@black3dynamite said in Setting Up a Standard MySQL or MariaDB Database for an Application: @JaredBusch said in Setting Up a Standard MySQL or MariaDB Database for an Application: I like my approach to setting this up. Obviously, install MySQL/MariaDB first as noted above. Then do the following. This all needs done in the same SSH session, but otherwise things are simple. Choose once of these exports for your DB root password. The first one is for you to specify, the second generates a random one and echo's it back to you. # Specify your own password for MariaDB root user export DB_ROOT_PASS="somebigpasswordgoeshere" # Generate a random password for MariaDB root user export DB_ROOT_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)" echo "This is your MariaDB root password: $DB_ROOT_PASS" Specify the application database name and application user name # Database user to use for application export DB_USER='yourusername' # Database name to use for application export DB_NAME='yourdatabasename' Generate or specify a random password for the database user # Specify your own password for the application's database user export DB_PASS="somebigpasswordgoeshere" # Generate a random password for the application's database user export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)" echo "This is your password for the application user: $DB_PASS" Then create the application database, use, and grant access. mysql -e "CREATE DATABASE $DB_NAME;" mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';" mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';" mysql -e "FLUSH PRIVILEGES;" Finally, lock down the system without the interactive requirement of mysql_secure_installation # Secure MariaDB (this does what mysql_secure_installation performs without interaction) mysql -e "UPDATE mysql.user SET Password=PASSWORD('$DB_ROOT_PASS') WHERE User='root';" mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" mysql -e "DELETE FROM mysql.user WHERE User='';" # Beginning on some version of MariaDB after Fedora 29 was released, the test DB is no longer there by defualt. mysql -e "DROP DATABASE test;" mysql -e "FLUSH PRIVILEGES;" Your approach makes it easier to use as part of a script. It also generates random passwords, which I prefer.

Good to know, I use Ubuntu/Debian so I will check for that.

Link was great, now I think I get what was going on with ls -fy > file 2>&1. Bash points the stdout file descriptor to file, and then duplicates stderror to stdout, which is already pointing to file.

Kind of interesting, handy to have a simple way to get real RHEL, I guess.

@JaredBusch said in Installing MS SQL Server 2017 Express on CentOS 7.4: @scottalanmiller said in Installing MS SQL Server 2017 Express on CentOS 7.4: @JaredBusch said in Installing MS SQL Server 2017 Express on CentOS 7.4: @scottalanmiller said in Installing MS SQL Server 2017 Express on CentOS 7.4: After that it is up and running. Worth noting, you will need 4GB of RAM to even fire up the process, which is a tad excessive when you consider that you can run its competition in production with far less RAM than that. Current docs show only 2GB required. I built the VM with 3GB and 2 vCPU. @scottalanmiller said in Installing MS SQL Server 2017 Express on CentOS 7.4: And only XFS and EXT4 filesystems are supported. That means no ZFS, no BtrFS, no JFS2, etc. Who cares? A lot of people, especially on places like FreeNAS forums or tend to be very "anti" traditional solid filesystems and are religiously addicted to ZFS and BtrFS or ReFS style filesystems. I don't care about stupid. Everything RHEL/Fedora defaults to XFS. No idea what Debian 9 or Ubuntu default to. EXT4

@matteo-nunziati said in Anacron Jobs on a CentOS 7 Server: @JaredBusch well never considered the workload on servers. I don't know how they manage it! maybe not so many use unattended upgraqdes in debian. I definitely feel like Ubuntu users don't keep their systems as up to date

So that is where we are now. A missing package, unclear documentation and yum unable to resolve dependencies for some of the remaining packages. As the support community showed no interest in Kopano being used in production and actually got angry that we wanted to, we decided to halt here. But there is the documentation in case anyone runs into this and wants to pursue it further.

@black3dynamite Good call. I had to make some adjustments to SELinux.

@stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7: @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7: @stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7: @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7: @scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7: @coliver said in Open Firewall Ports on CentOS 7 and RHEL 7: Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go? XML I think. That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult. Ya it's not bad at all. Here's the config from my Identity Management server. It's pretty similar to /etc/sysconfig/system-config-firewall on RHEL 6, just in zone specific XML files. <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="http"/> <service name="https"/> <service name="ntp"/> <service name="dhcpv6-client"/> <service name="kerberos"/> <service name="ldaps"/> <service name="ssh"/> <service name="dns"/> <service name="ldap"/> </zone> Those services are predefined right? You can also build your own services via the same process. Ya and you can define specific ports. I prob could have grabbed a better example. No, I think I've got it just need to investigate actually setting these up.

@jaredbusch said in ScreenConnect High CPU Usage: @scottalanmiller said in ScreenConnect High CPU Usage: Have another system doing this this week. Been about eight hours so far. We are thinking that it is just doing the database rebuild and compression work. But it is insane how much CPU gets used for this. Do you not have it doing this on a regular schedule? Not my system, it was moved to a different server and had to be rebuilt.

@scottalanmiller said in Installing Linux Malware Detect and ClamAV on CentOS 7: @travisdh1 said in Installing Linux Malware Detect and ClamAV on CentOS 7: Any reason to use LMD instead of or in addition to rkhunter? Doesn't rkhunter focus only on root kits? Mostly, but this was the first time I remember hearing about LMD.

@scottalanmiller said in Installing a Basic LAMP Stack on CentOS 7: @NashBrydges said in Installing a Basic LAMP Stack on CentOS 7: @scottalanmiller I haven't yet. About to give it a try. Stuck to legacy since that was what I was reading everywhere. Where is everywhere? Technet says to not use legacy. https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-centos-and-red-hat-enterprise-linux-virtual-machines-on-hyper-v Legacy is a fallback driver that you never want to use, it's low performance and high overhead. If you needed that for CentOS, it would make Hyper-V a silly, non-production ready platform. But Hyper-V is a good, solid performer. Not only that, but I install all of my CentOS 7 VM's as Generation 2 when on Hyper-V they work perfectly with default settings for everything except secure boot. Uncheck secure boot. Everything else is 100% default settings.

Great job @scottalanmiller and welcome aboard! Hope you enjoyed the experience! Now if you want to play with it, I recommend you to use our CLI (http://docs.openio.io/cli-reference) or you can deploy our S3/Swift implementation (https://github.com/open-io/oio-sds/wiki/Install-Guide---OpenIO-Swift-S3-gateway). Feel free to send me some feedbacks, I'm here to help! Guillaume. Product Manager & Co-Founder @ OpenIO

That's a good question... when does chrooting make more sense than containers today? Storage is one. Lots of people use chroot jails for storage purposes. Containers are heavier than chrooting which has effectively no impact on any resources.

@scottalanmiller Thanks for this post and answering all my questions. @travisdh1 Thanks for answering all my questions as well. Good Thread!

@dafyre said: @JaredBusch said: @dafyre said: As a matter of correctness... Do you have EPEL /REMI or any other repos installed in your CentOS 7 image? The script is connecting the Gitlab RPM, that is all. The base image he uses for all of these is CentOS 7 minimal, release 1511 unless he has changed the base template on his scale cluster. Right. I'm just curious if he has added the epel-release or any other repos to it. Definitely no EPEL. I often use it, but avoid it in the base image.

I just used this myself to make a new block device in a single line. Awesome

@scottalanmiller said: @JaredBusch said: @scottalanmiller said: @JaredBusch said: @scottalanmiller said: @JaredBusch said: While I have never made a how to with a port range, the basic firewalld syntax is used all over the place on this forum by me and every system that I have ever seen that accepts a port range does so with the range hyphenated from lower boundary to upper boundary. I would have thought that this was a colon, though, not a hyphen. I have never seen it commonly used with a colon to represent a range Native IPTables. I rarely work with native IPTables. That would explain a difference in point of view. Yeah, and for me I pretty much have done raw edits on /etc/sysconfig/iptables and never used external tools. Now with FirewallD I'm relearning the syntax for everything on Linux firewalls. Well, at least I'm not the only one then. Learning how to use firewall-cmd still feels a bit odd.

@travisdh1 said in Installing Zimbra Email 8.6 on CentOS 7: @scottalanmiller said in Installing Zimbra Email 8.6 on CentOS 7: 8.8.9 is out now... https://files.zimbra.com/downloads/8.8.9_GA/zcs-NETWORK-8.8.9_GA_2055.RHEL7_64.20180703080917.tgz 8.8.10 is now out https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.RHEL6_64.20180928094617.tgz There is also a patch for 8.8.10 as well https://blog.zimbra.com/2018/10/new-zimbra-patches-8-8-10-patch-1-and-8-8-9-patch-6/

@ou_snaaksie said in Installing Rocket.Chat on CentOS 7: The installation worked perfetly, but after restarting the server I am unable to access Rocketchat. I've run the line: /opt/Rocket.Chat/node_modules/forever/bin/forever start /opt/Rocket.Chat/main.js but it is still not working. Use this command to see what is listening... netstat -tulpn

@scottalanmiller said in Installing MongoDB 3.2 on CentOS 7: Just tested and deployed to CentOS 7.2 on Linode. This failed me, so I went to the mongo docs and the baseurl contains the variable $releasever. using that results in redhat//mongodb in the file, which is why I assume you hard coded that bit. Escaping the $ fixes it. cat > /etc/yum.repos.d/mongodb-org-3.2.repo <<EOF [mongodb-org-3.2] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/3.2/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc EOF

Had a spare laptop laying around. Installing CentOS now. Also planning on installing NextCloud here soon as well. Creating a repository/shared calendar for the family with this machine.

No, there is nothing like that. The filesystem is just not there. It would warn you, though, so you would know not to be trying to save to something that doesn't exist.

@JaredBusch said: @coliver said: @JaredBusch said: Disabke SELinux and see if it works. Then if so, add the port as allowed to SELinux? Looks like it was SELinux, setting it to permissive allowed the port to be used. Now to figure out how to allow the port in SELinux. semanage port -m -t http_port_t -p tcp 82 That did it thanks.

I tried Rundeck. It was more confusing than just using Ansible without a GUI. IMO, just having the playbook with yaml and jinja files is easier to read and use. GUIs always have at least one thing you need in a place you wouldn't think. I guess I wouldn't mind having some reports in a GUI but I'll stick with just text files.

Since you have that thread about testing out Vultr... They don't explain it very well there but you can spin up a VM with OwnCloud already installed and ready to go. It runs on CentOS 6, but still very handy!

Time for weekend updates, it sounds like.