How to install Python in CentOS 8 / RHEL 8 ?

Python is not available by default in CentOS 8 / RHEL 8. Read the following blog post to install Python and pip in CentOS 8 / RHEL 8.

To Install Python 3 in CentOS 8 or RHEL 8

> sudo dnf install python3

CentOS 8 and RHEL 8 does not have an unversioned python by default. We have to explicitly set it. So simply typing python will give you a “command not found” response.  To verify the installation,  use the following command

> python3 -V

The above command will print the version information. For me it printed Python 3.6.8

To install pip, execute the following command

> sudo dnf install python3-pip

Check the installation

> pip3 –version

If you simply type the command python in the shell, it will give you a response something like below

bash: python: command not found…

To enable the command python, execute the following command.

> sudo alternatives –set python /usr/bin/python3

This will enable command python. Now you can use python without explicitly typing the version.

Note: Follow the below steps only if you need Python 2. If your requirement if Python3, refer the steps described above.

 

To Install Python 2 in CentOS 8 or RHEL 8

> sudo dnf install python2

To install pip, execute the following command

> sudo dnf install python2-pip

Now check the installation

> pip2 –version

To set python2 as the default python across the system, execute the following command.

> sudo alternatives –set python /usr/bin/python2

 

In previous versions of CentOS  and RHEL , there were so much dependency in the system with the unversioned python. Installing Python 3 and Python 2 together creates so much mess in the system. Now in CentOS 8 and RHEL 8, it is very easy.

Hope this blog helps. Please comment below if you face any issues. 🙂

 

 

How to set url length in Nginx Request (error code: 414, uri too large)

Today I got one annoying error after deploying the new version of the web application in nginx web server. Initially I thought the web app was buggy, but when I inspected the requests and response, I found the following error.

error code: 414, uri too large

On checking more details around this, I found that this issue can be fixed by adjusting few configurations in nginx. The parameter to modify is large_client_header_buffers.

This parameter sets the maximum number and size of buffers used for reading large client request header. A request line cannot exceed the size of one buffer, or the 414 (Request-URI Too Large) error is returned to the client. A request header field cannot exceed the size of one buffer as well, or the 400 (Bad Request) error is returned to the client. Buffers are allocated only on demand. By default, the buffer size is equal to 8K bytes. If after the end of request processing a connection is transitioned into the keep-alive state, these buffers are released.

Syntax : large_client_header_buffers number size ;

The default value is 4 and the size is 8 KB. You can increase this value to a higher value to fix this issue.

large_client_header_buffers 16 128k;

If you are facing issues even after making these changes, then add the following configuration to the server block in nginx.

fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;

client_max_body_size 24M;
client_body_buffer_size 128k;

client_header_buffer_size 5120k;
large_client_header_buffers 16 5120k;

 

Hope this helps 🙂  Please comment if you are facing any issues.

 

Route internet traffic through a specific interface in Linux Servers – CentOS / RHEL

I have a server with multiple network interfaces. Out of that two of them were connected to two different networks. My requirement is to route the internet traffic through the second interface. The Server is running with CentOS 7 operating system. The second interface is connected to a network with higher internet bandwidth and the first interface is connected to a network with lower bandwidth. So I have to make the second interface as the primary/default interface.

The details of the network interfaces are given below.

Details of first interface:

Interface name -> eno2

IP Address:  192.168.0.208

Gateway 192.168.0.1

Internet Provider : ISP01

Details of second interface:

Interface name -> eno3

IP Address:  172.31.0.208

Gateway 172.31.0.1

Internet Provider : ISP02

The diagrammatic view of the server and network connections are given below.

internet_routing

Problem statement:

The internet traffic is going through the first interface. I want to change it to the second interface.

How to check the route of the internet traffic ?

This can be checked by using the traceroute command. Execute the following commands and check hops. If it is going through the gateway of the first network, means traffic is routed through the first interface. If it is going through the gateway of the second network, means that the traffic is routed through the second interface.

traceroute google.com

When I executed this command, I got the following output that proves that the traffic was going through the first interface. 192.168.0.1 is the gateway of the first interface. You can see the details in the below screenshot.

traceroute_02

How to list the default traffic routes ?

To list the existing routes in the system, type the following command in the terminal.

ip route list

This will list all the routes and that shows the default routes also. The following screenshot shows the details of the routes in my system.

iproute_list01

In the above image, you can see two default routes. The first one has a priority of 102 and second one with priority 103. So based on the priority, the traffic goes through the first interface (gateway 192.168.0.1, ISP-01).

How to change the default / primary route ?

In my case there were two default routes. So making one interface as the default or primary route will solve the problem.

This can be enabled by configuring the DEFROUTE parameter in the network interface settings. The network interface configurations are present in the following directory.

/etc/sysconfig/network-scripts

In this directory, you can see files that starts with ifcfg-. In my case, the two files that I have to deal with are ifcfg-eno2 and ifcfg-eno3.

In this file, there will be a parameter DEFROUTE. If it is configured with value “yes” means that interface is a default route. If the value is “no” means it is not a default interface.

So make DEFROUTE=no in the first interface (ifcfg-eno2) and DEFROUTE=yes in the second interface (ifcfg-eno3).

Restart the network after making these changes. The command is shared below.

service network restart

Now check the route list and see the default route/s. The command is given below.

ip route list

The screenshot from my system is shared below.

iproute_list02

Now you can see that the second interface (gateway 172.31.0.1 & ISP-02) became the default interface and the first interface got removed from the default list. It is present in the available interfaces, but not the default interface.

Now let us test the internet traffic through traceroute command. As per our configuration, the traffic should go through the second interface. The command is given below.

traceroute google.com

The screenshot from my system is given below.

traceroute_01

As per the screenshot, the traffic is going as expected based on our configuration. It is going through the second interface.

The steps for Ubuntu and other operating systems are also similar. Here I have explained based on CentOS & RHEL operating systems.

Hope this article helps someone. 🙂

 

 

 

 

SELinux modes – Simple explanation

Everyone who uses linux might be familiar with SELinux. The full form of SELinux is Security-Enhanced Linux. It is a kernel level security module that enhances the access level security policies.

In this post I will be quickly explaining about the various modes in SELinux.

There are three modes in SELinux

  • Enforcing
  • Permissive
  • Disabled

In CentOS and RHEL systems , the SELinux configurations are controlled using the configuration file /etc/sysconfig/selinux.

The changes made to this file needs a system reboot. We can disable the SELinux permanently only with a system reboot. But we can set the SELinux into permissive mode without reboot. This can be easily performed by issuing a setenforce command. The details are explained in my another blog post.

Here we can set SELinux to any of the modes mentioned above.

In the Enforcing mode, SELinux is completely active and it will allow access only using the SELinux policies. User can configure the policies to enable access to their application.

In the Permissive mode, the SELinux will be monitoring and logging all the activities that would have been denied if it is in the enforcing state. The SELinux will not block any activities in this state.

In the Disabled mode, SELinux will be completely disabled.

How to migrate docker images from one server to another without using a docker registry/repository ?

Copying docker image from one server to another server is an easy task. The following steps will explain you about this. Before getting into the actual steps, lets get the understanding of few terminologies.

What is a docker image ?

An image is an immutable master copy. We can correlate docker image with an ISO image of an operating system. Once we run this image, it will create a container. We can run any number of containers from the same image.

What is a docker container ?

Container is basically a running copy of the image with life. Alterations can be made on the container. Basically changes can be applied on top of the base image while running it as a container. A container can be called as a booted image.

Docker save, export and load commands

docker save will save a docker image to the disk. This saved file includes all the layers of images and the metadata required to chain these layers to rebuild the current image. So the docker save command will preserve the history of all the layers present in the current image. We can copy this saved file to another server to load the image and run containers.

The syntax is

docker save -o [filename] [imagename]:[version]

The above command will save the image into the given file name. You can also provide the complete path along with the file name.

The docker load command will load the image back from file into the system. To load this image from the file, use the following command.

docker load -i [saved image file name]

Docker export will create a snapshot of the container. Basically it will save the current state of the container as an image. It will not preserve the details of the layers present in the parent image of the container. This will save the container’s file system as a tar file. This command does not export the contents of volumes associated with the container.

Docker save needs to be performed on a docker image and docker export is performed on a docker container.

To copy a docker image from one host to another host in a single shot, the following command will help. For executing this command, the bzip2 package needs to be installed in your unix operating system

docker save [image]:[version] | bzip2 | ssh username@hostname 'bunzip2 | docker load'

Note: For installing bzip2 in centos/rhel, use the following command

yum install bzip2

For ubuntu

apt-get install bzip2

I hope this article helped you. 🙂

How to find and kill a process locking a particular port in Linux?

Sometimes because of some issue or bug, our application may stop working, but the port will be locked. This kind of issue is very common with MySQL server, Elasticsearch, WebServices, Tomcat etc. In such scenarios, we have to find the zombie process and kill it to free up the locked port.

How to find the process that locks the port?

Use the following command

netstat -tulpn | grep <port>

This output of this command will contain the process id. Now we just need to kill the process.

Verify the process

Before killing the process, figure out what process it is and ensure we are not killing any required processes.

ps -aux | grep <process id>

The output of the above command will give the details of the process.

How to Kill a process ?

After confirming the details, you can kill the process

kill -9 <process id>

Now verify whether the port is still locked or not by executing the netstat command again

What is Swap memory and How to clear Swap usage in Linux ?

What is Swap Space ?

Swap is a space on disk that is used by the system when the available memory in the RAM (physical memory) is completely utilized. This is basically to increase the available virtual memory in the system. The swap memory will be used once the physical memory is full. Since this is residing in the disk, the processing speed using this memory will be slow compared to the processing in physical memory (RAM).

Why we need swap space ?

Suppose we have a system with 4GB RAM. When we start the system the memory usage will be less. But as we open applications or start running processes, the memory utilization will increase. If it reaches the 4GB utilization, we will not be able to use any additional applications and we will have to wait to get some free space in the RAM. With swap memory, the allocated space in the disk will be used in case of any additional requirement and the applications will still run even after crossing the max limit of system RAM. As already explained, the performance of swap will be very slow as compared to RAM.

How the memory management works internally ?

The Linux kernel has a memory management process. This process monitors all the processes and identifies the less frequently used memory pages (or blocks). In case of additional memory requirement exceeding the RAM limit comes, this memory management program will utilize the space in system hard disk allocated for “swapping” or paging these less frequently used memory blocks. In this way the RAM will be freed up and the active memory for running live application will become available in the system.

How to clear the swap memory usage?

If you want to clear the swap memory, you can execute the following command in the terminal as root user.

swapoff -a && swapon -a

WARNING.!!!: Be careful doing this, as this may affect your system’s stability, especially if its already low on RAM. Better not to set these swap clearing scripts as cronjob.

Configure Network in CentOS / RHEL from command line

How many of you are aware of a text user interface for network configuration ?. A tool called NMTUI (Network Manager Text User Interface) is available in CentOS and Redhat systems. You can simply open this by typing nmtui in the command line.

If this command is not available, you have to install the NetworkManager-tui package.

yum install NetworkManager-tui

If you type nmtui command in command line, the following console will open up. You can configure the network configurations in the opened console. You can

nmtui

nmtui

Disable Sleep mode in CentOS7/RHEL7 laptop on lid close

The following tip will help you to disable the powersaving or sleep mode behavior of your CentOS or RHEL laptop or desktop. If GUI is present, the following steps will help.

Applications => Utilities => Tweak Tool => Shell => Don't suspend on lid close => ON

But if GUI is not installed, then the only option is to disable this from the commandline. It is very easy, don’t worry. Who cares about the GUI in Linux. ? 🙂 (I love the black screen)

Open /etc/systemd/logind.conf, then make edit in the following configuration. By default, the value of this config will be suspend

HandleLidSwitch=ignore

man logind.conf will provide the complete details about this configuration file. Hope this tip helps.

 

Common dependencies to install PyCrypto package in CentOS/RHEL

The installation of pycrypto package may fail with errors like

“error: no acceptable C compiler found in $PATH”

“RuntimeError: autoconf error”

“fatal error: Python.h: No such file or directory”

” #include “Python.h”
^
compilation terminated.
error: command ‘gcc’ failed with exit status 1″

The solution for this issue is to install the following dependent packages.

yum install gcc

yum install gcc-c++

yum install python-devel

pip install pycrypto