CyberKeeda In Social Media

Showing posts with label CentOS. Show all posts

How to install and configure Docker-CE on CentOS

Installation.

Begin with updating your system packages and docker dependencies.


$  sudo yum update

$  sudo yum install yum-utils device-mapper-persistent-data lvm2

Add docker stable repository for centos within your system


$  sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

Once docker repository is enabled, proceed ahead to install Docker-CE ( Community Edition.

$  sudo yum install docker-ce

Now docker-ce has been installed, lets start the docker daemon and enable it on boot.


$  sudo systemctl start docker

$  sudo systemctl enable docker

To verify the status of docker, run the below command.

$  sudo systemctl status docker

In case, if you want to check your installed docker version.

$  sudo docker -v

Run Docker commands without sudo

By default managing Docker requires administrator privileges. If you want to run Docker commands as a non-root user without adding sudo within yoir command you need to add your user to the docker group which is created during the installation of the Docker CE package. Add your user to docker group by below command.

$  sudo usermod -aG docker $USER

Logout- Login to reflect the changes.

PIP SSL eeror while installing : SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

If you too, have encountered SSL errors while installation/upgrading any python package from pip.
Here below is the workaround for it.

You might be flooded by this errors.


Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

Workaround.

Ignore SSL errors by setting pypi.org and files.pythonhosted.org as trusted hosts.


#  pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>

Lets assume i want to install pika through pip

#  pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pika

How to Install PostgreSQL Relational Database on CentOS

PostgreSQL is a powerful, open source object-relational database system with over 30 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance.

Official link : Here

Let's know how to install PostgreSQL on CentOS 7.

  Note :   Video Tutorial at the bottom of the blog post

Method 1

Install from CentOS repository.
For the time being CentOS 7 repositories ship with PostgreSQL version 9.2.15.
To install from the CentOS repositories, simply run:


#  sudo yum install postgresql-server postgresql-contrib

Now lets Initialize your Postgres database and start PostgreSQL and configure it to start on Boot


#  sudo postgresql-setup initdb 

#  sudo systemctl start postgresql

#  sudo systemctl enable postgresql

Method 2.

Install the latest stable version of PostgreSQL from Postgres Repository

Official repository link : Here

Note : Currently official repositiry provides packages based on RPM distribution ( Redhat/CentOS/Fedora...)

Select the version you wish to install from the Postgres Yum repositories.
Locate the CentOS 7 link for your chosen version and download it to your Centos 7 host.
For the time being, I'm selecting Postgresql 9.6.3, choose as per your requirement.


#  wget https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm

Install the downloaded postgres rpm package and install centos epel too.


#  rpm -ivh pgdg-centos96-9.6-3.noarch.rpm

#  yum install epel-release

Now we are almost all set to install PostgreSQL.

Update Yum to apply your changes and install PostgreSQL.
When installing Postgres manually, you will have to specify the version, we will be installaing postgresql-9.6



#  sudo yum update

#  sudo yum install postgresql96-server postgresql96-contrib

Important Point to notice.

When Postgres is installed using above method 2, the version number is included in its configuration directories. For example, /var/lib/pgsql becomes /var/lib/pgsql/9.6. 
This is also the case with systemd units
systemctl status postgresql becomes systemctl status postgresql-9.6

Now lets Initialize your Postgres database and start PostgreSQL and configure it to start on Boot.


#  sudo /usr/pgsql-9.6/bin/postgresql96-setup initdb

#  sudo systemctl start postgresql-9.6

#  sudo systemctl enable postgresql-9.6

And we are done..

In case you are looking for the Installation Video Tutorial, below is the stuff.

How to send emails from Linux terminal and shell scripts using GMAIL

GMAIL SMTP Configuration on Linux Box.

Video Tutorial.

########### Use GMAIL SMTP server to send mails ##################

# yum install -y mailx

Lets tell google we gonna send emails from other devices also.

https://myaccount.google.com/lesssecureapps

Edit

# vim /etc/mail.rc

#----------- add the below lines and append as per your credentials.

set smtp=smtps://smtp.gmail.com:465

set smtp-auth=login

set smtp-auth-user=USERNAME@YOURDOMAIN.COM

set smtp-auth-password=YOURPASSWORD

set ssl-verify=ignore

set nss-config-dir=/etc/pki/nssdb/

Update the gmail account credentails over here and save

# Now we are all done , we will be using gmail to send email from our linux box.

echo "Relay Test" | mail -v -s "Relay test" anyworkingemailid@anydomain.com

anyways... you send it to multiple domains now..

Rememeber ... From email id will be the same that you have configured within /et/mail.rc file

# Thanks

Join Linux into Windows Active Directory domain

Though I'm a great fan of Linux/Unix but while working with any enterprise firm i couldn't avoid, thus i was asked to join our Linux hosts into Active directory.

So let's move ahead and join our LInux systems into ad using tool named as " adcli "

I have used this to join our Redhat/CentOS 7 hosts into AD.

Video Tutorial.

There are two must things as a prerequisites for it.

1. Make Sure RHEL machine is able to resolve Active Directory servers.

2. Install adcli package along with sssd:

Consider the below inputs as a lab enviroment of mine.

Active Directory Server : swind101x.cyberkeeda.net

Domain name : cyberkeeda.net

Linux Client Hostname :  scent101x.cyberkeeda.net

[root@scent101x ~]# yum install adcli sssd authconfig

Discover the AD domain:

[root@scent101x ~]# adcli info cyberkeeda.net

adcli will show few details about the AD domain.

[domain]

domain-name = cyberkeeda.net

domain-short = CYBERKEEDA

domain-forest = cyberkeeda.net

domain-controller = SWIND101X.cyberkeeda.net

domain-controller-site = Default-First-Site-Name

domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable good-timeserv full-secret

domain-controller-usable = yes

domain-controllers = SWIND101X.cyberkeeda.net

[computer]

computer-site = Default-First-Site-Name

Now, join RHEL system to AD domain using adcli:

[root@scent101x ~]# adcli join cyberkeeda.net

Password for Administrator@CYBERKEEDA.NET: <---- Enter Admin password

By default, it prompts for the Administrator password, but it's possible to specify another user with the -U option:

[root@scent101x ~]# adcli join cyberkeeda.net -U ad_admin_user

# adcli join cyberkeeda.net -U ad_admin_user <------ This user should have administrative rights in AD

The join operation creates a keytab the machine will authenticate with. When inspect the with klist -kt,

[root@scent101x ~]# klist -kte

It should show several entries that contain client hostname in some form:

Keytab name: FILE:/etc/krb5.keytab

KVNO Timestamp Principal

---- ----------------- --------------------------------------------------------

2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (aes256-cts-hmac-sha1-96)

2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (aes128-cts-hmac-sha1-96)

2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (des3-cbc-sha1)

2 12/03/17 14:17:32 SCENT101X$@CYBERKEEDA.NET (arcfour-hmac)

Configure /etc/krb5.conf to use AD domain:

Replace

Realm

Admin_server

your Realm, domain realms, AD erver information.

includedir /etc/krb5.conf.d/

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

[libdefaults]

default_realm = CYBERKEEDA.NET

dns_lookup_realm = false

dns_lookup_kdc = false

ticket_lifetime = 24h

renew_lifetime = 7d

forwardable = true

[realms]

CYBERKEEDA.NET = {

kdc = cyberkeeda.net

admin_server = swind101x.cyberkeeda.net

}

[domain_realm]

.cyberkeeda.net = CYBERKEEDA.NET

cyberkeeda.net = CYBERKEEDA.NET

Use authconfig to set up the Name Service Switch(/etc/nsswitch.conf) and PAM stacks(password-authand system-auth):

[root@scent101x ~]# authconfig --enablesssd --enablesssdauth --update

Above command will modify and add necessary entries in

Ø /etc/nsswitch.conf,

Ø /etc/pam.d/password-auth

Ø /etc/pam.d/system-authfiles

The final step is to configure the SSSD itself.

Open /etc/sssd/sssd.conf and define a single domain:

[sssd]

services = nss, pam, ssh, autofs

config_file_version = 2

domains = CYBERKEEDA.NET

[domain/CYBERKEEDA.NET]
id_provider = ad
# Uncomment and configure below , if service discovery is not working

ad_server = swind101x.cyberkeeda.net

Make sure /etc/sssd/sssd.con is owned by root:root and permissions are 600

# chown root:root /etc/sssd/sssd.conf

# chmod 600 /etc/sssd/sssd.conf

Start the SSSD and make sure it's up after reboots:

# service sssd start

# chkconfig sssd on

Try to fetch user information for AD user and then try to login as AD user

# getent passwd aduser

# id Administrator

# ssh Administrator@localhost

SSH from your favourite browser using Shellinabox

Shellinabox is perfect tool if you have any of the requirement.

Missing Putty or SSH agent on your desktop ?
Looking for Client less agent to SSH ?
Want to SSH your Linux server or desktop from mobile.

So lets move ahead and just follow the steps to install Shellinabox.

Video tutorial, for video lovers.

ShellinaBox Installation on CentOS7

Introduction [ Shell In A Box ]

Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins.

Official repository link

More info on official git page : https://github.com/shellinabox/shellinabox

Installation.

l Intsall EPEL Repo.

[root@cyberkeeda ~]# yum install epel-release

l Install shellinabox package

[root@cyberkeeda ~]# yum install shellinabox

Configuration.

Shellinabox configuration file : /etc/sysconfig/shellinaboxd

Lets have a look on the file and allow and modify the important lines

[root@cyberkeeda ~]# vim /etc/sysconfig/shellinaboxd

# Shell in a box daemon configuration

# For details see shellinaboxd man page

# Basic options

USER=shellinabox

GROUP=shellinabox

CERTDIR=/var/lib/shellinabox

PORT=4200

OPTS="--disable-ssl-menu -s /:LOGIN"

OPTS="-t -s /:SSH:192.168.0.181"

l PORT

PORT=4200

Chnage PORT to some other to avoid conflict between sytem level ports

I will be changing it to 6162

l SSH HOST

OPTS="-t -s /:SSH:192.168.0.101"

Chnage IP or Hostname to your default login host, by default shellinabox will ask to login into it, then later you can ssh and jump into n number of servers.

My final config file would look as

# Shell in a box daemon configuration

# For details see shellinaboxd man page

# Basic options

USER=shellinabox

GROUP=shellinabox

CERTDIR=/var/lib/shellinabox

PORT=6162

OPTS="--disable-ssl-menu -s /:LOGIN"

OPTS="-t -s /:SSH:192.168.0.101"

Configuration Done..

Important :

STOP Firewalld iptables and disable selinux

# Service firewalld stop

# Service iptables stop

Disable SELINUX : change status of selinux to disabled

Finally Restart the shellinaboxd daemon.

[root@cyberkeeda ~]# service shellinaboxd start