@black3dynamite said in Setting Up a Standard MySQL or MariaDB Database for an Application:

@JaredBusch said in Setting Up a Standard MySQL or MariaDB Database for an Application:

I like my approach to setting this up.

Obviously, install MySQL/MariaDB first as noted above.

Then do the following. This all needs done in the same SSH session, but otherwise things are simple.

Choose once of these exports for your DB root password.

The first one is for you to specify, the second generates a random one and echo's it back to you.

# Specify your own password for MariaDB root user export DB_ROOT_PASS="somebigpasswordgoeshere" # Generate a random password for MariaDB root user export DB_ROOT_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)" echo "This is your MariaDB root password: $DB_ROOT_PASS" Specify the application database name and application user name # Database user to use for application export DB_USER='yourusername' # Database name to use for application export DB_NAME='yourdatabasename' Generate or specify a random password for the database user # Specify your own password for the application's database user export DB_PASS="somebigpasswordgoeshere" # Generate a random password for the application's database user export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)" echo "This is your password for the application user: $DB_PASS" Then create the application database, use, and grant access. mysql -e "CREATE DATABASE $DB_NAME;" mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';" mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';" mysql -e "FLUSH PRIVILEGES;" Finally, lock down the system without the interactive requirement of mysql_secure_installation # Secure MariaDB (this does what mysql_secure_installation performs without interaction) mysql -e "UPDATE mysql.user SET Password=PASSWORD('$DB_ROOT_PASS') WHERE User='root';" mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" mysql -e "DELETE FROM mysql.user WHERE User='';" # Beginning on some version of MariaDB after Fedora 29 was released, the test DB is no longer there by defualt. mysql -e "DROP DATABASE test;" mysql -e "FLUSH PRIVILEGES;"

Your approach makes it easier to use as part of a script.

It also generates random passwords, which I prefer.

Good to know, I use Ubuntu/Debian so I will check for that.

Link was great, now I think I get what was going on with ls -fy > file 2>&1.

Bash points the stdout file descriptor to file, and then duplicates stderror to stdout, which is already pointing to file.

Kind of interesting, handy to have a simple way to get real RHEL, I guess.

Just installed on CentOS 7.6 with XFS. Still flawless install.

@matteo-nunziati said in Anacron Jobs on a CentOS 7 Server:

@JaredBusch well never considered the workload on servers. I don't know how they manage it! maybe not so many use unattended upgraqdes in debian.

I definitely feel like Ubuntu users don't keep their systems as up to date ;)

So that is where we are now. A missing package, unclear documentation and yum unable to resolve dependencies for some of the remaining packages. As the support community showed no interest in Kopano being used in production and actually got angry that we wanted to, we decided to halt here. But there is the documentation in case anyone runs into this and wants to pursue it further.

@black3dynamite Good call. I had to make some adjustments to SELinux.

@stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

@stacksofplates said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

@scottalanmiller said in Open Firewall Ports on CentOS 7 and RHEL 7:

@coliver said in Open Firewall Ports on CentOS 7 and RHEL 7:

Did anyone ever figure out if there was a way to setup files for firewalld? Or was the XML service files the way to go?

XML I think.

That's what I was afraid of. We're using IPTables on all of our OEL7 servers right now but I think moving to the default firewalld may be a good idea. I'll have to look into the XML config and see how much more difficult, if at all, it is over the IPTables file. It's a shame we can't just copy a single file around anymore but the XML files probably won't be too much more difficult.

Ya it's not bad at all. Here's the config from my Identity Management server. It's pretty similar to /etc/sysconfig/system-config-firewall on RHEL 6, just in zone specific XML files.

<zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="http"/> <service name="https"/> <service name="ntp"/> <service name="dhcpv6-client"/> <service name="kerberos"/> <service name="ldaps"/> <service name="ssh"/> <service name="dns"/> <service name="ldap"/> </zone>

Those services are predefined right? You can also build your own services via the same process.

Ya and you can define specific ports. I prob could have grabbed a better example.

No, I think I've got it just need to investigate actually setting these up.

@jaredbusch said in ScreenConnect High CPU Usage:

@scottalanmiller said in ScreenConnect High CPU Usage:

Have another system doing this this week. Been about eight hours so far. We are thinking that it is just doing the database rebuild and compression work. But it is insane how much CPU gets used for this.

Do you not have it doing this on a regular schedule?

Not my system, it was moved to a different server and had to be rebuilt.

@scottalanmiller said in Installing Linux Malware Detect and ClamAV on CentOS 7:

@travisdh1 said in Installing Linux Malware Detect and ClamAV on CentOS 7:

Any reason to use LMD instead of or in addition to rkhunter?

Doesn't rkhunter focus only on root kits?

Mostly, but this was the first time I remember hearing about LMD.

@scottalanmiller said in Installing a Basic LAMP Stack on CentOS 7:

@NashBrydges said in Installing a Basic LAMP Stack on CentOS 7:

@scottalanmiller I haven't yet. About to give it a try. Stuck to legacy since that was what I was reading everywhere.

Where is everywhere? Technet says to not use legacy.

https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/supported-centos-and-red-hat-enterprise-linux-virtual-machines-on-hyper-v

Legacy is a fallback driver that you never want to use, it's low performance and high overhead. If you needed that for CentOS, it would make Hyper-V a silly, non-production ready platform. But Hyper-V is a good, solid performer.

Not only that, but I install all of my CentOS 7 VM's as Generation 2 when on Hyper-V they work perfectly with default settings for everything except secure boot. Uncheck secure boot. Everything else is 100% default settings.

Great job @scottalanmiller and welcome aboard!

Hope you enjoyed the experience!

Now if you want to play with it, I recommend you to use our CLI (http://docs.openio.io/cli-reference) or you can deploy our S3/Swift implementation (https://github.com/open-io/oio-sds/wiki/Install-Guide---OpenIO-Swift-S3-gateway).

Feel free to send me some feedbacks, I'm here to help!

Guillaume.
Product Manager & Co-Founder @ OpenIO

That's a good question... when does chrooting make more sense than containers today?

Storage is one. Lots of people use chroot jails for storage purposes. Containers are heavier than chrooting which has effectively no impact on any resources.

@scottalanmiller Thanks for this post and answering all my questions. @travisdh1 Thanks for answering all my questions as well. Good Thread!

@dafyre said:

@JaredBusch said:

@dafyre said:

As a matter of correctness... Do you have EPEL /REMI or any other repos installed in your CentOS 7 image?

The script is connecting the Gitlab RPM, that is all. The base image he uses for all of these is CentOS 7 minimal, release 1511 unless he has changed the base template on his scale cluster.

Right. I'm just curious if he has added the epel-release or any other repos to it.

Definitely no EPEL. I often use it, but avoid it in the base image.

I just used this myself to make a new block device in a single line. Awesome :)

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

While I have never made a how to with a port range, the basic firewalld syntax is used all over the place on this forum by me and every system that I have ever seen that accepts a port range does so with the range hyphenated from lower boundary to upper boundary.

I would have thought that this was a colon, though, not a hyphen.

I have never seen it commonly used with a colon to represent a range

Native IPTables. :)

I rarely work with native IPTables. That would explain a difference in point of view.

Yeah, and for me I pretty much have done raw edits on /etc/sysconfig/iptables and never used external tools. Now with FirewallD I'm relearning the syntax for everything on Linux firewalls.

Well, at least I'm not the only one then. Learning how to use firewall-cmd still feels a bit odd.