htop command not found centos 7

March 26, 2020 Leave a comment

In a freshly installed CentOS or RHEL servers, we may get the following error while trying to use htop. For installing htop, we need epel repository. Following the below steps to install htop.

yum clean all

yum install epel-release

yum install htop

Filed under Linux World Tagged with , , , , , , , , , , , ,

Cassandra not getting started in CentOS 7 and RHEL 7

March 20, 2020 Leave a comment

After a recent update in CentOS 7 and RHEL 7, the cassandra daemon stopped working. I was getting the following error while trying to start the cassandra using systemd. Similar installations were working fine in the recent past and suddenly it stopped working.

Mar 20 13:22:34 localhost systemd[1]: New main PID 72596 does not belong to service, and PID file is not owned by root. Refusing.
Mar 20 13:22:34 localhost systemd[1]: New main PID 72596 does not belong to service, and PID file is not owned by root. Refusing.
Mar 20 13:22:34 localhost systemd[1]: Failed to start LSB: distributed storage system for structured data.

Root Cause

The cassandra starts, but the systemd cannot control it. The cause is that when the cassandra starts, the old initialization SysV script is used, in which it is obviously impossible to specify the user and group to start the service.

It’s about user/group options for systemd:
—————–
[Service]
User=cassandra
Group=cassandra
—————–

But since the process pid is created with the permissions of the cassandra user, and the user and group are not specified in the initialization script, the systemd consider that it uses the root to start the service (by default) and does not allow creating the pid with cassandra user permissions.
——————
systemd[1]: New main PID 2545 does not belong to service, and PID file is not owned by root. Refusing.
——————

More details in CVE-2018-16888 (https://access.redhat.com/security/cve/cve-2018-16888)
——————
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes.
——————

Solution

Update the /etc/rc.d/init.d/cassandra file. Either make the following patch manually or replace the entire file with the file that I provided below.

Option: 1 – Manual Patch

Open /etc/rc.d/init.d/cassandra file and make the modifications as per comments in the below script. The below snippet is not the complete script, it is only the portion which needs update. Do not copy paste and replace the file completely with this

case "$1" in
start)
# Cassandra startup
echo -n "Starting Cassandra: "
[ -d `dirname "$pid_file"` ] || \
install -m 755 -o $CASSANDRA_OWNR -g $CASSANDRA_OWNR -d `dirname $pid_file`
# -Commented for fix
#su $CASSANDRA_OWNR -c "$CASSANDRA_PROG -p $pid_file" > $log_file 2>&1
# +Added for fix
runuser -u $CASSANDRA_OWNR -- $CASSANDRA_PROG -p $pid_file > $log_file 2>&1
retval=$?
# +Added new
chown root.root $pid_file
[ $retval -eq 0 ] && touch $lock_file
echo "OK"
;;
stop)
# Cassandra shutdown
echo -n "Shutdown Cassandra: "
# -Commented as per the fix
#su $CASSANDRA_OWNR -c "kill `cat $pid_file`"
# +Added for fixing the issue
runuser -u $CASSANDRA_OWNR -- kill `cat $pid_file`
retval=$?
[ $retval -eq 0 ] && rm -f $lock_file
for t in `seq 40`; do
status -p $pid_file cassandra > /dev/null 2>&1
retval=$?
if [ $retval -eq 3 ]; then
echo "OK"
exit 0
else
sleep 0.5
fi;
done

Option:2 – Replace the file

Replace the /etc/rc.d/init.d/cassandra file with the file present in the following link. This patch was made as per the JIRA issue CASSANDRA-15273.

Steps to replace the file are given below.

mv /etc/rc.d/init.d/cassandra /etc/rc.d/init.d/cassandra.old
curl -o /etc/rc.d/init.d/cassandra https://gist.githubusercontent.com/amalgjose/74cf98e0110c27b6124b0adbb698d372/raw/c08ce3481e9cb0601e79e127c78a65bf82080e5f/cassandra
systemctl daemon-reload
systemctl restart cassandra

 
The Gist code is pasted below.

 

This solution helped me. I hope this will help someone else also.

Filed under Linux World, Tips and Tricks Tagged with , , , , , , , , , , , , , , , , , , , , , , , , ,

How to connect a CentOS computer to Internet using USB Wifi Adapter ?

March 15, 2020 Leave a comment

I have an old desktop computer with CentOS 7 operating system installed without GUI. I wanted to connect to internet using a USB wifi adapter. My internet router was located in a different room and LAN cable was not available with me. So I used netgear USB wifi adapter for establishing the internet connection. This post is about troubleshooting and fixing the connectivity issue.

The model that I have used is Netgear WNA3100M Wireless-N300 USB Mini Adapter. The picture is shown below.

wifi_network_adapter

Netgear WNA3100M

I checked the network interfaces and ip address using ifconfig command. It listed an interface named wlp18s0b1. But no ip address was assigned.

I tried ifup command. But it gave me an error as follows.

ifup wlp18s0b1

/sbin/ifup: configuration for wlp18s0b1 not found.
Usage: ifup

Then I tried listing the USB interfaces using lsusb command and it listed the network adapter usb device. This means that the device is getting detected.

The next steps that I tried are using the nmcli command.

The following command will list all the available Wifi connection profiles.

nmcli connection show

To connect to a wifi network, use the below command. You have to pass your wifi ssid and password as shown below as arguments.

nmcli dev wifi connect your-wifi-ssid password wifi-password

My desktop got connected to the internet after triggering the above command. After this, every time I start my computer, if the desktop is not automatically connected to the internet, I issue the following commands.

nmcli connection show

nmcli connection up your-wifi-connection

This solution helped me. Hope this will help someone else also :).

Filed under Linux World, Tips and Tricks Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

How to set Kafka Heap Size?

March 2, 2020 Leave a comment

Setting Kafka Heap size is simple, by default Kafka runs with 512MB as the heap size. For increasing the heap size, set the following environment variable and restart Kafka.

export KAFKA_HEAP_OPTS="-Xmx2G -Xms2G"

Kafka will check for KAFKA_HEAP_OPTS before it starts and if there is no value set for this variable, it assigns 512MB as the value, else it will pick up the configured value.

Filed under BigData World, Linux World, Tips and Tricks Tagged with , , , , , , , , , , , , ,

SELinux modes – Simple explanation

February 27, 2020 Leave a comment

Everyone who uses linux might be familiar with SELinux. The full form of SELinux is Security-Enhanced Linux. It is a kernel level security module that enhances the access level security policies.

In this post I will be quickly explaining about the various modes in SELinux.

There are three modes in SELinux

  • Enforcing
  • Permissive
  • Disabled

In CentOS and RHEL systems , the SELinux configurations are controlled using the configuration file /etc/sysconfig/selinux.

The changes made to this file needs a system reboot. We can disable the SELinux permanently only with a system reboot. But we can set the SELinux into permissive mode without reboot. This can be easily performed by issuing a setenforce command. The details are explained in my another blog post.

Here we can set SELinux to any of the modes mentioned above.

In the Enforcing mode, SELinux is completely active and it will allow access only using the SELinux policies. User can configure the policies to enable access to their application.

In the Permissive mode, the SELinux will be monitoring and logging all the activities that would have been denied if it is in the enforcing state. The SELinux will not block any activities in this state.

In the Disabled mode, SELinux will be completely disabled.

Filed under Linux World, Tips and Tricks Tagged with , , , , , , , , , , , , , , , , , , , , , , , ,

VPN installation in Raspberry Pi

February 24, 2020 Leave a comment

What is a VPN ?

VPN stands for Virtual Private Network. VPN extends the private network to external networks so that the users can securely interact with the systems within the private network. I will write another post with the complete details of VPN. We will be concentrating on the installation of VPN in raspberry pi in this post.

VPN is a very important requirement for every enterprises. Now a days even individual started using VPN. It is very easy to configure a VPN. Most of the large enterprises use paid VPN services. There are so many VPN service providers available in the market.

This post is about setting up a free VPN service. This can be used in small or medium scale businesses or for your personal purpose as well. I am using this VPN service from the past several years and it worked very well without any issues.

Installation of VPN in raspberry Pi

raspberrypi

I have used raspberry Pi for the installation of OpenVpn. The simplest way to install and configure VPN is raspberry Pi is using Pi-VPN. PiVPN supports two VPN backends

  • OpenVPN
  • WireGuard

While doing the installation, it asks for the user to select the preference and it installs accordingly. OpenVPN can be operated in TCP and UDP. I have used both of these protocols. From my personal experience, the best performing and stable one is UDP.

The only advantage with TCP is that we can run Open VPN in TCP port 443 and it bypasses almost all firewalls in external network. The TCP port 443 is globally open for HTTPS. So we can easily access the VPN using the same port. In this way we will not have to request for additional exceptions in the firewall to enable the VPN access.

WireGuard is a new VPN protocol. It uses a completely new protocol as compared to Open VPN. It is fast and secure. This is under development. Currently if you look at the installations, the majority share goes to Open VPN. This is mainly because it was there in the industry from several years and it already proved its capability. WireGuard will be up in the market soon.

More details about the configuration of PiVPN is described in the following URLs.

  1. PiVPN installation
  2. Additional Reference

Integration with Network

The integration is very easy. In two steps we can integrate the VPN.

  • Connect the raspberry Pi to your network using an ethernet cable
  • Create a rule in your firewall or router to allow the traffic from outside to the raspberry Pi through a NAT rule. (Create a port forwarding rule to route the requests from outside to the raspberry Pi connected to the internal network.)

Filed under Linux World, Tips and Tricks Tagged with , , , , , , , , , , , , , , , , , , ,

How to find the IP address of a linux server ?

November 21, 2019 Leave a comment

To check the IP address of a Linux server, type the following command in the terminal/commandline.

ifconfig

The below command also will help in finding the ip address.

ip addr

Filed under Linux World Tagged with , , , , , ,

Older posts