Category Archives: CentOS

Make the Fedora/CentOS/RHEL update service the fastest

Since I played with some publish and subscribe protocols in the last months, I came to an idea to speed up the notification and delivery of software updates over the existing mechanism while reducing, or better optimizing, the needed resources.

Here a graphic to show what I try to implement:

Drawing software update push service

As an example in RHEL/CentOs or Fedora you can start yum and pull the latest updates frequently to see if there are some new packages. This can be done with manual cron jobs or the yum-updatesd. Every machine pulls in a defined frequency the complete package index and looks if something new was released. In my understanding it would be more efficient if the system gets notified that some new package is available or even better the system is listening only to updates and information of packages that are installed on that specific machine and need  be monitored. This not only can speed up and optimize the client-server communication this also could be a good way of optimizing the distribution of packages between repository mirrors. Each mirror can be notified if there is a new package and gets it pushed to make the package available as fast as possible.

I am aware that distribution of packages does not need to be optimized by milliseconds but in some environments such a notification mechanism can save money and bandwidth if a lot of clients need to be updated.

My plan is to discuss this with a proposal for a concrete implementation for yum based systems an the developers mailing list of Fedora to get a feeling if this is a real world requirement or if there is no need in optimizing this situation.

Up to now MQTT looks quite promising for me to do the notification mechanism or even push packages to the subscribed machines. With some control server in back this can make package deployment more efficient and faster. The package verification mechanism can work as now only the transport mechanism or the notification of a new package needs to be added to the existing infrastructure. Since MQTT supports SSL/TLS based connections and Websockets there should no bigger problem with security or blocked ports then today.

Try the HiveMQ MQTT broker on CentOS 6.x

What is MQTT?

MQTT is the short name for MQ Telemetry Transport. It is a TCP based protocol which implements the publish and subscribe pattern. While the pubish and subscribe method became popular these days for mobile devices MQTT is one of the protocols becoming more and more popular. Actually MQTT is becoming an OASIS standard for the Internet of Things within the next few months.
Some more information are available here:

What is HiveMQ

HiveMQ is a MQTT broker which basically is the server part of MQTT. All messages in a MQTT communication are handled by a broker, it is the key component for this type of communication. HiveMQ is a Java based broker software with some extended functionality like building clusters and the possibility to easily extend the functionality with plugins. It is free for personal non-commercial use up to 25 concurrent connected clients. Check out the HiveMQ Website for all its features and documentation.

Requirements

CentOS 6.x
Java VM (OpenJDK 1.7)
SELinux should be off if you don't need it.
Allow incomming connections to TCP port 1883

Install OpenJDK 1.7

yum install java-1.7.0-openjdk.x86_64

Download, extract and run HiveMQ

wget --content-disposition http://www.hivemq.com/downloads/releases/latest
unzip hivemq-1.3.0.zip
cd hivemq-1.3.0/
chmod 755 start.sh
./start.sh

The output should look something like this:

-------------------------------------------------------------------------

_    _  _              __  __   ____
| |  | |(_)            |  \/  | / __ \
| |__| | _ __   __ ___ | \  / || |  | |
|  __  || |\ \ / // _ \| |\/| || |  | |
| |  | || | \ V /|  __/| |  | || |__| |
|_|  |_||_|  \_/  \___||_|  |_| \___\_\

-------------------------------------------------------------------------

HiveMQ Start Script for Linux/Unix v1

-------------------------------------------------------------------------

Checking if Java is installed
Java was found. Starting HiveMQ....

-------------------------------------------------------------------------

No HIVEMQ_HOME is set, using default
Searching for HiveMQ in /hivemq-1.3.0....
DONE!
Starting HiveMQ...

-------------------------------------------------------------------------
2013-06-18 22:35:29,874 INFO  - HiveMQ home directory: /hivemq-1.3.0
2013-06-18 22:35:29,879 INFO  - Starting HiveMQ Server
2013-06-18 22:35:33,509 INFO  - Activating statistics callbacks with an interval of 60 seconds
2013-06-18 22:35:33,510 INFO  - Activating $SYS topics with an interval of 60 seconds
2013-06-18 22:35:33,812 WARN  - No license file found. Using free personal licensing with restrictions to 25 connections.
2013-06-18 22:35:34,483 INFO  - Starting on address 0.0.0.0 and port 1883
2013-06-18 22:35:34,514 INFO  - Loaded Plugin Access Log Plugin - v1.0-SNAPSHOT
2013-06-18 22:35:34,516 INFO  - Started HiveMQ in 4646ms

And that’s it! Try to connect your client to your ip on port 1883 and have fun. If you want to use a plugin, just extract it into your plugin folder and restart HiveMQ.

PDF and AI rendering problem with Centos 6 and Typo3

It took me some time to fix a problem regarding the PDF and AI rendering in my typo3 instance. The install tools showed me that every image calculation was working  except PDF and AI. Next to the test within the install tool there is the command shown which worked fine on the command line.The problem is well known but if you’re using your own server I didn’t find a working solution.

First check if everything is installed.

  • GraphicsMagick or ImageMagick
  • GhostScript

The Problem located in the /usr/lib64/GraphicsMagick-1.3.17/config/delegates.mgk. Replace the gs command with the full path /usr/bin/gs:

<?xml version="1.0"?>
<!--
  Delegate command file.

  Commands which specify

    decode="in_format" encode="out_format"

  specify the rules for converting from in_format to out_format
  These rules may be used to translate directly between formats.

  Commands which specify only

    decode="in_format"

  specify the rules for converting from in_format to some format that
  GraphicsMagick will automatically recognize. These rules are used to
  decode formats.

  Commands which specify only

   encode="out_format"

  specify the rules for an "encoder" which may accept any input format.

  For delegates other than gs-color, gs-mono, and mpeg-encode
  the substitution rules are as follows:

    %i  input image filename
    %o  output image filename
    %u  unique temporary filename
    %z  secondary unique temporary filename

    %#  input image signature
    %b  image file size
    %c  input image comment
    %d  original filename directory part
    %e  original filename extension part
    %f  original filename
    %t  original filename top (base) part
    %g  window group
    %h  image rows (height)
    %k  input image number colors
    %l  input image label
    %m  input image format ("magick")
    %n  input image number of scenes
    %p  page number
    %q  input image depth
    %r  input image storage class, colorspace, and matte
    %s  scene number
    %w  image columns (width)
    %x  input image x resolution
    %y  input image y resolution
    %[  input image attribute (e.g. "%[EXIF:Orientation]")
    %%  pass through literal %

  Under Unix, all text (non-numeric) substitutions should be
  surrounded with double quotes for the purpose of security, and
  because any double quotes occuring within the substituted text will
  be escaped using a backslash.

  Commands (excluding file names) containing one or more of the
  special characters ";&|><" (requiring that multiple processes be
  executed) are executed via the Unix shell with text substitutions
  carefully excaped to avoid possible compromise.  Otherwise, commands
  are executed directly without use of the Unix shell.

  Use 'gm convert -list delegates' to verify how the contents of this
  file has been parsed.

 -->
<delegatemap>
  <delegate decode="autotrace" stealth="True" command='"autotrace" -output-format svg -output-file "%o" "%i"' />
  <delegate decode="browse" stealth="True" command='"xdg-open" "http://www.GraphicsMagick.org/" &'  />
  <delegate decode="cgm" command='"ralcgm" -d ps < "%i" > "%o" 2>/dev/null' />
  <delegate decode="dcraw" command='"dcraw" -c -w "%i" > "%o"' />
  <delegate decode="dot" command='"dot" -Tps "%i" -o "%o"' />
  <delegate decode="dvi" command='"dvips" -q -o "%o" "%i"' />
  <delegate decode="edit" stealth="True" command='"xterm" -title "Edit Image Comment" -e vi "%o"' />
  <delegate decode="emf" command='"wmf2eps" -o "%o" "%i"' />
  <delegate decode="eps" encode="pdf" mode="bi" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pdfwrite "-sOutputFile=%o" -- "%i" -c quit' />
  <delegate decode="eps" encode="ps" mode="bi" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pswrite "-sOutputFile=%o" -- "%i" -c quit' />
  <delegate decode="fig" command='"fig2dev" -L ps "%i" "%o"' />
  <delegate decode="gplt" command='"echo" "set size 1.25,0.62; set terminal postscript portrait color solid; set output \"%o\"; load \"%i\"" > "%u"; "gnuplot" "%u"' />

  <!-- Read monochrome Postscript, EPS, and PDF  -->
  <delegate decode="gs-mono" stealth="True" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pbmraw -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />

  <!-- Read grayscale Postscript, EPS, and PDF  -->
  <delegate decode="gs-gray" stealth="True" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pgmraw -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />

  <!-- Read colormapped Postscript, EPS, and PDF  -->
  <delegate decode="gs-palette" stealth="True" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pcx256 -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />

  <!-- Read color Postscript, EPS, and PDF  -->
  <delegate decode="gs-color" stealth="True" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=ppmraw -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />

  <!-- Read color+alpha Postscript, EPS, and PDF  -->
  <delegate decode="gs-color+alpha" stealth="True" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pngalpha -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />

  <!-- Read CMYK Postscript, EPS, and PDF  -->
  <delegate decode="gs-cmyk" stealth="True" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pam -dTextAlphaBits=%u -dGraphicsAlphaBits=%u -r%s %s "-sOutputFile=%s" -- "%s" -c quit' />

  <delegate decode="hpg" command='"hp2xx" -q -m eps -f `basename "%o"` "%i" && mv -f `basename "%o"` "%o"' />
  <delegate decode="hpgl" command='"hp2xx" -q -m eps -f `basename "%o"` "%i" && mv -f `basename "%o"` "%o"' />
  <!-- Read HTML file  -->
  <delegate decode="htm" command='"html2ps" -U -o "%o" "%i"' />
  <!-- Read HTML file  -->
  <delegate decode="html" command='"html2ps" -U -o "%o" "%i"' />
  <delegate decode="ilbm" command='"ilbmtoppm" "%i" > "%o"' />
  <!-- Read UNIX manual page  -->
  <delegate decode="man" command='"groff" -man -Tps "%i" > "%o"' />
  <!-- Read MPEG file using mpeg2decode  -->
  <delegate decode="mpeg" command='"mpeg2decode" -q -b "%i" -f -o3 "%u%%05d"; gm convert -temporary "%u*.ppm" "miff:%o" ; rm -f "%u"*.ppm ' />
  <!-- Write MPEG file using mpeg2encode -->
  <delegate encode="mpeg-encode" stealth="True" command='"mpeg2encode" "%i" "%o"' />
  <!-- Convert PDF to Encapsulated Poscript using Ghostscript -->
  <delegate decode="pdf" encode="eps" mode="bi" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=epswrite "-sOutputFile=%o" -- "%i" -c quit' />
  <!-- Convert PDF to Postcript using Ghostscript -->
  <delegate decode="pdf" encode="ps" mode="bi" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pswrite "-sOutputFile=%o" -- "%i" -c quit' />
  <!-- Convert PNM file to ILBM format using ppmtoilbm -->
  <delegate decode="pnm" encode="ilbm" mode="encode" command='"ppmtoilbm" -24if "%i" > "%o"' />
  <delegate decode="pnm" encode="launch" mode="encode" command='"gimp" "%i"' />
  <delegate decode="pnm" encode="win" mode="encode" command='"gm" display -immutable "%i"' />
  <!-- Read Persistance Of Vision file using povray  -->
  <delegate decode="pov" command='povray "+i"%i"" +o"%o" +fn%q +w%w +h%h +a -q9 -kfi"%s" -kff"%n"
    "gm" convert -adjoin "%o*.png" "%o"' />
  <delegate decode="ps" encode="eps" mode="bi" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=epswrite "-sOutputFile=%o" -- "%i" -c quit' />
  <delegate decode="ps" encode="pdf" mode="bi" command='"/usr/bin/gs" -q -dBATCH -dMaxBitmap=50000000 -dNOPAUSE -sDEVICE=pdfwrite "-sOutputFile=%o" -- "%i" -c quit' />
  <delegate decode="ps" encode="print" mode="encode" command='"no -c -s" "%i"' />
  <!-- Read Radiance file using ra_ppm -->
  <delegate decode="rad" command='"ra_ppm" -g 1.0 "%i" "%o"' />
  <!-- Convert RGBA file to URT RLE using rawtorle -->
  <delegate decode="rgba" encode="rle" mode="encode" command='"gm" mogrify -flip -size %wx%h "rgba:%i"
    "rawtorle" -w %w -h %h -n 4 -o "%o" "%i"' />
   <!-- Scan an image using Sane's scanimage -->
  <delegate decode="scan" command='"scanimage" -d "%i" > "%o"' />
  <!-- Read HTML file  -->
  <delegate decode="shtml" command='"html2ps" -U -o "%o" "%i"' />
  <!-- Convert ASCII text to Postscript using 'enscript' command -->
  <delegate decode="txt" encode="ps" mode="bi" command='"enscript" -o "%o" "%i"' />
  <!-- Render WMF file using wmf2eps (fallback in case libwmf not available) -->
  <delegate decode="wmf" command='"wmf2eps" -o "%o" "%i"' />
  <delegate encode="show" stealth="True" command='"gm" display -immutable -delay 0 -window_group %g -title "%l of %f" "tmp:%o" &' />
</delegatemap>

Install nginx on CentOS 6

If you want to have the latest version of nginx on your CentOS system the easiest way is to use the official yum repository from the nginx program. The version contained in the EPEL repository is quite old.

Download the repo RPM from http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm and install it using rpm -i <packagename>. Then run the command ‘yum install nginx’.

Or create the repository manual.

Create a new repository file:

vi /etc/yum.repos/nginx.repo

copy the yum repository information into it and save it:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/OS/OSRELEASE/$basearch/
gpgcheck=0
enabled=1

now install nginx:

yum install nginx

If you’re looking for sample configuration files you should have a look at the nginx wiki page wiki.nginx.org there are quite a lot of good examples.

ssh -X doesn’t work on CentOS

If you installed the server without GUI it may is useful sometimes to have a GUI output via ssh on an different computer.

You can connect with ssh to the server and present the output on you local machine by using ssh with the option -X. You need to be sure that the package xauth is installed on the target machine to do this. Maybe for some types of software you need some additional libraries aswell but they should be installed by yum automatically.

Install xauth like this:

sudo yum install xauth

Change network device name from eth1 back to eth0.

The interface name of a network device increases if the mac address of the physical or virtual network card changes. A common case is if you made a clone of a virtual machine for example via VMware or KVM or replaced a physical network card in a non virtualized server.

If it’s a CentOS 6 machine you need to change 2 files to rename the interface for example from eth1 back to eth0.

One file is the udev rule for network devices which is located here:

/etc/udev/rules.d/70-persistent-net.rules

Copy the new mac address to the line of your eth0 rule and delete the new rule for eth1.

# PCI device 0x15ad:0x07b0 (vmxnet3)
SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:50:56:b2:23:e0″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″

Modify the network configuration located under:

/etc/sysconfig/network-scripts/ifcfg-eth0

and replace the old ip with the new one and the old mac address with the new mac address.

To be sure everything works fine reboot your machine.

Install OpenERP on CentOS 6.0 with Nginx HTTP Proxy

This tutorial should help you with the installation process of OpenERP on CentOS 6.x.

I installed OpenERP server and the OpenERP webgui with a nginx http proxy on a CentOS 6.0.

First of all I installed minmal CentOS 6.0.

Login as root and process the following steps.

Use the official nginx repository for the latest nginx version:

How to install nginx on CentOS 6

Add the EPEL repository for the two packages PyYAML and pydot which are not included in the CentOS main repository.

rpm -Uvh http://download.fedora.redhat.com/pub/epel/6/i386/epel-release-6-5.noarch.rpm

Update the system and install all required dependencies:

yum update -y

yum install -y python-devel pychart python-dateutil python-reportlab python-lxml python-psycopg2 python-mako python-setuptools pytz PyYAML graphviz pydot  python-imaging pywebdav python-vobject postgresql-server nginx vim system-config-firewall-tui wget

Database setup:

Initialize the database directory:

service postgresql initdb

Start the PostreSQL server the first time:

service postgresql start

Add PostgreSQL server daemon to your default runlevel:

chkconfig postgresql on

Setup system user :

useradd openerp

passwd openerp

Create a database role and database:

su -c ‘createuser –superuser –no-createrole –createdb –pwprompt openerp’ postgres

su -c ‘createdb –owner=openerp openerp’ postgres

Download latest OpenERP 6.x version. Please download server and webapp package with the same version number here!

For example:

wget http://www.openerp.com/download/stable/source/openerp-server-6.0.2.tar.gz

wget http://www.openerp.com/download/stable/source/openerp-web-6.0.2.tar.gz

Move or download the tarballs for example into the /usr/src/ directory and extract them.

tar xvfz openerp-server-6.0.2.tar.gz

tar xvfz openerp-web-6.0.2.tar.gz

Continue with installing the OpenERP server.

Change the directory to openerp-server-<yourversion> and run:

python setup.py install

Install the database:

su -c ‘openerp-server –without-demo=all –stop-after-init –save’ openerp

Now install the OpenERP webclient.

Change to the openerp-web directory:

python setup.py install

Create the log directory for the webclient:

mkdir -p /var/log/openerp-web

and copy the config file to the /etc directory:

cp /usr/lib/python2.6/site-packages/openerp_web-6.0.2-py2.6.egg/doc/openerp-web.cfg /etc/openerp-web.cfg

open and edit the file to be prepared for access the webgui through the nginx proxy

vim /etc/openerp-web.cfg

change and uncomment the following lines:

tools.proxy.on = True

tools.proxy.base = ‘http://<yourproxyurl>’

Add the following lines to your /etc/local.start to start OpenERP on startup.

if [ “`runlevel | awk ‘{ print $2 }’`” -gt “1” ]; then
su -c ‘openerp-server -c ~/.openerp_serverrc’ openerp &
su -c ‘openerp-web -c /etc/openerp-web.cfg’ openerp &
fi

Configuration of Nginx proxy:

Create and edit a virtual host for your Openerp configuration.

vim /etc/nginx/conf.d/openerp.conf

past and modify the following lines:

server {
listen 80;
server_name  <yourdomain> ;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
}

Open the firewall port 80 tcp for webaccess.

system-config-firewall-tui

and configure nginx to start at boot time.

chkconfig nginx on

Start nginx server the first time:

service nginx start

Now we need to start openerp with the command we wrote in the local.start file or reboot the machine to be sure our configuration is correct.

Try to connect to your configured url. For example: http://openerp.example.com and login with username: admin and password: admin. Change the password for your admin user directly after your first login!

 

References:

http://labs.cre8tivetech.com/2011/01/openerp-simplified-installation-6-0-1/

https://docs.google.com/document/d/1861eyMCcSE0pNZKGHuPY5OfIatorxkpNg-4wFeiP1wI/edit?hl=en&authkey=COW5nkE&pli=1

http://www.openerp.com/forum/topic22108.html

CentOS 6 is out

8 month after RHEL 6 was released the free clone CentOS 6 is released. It includes all new features and is binary compatible to Red Hats Enterprise Linux 6.

Based on Linux kernel 2.6.32 it includes for example PostgreSQL 8.4 and MySQL 5.1.

Like RedHat, the CentOS team will release 7 Years patches and service packs for this distribution release.

It’s not recommended to update your CentOS 4 or 5 installation. You should do a new installation if you plan to migrate your software.

Here you can find the complete release notes for Centos 6.0.

Change default port of Jenkins on CentOS

The Jenkins project provides a rpm installation repository for CentOS which installs Jenkins with some changed locations for configuration files.

If you want to change the default port for Jenkins you need to change the file /etc/sysconfig/jenkins

JENKINS_PORT=”8080″

Change it to the port you want to use for Jenkins. Default is port 8080.

To deliver Jenkins to the web I use Apache as a reverse proxy in front of it to have some easy to configure access control.

Multi ip configuration on CentOS

In Linux you can add additional network IP’s to a network interface with aliases.

Your first interface name looks something like etho. If you add more additional addresses your alias will look some thing like eth0:0 for the first one and eht0:1 for the second and so on.

This interface can be configured with it’s own ip and subnetmask. If you need to route the traffic trough an special gateway you need to set up an detailed routing table for that because you only can set one default gateway on your system which is used if no special route is found.

Tony Bhimani wrote a real nice howto for RHEL which can be used for CentOS the same way.