools to find, locate and search files quickly on Linux systems.

1. Find Command

find command is a powerful, widely used CLI tool for searching and locating files whose names match simple patterns, in a directory hierarchy. Using find is simple, all you need to do is provide a starting point (top of the directory heirarchy) where the search beings. This can be the current directory or any other directory where you suspect the file you are looking for is stored.

After the starting point, you can specify an expression (composed of test, actions, options and operators) which describes how to match files and what to do with the files that were matched.

It supports multiple options to locate files using attributes such as permissions, users, groups, file type, date, size and other possible criteria. You can learn some useful find command usage examples in the following articles:

1. 35 Practical Examples of Linux Find Command
2. Ways to Use ‘find’ Command to Search Directories More Efficiently
3. How to Find Files With SUID and SGID Permissions in Linux
4. How to Use ‘find’ Command to Search for Multiple Filenames (Extensions) in Linux
5. How to Find and Sort Files Based on Modification Date and Time in Linux

2. Locate Command

locate command is another commonly used CLI utility for searching files quickly by name, just like find command. However, it is practically more efficient and faster compared to its counterpart because, instead of searching through the file system when a user initiates a file search operation (the way find works), locate queries a database which contains bits and parts of files and their corresponding paths on the file system.

This database can be prepared and updated using the updatedb command. Note that locate will not report files created after the most recent update of the relevant database.

Read Also: How to Install ‘locate Command’ to Find Files in Linux

3. Grep Command

Although grep command is not a tool for directly searching files (its instead used to print lines matching a pattern from one or more files), you can employ it to locate files. Assuming you know a phrase in the file(s) you are looking for or you are looking for a file that contains a particular string of characters, grep can help you list all files that contain a particular phrase.

For example, if you are looking for a README.md file which contains the phrase “An assortment”, which you suspect should be somewhere in your home directory, possibly in ~/bin, you can locate it as shown.

$ grep -Ri ~/bin -e "An assortment" 
OR
$ grep -Ri ~/bin/ -e "An assortment" | cut -d: -f1

Where the grep flag:

• -R – means search the specified directory recursively
• -i – means ignore case distinctions
• -e – specifies the phrase to be used as a pattern for searching
• -d – specifies the delimter
• -f – sets the field to be printed

You can learn some useful grep command usage examples in the following articles:

1. 12 Practical Examples of Linux Grep Command
2. 11 Advance Linux Grep Commands Usage and Examples
3. How to Find a Specific String or Word in Files and Directories

4. Which Command

which command is a tiny and straightforward utility for locating the binary of a command; it outputs the absolute path of a command. For example:

$ which find
$ which locate
$ which which

5. Whereis Command

whereis command is also used to locate a command and it additionally shows the absolute path of the source, and manual page files for the command.

$ whereis find
$ whereis locate
$ whereis which
$ whereis whereis

Read Also: 5 Ways to Find a ‘Binary Command’ Description and Location on File System

That’s all for now! If we have missed any Commandline tools/utilities for quickly locating files on a Linux system, let us know via the comment form below. You can ask any questions concerning this topic as well.

Source

This tutorial will explain the first basic steps you need to go through after installing a minimal CentOS 7 system with no graphical environment in order to obtain information about the installed system, the hardware on top of which runs the system and configure other specific system tasks, such as networking, root privileges, software, services and others.

Requirements

1. CentOS 7 Minimal Installation

Important: RHEL 7 users, can follow this article to do a Initial Server Setup on RHEL 7.

Update CentOS 7 System

The first step you need to perform on a fresh installed CentOS system is to make sure the system is up-to-date with the latest kernel and system security patches, software repositories and packages.

To fully update a CentOS 7 system, issue the following commands with root privileges.

# yum check-update
# yum upgrade

After the upgrade process completes, in order to release disk space you can remove all downloaded packages that where used in the process of upgrading alongside with all cached repositories information by executing the following command.

# yum clean all

Install System Utilities on CentOS 7

The following utilities packages can prove to be useful for day-by-day system administration: nano (text editor to replace vi editor), wget, curl (utilities used for downloading packages over network mostly) net-tools, lsof(utilities for managing local networking) and bash-completion (command line autocomplete).

Install them all in one-shot by executing the below command.

# yum install nano wget curl net-tools lsof bash-completion

Setup Networking in CentOS 7

CentOS 7 has a wide range of tools that can be used to configure and manage networking, from manually editing the network configuration file to using commands such as ip, ifconfig, nmtui, nmcli or route.

The easiest utility a beginner can use to manage and change network configurations is nmtui graphical command line.

In order to change the system hostname via nmtui utility, execute nmtui-hostname command, set your machine hostname and press OK to finish, as illustrated in the below screenshot.

# nmtui-hostname

To manipulate a network interface, execute nmtui-edit command, choose the interface you want to edit and select edit from the right menu, as shown in the below screenshot.

# nmtui-edit

Once you’re in the graphical interface provided by nmtui utility you can setup the network interface IP settings as illustrated in the below screenshot. When you finish, navigate to OK using [tab] key to save the configuration and quit.

In order to apply the network interface new configuration, execute nmtui-connect command, select the interface you want to manage and hit on Deactivate/Activate option to decommission and rise-up the interface with the IP settings, as presented in the below screenshots.

# nmtui-connect

In order to view the network interface settings, you can inspect the content of the interface file or you can issue the below commands.

# ifconfig enp0s3
# ip a
# ping -c2 google.com

Other useful utilities that can be used to manage speed, link state or obtain information about machine network interfaces are ethtool and mii-tool.

# ethtool enp0s3
# mii-tool enp0s3

An important aspect of your machine networking is to list all open network sockets in order to see what programs are listening on what ports and what’s the state of the established network connections.

To list all servers that have opened TCP or UDP sockets in listening state issue the following commands. However, UDP server won’t list any socket state due to the fact that UDP is a connectionless protocol which only sends packets over network and doesn’t establish connections.

# netstat -tulpn
# ss -tulpn
# lsof -i4 -6

Manage Services in CentOS 7

CentOS 7 manages daemons or service via systemctl utility. In order to list all services state, issue the following command.

# systemctl list-units

To check if a daemon or service is enabled to automatically start when the system starts, issue the following command.

# systemctl list-unit-files -t service

To list the old SysV services present in your system and disable them issue the following chkconfig commands.

# chkconfig --list
# chkconfig service_name off

5. Disable Unwanted Services in CentOS 7

It’s recommended after installing CentOS 7, to list what services are running in the system by running the above commands and disable and remove them in order to reduce the attacks vectors against your system.

For instance, Postfix daemon is installed and enabled by default in CentOS 7. If your system don’t require running a mail server, it’s best to stop, disable and remove the postfix service by issuing the below commands.

# systemctl stop postfix
# systemctl disable postfix
# yum remove postfix

In addition to netstat, ss, lsof or systemctl commands, you can also run ps, top or pstree commands in order to discover and identify what unwanted services are running in your system and disable or remove them.

By default, pstree utility is not installed in CentOS 7. To install it execute the following command.

# yum install psmisc
# pstree -p

Enable Firewall in CentOs 7

Firewalld is the main firewall utility that uses interacts with in order to manage iptables rules.
To enable and start and verify the firewall in CentOS 7, execute the following commands.

# systemctl enable firewalld
# systemctl start firewalld
# systemctl status firewalld

In order to open a specific service to incoming connections, first verify if the application is already present in firewalld rules and, then, add the rule for the service, as shown in the below example which allows SSHincoming connections. Use --permanent switch to add the rule permanently.

# firewall-cmd --add-service=[tab]  #List services
# firewall-cmd --add-service=ssh
# firewall-cmd --add-service=ssh --permanent

In case the service is now already defined in firewalld rules, you can manually add the service port, as shown in the below example.

# firewall-cmd --add-port=22/tcp --permanent
# firewall-cmd --reload     #Apply the rule on-fly

Enable Sudo Permissions on User Accounts

In order to grant root permissions for a normal user, first create the user by issuing adduser command, set the password for the user and grant root permissions to the user by executing the below command which adds the new user to the administrative wheel group.

# adduser tecmint
# passwd tecmint
# usermod -aG wheel tecmint

To test if the new user has root privileges, login to the system with user’s credentials and run yum command with sudo permissions, as shown in the below excerpt.

# su - tecmint
# sudo yum update

Configure SSH Public Key Authentication on CentOS 7

In order to secure SSH your server and set up public key authentication to increase the security of your server with a private SSH key to log in, first generate a SSH Key Pair with a following command.

Don’t not enter a passphrase in case you want to automate server management via SSH.

# ssh-keygen -t RSA

After the SSH key pairs had been generated, copy the key to the server you want to connect to by issuing the below command. Initially, enter you remote SSH user password in order to copy the public key.

# ssh-copy-id remote_user@SSH_SERVER_IP

After the SSH public key has been copied to the remote server, login to the remote SSH server with the following command.

# ssh remote_user@SSH_SERVER_IP

Finally, in order to secure the SSH server, make sure you disallow remote SSH access to the root account by opening the configuration SSH file /etc/ssh/sshd_config with your text editor as root and change it from Yes to No.

PermitRootLogin no

To apply the setting you need to restart the SSH service so that it will use the new configuration.

# systemctl restart sshd

That’s all! These are just a few basic settings and commands every system administrator needs to know and apply on a fresh installed CentOS system or in order to perform day to day tasks on the system.

To secure and harden CentOS 7 server, check out these following articles.

1. The Mega Guide To Harden and Secure CentOS 7 – Part 1
2. The Mega Guide To Harden and Secure CentOS 7 – Part 2

If you’re planning to deploy websites on this CentOS 7 system, learn how to setup and configure LAMP stack or LEMP stack.

Source

One of the serious needs of a Linux system is to be kept up to date regularly with the latest security patches or updates available for the corresponding distribution.

In a previous article, we’ve explained how to configure automatic security update in Debian/Ubuntu, in this article we will explain how to set up your CentOS/RHEL 7/6 distribution to auto update essential security packages when needed.

Other Linux distributions in the same families (Fedora or Scientific Linux) can be configured similarly.

Configure Automatic Security Updates on CentOS/RHEL Systems

On CentOS/RHEL 7/6, you will need to install the following package:

# yum update -y && yum install yum-cron -y

Enable Automatic Security Updates on CentOS/RHEL 7

Once the installation is complete, open /etc/yum/yum-cron.conf and locate these lines – you will have to make sure that the values matches those listed here:

update_cmd = security
update_messages = yes
download_updates = yes
apply_updates = yes

The first line indicates that the unattended update command will be:

# yum --security upgrade

whereas the other lines enable notifications and automatic download and installation of security upgrades.

The following lines are also required to indicate that notifications will be sent via email from root@localhost to the same account (again, you may choose another one if you want).

emit_via = email
email_from = root@localhost
email_to = root

Enable Automatic Security Updates on CentOS/RHEL 6

By default, the cron is configured to download and install all updates immediately, but we can change this behavior in /etc/sysconfig/yum-cron configuration file by modifying these two parameters to yes.

# Don't install, just check (valid: yes|no)
CHECK_ONLY=yes

# Don't install, just check and download (valid: yes|no)
# Implies CHECK_ONLY=yes (gotta check first to see what to download)
DOWNLOAD_ONLY=yes

To enable email notification that about the security package updates, set the MAILTO parameter to a valid mail address.

# by default MAILTO is unset, so crond mails the output by itself
# example:  MAILTO=root
MAILTO=admin@tecmint.com

Finally, start and enable the yum-cron service:

------------- On CentOS/RHEL 7 ------------- 
systemctl start yum-cron
systemctl enable yum-cron

------------- On CentOS/RHEL 6 -------------  
# service yum-cron start
# chkconfig --level 35 yum-cron on

Congrats! You have successfully set up unattended upgrades on CentOS/RHEL 7/6.

Summary

In this article we have discussed how to keep your server updated regularly with the latest security patches or updates. Additionally, you learned how to configure email notifications in order to keep yourself updated when new patches are applied.

If you have any concerns about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.

Source

Lightweight Directory Access Protocol (LDAP in short) is an industry standard, lightweight, widely used set of protocols for accessing directory services. A directory service is a shared information infrastructure for accessing, managing, organizing, and updating everyday items and network resources, such as users, groups, devices, emails addresses, telephone numbers, volumes and many other objects.

The LDAP information model is based on entries. An entry in a LDAP directory represents a single unit or information and is uniquely identified by what is called a Distinguished Name (DN). Each of the entry’s attributes has a type and one or more values.

An attribute is a piece of information associated with an entry. The types are typically mnemonic strings, such as “cn” for common name, or “mail” for email address. Each attribute is assigned one or more values consisting in a space-separated list.

The following is an illustration of how information is arranged in the LDAP directory.

Step 1: Installing LDAP Server

1. First start by installing OpenLDAP, an open source implementation of LDAP and some traditional LDAP management utilities using the following commands.

# yum install openldap openldap-servers	    #CentOS 7
$ sudo apt install slapd ldap-utils	    #Ubuntu 16.04/18.04

On Ubuntu, during the package installation, you will be prompted to enter the password for the admin entry in your LDAP directory, set a secure password and confirm it.

When the installation is complete, you can start the service as explained next.

2. On CentOS 7, run the following commands to start the openldap server daemon, enable it to auto-start at boot time and check if its up and running (on Ubuntu the service should be auto-started under systemd, you can simply check its status):

$ sudo systemctl start slapd
$ sudo systemctl enable slapd
$ sudo systemctl status slapd

3. Next, allow requests to the LDAP server daemon through the firewall as shown.

# firewall-cmd --add-service=ldap    #CentOS 7
$ sudo ufw allow ldap                #Ubuntu 16.04/18.04

Step 2: Configuring LDAP Server

Note: It is not recommended to manually edit the LDAP configuration, you need to add the configurations in a file and use the ldapadd or ldapmodify command to load them to the LDAP directory as shown below.

4. Now create a OpenLDAP administrative user and assign a password for that user. In the below command, a hashed value is created for the given password, take note of it, you will use it in the LDAP configuration file.

$ slappasswd

5. Then create an LDIF file (ldaprootpasswd.ldif) which is used to add an entry to the LDAP directory.

$ sudo vim ldaprootpasswd.ldif

Add the following contents in it:

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}PASSWORD_CREATED

explaining the attribute-value pairs above:

• olcDatabase: indicates a specific database instance name and can be typically found inside /etc/openldap/slapd.d/cn=config.
• cn=config: indicates global config options.
• PASSWORD: is the hashed string obtained while creating the administrative user.

6. Next, add the corresponding LDAP entry by specifying the URI referring to the ldap server and the file above.

$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ldaprootpasswd.ldif  

Step 3: Configuring LDAP Database

7. Now copy the sample database configuration file for slapd into the /var/lib/ldap directory, and set the correct permissions on the file.

$ sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
$ sudo chown -R ldap:ldap /var/lib/ldap/DB_CONFIG
$ sudo systemctl restart slapd

8. Next, import some basic LDAP schemas from the /etc/openldap/schema directory as follows.

$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
$ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif

9. Now add your domain in the LDAP database and create a file called ldapdomain.ldif for your domain.

$ sudo vim ldapdomain.ldif 

Add the following content in it (replace example with your domain and PASSWORD with the hashed value obtained before):

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,dc=example,dc=com" read by * none

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}PASSWORD

dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
  dn="cn=Manager,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=example,dc=com" write by * read

10. Then add the above configuration to the LDAP database with the following command.

$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ldapdomain.ldif

11. In this step, we need to add some entries to our LDAP directory. Create another file called baseldapdomain.ldif with the following content.

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: example com
dc: example

dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
ou: Group 

Save the file and then add the entries to the LDAP directory.

$ sudo ldapadd -Y EXTERNAL -x -D cn=Manager,dc=example,dc=com -W -f baseldapdomain.ldif

12. The next step is to create a LDAP user for example, tecmint, and set a password for this user as follows.

$ sudo useradd tecmint
$ sudo passwd tecmint

13. Then create the definitions for a LDAP group in a file called ldapgroup.ldif with the following content.

dn: cn=Manager,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1005

In the above configuration, gidNumber is the GID in /etc/group for tecmint and add it to the OpenLDAP directory.

$ sudo ldapadd -Y EXTERNAL -x  -W -D "cn=Manager,dc=example,dc=com" -f ldapgroup.ldif

14. Next, create another LDIF file called ldapuser.ldif and add the definitions for user tecmint.

dn: uid=tecmint,ou=People,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: tecmint
uid: tecmint
uidNumber: 1005
gidNumber: 1005
homeDirectory: /home/tecmint
userPassword: {SSHA}PASSWORD_HERE
loginShell: /bin/bash
gecos: tecmint
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0

then load fthe configuration to the LDAP directory.

$ ldapadd -Y EXTERNAL  -x -D cn=Manager,dc=example,dc=com -W -f  ldapuser.ldif

Once you have setup a central server for authentication, the final part is to enable the client to authenticate using LDAP as explained in this guide:

1. How to Configure LDAP Client to Connect External Authentication

For more information, see the appropriate documentation from OpenLDAP Software document catalog and Ubuntu users can refer to the OpenLDAP server guide.

Summary

OpenLDAP is a open source implementation of LDAP in Linux. In this article, we have shown how to install and configure OpenLDAP server for centralized authentication, in Ubuntu 16.04/18.04 and CentOS 7. If you have a question or thoughts to share, do not hesitate to reach us via the comment form below.

Source

LDAP (short for Lightweight Directory Access Protocol) is an industry standard, widely used set of protocols for accessing directory services.

A directory service in simple terms is a centralized, network-based database optimized for read access. It stores and provides access to information that must either be shared between applications or is highly distributed.

Directory services play an important role in developing intranet and Internet applications by helping you share information about users, systems, networks, applications, and services throughout the network.

A typical use case for LDAP is to offer a centralized storage of usernames and passwords. This allows various applications (or services) to connect to the LDAP server to validate users.

After setting up a working LDAP server, you will need to install libraries on the client for connecting to it. In this article, we will show how to configure an LDAP client to connect to an external authentication source.

I hope you already having a working LDAP server environment, if not setup Up LDAP Server for LDAP-based Authentication.

How to Install and Configure LDAP Client in Ubuntu and CentOS

On the client systems, you will needs to install a few necessary packages to make authentication mechanism function correctly with an LDAP server.

Configure LDAP Client in Ubuntu 16.04 and 18.04

First start by installing the necessary packages by running the following command.

$ sudo apt update && sudo apt install libnss-ldap libpam-ldap ldap-utils nscd

During the installation, you will be prompted for details of your LDAP server (provide the values according to your environment). Note that the ldap-auth-config package which is auto-installed does the most of the configurations based on the inputs you enter.

Next, enter the name of the LDAP search base, you can use the components of their domain names for this purpose as shown in the screenshot.

Also choose the LDAP version to use and click Ok.

Now configure the option to allow you to make password utilities that use pam to behave like you would be changing local passwords and click Yes to continue..

Next, disable login requirement to the LDAP database using the next option.

Also define LDAP account for root and click Ok.

Next, enter the password to use when ldap-auth-config tries to login to the LDAP directory using the LDAP account for root.

The results of the dialog will be stored in the file /etc/ldap.conf. If you want to make any alterations, open and edit this file using your favorite command line editor.

Next, configure the LDAP profile for NSS by running.

$ sudo auth-client-config -t nss -p lac_ldap

Then configure the system to use LDAP for authentication by updating PAM configurations. From the menu, choose LDAP and any other authentication mechanisms you need. You should now be able to log in using LDAP-based credentials.

$ sudo pam-auth-update

In case you want the home directory of the user to be created automatically, then you need to perform one more configuration in the common-session PAM file.

$ sudo vim /etc/pam.d/common-session

Add this line in it.

session required pam_mkhomedir.so skel=/etc/skel umask=077

Save the changes and close the file. Then restart the NCSD (Name Service Cache Daemon) service with the following command.

$ sudo systemctl restart nscd
$ sudo systemctl enable nscd

Note: If you are using replication, LDAP clients will need to refer to multiple servers specified in /etc/ldap.conf. You can specify all the servers in this form:

uri ldap://ldap1.example.com  ldap://ldap2.example.com

This implies that the request will time out and if the Provider (ldap1.example.com) becomes unresponsive, the Consumer (ldap2.example.com) will attempt to be reached to process it.

To check the LDAP entries for a particular user from the server, run the getent command, for example.

$ getent passwd tecmint

If the above command displays details of the specified user from the /etc/passwd file, your client machine is now configured to authenticate with the LDAP server, you should be able to log in using LDAP-based credentials.

Configure LDAP Client in CentOS 7

To install the necessary packages, run the following command. Note that in this section, if you are operating the system as a non-root administrative user, use the sudo command to run all commands.

# yum update && yum install openldap openldap-clients nss-pam-ldapd

Next, enable the client system to authenticate using LDAP. You can use the authconfig utility, which is an interface for configuring system authentication resources.

Run the following command and replace example.com with your domain and dc=example,dc=com with your LDAP domain controller.

# authconfig --enableldap --enableldapauth --ldapserver=ldap.example.com --ldapbasedn="dc=example,dc=com" --enablemkhomedir --update

In the above command, the --enablemkhomedir option creates a local user home directory at the first connection if none exists.

Next, test if the LDAP entries for a particular user from the server, for example user tecmint.

$ getent passwd tecmint

The above command should display details of the specified user from the /etc/passwd file, which implies that the client machine is now configured to authenticate with the LDAP server.

Important: If SELinux is enabled on your system, you need to add a rule to allow creating home directories automatically by mkhomedir.

HHVM stands for HipHop Virtual Machine, is an open source virtual machine created for running Hack (it’s a programming language for HHVM) and PHP written applications. HHVM uses a last minute compilation path to achieve remarkable performance while keeping the flexibility that PHP programmers are addicted to. Till date, HHVM has achieved over a 9x increase in http request throughput and more than 5x cut in memory utilization (when running on low system memory) for Facebook compared with the PHP engine + APC (Alternative PHP Cache).

HHVM can also be used along with a FastCGI-based web-server like Nginx or Apache.

In this tutorial we shall look at steps for setting up Nginx/Apache web server, MariaDB database server and HHVM. For this setup, we will use Ubuntu 15.04 (64-bit) as HHVM runs on 64-bit system only, although Debian and Linux Mint distributions are also supported.

Step 1: Installing Nginx and Apache Web Server

1. First do a system upgrade to update repository list with the help of following commands.

# apt-get update && apt-get upgrade

# apt-get install nginx

# apt-get install apache2

http://localhost
OR
http://IP-Address

# apt-get install mariadb-client mariadb-server

# systemctl start mysql
# mysql_secure_installation

Enter current password for root (enter for none) = press enter
Set root password? [Y/n] = y
Remove anonymous users[y/n] = y
Disallow root login remotely[y/n] = y
Remove test database and access to it [y/n] = y
Reload privileges tables now[y/n] = y 

# mysql -u root -p

# wget -O - http://dl.hhvm.com/conf/hhvm.gpg.key | apt-key add -
# echo deb http://dl.hhvm.com/ubuntu DISTRIBUTION_VERSION main | sudo tee /etc/apt/sources.list.d/hhvm.list
# apt-get update

# apt-get install -y hhvm

# update-rc.d hhvm defaults

# /usr/share/hhvm/install_fastcgi.sh

# /usr/bin/update-alternatives --install /usr/bin/php php /usr/bin/hhvm 60

# systemctl start hhvm

# nano /usr/share/nginx/html/hello.php       [For Nginx]
OR
# nano /var/www/html/hello.php               [For Nginx and Apache]

<?php
if (defined('HHVM_VERSION')) {
echo 'HHVM is working';
 phpinfo();
}
else {
echo 'HHVM is not working';
}
?>

http://localhost/info.php
OR
http://IP-Address/info.php

PostgreSQL (Postgres in short) is an open source, powerful, advanced, high performance and stable relational-document database system. It uses and enhances the SQL language coupled with a large number of features for secure data storage and management.

It is efficient, reliable, and scalable for handling large, complicated volumes of data and setting up enterprise-level and fault-tolerant environments, while ensuring high data integrity. Postgres is also highly extensible with features such as indexes comes with APIs so that you can develop your own solutions to solve your data storage challenges.

In this article, we will explain how to install PostgreSQL on an Ubuntu 18.04 server (also works on older Ubuntu releases) and learn some basic ways to use it.

How to Install PostgreSQL on Ubuntu

First, create a file /etc/apt/sources.list.d/pgdg.list which stores the repository configuration, then import the repository key to your system, update your system packages list and install Postgres package using following commands.

$ sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
$ sudo apt install wget ca-certificates
$ wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
$ sudo apt update
$ sudo apt install postgresql-10 pgadmin4

Once postgres has been installed, the database service started automatically and you can confirm by typing following command.

$ sudo systemctl status postgresql.service

How to Use PostgreSQL Roles and Databases

In postgres, client authentication is controlled by the /etc/postgresql/10/main/pg_hba.conf configuration file. The default authentication method is “peer” for the database administrator, meaning it gets the client’s operating system user name from the operating system and checks if it matches the requested database user name to allow access, for local connections (as shown in the following screenshot).

During the installation process, a system user account called postgres was created without a password, this is also the default database administrator user name.

$ sudo vim /etc/postgresql/10/main/pg_hba.conf

In addition, under postgres database access permission management is performed via roles. A role can be considered as either a database user, or a group of database users, depending on how the role is set up.

The default role is also postgres. Importantly, database roles are conceptually fully unconnected to operating system users, but practically they may not be separate (for example when it comes to client authentication).

Importantly, roles can own database objects, and can assign privileges on those objects to other roles to control who has access to which objects. In addition, it is possible to grant membership in a role to another role.

To configure other roles to use encrypted passwords to manage databases assigned to them, apart from the default postgres role, you need to change the line to.

Then restart the postgresql service to apply the recent changes.

$ sudo systemctl restart postgresql

How to Use PostgreSQL on Ubuntu

Once everything setup, you can access the postgres system account with the following command, where the -i flag tells sudo to run the shell specified by the target user’s password database entry as a login shell.

$ sudo -i -u postgres 
$ psql		#to launch the postgres shell program  
postgres=#

To access the postgres shell directly, without first accessing the postgres user account, run the following command.

$ sudo -i -u postgres psql

You can quit/exit the postgres by typing the following command.

postgres=# \q

Create PostgreSQL Database Roles

Create a new user role using the following command.

postgres=# CREATE ROLE tecmint;

To create a role with a LOGIN attribute, use the following command (roles with the LOGIN attribute can be considered the same as a database users).

postgres=#CREATE ROLE tecmint LOGIN;
OR
postgres=#CREATE USER name;	#assumes login function by default

A role can also be created with a password, this is useful if you configured the client authentication method to ask users to supply an encrypted password when connecting to the database.

postgres=#CREATE ROLE tecmint PASSWORD 'passwd_here'

List Existing PostgreSQL Database Roles

To list the existing user roles, use any of these commands.

postgres=# \du 				#shows actual users
OR
postgres=# SELECT rolname FROM pg_roles;

Drop a PostgreSQL Database Role

To drop any existing user role use the DROP ROLE command as shown.

postgres=# DROP ROLE tecmint;

Create a PostgreSQL Database

Once you have created a role with a particular name (for instance tecmint user), you can create a database (with the same name as the role) which will be managed by that role as shown.

postgres=# CREATE DATABASE tecmint;

Now to manage the database tecmint, access the postgres shell as the tecmint role, provide your password as follows.

$ sudo -i -u tecmint psql

Create a PostgreSQL Table

Creating tables is so easy, we will create a test table called authors, which stores information about TecMint.com authors, as shown.

tecmint=>CREATE TABLE authors (
    code      char(5) NOT NULL,
    name    varchar(40) NOT NULL,
    city varchar(40) NOT NULL
    joined_on date NOT NULL,	
    PRIMARY KEY (code)
);

After creating a table, try to populate it with some data, as follows.

tecmint=> INSERT INTO authors VALUES(1,'Ravi Saive','Mumbai','2012-08-15');

To view the data stored in a table, you can run a SELECT command.

tecmint=> SELECT * FROM authors;

List PostgreSQL Database Tables

You can list all tables in the current database with the following command.

tecmint=>\dt

Delete/Drop a PostgreSQL Table

To delete a table in the current database, use the DROP command.

tecmint=> DROP TABLE authors;

List All PostgreSQL Databases

To list all databases, use any of the following commands.

tecmint=>SELECT datname FROM pg_database;
OR
tecmint=>\list	#shows a detailed description 
OR
tecmint=>\l

Delete/Drop a PostgreSQL Database

If you want to delete a database, use the DROP command, for example.

tecmint=>DROP DATABASE tecmint;

Switch to Another PostgreSQL Database

You can also switch from one database to another easily using the following command.

tecmint=>\connect database_name

For more information, refer to the PostgreSQL 10.4 Documentation.

That’s it for now! In this article, we have explained how to install and use PostgreSQL database management system on Ubuntu 18.04. You can send us your queries or thoughts in the comments.

Source