Tag Archives: linux

Installing Django on CentOS 6

Django is available as an EPEL package.

First, activate EPEL via

[code lang=”bash”]
$ sudo rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[/code]

or for 32-bin CentOS,

[code lang=”bash”]
$ sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
[/code]

NOTE: That exact URL will change with time. I took it from the EPEL FAQ.

Next, install the Django package.

[code lang=”bash”]
$ sudo rpm install Django
[/code]

Ensure that Django is working.

[code lang=”python”]
$ python
Python 2.6.6. (r266:84292, Feb 22 2013, 00:00:18)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-3)] on linux2
Type "help", "copyright", "credits" or license" for more informaiton.
>>> import django
>>> print django.get_version()
1.4.5
>>> _
[/code]

Linux HP Printer Support

Hewlett-Packard does not provide Linux drivers in the box, but they do have a snazzy driver installer called HP Linux Imaging and Printing (HPLIP). On HP’s web site they say,

Hewlett-Packard develops HP Linux Imaging & Printing (HPLIP) software that includes a driver, a driver installer, and a toolbox for setup and configuring HP printers and All-in-Ones. The software supplies support for over 1,500 HP products, and works with nearly any Linux distribution on the market today.

Hewlett-Packard currently does not distribute HPLIP in printer boxes, nor is there Linux information in the printer documentation. However, all major Linux distributions regularly integrate HPLIP into their software releases. The latest HPLIP software resides on Sourceforge.net

NOTE:
Sourceforge.net is the official Web site for Open Source project development. The Web site acts as a repository for Open Source code, and provides tools for facilitating and managing the interactive nature of public code development. Sourceforge.net also acts as the most common noncommercial distribution point for Open Source software.

The HP Linux Imaging and Printing web site walks you through choosing the correct installer, then gives you the opportunity to download it. I followed the supplied instructions, which was simply

sh hplip-3.9.8.run

The process worked flawlessly for me.

Do note that it states that SELinux must be disabled for the print drivers to work.

UPDATE FOR CENTOS 5.4

Today (5 February 2010) I tried installing this on a new CentOS 5.4 installation, and this no longer works. Fortunately Abbas already figured this out. His solution is here. The summary is that before installing the RPM, you need to remove two dependencies:

sudo rpm -ev --nodeps libsane-hpaio hpijs
sudo rpm -Uvh hplip-3.9.10_rhel-5.0.i386.rpm
sudo /sbin/reboot

After plugging in the printer to the USB port, I was able to add the new printer without a problem.

Thank you, Abbas!

Required Packages to Run VMware Workstation on Fedora 11

Having a new workstation to prepare for use, Fedora 11was tested and chosen over CentOS 5.3 because of the cutting-edge hardware. VMware  Workstation 6.5 tends to install cleanly on CentOS, but not on the newer Fedora kernels. I needed to install the following packages to get Workstation to run:

  1. gcc
  2. libstdc++
  3. kernel
  4. kernel-devel
  5. kernel-headers

These can be installed with a single yum command:

$ sudo yum install gcc libstdc++ kernel kernel-devel kernel-headers

At this point Workstation should find everything that it need to build its kernel modules.

Remove Extraneous RedHat Services to Help Secure Servers

One of the principles of server security is to run only those services and daemons that are absolutely necessary, and no more. A good, hardened server shouldn’t be having extraneous conversations with other machines.

While this is by no means a comprehensive list, here are some extraneous services that may be running on your server after a fresh CentOS or RedHat install. Obviously, you should look at your server’s purpose and skip those that are needed for your particular machine.

Detecting Running Services

There are various commands that will show what’s listening on what port. I personally like

# lsof -i

Disabling Daemons

If one can’t just remove a daemon, one may disable it.

  1. Stop the daemon.
    # service daemon name stop
    
  2. Disable the daemon from running automatically.
    # chkconfig --level 0123456 daemon name off
    

Daemons to Consider Removing

Avahi
My servers aren't doing Zeroconf to talk to new machines that appear on the network. If it says, "Bonjour", my server isn't listening. Avahi is embedded pretty deeply in the system, so you'll probably not be able to remove the avahi package without neutering your server.
CUPS
For some reason the printer subsystem CUPS is embedded pretty deeply in the system, and you may not be able to remove it without erasing administrative tools that you might want to keep.
Exim
For some reason the LSB RPM depends on Exim, so again I simply disable Exim. Cron jobs can still send e-mail without Exim running. If you don't care about LSB compliance, you can sudo yum erase exim.

There are others. Please suggest more!

Installing PowerDNS

PowerDNS Logo
There are notes on installing PowerDNS on a CentOS 5 server. This is generic enough that it aught to work on any RPM based Linux distro with yum installed.

Preliminary Setup

  • Ensure BIND is not installed.
    $ sudo yum erase bind
    
  • Create a user to run as.
    $ sudo useradd -c "PowerDNS" -M -r -s /sbin/nologin pdns
    
  • Install MySQL
  • $ sudo yum install mysql-server
    $ sudo /sbin/service mysqld start
    $ sudo /sbin/chkconfig --level 35 mysqld on
    
  • Set MySQL root password. Please use different passwords.
    $ /usr/bin/mysqladmin -u root password 'new password'
    $ /usr/bin/mysqladmin -u root -h localhost password 'new password'
  • Run the following MySQL commands. Please change the passwords in the file first.
    $ mysql --user=root mysql -p
    Enter password:
    mysql> source database-install.sql;

    The database-install.sql is something I created. It has the following:

    ################################################################################
    #
    # Adjust users.
    #
    #  !!! WARNING !!!  Change the two passwords below!
    #
    ################################################################################
    
    # Change the root password here.
    UPDATE mysql.user SET password = PASSWORD('password') WHERE user = 'root';
    
    # Change the PowerDNS password here.
    CREATE USER 'powerdns'@'localhost' IDENTIFIED BY 'password';
    
    DROP USER '';
    FLUSH PRIVILEGES;
    
    ################################################################################
    #
    # Create database and tables.
    #
    ################################################################################
    CREATE DATABASE powerdns;
    
    USE powerdns;
    
    CREATE TABLE domains
    (
    id              INT          AUTO_INCREMENT,
    name            VARCHAR(255) NOT NULL,
    master          VARCHAR(128) DEFAULT NULL,
    last_check      INT          DEFAULT NULL,
    type            VARCHAR(6)   NOT NULL,
    notified_serial INT          DEFAULT NULL,
    account         VARCHAR(40)  DEFAULT NULL,
    PRIMARY KEY (id)
    ) type=InnoDB;
    
    CREATE UNIQUE INDEX name_index ON domains(name);
    
    CREATE TABLE records
    (
    id              INT          AUTO_INCREMENT,
    domain_id       INT          DEFAULT NULL,
    name            VARCHAR(255) DEFAULT NULL,
    type            VARCHAR(6)   DEFAULT NULL,
    content         VARCHAR(255) DEFAULT NULL,
    ttl             INT          DEFAULT NULL,
    prio            INT          DEFAULT NULL,
    change_date     INT          DEFAULT NULL,
    PRIMARY KEY(id)
    ) type=InnoDB;
    
    CREATE INDEX rec_name_index ON records(name);
    CREATE INDEX nametype_index ON records(name,type);
    CREATE INDEX domain_id ON records(domain_id);
    
    CREATE TABLE supermasters
    (
    ip              VARCHAR(25)  NOT NULL,
    nameserver      VARCHAR(255) NOT NULL,
    account         VARCHAR(40)  DEFAULT NULL
    ) type=InnoDB;
    
    GRANT ALL ON domains TO powerdns;
    GRANT ALL ON records TO powerdns;
    GRANT SELECT ON supermasters TO powerdns;

PowerDNS Setup

  • Download PowerDNS RPM.
  • Install RPM.
  • Change the permissions on the PowerDNS config file since it holds passwords in plain text.
    $ sudo chmod 440 /etc/powerdns/pdns.conf
  • Edit the PowerDNS config file.
    $ sudo vim /etc/powerdns/pdns.conf
  • Find the setgid and setuid lines. Add the appropriate lines
    setgid=pdns
    setuid=pdns
  • Find the launch line. Add information for the MySQL database.
    launch=gmysql
    gmysql-host=localhost
    gmysql-user=powerdns
    gmysql-password=password
    gmysql-dbname=powerdns
    gmysql-socket=/var/lib/mysql/mysql.sock
  • Find the local-address line and add the IP address of the publicly-facing NIC. See Chapter 15 of the documentation.
    local-address=xxx.xxx.xxx.xxx
  • Find the log-dns-details line and add the following:
    log-dns-details=off

Testing

  • Ensure that your firewall is allowing traffic on port 53 both UDP and TCP. If you do not, you’ll encounter strange errors with the DNS server not being found. (Ahem, yes, I did this recently.)
  • Test the setup by running PowerDNS in monitor mode:
    $ sudo /etc/init.d/pdns monitor
    
    Jan 04 22:46:34 This is a standalone pdns
    Jan 04 22:46:34 UDP server bound to 127.0.0.1:53
    Jan 04 22:46:34 TCP server bound to 127.0.0.1:53
    Jan 04 22:46:34 PowerDNS 2.9.21.2 (C) 2001-2008 PowerDNS.COM BV (Nov 16 2008, 14:07:43, gcc 4.2.3 (Ubuntu 4.2.3-2ubuntu7)) starting up
    Jan 04 22:46:34 PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
    Jan 04 22:46:34 Set effective group id to 105
    Jan 04 22:46:34 Set effective user id to 102
    Jan 04 22:46:34 Creating backend connection for TCP
    Jan 04 22:46:34 gmysql Connection succesful
    Jan 04 22:46:34 About to create 3 backend threads for UDP
    Jan 04 22:46:34 gmysql Connection succesful
    Jan 04 22:46:34 gmysql Connection succesful
    Jan 04 22:46:34 gmysql Connection succesful
    Jan 04 22:46:34 Done launching threads, ready to distribute questions
  • If there are problems, see Chapter 4 of the documentation.
  • Test the operation. Leave the monitor (previous item) running. Pull up a new shell. Execute the following host command and look for a similar response.
    $ host www.test.com 127.0.0.1
    Using domain server:
    Name: 127.0.0.1
    Address: 127.0.0.1#53
    Aliases: 
    
    Host www.test.com not found: 2(SERVFAIL)

    In the monitor you should see the following message:

    Not authoritative for 'www.test.com', sending servfail to 127.0.0.1 (recursion was desired)
  • Add some test records to the database:
    $ mysql --user=root -p
    mysql> source database-test.sql;

    That file has the following commands, which I copied from the InterNet:

    USE powerdns;
    
    INSERT INTO domains (name, type) values ('test.com', 'NATIVE');
    INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'test.com','localhost ahu@ds9a.nl 1','SOA',86400,NULL);
    INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'test.com','dns-us1.powerdns.net','NS',86400,NULL);
    INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'test.com','dns-eu1.powerdns.net','NS',86400,NULL);
    INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'www.test.com','199.198.197.196','A',120,NULL);
    INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'mail.test.com','195.194.193.192','A',120,NULL);
    INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'localhost.test.com','127.0.0.1','A',120,NULL);
    INSERT INTO records (domain_id, name, content, type,ttl,prio) VALUES (1,'test.com','mail.test.com','MX',120,25);
  • Run the test again:
    $ host www.test.com 127.0.0.1
    Using domain server:
    Name: 127.0.0.1
    Address: 127.0.0.1#53
    Aliases:
    
    www.test.com has address 199.198.197.196
  • Try another test.
    $  host -v -t mx www.test.com 127.0.0.1
    Trying "www.test.com"
    Using domain server:
    Name: 127.0.0.1
    Address: 127.0.0.1#53
    Aliases: 
    
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27585
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;www.test.com.			IN	MX
    
    ;; AUTHORITY SECTION:
    test.com.		86400	IN	SOA	localhost. ahu.ds9a.nl. 1 10800 3600 604800 3600
    
    Received 86 bytes from 127.0.0.1#53 in 21 ms
  • If you are receiving the following in the monitor:
    Authoritative empty NO ERROR to 127.0.0.1 for 'www.test.com' (AAAA), other types do exist.

    Then you did not put the log-dns-details=off in the configuration file. See the documentation, which says

    As the name implies, this is not an error. It tells you there are questions for a domain which exists in your database, but for which no record of the requested type exists. To get rid of this error, add log-dns-details=off to your configuration.

  • Remove the test records.
    $ mysql --user=root -p
    mysql> USE powerdns;
    mysql> DELETE FROM domains;
    mysql> DELETE FROM records;
  • Ensure pdns is set to run at boot time.
    $ sudo /sbin/chkconfig --level 35 pdns on
  • Start the services as a dæmon and you're done.
    $ sudo /etc/init.d/pdns start

Updates

2009-01-20
Fixed the section on local-address in the configuration file which prevented outside machines from accessing the name server.
2010-04-21
Fixed error caught by Matt. Thanks, Matt!
2011-01-22
Added a note to remind that port 53 must be opened for both TCP and UDP.

Upgrading Zimbra 4.5.10 to 5.0.11

Zimbra Logo
Upgrading major pieces of core business support servers is fun! Note the heavy irony in “fun!”.

There are my running notes for upgrading a Zimbra 4.5.10 server to the latest Zimbra 5.0.11. When doing critical work like this, I keep running notes in case something doesn’t go right. Wish me luck.

Update: The upgrade went smoothly. Kudos to the Zimbra development team for what appeared to be a well thought-out and executed upgrade process.

  1. Downloaded Zimbra 5.0.11 and extracted it to /tmp
  2. Copied documentation to my workstation.
  3. Shut down Zimbra.
    # su - zimbra
    $ zmcontrol stop
    
  4. Take VMware snapshot
  5. Install libtool-ltdl
    # yum install libtool-ltdl
  6. Update all CentOS 5 packages. 久しぶり…。 (Been a while….)
    # yum update
  7. Reboot the server since the kernel was updated.
  8. Shut down Zimbra (again).
    # su - zimbra
    $ zmcontrol stop
    
  9. Take VMware snapshot
  10. cd to extracted Zimbra 5.0.11
  11. Run the installer
    # ./install.sh
    
  12. Accept default answer “yes” to verify the message store database
    Do you want to verify message store database integrity? [Y] 
    Verifying integrity of message store databases.  This may take a while.
    mysqld is alive
    Generating report
    No errors found
    

    Looks good.

  13. Accept default answer “yes” to upgrade.
    Checking for installable packages
    
    Found zimbra-core
    Found zimbra-ldap
    Found zimbra-logger
    Found zimbra-mta
    Found zimbra-snmp
    Found zimbra-store
    Found zimbra-apache
    Found zimbra-spell
    Found zimbra-proxy
    
    
    The Zimbra Collaboration Suite appears already to be installed.
    It can be upgraded with no effect on existing accounts,
    or the current installation can be completely removed prior
    to installation for a clean install.
    
    Do you wish to upgrade? [Y] 
    
  14. I’m asked whether to install zimbra-proxy.
    Install zimbra-proxy [N] 
    

    Googling to understand what this is.

  15. The Zimbra Proxy Guide states that this is a proxy, implying a multi-server configuration. In the Zimbra forums an employee states, “No, under no circumstances should you enable that feature if you have a single server.” Case closed. Stick with the default “no”.
  16. Now the installer is complaining about not running on an official RHEL5 machine.
    You appear to be installing packages on a platform different
    than the platform for which they were built.
    
    This platform is CentOS5
    Packages found: RHEL5
    This may or may not work.
    
    Installation can not continue without manual override.
    You can override this safety check with ./install.sh --platform-override
    
  17. Fine. Override.
    # ./install.sh --platform-override
    
  18. Accept default answer “yes” to verify the message store database
    Do you want to verify message store database integrity? [Y] 
    

    Same result as before. Looks good.

  19. Accept default answer “yes” to upgrade. Again.
    Do you wish to upgrade? [Y] 
    
  20. Accept default for “no” to zimbra-proxy.
    Install zimbra-proxy [N] 
    
  21. Type “Y” to ignore the non-RHEL5 complain.
    Install anyway? [N] Y
    
  22. Type “Y” to keep going.
    The system will be modified.  Continue? [N] Y
    
  23. It’s shutting down Zimbra.
  24. It’s removing existing packages.
  25. It’s removing “deployed webapp directories.
  26. It’s installing the new packages.
  27. It’s copying defaults
    Setting defaults from saved config in /opt/zimbra/.saveconfig/config.save
       HOSTNAME=XXXX.XXXXXXXX.com
       LDAPHOST=XXXX.XXXXXXXX.com
       LDAPPORT=389
       SNMPTRAPHOST=XXXX.XXXXXXXX.com
       SMTPSOURCE=XXXX@XXXXXXXX.com
       SMTPDEST=XXXX@XXXXXXXX.com
       SNMPNOTIFY=yes
       SMTPNOTIFY=yes
       LDAPROOTPW=XXXXXXXXX
       LDAPZIMBRAPW=XXXXXXXXX
       LDAPPOSTPW=
       LDAPREPPW=
       LDAPAMAVISPW=
       LDAPNGINXPW=
    
  28. It’s performing the upgrade.
    Upgrading from 4.5.10_GA_1575 to 5.0.11_GA_2695
    
  29. Zzzzz… progressing nicely but taking a while…
  30. Done. Answer with default.
    Notify Zimbra of your installation? [Yes] 
    
  31. OK. It’s not done. It’s still going.
  32. Done for certain.
    Configuration complete - press return to exit 
    
  33. Check status of server.
    # su - zimbra
    $ zmcontrol  status
    

    Everything is running.

  34. Try accessing the server via the web interface.
  35. Examined administrative account. All of the settings look right.
  36. Examined web user interface. All of the settings look right. I think we’re good to go.
  37. Take VMware snapshot. Just in case.