Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

grubby fatal error: unable to find a suitable template

grubby fatal error: unable to find a suitable template

Updating   : selinux-policy-3.7.19-292.el6_8.3.noarch                                                                                                             8/28
Updating   : selinux-policy-targeted-3.7.19-292.el6_8.3.noarch                                                                                                    9/28
Installing : kernel-2.6.32-642.15.1.el6.x86_64                                                                                                                   10/28
grubby fatal error: unable to find a suitable template
Updating   : ntp-4.2.6p5-10.el6.centos.2.x86_64                                                                                                                  11/28
Updating   : libtiff-3.9.4-21.el6_8.x86_64                                                                                                                       12/28
Updating   : kernel-headers-2.6.32-642.15.1.el6.x86_64                                                                                                           13/28
Updating   : tzdata-2017a-1.el6.noarch                                                                                                                           14/28
Cleanup    : kernel-2.6.32-573.26.1.el6.x86_64                                                                                                                   15/28
warning:    erase unlink of /lib/modules/2.6.32-573.26.1.el6.x86_64/weak-updates failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-573.26.1.el6.x86_64/modules.order failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-573.26.1.el6.x86_64/modules.networking failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-573.26.1.el6.x86_64/modules.modesetting failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-573.26.1.el6.x86_64/modules.drm failed: No such file or directory
warning:    erase unlink of /lib/modules/2.6.32-573.26.1.el6.x86_64/modules.block failed: No such file or directory
Cleanup    : selinux-policy-targeted-3.7.19-292.el6_8.2.noarch

mv /boot/grub/grub.conf /boot/grub/bk_grub.conf
yum -y update && yum -y reinstall kernel

add in grub.conf 


title CentOS (2.6.32-431.el6.x86_64)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.32-431.el6.x86_64 ro root=UUID=c5f51db1-bfef-4480-868f-dc6049906512 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /boot/initramfs-2.6.32-431.el6.x86_64.img
        
        
        
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-642.15.1.el6.x86_64)
        root (hd0,0)
        kernel /boot/vmlinuz-2.6.32-642.15.1.el6.x86_64 ro root=UUID=c5f51db1-bfef-4480-868f-dc6049906512 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.32-642.15.1.el6.x86_64.img
title CentOS (2.6.32-573.3.1.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-573.3.1.el6.x86_64 ro root=/dev/mapper/vg_db2-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_db2/lv_swap rd_NO_MD rd_LVM_LV=vg_db2/lv_root SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.32-573.3.1.el6.x86_64.img
title CentOS (2.6.32-431.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-431.el6.x86_64 ro root=/dev/mapper/vg_db2-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_LVM_LV=vg_db2/lv_swap rd_NO_MD rd_LVM_LV=vg_db2/lv_root SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.32-431.el6.x86_64.img


or 

It is absolutely impossible to regenerate a grub.conf from scratch with any of the tools delivered by CentOS. My solution:

  1. boot your system via Install-Disk or by grub command line prompt
  2. create an empty new /boot/grub/grub.conf
  3. add the next code snippet to your grub.conf
1
2
3
4
5
6
7
8
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-279.22.1.el6.x86_64)
  root (hd0,0)
  kernel /vmlinuz-2.6.32-279.22.1.el6.x86_64 ro root=/dev/sda3
  initrd /initramfs-2.6.32-279.22.1.el6.x86_64.img

N O T E:
I have a separated /boot partition on my systems. In standard configuration delivered by CentOS /boot and / will be on the same partition. In this case, the path to kernel and initrd will start with /boot/vmlinuz... and /boot/initramfs... . The root partition mostly will be root=/dev/sda1.

Try to boot your system with your manually built grub.conf. If anything works fine you can add new boot entries by CentOS’ tool grubby. For example:

1
2
3
root@host:~ $ grubby --add-kernel="/boot/vmlinuz-2.6.32-279.22.1.el6.x86_64"\
--initrd="/boot/initramfs-2.6.32-279.22.1.el6.x86_64.img"\
--title="CentOS (2.6.32-279.22.1.el6.x86_64)" --copy-default --make-default

The tool grubby will replace the /dev/sda? device file with the UUID string of the partition.
You can use the next line to generate an entry for each kernel image in /boot/:

1
2
3
4
5
6
7
for kernel in /boot/vmlinuz-*; do \
version=`echo $kernel | awk -F'vmlinuz-' '{print $NF}'`; \
grubby --add-kernel="/boot/vmlinuz-${version}" \
--initrd="/boot/initramfs-${version}.img" \
--title="CentOS (${version})" \
--copy-default --make-default; \
done

You should check the /etc/grub.conf for duplicate entries or maybe you will resort the boot order. Reboot your system to check if anything works fine again.


Issue

    When I install a kernel from RHN, I am getting the error: grubby fatal error: unable to find a suitable template

Raw

    [root@rhel5 ~]# rpm -vhi kernel-2.6.18-274.el5.x86_64.rpm 
    Preparing...                ########################################### [100%]
       1:kernel                 ########################################### [100%]
    grubby fatal error: unable to find a suitable template 

Resolution

    Several things can cause this error: One is when /boot is not currently mounted. Remounting /boot can properly install the kernel.

Raw

        [root@rhel5 ~]# rpm -e kernel-2.6.18-274.el5

If the above command fails because of installed dependencies, use it in the following form:
Raw

        [root@rhel5 ~]# rpm -e --nodeps kernel-2.6.18-274.el5

Afterwards, ensure /boot is mounted and proceed to reinstall the kernel:
Raw

        [root@rhel5 ~]# mount /boot
        [root@rhel5 ~]# rpm -ivh kernel-2.6.18-274.el5.x86_64.rpm 
        Preparing...                ########################################### [100%]
           1:kernel                 ########################################### [100%]
        [root@rhel5 ~]# 

If you don't have the RPM available, you can always use yum:
Raw

        [root@rhel5 ~]# yum install kernel

    This error can also happen when there are multiple filesystems with same label for the root device, and the root device is specified with LABEL= in grub.conf. In that case, change the label into an unique one, or use the device name or UUID= to specify the root device in grub.conf. To change the label on /dev/sdb2 to /root-1 for example:

Raw

# e2label /dev/sdb2 /root-1

    Another cause for this error can be a bad path to the initrd in grub.conf.

    If root device in your kernel line is invalid will also cause this message. To resolve this you can edit /boot/grub/grub.conf, changing the root entry in the most recent kernel entry to point to the correct root device.

Diagnostic Steps

    To check if you have multiple filesystems with the same label run the following command (uuid's simplified for clarity):

Raw

# blkid
$ cat sos_commands/filesys/blkid 
/dev/sda1: LABEL="/boot" UUID="aaaaa" TYPE="ext3" SEC_TYPE="ext2" 
/dev/sdb1: LABEL="/boot" UUID="aaaaa" TYPE="ext3" SEC_TYPE="ext2" 
/dev/sda2: LABEL="/" UUID="bbbbb" SEC_TYPE="ext2" TYPE="ext3" 
/dev/sdb2: LABEL="/" UUID="bbbbb" SEC_TYPE="ext2" TYPE="ext3" 

We can see above that there are 2 disks with the same label. Check to see if they have the same wwwid (these commands are for RHEL5. For RHEL6 you need to use scsi_id --whitelisted /dev/sd* instead.
Raw

# scsi_id -gus /block/sda
3600001234567
# scsi_id -gus /block/sdb
HITATCHI-abc123

The above clearly shows that they are different disks (i.e. not a multiple path to the same device).

DOCKER Testing

Obtaining the Docker image

First, get the basic Docker image. The Docker image is published on the Docker Hub Registry (https://hub.docker.com/).
You can search for published images with the docker search command. An example of searching the image of CentOS is here.

# docker search centos

INDEX       NAME                                      DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
docker.io   docker.io/centos                          The official build of CentOS.                   1842      [OK]
docker.io   docker.io/ansible/centos7-ansible         Ansible on Centos7                              63                   [OK]
docker.io   docker.io/jdeathe/centos-ssh              CentOS-6 6.7 x86_64 / EPEL/IUS Repos / Ope…   14                   [OK]
docker.io   docker.io/jdeathe/centos-ssh-apache-php   CentOS-6 6.7 x86_64 / Apache / PHP / PHP M…   11                   [OK]
docker.io   docker.io/million12/centos-supervisor     Base CentOS-7 with supervisord launcher, h…   9                    [OK]
docker.io   docker.io/blalor/centos                   Bare-bones base CentOS 6.5 image                8                    [OK]
docker.io   docker.io/nimmis/java-centos              This is docker images of CentOS 7 with dif…   7                    [OK]
docker.io   docker.io/torusware/speedus-centos        Always updated official CentOS docker imag…   7                    [OK]
docker.io   docker.io/consol/centos-xfce-vnc          Centos container with “headless” VNC sessi…   5                    [OK]
docker.io   docker.io/jdeathe/centos-ssh-mysql        CentOS-6 6.7 x86_64 / MySQL.                    4                    [OK]
docker.io   docker.io/nathonfowlie/centos-jre         Latest CentOS image with the JRE pre-insta…   3                    [OK]
docker.io   docker.io/centos/mariadb55-centos7                                                        2                    [OK]
docker.io   docker.io/nickistre/centos-lamp           LAMP on centos setup                            2                    [OK]
docker.io   docker.io/feduxorg/centos-postgresql      Centos Image with postgres                      1                    [OK]
docker.io   docker.io/layerworx/centos                CentOS container with etcd, etcdctl, confd…   1                    [OK]
docker.io   docker.io/lighthopper/orientdb-centos     A Dockerfile for creating an OrientDB imag…   1                    [OK]
docker.io   docker.io/nathonfowlie/centos-jira        JIRA running on the latest version of CentOS    1                    [OK]
docker.io   docker.io/softvisio/centos                Centos                                          1                    [OK]
docker.io   docker.io/yajo/centos-epel                CentOS with EPEL and fully updated              1                    [OK]
docker.io   docker.io/blacklabelops/centos            Blacklabelops Centos 7 base image without …   0                    [OK]
docker.io   docker.io/januswel/centos                 yum update-ed CentOS image                      0                    [OK]
docker.io   docker.io/jsmigel/centos-epel             Docker base image of CentOS w/ EPEL installed   0                    [OK]
docker.io   docker.io/lighthopper/openjdk-centos      A Dockerfile for creating an OpenJDK image…   0                    [OK]
docker.io   docker.io/pdericson/centos                Docker image for CentOS                         0                    [OK]
docker.io   docker.io/timhughes/centos                Centos with systemd installed and running       0                    [OK]

Various images are released to various people. What is displayed as “OK” in the OFFICIAL column is the official image of CentOS. Several applications that have been installed in advance have been released.
To download the Docker image, use the docker pull command. An example of execution when downloading the image of CentOS 7 is here.

# docker pull centos

Using default tag: latest
Trying to pull repository docker.io/library/centos … latest: Pulling from library/centos
47d44cb6f252: Pull complete
838c1c5c4f83: Pull complete
5764f0a31317: Pull complete
60e65a8e4030: Pull complete
library/centos:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:8072bc7c66c3d5b633c3fddfc2bf12d5b4c2623f7004d9eed6aae70e0e99fbd7
Status: Downloaded newer image for docker.io/centos:latest

As in this example, several images are downloaded in batches. You can check downloaded images as follows.

# docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
?docker.io/centos    latest              60e65a8e4030        3 weeks ago         196.6 MB
?

The Docker image is specified by separating the repository and the tag with “:”. For example, the image of CentOS 7 in ? is used under the name docker.io / centos: latest.
Create Container

Invoking a container refers to starting a process on this image. Docker expands the specified image and uses it as a container file system set.
To create a container, use the docker run command. We use it in the following

docker run [<options>] <image> <command> [<arg>]

Specify the image to be used with the command to move on the image and its argument with and.

Here is the command to create a container named “centos7” that starts bash with the image docker.io /centos:latest.

# docker run -it –name centos7 docker.io/centos:latest /bin/bash

[root@b18de31e55ec /]#ls
anaconda-post.log  bin  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

In this example, docker run is appended with “-it” as an option. This is a designation of assigning TTY (terminal · console) in interactive mode.
You can execute the ls command etc. in the started container. Of course you can also use vi etc. to modify the file.
The container will only run while the started /bin/bash process is running. That is, the container stops when you exit this shell.

· Container stop

[root@b18de31e55ec /]# exit

If you want to return the operation to the original shell without stopping the container, you can exit the container’s TTY with Ctrl-P + Ctrl-q.
Reconnect to container

# docker attach centos7

[root@b18de31e55ec /]#

[root@b18de31e55ec /]# ls
anaconda-post.log  bin  dev  etc  home  lib  lib64  lost+found  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var

To connect to a running container, execute the docker attach command with the container name as follows.

Confirming Container in Operation

To check the active container, use the docker ps command.

# docker ps
CONTAINER ID        IMAGE                     COMMAND             CREATED             STATUS              PORTS               NAMES
b18de31e55ec        docker.io/centos:latest   “/bin/bash”         9 minutes ago       Up 9 minutes                            centos7

# docker ps -a
8cc776959b0f        docker.io/centos:latest   “/bin/bash”         5 seconds ago       Exited (0) 1 seconds ago                       centos7a
b18de31e55ec        docker.io/centos:latest   “/bin/bash”         14 minutes ago      Up 14 minutes                                  centos7

Confirm container information

If you want to know the detailed state of the container of Docker, use docker inspect.
You can check the process specified when starting Docker, the resources allocated to the container, and so on.

# docker inspect centos7
[
{
“Id”: “b18de31e55ec5c02721193fab1d815f9b5fd3d32eebad4b86330b792a5ce2c0a”,
“Created”: “2016-01-19T11:17:47.272087891Z”,
“Path”: “/bin/bash”,
“Args”: [],
“State”: {
“Running”: true,
“Paused”: false,
“Restarting”: false,
“OOMKilled”: false,
“Dead”: false,
“Pid”: 2563,
“ExitCode”: 0,
“Error”: “”,
“StartedAt”: “2016-01-19T11:17:47.685386072Z”,
“FinishedAt”: “0001-01-01T00:00:00Z”
},
“Image”: “60e65a8e4030022260a4f84166814b2683e1cdfc9725a9c262e90ba9c5ae2332”,
“NetworkSettings”: {
“Bridge”: “”,
“EndpointID”: “4aeb09fdcce86c3d8c76115f222657844dc4fa7ca0d56d8b997e6d1708d42717”,
“Gateway”: “172.17.42.1”,
“GlobalIPv6Address”: “”,
“GlobalIPv6PrefixLen”: 0,
“HairpinMode”: false,
“IPAddress”: “172.17.0.1”,
“IPPrefixLen”: 16,
“IPv6Gateway”: “”,
“LinkLocalIPv6Address”: “”,
“LinkLocalIPv6PrefixLen”: 0,
“MacAddress”: “02:42:ac:11:00:01”,
“NetworkID”: “b1d897f4c186fdaffcebd0ed10a57721ed871efad61bba223f74d362ddd47b31”,
“PortMapping”: null,
“Ports”: {},
“SandboxKey”: “/var/run/docker/netns/b18de31e55ec”,
“SecondaryIPAddresses”: null,
“SecondaryIPv6Addresses”: null
},
“ResolvConfPath”: “/var/lib/docker/containers/b18de31e55ec5c02721193fab1d815f9b5fd3d32eebad4b86330b792a5ce2c0a/resolv.conf”,
“HostnamePath”: “/var/lib/docker/containers/b18de31e55ec5c02721193fab1d815f9b5fd3d32eebad4b86330b792a5ce2c0a/hostname”,
“HostsPath”: “/var/lib/docker/containers/b18de31e55ec5c02721193fab1d815f9b5fd3d32eebad4b86330b792a5ce2c0a/hosts”,
“LogPath”: “/var/lib/docker/containers/b18de31e55ec5c02721193fab1d815f9b5fd3d32eebad4b86330b792a5ce2c0a/b18de31e55ec5c02721193fab1d815f9b5fd3d32eebad4b86330b792a5ce2c0a-json.log”,
“Name”: “/centos7”,
“RestartCount”: 0,
“Driver”: “devicemapper”,
“ExecDriver”: “native-0.2”,
“MountLabel”: “”,
“ProcessLabel”: “”,
“AppArmorProfile”: “”,
“ExecIDs”: null,
“HostConfig”: {
“Binds”: null,
“ContainerIDFile”: “”,
“LxcConf”: [],
“Memory”: 0,
“MemorySwap”: 0,
“CpuShares”: 0,
“CpuPeriod”: 0,
“CpusetCpus”: “”,
“CpusetMems”: “”,
“CpuQuota”: 0,
“BlkioWeight”: 0,
“OomKillDisable”: false,
“MemorySwappiness”: -1,
“Privileged”: false,
“PortBindings”: {},
“Links”: null,
“PublishAllPorts”: false,
“Dns”: null,
“DnsSearch”: null,
“ExtraHosts”: null,
“VolumesFrom”: null,
“Devices”: [],
“NetworkMode”: “default”,
“IpcMode”: “”,
“PidMode”: “”,
“UTSMode”: “”,
“CapAdd”: null,
“CapDrop”: null,
“GroupAdd”: null,
“RestartPolicy”: {
“Name”: “no”,
“MaximumRetryCount”: 0
},
“SecurityOpt”: null,
“ReadonlyRootfs”: false,
“Ulimits”: null,
“LogConfig”: {
“Type”: “json-file”,
“Config”: {}
},
“CgroupParent”: “”,
“ConsoleSize”: [
0,
0
]
},
“GraphDriver”: {
“Name”: “devicemapper”,
“Data”: {
“DeviceId”: “7”,
“DeviceName”: “docker-253:1-67259332-b18de31e55ec5c02721193fab1d815f9b5fd3d32eebad4b86330b792a5ce2c0a”,
“DeviceSize”: “107374182400”
}
},
“Mounts”: [],
“Config”: {
“Hostname”: “b18de31e55ec”,
“Domainname”: “”,
“User”: “”,
“AttachStdin”: true,
“AttachStdout”: true,
“AttachStderr”: true,
“ExposedPorts”: null,
“PublishService”: “”,
“Tty”: true,
“OpenStdin”: true,
“StdinOnce”: true,
“Env”: null,
“Cmd”: [
“/bin/bash”
],
“Image”: “docker.io/centos:latest”,
“Volumes”: null,
“VolumeDriver”: “”,
“WorkingDir”: “”,
“Entrypoint”: null,
“NetworkDisabled”: false,
“MacAddress”: “”,
“OnBuild”: null,
“Labels”: {}
}
}
]

Container stopped

You can also stop running containers from the host side. Execute the following docker stop command with the container name specified.

# docker stop centos7
centos7

When this process is executed, TERM signal and KILL signal are sent to the container process. In other words, it will kill the container process.
Launch container

You can also move the suspended container again. Execute the docker start command with the container name as follows.

docker start centos7

centos7

Restart container

To restart a running container, use the docker restart command. When this command is executed, the process of the container is forcibly terminated and restarted.

# docker restart centos7
centos7

Container commit

Even if you edit a file in a container, deleting all the containers will delete the changes. However, you can store the state of the container as a new image.
Storage is done with the docker commit.
Docker commit saves the container in the specified local repository. Tags can also be specified. In addition, you can attach a creator with the -a option and a message with the -m option.
Here is an example of storing a container called centos7 in a repository named localrepo.

# docker commit -a Mohan Ramadoss -m “CentOS 7 test image” centos7 localrepo:test
32f79088593dc06e79c3fed9e0732ec7a35f179034e6faf3f4b11db906fee925

# docker images localrepo
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
localrepo           test                32f79088593d        15 seconds ago      196.6 MB

Delete Container

To delete the container you created, use docker rm.
If you delete a container, all the files created inside the container will be destroyed, so you need to save it as a new image with docker commit beforehand if storage is necessary.

# docker rm -f centos7
centos7

docker rm -f cents7

Containerization of application environment and disclosure of services

Docker can manage images with a much smaller size than virtual machines such as KVM. Therefore, you can save the execution environment of the application, applications and contents together as a Docker image, and can also perform version management and so on.
We will explain containerization of the application environment and disclosure of the service using an example of building a WWW server and contents environment on the Docker container.

In addition, we will create it in the following procedure.
(1) Create a container to be the source of the WWW server
(2) Set up the WWW server
(3) Placing WWW contents
(4) Save the image (Containerized)
(5) Create a new container with the saved image and check the operation
(6) Publication of container service

In future examples of execution there are things to run on containers and things to run on hosts. Because it is confusing, specify what you should run on the host side (on the host) and what you should do on the container are (on the container).

(1) Create a container to be the source of the WWW server

First, create a container that will be the source of the WWW server. Launch / bin / bash using the official image of centos7. At this time, share the volume to pass the WWW contents from the host. Share the directory containing the WWW contents (/ home / admin / html in this case)

# docker run -it –name webserver-devel –volume=/home/admin/html:/mnt centos:7 /bin/bash

Unable to find image ‘centos:7’ locally
Trying to pull repository docker.io/library/centos … 7: Pulling from library/centos
f5079557f135: Pull complete
42c2aa730369: Pull complete
0e0217391d41: Pull complete
47d44cb6f252: Already exists
library/centos:7: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:8dcd2ec6183f3f4a94d4f9552ce76091624760edefcaa39a9e04441f9e2ad9f6
Status: Downloaded newer image for docker.io/centos:7

Explanation about mounting the host volume

We are mounting the host’s volume (/home/admin/html) to /mnt of the container using the -volume option. Mounting the host volume can be used for the following applications.

Passing files from the host to the container
Sharing files among containers
Storing Container Data

Files created with containers are deleted when the container is deleted, but if you change the file in the mounted area, it will be reflected on the host side as it is.

(2) Set up the WWW server

Install the WWW server in the created container.

[root@168f748a722c /]# yum install httpd
Loaded plugins: fastestmirror, ovl
base                                                                                                               | 3.6 kB  00:00:00
extras                                                                                                             | 3.4 kB  00:00:00
updates                                                                                                            | 3.4 kB  00:00:00
(1/4): base/7/x86_64/group_gz                                                                                      | 155 kB  00:00:00
(2/4): extras/7/x86_64/primary_db                                                                                  | 101 kB  00:00:00
(3/4): base/7/x86_64/primary_db                                                                                    | 5.3 MB  00:00:00
(4/4): updates/7/x86_64/primary_db                                                                                 | 3.1 MB  00:00:06
Determining fastest mirrors
* base: ftp.iij.ad.jp
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
Resolving Dependencies
–> Running transaction check
—> Package httpd.x86_64 0:2.4.6-40.el7.centos will be installed
–> Processing Dependency: httpd-tools = 2.4.6-40.el7.centos for package: httpd-2.4.6-40.el7.centos.x86_64
–> Processing Dependency: system-logos >= 7.92.1-1 for package: httpd-2.4.6-40.el7.centos.x86_64
–> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-40.el7.centos.x86_64
–> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-40.el7.centos.x86_64
–> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-40.el7.centos.x86_64
–> Running transaction check
—> Package apr.x86_64 0:1.4.8-3.el7 will be installed
—> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
—> Package centos-logos.noarch 0:70.0.6-3.el7.centos will be installed
—> Package httpd-tools.x86_64 0:2.4.6-40.el7.centos will be installed
—> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================
Package                           Arch                        Version                                    Repository                 Size
==========================================================================================================================================
Installing:
httpd                             x86_64                      2.4.6-40.el7.centos                        base                      2.7 M
Installing for dependencies:
apr                               x86_64                      1.4.8-3.el7                                base                      103 k
apr-util                          x86_64                      1.5.2-6.el7                                base                       92 k
centos-logos                      noarch                      70.0.6-3.el7.centos                        base                       21 M
httpd-tools                       x86_64                      2.4.6-40.el7.centos                        base                       82 k
mailcap                           noarch                      2.1.41-2.el7                               base                       31 k

Transaction Summary
==========================================================================================================================================
Install  1 Package (+5 Dependent packages)

Total download size: 24 M
Installed size: 31 M
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/apr-util-1.5.2-6.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for apr-util-1.5.2-6.el7.x86_64.rpm is not installed
(1/6): apr-util-1.5.2-6.el7.x86_64.rpm                                                                             |  92 kB  00:00:00
(2/6): apr-1.4.8-3.el7.x86_64.rpm                                                                                  | 103 kB  00:00:00
(3/6): httpd-2.4.6-40.el7.centos.x86_64.rpm                                                                        | 2.7 MB  00:00:00
(4/6): httpd-tools-2.4.6-40.el7.centos.x86_64.rpm                                                                  |  82 kB  00:00:00
(5/6): mailcap-2.1.41-2.el7.noarch.rpm                                                                             |  31 kB  00:00:00
(6/6): centos-logos-70.0.6-3.el7.centos.noarch.rpm                                                                 |  21 MB  00:00:02
——————————————————————————————————————————————
Total                                                                                                     7.7 MB/s |  24 MB  00:00:03
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid     : “CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>”
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package    : centos-release-7-2.1511.el7.centos.2.10.x86_64 (@CentOS)
From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7.x86_64                                                                                                 1/6
Installing : apr-util-1.5.2-6.el7.x86_64                                                                                            2/6
Installing : httpd-tools-2.4.6-40.el7.centos.x86_64                                                                                 3/6
Installing : centos-logos-70.0.6-3.el7.centos.noarch                                                                                4/6
Installing : mailcap-2.1.41-2.el7.noarch                                                                                            5/6
Installing : httpd-2.4.6-40.el7.centos.x86_64                                                                                       6/6
Verifying  : httpd-2.4.6-40.el7.centos.x86_64                                                                                       1/6
Verifying  : httpd-tools-2.4.6-40.el7.centos.x86_64                                                                                 2/6
Verifying  : apr-1.4.8-3.el7.x86_64                                                                                                 3/6
Verifying  : mailcap-2.1.41-2.el7.noarch                                                                                            4/6
Verifying  : apr-util-1.5.2-6.el7.x86_64                                                                                            5/6
Verifying  : centos-logos-70.0.6-3.el7.centos.noarch                                                                                6/6

Installed:
httpd.x86_64 0:2.4.6-40.el7.centos

Dependency Installed:
apr.x86_64 0:1.4.8-3.el7                         apr-util.x86_64 0:1.5.2-6.el7         centos-logos.noarch 0:70.0.6-3.el7.centos
httpd-tools.x86_64 0:2.4.6-40.el7.centos         mailcap.noarch 0:2.1.41-2.el7

Complete!

[root@168f748a722c /]# cp -a /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_org
[root@168f748a722c /]# vi /etc/httpd/conf/httpd.conf

3) Placing WWW contents

Place the WWW contents in the Docker container. Copy the file from the host volume mounted at / mnt. However, it is impossible to access the file with the limitation of SELinux under normal conditions.
(This can also be said to prevent containers from adversely affecting hosts). Therefore, we first change the content text temporarily on the host side.

# chcon -R system_u:object_r:docker_var_lib_t:s0 /home/admin/html

# vi /home/admin/html/index.html
test

Copy it to the appropriate directory in the Docker container.

[root@168f748a722c]# cp -rp /mnt/* /var/www/html/

restorecon -R /home/admin/html

(4) Save the image (Containerized)

When the setting of the WWW server is finished and the contents are placed, the container is stopped and docker commit is executed on the host side to save the image of the container.

[root@168f748a722c]# exit

# docker commit -a Mohan -m “CentOS 7 webserver” webserver-devel localrepo:webserver-1
3e8ac2d724a929d2696a796ac6a9a06e90cfe847bc106f93c11ff6bfa874fc52

# docker rm webserver-devel
webserver-devel

(5) Create a new container with the saved image and check the operation.

Using the saved image, create a container for the WWW server for operation check.
In this container, start up the WWW server (/usr/sbin/httpd).

# docker rm webserver-devel
webserver-devel

# docker run -d –name webserver –expose=80 localrepo:webserver-1 /usr/sbin/httpd -D FOREGROUND
09a84be4de6be2a33831a338ebd780cf1c582be3c999aa8b1ee8ea928da31665

The WWW server should now be running on the container. In this state, access the 80 port of the container from the host and check the operation.

· IP address survey
The IP address assigned to the container can be checked with docker inspect.

# docker inspect webserver | grep -i addres

“IPAddress”: “172.17.0.4”,

# ping 172.17.0.4
PING 172.17.0.4 (172.17.0.4) 56(84) bytes of data.
64 bytes from 172.17.0.4: icmp_seq=1 ttl=64 time=0.098 ms
64 bytes from 172.17.0.4: icmp_seq=2 ttl=64 time=0.196 ms
^C
— 172.17.0.4 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.098/0.147/0.196/0.049 ms

# nmap 172.17.0.4
Starting Nmap 6.40 ( http://nmap.org ) at 2016-02-23 10:31 JST
Nmap scan report for 172.17.0.4
Host is up (0.0000090s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds

(6) Publication of container service

If there is no problem by checking the operation, you can publish the container service to the outside. We will terminate the container once and delete it.

# docker rm -f webserver
webserver

Next, create a container of an official WWW server. At this time, connect the port of the host and the port of the container with -publish.
By doing this, you can connect to the WWW server of the container from the outside through host port 80.

# docker run -d –name webserver –expose=80 –publish 80:80 localrepo:webserver-1 /usr/sbin/httpd -D FOREGROUND
9daf1f23ca7cf7c2fcbf9c571f7b714f7e1b3b29948dc16cb5983823a5c5f19c

Summary

What did you think?

If you actually start using Docker, you can think of it as a test environment. It is to make the best use of Docker’s taste while suppressing risk. It is possible to easily return to the original environment by first constructing the setting necessary for testing and saving it as a Docker image.

And as a next step, we recommend using Docker for development environment. As errors do not occur depending on the environment, for example, if an external company is added to the development team, as long as the development environment can be distributed as a state (container) that can be distributed, the time to get development to start It should be saved.

As a final step, it may be possible to use WEB service etc. as the actual environment introduced this time. You can take advantage of the light operation, you can restore every environment when you need it again by imaging the container and saving it when the publication period is over.

Given these advantages, it should be worth considering the introduction of Docker, so I’d appreciate it if you touch Docker with reference to this article.

Well then.
It will be successful if the contents are displayed by accessing with the browser. (192.168.0.3 is the IP address of the host OS.)

Docker Centos 7

nginx?HTTPS

vim  /etc/default/docker

OPTIONS=”–insecure-registry 192.168.1.9:5000″

docker-images     10.0.0.5     docker
10.0.0.6     docker

[root@docker-images ~]# cat /etc/RedHat-release
CentOS Linux release 7.2.1511 (Core)
[root@docker-images ~]# uname -r
3.10.0-327.el7.x86_64
[root@docker-images ~]# uname -m
x86_64
[root@docker-images ~]# uname -a
Linux docker-images 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@docker-images ~]#

1?selinux

[root@docker-images ~]# systemctl stop firewalld
[root@docker-images ~]# systemctl disable firewalld
[root@docker-images ~]# setenforce 0
[root@docker-images ~]# getenforce
Permissive
[root@docker-images ~]#

2?docker

yum install docker
[root@docker-images ~]# systemctl enable docker
[root@docker-images ~]# systemctl start docker

3?registry

[root@docker-images ~]# docker pull registry
[root@docker-images ~]# docker images
REPOSITORY          TAG                IMAGE ID            CREATED            SIZE
docker.io/registry  latest              047218491f8c        10 days ago        33.17 MB
[root@docker-images ~]#

4?Based on private warehouse mirroring to run containers

[root@docker-images ~]#  docker run -d -p 5000:5000 -v /opt/data/registry:/tmp/registry docker.io/registry
# The default repository is created in / tmp / registry and the repository location is specified with the -v parameter
1e8b1a03013ee66034b40aee1820000a2ccf026a3b1e43606f3e4007b2a9d455
[root@docker-images ~]#
[root@docker-images ~]# docker ps  #View the running container
CONTAINER ID        IMAGE                COMMAND                  CREATED            STATUS              PORTS                    NAMES
1e8b1a03013e        docker.io/registry  “/entrypoint.sh /etc/”  35 seconds ago      Up 32 seconds      0.0.0.0:5000->5000/tcp  goofy_mcnulty
[root@docker-images ~]#

5?access to private warehouses

[root@docker-images ~]# curl 127.0.0.1:5000/v2
<a href=”/v2/”>Moved Permanently</a>.
[root@docker-images ~]#
# Description registry deployment is successful

6?Mark the base image as a mirror

[root@docker-images ~]# docker search  docker.io/Fedora/ssh|grep docker.io/fedora/ssh
docker.io  docker.io/fedora/ssh                                                                        20                  [OK]
[root@docker-images ~]# docker pull docker.io/fedora/ssh    #Download the image
[root@docker-images ~]# docker images
REPOSITORY            TAG                IMAGE ID            CREATED            SIZE
docker.io/registry    latest              047218491f8c        10 days ago        33.17 MB
docker.io/fedora/ssh  latest              ad6a3ff29626        4 weeks ago        396.7 MB
[root@docker-images ~]# docker tag docker.io/fedora/ssh 127.0.0.1:5000/ssh    #Tagged
[root@docker-images ~]# docker images
REPOSITORY            TAG                IMAGE ID            CREATED            SIZE
docker.io/registry    latest              047218491f8c        10 days ago        33.17 MB
127.0.0.1:5000/ssh    latest              ad6a3ff29626        4 weeks ago        396.7 MB
docker.io/fedora/ssh  latest              ad6a3ff29626        4 weeks ago        396.7 MB
[root@docker-images ~]#
[root@docker-images ~]# vim /etc/sysconfig/docker
OPTIONS=”–selinux-enabled  –insecure-registry 10.0.0.5:5000″    #Customize the private warehouse URL
[root@docker-images ~]# systemctl restart docker

7???????????

[root@docker-images ~]# docker start 1e8  #Open the local library
1e8
[root@docker-images ~]# docker ps
CONTAINER ID        IMAGE                COMMAND                  CREATED            STATUS              PORTS                    NAMES
1e8b1a03013e        docker.io/registry  “/entrypoint.sh /etc/”  4 hours ago        Up 3 seconds        0.0.0.0:5000->5000/tcp  goofy_mcnulty
[root@docker-images ~]#
[root@docker-images ~]# docker push 127.0.0.1:5000/ssh    #Upload a library with a good label
The push refers to a repository [127.0.0.1:5000/ssh]
482d621bda33: Pushed
510f15c27a8b: Pushed
e4f86288aaf7: Pushed
latest: digest: sha256:5ad5aec14bb7aa63fdcea1772db6ab5b5de99b0a023d234e61f5aa8c9435e8ff size: 948
[root@docker-images ~]#

8, view has been uploaded a good mirror

[root@docker-images ~]# curl 10.0.0.5:5000/v2/_catalog
{“repositories”:[“ssh”]}
[root@docker-images ~]#

?????????????

http://10.0.0.5:5000/v2/_catalog

9?View the image that has been uploaded in the browser

[root@centos7 ~]# vim /etc/sysconfig/docker      #Add private warehouse address
OPTIONS=”–selinux-enabled  –insecure-registry 10.0.0.5:5000″

[root@centos7 ~]# systemctl restart docker
[root@centos7 ~]# docker pull 10.0.0.5:5000/ssh

You can see that you can download the mirror to prove that the private warehouse to create a success

[root@centos7 ~]# docker images
REPOSITORY          TAG                IMAGE ID            CREATED            SIZE
10.0.0.5:5000/ssh  latest              ad6a3ff29626        4 weeks ago        396.7 MB
[root@centos7 ~]#

Then run a centos7 container through your own private library

1?From another database to send a centos image pushed to the private library server

[root@docker-images ~]# ls
anaconda-ks.cfg  centos.tar
[root@docker-images ~]# docker load < centos.tar    # Import the image into the docker
34e7b85d83e4: Loading layer [==================================================>] 199.9 MB/199.9 MB
Loaded image: docker.io/centos:latest                                          ] 557.1 kB/199.9 MB
[root@docker-images ~]# docker images
REPOSITORY            TAG                IMAGE ID            CREATED            SIZE
docker.io/registry    latest              047218491f8c        10 days ago        33.17 MB
127.0.0.1:5000/ssh    latest              ad6a3ff29626        4 weeks ago        396.7 MB
docker.io/fedora/ssh  latest              ad6a3ff29626        4 weeks ago        396.7 MB
docker.io/centos      latest              67591570dd29        12 weeks ago        191.8 MB
[root@docker-images ~]#

2?Once again marked with their own label

[root@docker-images ~]# docker tag docker.io/centos:latest  10.0.0.5:5000/lcentos
# In order to distinguish the front, I will centos do other markup
[root@docker-images ~]# docker images
REPOSITORY              TAG                IMAGE ID            CREATED            SIZE
docker.io/registry      latest              047218491f8c        10 days ago        33.17 MB
127.0.0.1:5000/ssh      latest              ad6a3ff29626        4 weeks ago        396.7 MB
docker.io/fedora/ssh    latest              ad6a3ff29626        4 weeks ago        396.7 MB
docker.io/centos        latest              67591570dd29        12 weeks ago        191.8 MB
10.0.0.5:5000/lcentos  latest              67591570dd29        12 weeks ago        191.8 MB
[root@docker-images ~]#

3?Upload a good mirror to your own private library

[root@docker-images ~]# docker push 10.0.0.5:5000/lcentos

4?View the uploaded image

[root@docker-images ~]# curl http://10.0.0.5:5000/v2/_catalog
{“repositories”:[“lcentos”,”ssh”]}
[root@docker-images ~]#

Browser view

5?Once again to prepare the environment for the test machine above pull

[root@centos7 ~]# docker pull 10.0.0.5:5000/lcentos
[root@centos7 ~]# docker images
REPOSITORY              TAG                IMAGE ID            CREATED            SIZE
10.0.0.5:5000/ssh      latest              ad6a3ff29626        4 weeks ago        396.7 MB
10.0.0.5:5000/lcentos  latest              67591570dd29        12 weeks ago        191.8 MB
[root@centos7 ~]#

6?Create and run a container

[root@centos7 ~]# docker run -d -it –privileged=false -p 80:80 –name abccentos 10.0.0.5:5000/lcentos /bin/bash
15b9f42b3d63846085664139bff0c041f614bc2b717787686d23785d98b37160
[root@centos7 ~]# docker ps -a
CONTAINER ID        IMAGE                  COMMAND            CREATED            STATUS              PORTS                NAMES
15b9f42b3d63        10.0.0.5:5000/lcentos  “/bin/bash”        16 seconds ago      Up 13 seconds      0.0.0.0:80->80/tcp  abccentos
[root@centos7 ~]#

7?Into the container view, you can see the version of centos and other information

[root@centos7 ~]# docker attach 15b9f42b3d63
[root@15b9f42b3d63 /]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@15b9f42b3d63 /]# uname -r
3.10.0-327.el7.x86_64
[root@15b9f42b3d63 /]# uname -a
Linux 15b9f42b3d63 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@15b9f42b3d63 /]#

sshd debug

1. To run sshd in debug mode as a one time instance without affecting other users:

    # /usr/sbin/sshd -ddd -D -p (port) 2>&1 | awk '{ print strftime("%T: "), $0; fflush(); }' | tee sshd.log

2. On the client end run add -p (port) to the ssh command line

    # ssh -p (port)

OR

1. Open the `/etc/ssh/sshd_config` file in a text editor

    # vim /etc/ssh/sshd_config

2. Add the following line and save the file

    LogLevel DEBUG3

3. Restart SSHD

    # service sshd restar

Disable Password Authentication for SSH

How to Disable Password Authentication for SSH

Once you have SSH Keys configured, you can add some extra security to your server by disabling password authentication for SSH. (Note that if you do lose your private key, this will make the server inaccessible and you will need to contact HostGator to have this re-enabled.)

To disable this setting, you can do the following:

nano /etc/ssh/sshd_config

In this file, set the following settings to the following values. If these settings are already in the file, set them to “no” rather than add new lines.

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Once this is done, restart the SSH daemon to apply the settings.

/etc/init.d/sshd restart

active directory ssh authentication

Here is my configs and setups: /etc/nsswitch.conf

passwd:     compat winbind

shadow:     compat winbind

group:      compat winbind


#hosts:     db files nisplus nis dns

hosts:      files dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files

netmasks:   files

networks:   files

protocols:  files

rpc:        files

services:   files

netgroup:   files

publickey:  nisplus

automount:  files

aliases:    files nisplus

/etc/pam.d/system-auth (generated via the “setup” ncurses wizard)

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so

auth        sufficient    pam_unix.so nullok try_first_pass

auth        requisite     pam_succeed_if.so uid >= 500 quiet

auth        sufficient    pam_krb5.so use_first_pass

auth        sufficient    pam_winbind.so use_first_pass

auth        required      pam_deny.so


account     required      pam_unix.so broken_shadow

account     sufficient    pam_succeed_if.so uid < 500 quiet

account     [default=bad success=ok user_unknown=ignore] pam_krb5.so

account     [default=bad success=ok user_unknown=ignore] pam_winbind.so

account     required      pam_permit.so


password    requisite     pam_cracklib.so try_first_pass retry=3

password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok

password    sufficient    pam_krb5.so use_authtok

password    sufficient    pam_winbind.so use_authtok

password    required      pam_deny.so


session     optional      pam_keyinit.so revoke

session     required      pam_limits.so

session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

session     required      pam_unix.so

session     optional      pam_krb5.so

/etc/ssh/sshd_config

Protocol 2

SyslogFacility AUTHPRIV

PasswordAuthentication yes


# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

ChallengeResponseAuthentication no


# Kerberos options

KerberosAuthentication yes

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no


# GSSAPI options

#GSSAPIAuthentication no

GSSAPIAuthentication yes

#GSSAPICleanupCredentials yes

GSSAPICleanupCredentials yes


UsePAM yes


# Accept locale-related environment variables

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

AcceptEnv LC_IDENTIFICATION LC_ALL

X11Forwarding yes


Subsystem       sftp    /usr/libexec/openssh/sftp-server

tomcat 32 bit Could not reserve enough space for 1048576KB object heap

 Commons Daemon procrun stdout initialized

Error occurred during initialization of VM

Could not reserve enough space for 1048576KB object heap

 

Here is how to fix it: Go to Start->Control Panel->System->Advanced(tab)->Environment Variables->System

Variables->New:
Variable name: _JAVA_OPTIONS
Variable value: -Xmx512M

Variable name: Path
Variable value: ;C:\Program Files\Java\jre6\bin;F:\JDK\bin;

Change this to your appropriate path.

 

 

How to use inotify-tools to trigger scripts on filesystem events

my last example of Bash if statements we created a backup script which would run “rsync” as per the time set in a cron.

But wouldn’t it be nice if we could run our “rsync” script only if there was a change to the files in our directory instead of running a cron every hour despite no change? With inotify-tools you can do just that.

What is inotify-tools?
Inotify tools are a set of command line programs based on inotify a Linux kernel (2.6.13 or later) feature which can be used to monitor filesystem events.

Installing inotify-tools

Software versions :

inotify-tools.x86_64 3.14-1.el6
CentOS 6.5
Linux kernel 2.6.32-042stab085.20

#Add the epel repo
[db1@rmohan.com ~]$ rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
#Install inotify-tools
[db1@rmohan.com ~]$  yum install inotify-tools

Inotify-tools has two commands

Inotifywait
This command simply blocks for inotify events, making it appropriate for use in shell scripts. It can watch any set of files and directories, and can recursively watch entire directory trees.

inotifywatch
inotifywatch collects filesystem usage statistics and outputs counts of each inotify event.

We will use inotifywait, since we do not need statistics.

inotifywait syntax

inotifywait filename

inotifywait example

[db1@rmohan.com ~]$ inotifywait /tmp
Setting up watches.
Watches established.
/tmp/ MODIFY test

As you can see in the above example an event (in this case a “modify action” was performed on a file named “test” inside /tmp) triggered the output.

Now “inotifywait” by default checks for all events including if a file was opened but not written to, Since we only want “rsync” to trigger on change events like when a file is modified, we will need to specify the “-e” flag along with the list of events we want to be notified about.

[db1@rmohan.com ~]$ inotifywait -m -r -e \ modify,attrib,close_write,move,create,delete /tmp
Setting up watches.  Beware: since -r was given, this may take a while!
Watches established.
/tmp/ MODIFY a
/tmp/ CLOSE_WRITE,CLOSE a

The -m flag is for continuous monitoring as by default inotifywait will exit on the first event and -r means recursively or check through sub-directories as well.

List of inotifywait events
access
A watched file or a file within a watched directory was read from.
modify
A watched file or a file within a watched directory was written to.
attrib
The metadata of a watched file or a file within a watched directory was modified. This includes timestamps, file permissions, extended attributes etc.
close_write
A watched file or a file within a watched directory was closed, after being opened in writeable mode. This does not necessarily imply the file was written to.
close_nowrite
A watched file or a file within a watched directory was closed, after being opened in read-only mode.
close
A watched file or a file within a watched directory was closed, regardless of how it was opened. Note that this is actually implemented simply by listening for both close_write and close_nowrite, hence all close events received will be output as one of these, not CLOSE.
open
A watched file or a file within a watched directory was opened.
moved_to
A file or directory was moved into a watched directory. This event occurs even if the file is simply moved from and to the same directory.
moved_from
A file or directory was moved from a watched directory. This event occurs even if the file is simply moved from and to the same directory.
move
A file or directory was moved from or to a watched directory. Note that this is actually implemented simply by listening for both moved_to and moved_from, hence all close events received will be output as one or both of these, not MOVE.
move_self
A watched file or directory was moved. After this event, the file or directory is no longer being watched.
create
A file or directory was created within a watched directory.
delete
A file or directory within a watched directory was deleted.
delete_self
A watched file or directory was deleted. After this event the file or directory is no longer being watched. Note that this event can occur even if it is not explicitly being listened for.
unmount
The filesystem on which a watched file or directory resides was unmounted. After this event the file or directory is no longer being watched. Note that this event can occur even if it is not explicitly being listened to.

Now let’s use inotifywait with our script.

[db1@rmohan.com~]$ vim inotify-example
while true #run indefinitely
do
inotifywait -r -e modify,attrib,close_write,move,create,delete /dir && /bin/bash backup-script
done

Since we want to continuously monitor changes, we use an infinite while loop and the Logic “&&” operator will ensure that our backup script is only triggered on a successful completion of the inotifywait event

[db2@rmohan.com]$bash inotify-example
+ true
+ inotifywait -r -e modify,attrib,close_write,move,create,delete /
Setting up watches.  Beware: since -r was given, this may take a while!
Watches established.
/dir DELETE a
+ /bin/bash backup-script
+ rsync -avz  -e “ssh ” /path/to/yourfile user@backupserver.com:/backup/ 2> \ /tmp/error.txt
+ mail -s “backup complete” user@youremail.com
+ echo “backup for $(date) “
+ true
+ inotifywait -r -e modify,attrib,close_write,move,create,delete /dir
Setting up watches.  Beware: since -r was given, this may take a while!

 

 

 

About rsync + inotify-tools real-time synchronization mode
Introduce the synchronization mode

On the left is the original, the general rsync cs architecture (client & server) synchronization mode, the data source server to install rsync server, unified control by the server can transfer the contents of the data, such as permissions, directories, the number of files, Is rsync client, that is, it seems that the data from the source server to the backup server.
On the right is coupled with the inotify-tools synchronization mode, in the data source server to install rsync client, the backup source server to install rsync server, but also by the unified control of the transmission of data content, but here is the data source server as client side , Because the initiation of the transmission is rsync client, so it seems to be the data from the source server to the backup server.
From the logical cs architecture c and s into the opposite position, but the transmission mode is still from s to c.
The data source server ip is tentatively scheduled as 192.168.1.112 and the data backup server ip is tentatively designated as 192.168.1.111
I need to do the synchronization directory is /app/www/uploads, both the source server and the backup server, and the same path,
the same permissions (permissions consistent is very important, because the synchronization data related to permissions,
and because I am not using root To synchronize, so to ensure that the transfer of both sides of the authority is writable or readable Caixing)
The operating system is centos 6.8 x64

Loaded plugins: security
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package inotify-tools.i686 0:3.14-1.el6 will be installed
—> Package rsync.i686 0:3.0.6-9.el6_4.1 will be updated
—> Package rsync.i686 0:3.0.6-12.el6 will be an update
–> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================================================================
Package   Arch Version   RepositorySize
=============================================================================================================================================================================================================================================
Installing:
inotify-tools i686 3.14-1.el6epel  45 k
Updating:
rsync i686 3.0.6-12.el6  base 329 k

Transaction Summary
=============================================================================================================================================================================================================================================
Install   1 Package(s)
Upgrade   1 Package(s)

Total download size: 375 k
Downloading Packages:
(1/2): inotify-tools-3.14-1.el6.i686.rpm  |  45 kB 00:00
(2/2): rsync-3.0.6-12.el6.i686.rpm| 329 kB 00:00
———————————————————————————————————————————————————————————————————————————————
Total509 kB/s | 375 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating   : rsync-3.0.6-12.el6.i686   1/3
Installing : inotify-tools-3.14-1.el6.i686 2/3
Cleanup: rsync-3.0.6-9.el6_4.1.i6863/3
Verifying  : inotify-tools-3.14-1.el6.i686 1/3
Verifying  : rsync-3.0.6-12.el6.i686   2/3
Verifying  : rsync-3.0.6-9.el6_4.1.i6863/3

Installed:
inotify-tools.i686 0:3.14-1.el6

Updated:
rsync.i686 0:3.0.6-12.el6

Complete!

mkdir /app/rsync

vi /app/rsync/rsync_do.sh

#!/bin/bash

src=’/app/www/Uploads/’
passwordfile=’/app/rsync/rsync.passwd’
user=’www’
host=’192.168.1.111′
rsync_module=’uploads’

/usr/bin/inotifywait -mrq –timefmt ‘%d/%m/%y %H:%M’ –format ‘%T %w %f’ -e modify,delete,create,attrib ${src} | while read DATE TIME DIR file
do
/usr/bin/rsync -vzrtopg –delete –progress ${src} ${user}@${host}::${rsync_module} –password-file=${passwordfile}

echo “${file} was rsynced at ${DATE}_${TIME} in ${DIR}” >> /var/log/rsync.log 2>&1
done

1.inotifywait is the initify command tool

2.rsync src directory need to pay attention, the source directory is the same as rsync, for the folder is to distinguish between / and no /

3. Need to pay attention to rsync synchronization module name to match

4.inotifywait command can listen to the operation, the output information, and is always output, so with the read together, the output of the inotifywait through the capture of the variables forced to record the synchronization log output to /var/log/rsync.log

5. – delete parameters need attention, this will delete the source directory does not have anything, so in the absence of a good test and test before the script can not temporarily add this parameter

6. rsync in the script parsed out is /usr/bin/rsync -vzrtopg –delete –progress /app/www/uploads/  www@$192.168.1.111 :: uploads –password-file = /app/rsync/rsync.passwd, synchronous directory is /app/www/uploads/, use www this user to synchronize, the target server is 192.168.1.111, rsync module is uploads, so that the source server / app / www / uploads / All the data (uploads directory itself)
to the backup server /app/www/uploads/, there are delete parameters, keep the source and backup consistent.

/app/rsync/rsync.passwd

echo “123456” > /app/rsync/rsync.passwd

nohup /app/rsync/rsync_do.sh &

yum install rsync

mkdir /etc/rsyncd

mkdir /app/rsync

vi /app/rsync/rsync.conf

uid = root
gid = root
use chroot = no
max connections = 3
timeout = 800
pid file = /var/run/rsyncd.pid
lockfile = /var/run/rsyncd.lock
log file = /var/log/rsyncd.log
[uploads]
path = /app/www/Uploads
ignore errors = yes
hosts allow = 10.111.111.112
hosts deny = *
read only = no
write only = no
list = yes
uid = www
gid = www
auth users = www
secrets file = /app/rsync/rsync.passwd

echo “www:123456” > /app/rsync/rsync.passwd

chmod 600 /app/rsync/rsync.passwd

rsync –daemon –config=/app/rsync/rsync.conf

1.rsync

Compared with the traditional cp, tar backup method, rsync has the advantages of high security, fast backup, support incremental backup, etc., through rsync can solve the real-time requirements of the data backup requirements, such as regular backup file server data to Remote server, the local disk to do regular data mirroring, with the application of the scale of the system continues to expand, the data security and reliability also made better requirements, rsync in the high-end business system has gradually exposed a lot In addition, rsync synchronization data, you need to scan all the files after the comparison, the difference transmission. If the number of files reaches the level of millions or even tens of millions, scanning all the files will be very time-consuming. And is changing is often a very small part of it, which is very inefficient way. Second, rsync can not be real-time to monitor, synchronize data, although it can trigger the process through the linux daemon synchronization, but the trigger action will have two time difference, which led to the server and client data may be inconsistent, Completely recover data when a failure is applied. Based on the above reasons, rsync + inotify combination appeared!

2.inotify

Inotify is a powerful, fine-grained, asynchronous file system event monitoring mechanism, the Linux kernel from 2.6.13, joined the Inotify support, through Inotify can monitor the file system to add, delete, modify, move and other subtle Event, the use of the kernel interface, third-party software can monitor the file system under the various changes in the file, and inotify-tools is such a third-party software. In the above section, we talked about, rsync can achieve the trigger file synchronization, but through the crontab daemon way to trigger the synchronization of data and actual data will be different, and inotify can monitor the file system changes, when the file There is any change, it triggers rsync synchronization, so just to solve the real-time synchronization of data problems.

3.rsync.conf configuration explanation

uid = root  # rsync server
gid = root  # rsync server
use chroot = no #chroot
max connections = 3 #rsync
timeout = 800   #
pid file = /var/run/rsyncd.pid  #
lockfile = /var/run/rsyncd.lock
log file = /var/log/rsyncd.log  #
[uploads]   #rsync
path = /app/www/Uploads #
ignore errors = yes #
hosts allow = 192.168.1.112    #
hosts deny = *  #
read only = no  #
write only = no #
list = yes  #
uid = www   #
gid = www   #
auth users = www
secrets file = /app/rsync/rsync.passwd  #

a) rsync -av –progress <src-dir>/ <dst-dir> *** (/) ***
b) rsync -av –progress <src-dir> <dst-dir>
c) rsync -avu –progress –delete <src-dir>/ <dst-dir>
d) rsync -av –progress –temp-dir=/tmp <src-dir>/ <dst-dir>

Synchronize all files in the src-dir directory to the dst-dir directory
B) Synchronize all files in the src-dir directory to the dst-dir / src-dir directory
C) to src-dir directory content to the dst-dir directory under the difference update, add / update to add the replacement, there is a reduction of its deletion
D) than a) more – temp-dir = / tmp, that is, specify / tmp for the temporary swap area, so as to avoid the target directory space is not enough to cause the file can not sync errors.

Corresponding to the above six command formats, rsync has six different modes of operation:
1) copy the local file. This mode of operation is started when neither SRC nor DES path information contains a single colon “:” delimiter. Such as: rsync-a / data / backup
2) use a remote shell program (such as rsh, ssh) to achieve the contents of the local machine copy to the remote machine. This mode is started when the DST path address contains a single colon “:” delimiter. Such as: rsync -avz * .c foo: src
3) use a remote shell program (such as rsh, ssh) to achieve the contents of the remote machine to copy to the local machine. This mode is started when the SRC address path contains a single colon “:” delimiter. Such as: rsync -avz foo: src / bar / data
4) Copy files from the remote rsync server to the local machine. This mode is started when the SRC path information contains a “::” delimiter. Such as: rsync-av root@172.16.78.192 :: www / databack
5) Copy files from the local machine to the remote rsync server. This mode is started when the DST path information contains a “::” delimiter. Such as: rsync -av / databack root@172.16.78.192 :: www
6) List of remote machine files. This is similar to rsync transmission, but as long as the command can be omitted in the local machine information. Such as: rsync -v rsync: //172.16.78.192/www

-m, –monitor
-r, –recursive
-e <event>, –event <event>
Listen for specific event(s) only. The events which can be listened for are listed in the EVENTS section. This option can be specified more than once. If omitted, all events are listened for.
-q, –quiet
If specified once, the program will be less verbose. Specifically, it will not state when it has completed establishing all inotify watches.
–timefmt <fmt>
Set a time format string as accepted by strftime(3) for use with the ‘%T’ conversion in the –format option.
–format <fmt>
Output in a user-specified format, using printf-like syntax. The event strings output are limited to around 4000 characters and will be truncated to this length. The following conversions are supported:
%w
This will be replaced with the name of the Watched file on which an event occurred.
%f
When an event occurs within a directory, this will be replaced with the name of the File which caused the event to occur. Otherwise, this will be replaced with an empty string.
%e
Replaced with the Event(s) which occurred, comma-separated.
%Xe
Replaced with the Event(s) which occurred, separated by whichever character is in the place of ‘X’.
%T
Replaced with the current Time in the format specified by the –timefmt option, which should be a format string suitable for passing to strftime(3).

Red Hat Enterprise Linux 6.8

“Red Hat Enterprise Linux 6.8 is always committed to fulfilling the company’s commitment to providing a solid foundation for driving the development and application of modern enterprise applications,” said Jim Totton, vice president and general manager of Red Hat. ” Critical mission deployment requirements Red Hat Enterprise Linux 6.8 continues to be a strong, solid foundation for meeting the needs of today’s IT operations, as they continue to optimize security and management. ”

New features in Red Hat Enterprise Linux 6.8 include the use of the libreswan library to provide additional security layers for VPNs, replacing previous Openswan project-based settings. In addition, new features have been added to Identity Management Client Code (SSSD) components to provide users with better client performance and simpler management.

In addition, Red Hat Enterprise Linux 6.8 comes with the Relax-and-Recover system archiving tool to reduce administrator management tasks and the dmstats tool to better monitor storage usage and performance. The new Scalable File System extension also supports up to 300TB XFS file system format.

According to its release notes, RHEL 6.8 changes include:

Use libreswan to replace openswan as a new VPN entry scenario
System Security Services Daemon (SSSD) enhances identity management capabilities
Introducing the new Relax-and-Recover (ReAR) system archiving tool to create a local ISO backup
The enhanced yum tool simplifies the process of searching for packages
Display and manage I / O statistics via dmstats
The XFS file system now supports up to 300TB
Provides mirroring for containerized deployment

Linux performance tools

On Centos/RH
yum install sysstat

vmstat -w 2
mpstat -P ALL 2
iostat -dxm 10

nmon:
wget http://pkgs.repoforge.org/nmon/nmon-14g-1.el6.rf.x86_64.rpm
rpm -ivh nmon-14g-1.el6.rf.x86_64.rpm

nicstat

wget http://nchc.dl.sourceforge.net/project/nicstat/nicstat-1.92.tar.gz
untar
yum install glibc.i686
ln -s .nicstat.RedHat_5_i386 .nicstat.RedHat_6_i386

Page 20 of 163« First...10...1819202122...304050...Last »