Difference between revisions of "CentOS7"
(→Enable firewall) |
(→Enable disk quota on ext4: added yum notes) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 77: | Line 77: | ||
[root@localhost ~]# firewall-cmd --reload | [root@localhost ~]# firewall-cmd --reload | ||
| + | |||
| + | Add port forwarding for port 22 to port 922 on the same machine | ||
| + | |||
| + | [root@localhost ~]# firewall-cmd --add-forward-port=port=22:proto=tcp:toport=922 | ||
== Disable firewalld and use iptables == | == Disable firewalld and use iptables == | ||
| Line 123: | Line 127: | ||
# repquota -auv | # repquota -auv | ||
| + | |||
| + | == Fix an interrupted yum upgrade == | ||
| + | |||
| + | (notes copied from [https://www.thegeekdiary.com/centos-rhel-67-how-to-recover-an-interrupted-yum-package-installation/ www.thegeekdiary.com]) | ||
| + | |||
| + | Normally if something interrupts a yum upgrade there will be duplicate package warnings or dependencies that haven't been filled. To resolve the problems, it's possible to retry the transaction. | ||
| + | |||
| + | # yum history | ||
| + | Loaded plugins: fastestmirror | ||
| + | ID | Command line | Date and time | Action(s) | Altered | ||
| + | ------------------------------------------------------------------------------- | ||
| + | 152 | upgrade | 2019-11-02 11:52 | E, I, U | 29 ** | ||
| + | 151 | upgrade -y | 2019-10-20 12:44 | O, U | 10 EE | ||
| + | 150 | upgrade | 2019-10-11 08:21 | Update | 6 | ||
| + | |||
| + | In this instance, the ** at the end of id 152 indicates that the transaction was interrupted. | ||
| + | |||
| + | > - The rpmdb was changed, outside yum, after the transaction. | ||
| + | < - The rpmdb was changed, outside yum, before the transaction. | ||
| + | * - The transaction aborted before completion. | ||
| + | # - The transaction completed, but with a non-zero status. | ||
| + | E - The transaction completed fine, but had warning/error output during the transaction. | ||
| + | P - The transaction completed fine, but problems already existed in the rpmdb. | ||
| + | s - The transaction completed fine, but --skip-broken was enabled and had to skip some packages. | ||
| + | |||
| + | To resolve this issue, I force-reinstalled all the packages in transaction 152 using the '''redo force-reinstall''' option with yum history. | ||
| + | |||
| + | # yum history redo force-reinstall 152 | ||
| + | |||
| + | Always read what is going to be performed and don't blindly accept it otherwise the system may end up not working. | ||
Latest revision as of 14:05, 8 November 2019
See also Upstart
Contents
Change server hostname
[root@localhost ~]# hostnamectl status
Static hostname: localhost.localdomain
Icon name: computer-vm
Chassis: vm
Machine ID: 399b74f54385ee0d782648666a204c25
Boot ID: 411893b81fee4fb0b865e1b18fd8dd6d
Virtualization: kvm
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-123.el7.x86_64
Architecture: x86_64
Set the hostname.
[root@localhost ~]# hostnamectl set-hostname centos7.internal
Check the host name again (Close the session and open new session using putty or console)
CentOS7 kernel panic on some hardware
If you can't even get the installer to work and it just causes a kernel panic on startup, check this link: http://centosfaq.org/centos/centos-72-kernel-panic/
The relevant info is pasted below in case the page is removed in the future.
During the startup of the installer, edit the options for the kernel to include:
initcall_blacklist=clocksource_done_booting
If the machine is already installed and you're moving the disks to another system and get a kernel panic, it's possible to use an older rescue disk and
Append the line
GRUB_CMDLINE_LINUX_DEFAULT=”initcall_blacklist=clocksource_done_booting”
to /etc/default/grub, and run
# grub2-mkconfig > /boot/grub2/grub.cfg
On reboot this should allow you to boot succesfully.
Enable firewall
Start the firewall running and set it to auto-start on bootup
[root@localhost ~]# systemctl start firewalld [root@localhost ~]# systemctl enable firewalld
Enable HTTP and HTTPS
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-service=http [root@localhost ~]# firewall-cmd --permanent --zone=public --add-service=https
Add a custom port for SSH
[root@localhost ~]# firewall-cmd --permanent --zone=public --add-port=22222/tcp
Remove the original SSH service
[root@localhost ~]# firewall-cmd --permanent --zone=public --remove-service=ssh
Add a rule for access to a service on a specific local port from a specific source IP
[root@localhost ~]# firewall-cmd --permanent --zone=public \
--add-rich-rule='rule family="ipv4" source address="1.2.3.0/24"
port protocol="tcp" port="22222" accept'
Block a single IP from all services (and yes, that's a real IP that was pounding on a WordPress login page)
[root@localhost ~]# firewall-cmd --add-rich-rule="rule family='ipv4' source address='176.28.22.192' reject"
Reload the firewall rules
[root@localhost ~]# firewall-cmd --reload
Add port forwarding for port 22 to port 922 on the same machine
[root@localhost ~]# firewall-cmd --add-forward-port=port=22:proto=tcp:toport=922
Disable firewalld and use iptables
(content taken from racktables.com in case it disappears)
The first step is to stop and mask the firewalld service (i.e., the service you do not want to use):
$ systemctl stop firewalld $ systemctl mask firewalld
Then, install the "iptables-services" package (if it is not already installed):
$ yum install iptables-services
Enable the service to start at boot-time:
$ systemctl enable iptables
If you are saving your rules in that /etc/sysconfig/iptables file, you will then need to run one of the following commands:
$ service iptables restart # OR: $ systemctl restart iptables
Next, check that the iptables service is "active" with:
$ systemctl status iptables
You can query the systemd journal for a "log" of the changes you made to the iptables service with:
$ journalctl -f -u iptables.service
Enable disk quota on ext4
Add to /etc/fstab the following options on the line with the ext4 fs (eg /home):
usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0
Then check quotas and enable them
# quotaoff -a # quotacheck -auvgm # quotaon -a
To check the quotas
# repquota -auv
Fix an interrupted yum upgrade
(notes copied from www.thegeekdiary.com)
Normally if something interrupts a yum upgrade there will be duplicate package warnings or dependencies that haven't been filled. To resolve the problems, it's possible to retry the transaction.
# yum history Loaded plugins: fastestmirror ID | Command line | Date and time | Action(s) | Altered ------------------------------------------------------------------------------- 152 | upgrade | 2019-11-02 11:52 | E, I, U | 29 ** 151 | upgrade -y | 2019-10-20 12:44 | O, U | 10 EE 150 | upgrade | 2019-10-11 08:21 | Update | 6
In this instance, the ** at the end of id 152 indicates that the transaction was interrupted.
> - The rpmdb was changed, outside yum, after the transaction. < - The rpmdb was changed, outside yum, before the transaction. * - The transaction aborted before completion. # - The transaction completed, but with a non-zero status. E - The transaction completed fine, but had warning/error output during the transaction. P - The transaction completed fine, but problems already existed in the rpmdb. s - The transaction completed fine, but --skip-broken was enabled and had to skip some packages.
To resolve this issue, I force-reinstalled all the packages in transaction 152 using the redo force-reinstall option with yum history.
# yum history redo force-reinstall 152
Always read what is going to be performed and don't blindly accept it otherwise the system may end up not working.
