I’ve been using CentOS since 2005 for most of my serious professional deployments. While it has its annoyances (like the spat with Google who refused to support Chrome on it), it has been a very stable and manageable OS. If you think you might be interested in Red Hat, you probably can’t go wrong with an evaluation of CentOS.

Proxy

Using yum with a proxy is sometimes necessary on off network machines. CentOS/RH/Gnome has done some things to help a bit but it’s still a bit disjointed and messy. There is a menu item (MATE) under System -> Preferences -> Internet and Network -> Network Proxy that opens a standard thing. This seems to be what browsers use (e.g. chromium-browser). Change that to manual and add your proxy. I entered it 4 times for each protocol. I didn’t find a way to conclusively set this at a system wide level.

To make updates work add this to main section in…

/etc/yum.conf
    [main]
    proxy=http://avproxy.example.edu:3128

And this is nice too for things like wget.

/etc/environment
http_proxy="http://avproxy.example.edu:3128"
https_proxy="https://avproxy.example.edu:3128"
ftp_proxy="ftp://avproxy.example.edu:3128"
no_proxy="example.edu,localhost"

Changing IP Number

I seem to be doing a lot of this recently for some reason.

Edit etc/sysconfig/network-scripts/ifcfg-en... (sudo) where the device name could be eno1 or enp4s0 or some completely different idiotic thing.

Maybe edit /etc/hostname.

sudo systemctl restart network

Reboot for the complete experience (hostname jives everywhere).

Changing Time Zones

Forget to set the timezone on installation. It happens. This cures it.

sudo timedatectl set-timezone America/Los_Angeles

Of course if you’re moving to EDT, you can just leave that alone. ;-)

SELinux

Get rid of it. It’s got it’s own notes.

Custom Start Up Scripts

This article has good details. Basically, edit something in /etc/systemd/system/ to be like the others there but what you want.

Here’s a full example of how I did this.

/data/isbd/isbdd_starter
#!/bin/bash
# Chris X Edwards
# A simple program to cleanly bring up and control a daemon.
DAEMON="isbdd"
SERVDIR="/home/ec2-user/isbd/isbd_server/"
#CONFIG="${SERVDIR}/isbdd.conf"
LOGFILE="/home/ec2-user/isbd/data/${DAEMON}.log"
#START_CMD="${SERVDIR}/${DAEMON} -c ${CONFIG} >> ${LOGFILE}"
PYTHON="/usr/bin/python"
START_CMD="${PYTHON} ${SERVDIR}/${DAEMON}"

function serverpid {
    pidof ${START_CMD}
}
function isup {
    if serverpid > /dev/null; then return 0; else return 1; fi
}
function status {
    if isup ; then
        echo "${DAEMON} is running with pid: $(serverpid)"
    else
        echo "${DAEMON} does not seem to be running."
        ps -ef | grep ${DAEMON}
    fi
    exit
}
function starts {
    if isup ; then
        status
    else
        echo "Starting ${DAEMON}..."
        ${START_CMD} >> ${LOGFILE} &
        status
        exit
    fi
}
function stops {
    if isup ; then
        echo "Stopping ${DAEMON} running with pid: $(serverpid)"
        kill $(serverpid)
    else
        echo "${DAEMON} is not running."
    fi
}
if [ "$1" == "start" ]; then
    starts
elif [ "$1" == "stop" ]; then
    stops
    exit
elif [ "$1" == "restart" ]; then
    stops
    starts
else
    status
fi

You can put that where you want; I left it with the server program. Then you need one of these which I left in the same place.

/data/isbd/isbdd.service
[Unit]
Description=ISBD Daemon - xed.ch/p/isbd - Receives Satellite Messages
After=network.target

[Service]
ExecStart=/data/isbd/isbdd_starter start
ExecReload=/data/isbd/isbdd_starter reload
ExecStop=/data/isbd/isbdd_starter stop

# supress to log debug and error output also to /var/log/messages
StandardOutput=null
StandardError=null
Type=forking

[Install]
WantedBy=network.target

Then you need to put symlink here.

cd /usr/lib/systemd/system
ln -s /root/isbd_server/isbdd.service

Then you "enable" it which makes a sym link to this in /etc/systemd/system. (But my method keeps the original with the rest of the server’s stuff.)

systemctl enable isbdd.service

And now when you reboot the thing, it should be running the server. Well, it seems to be working for me! Note that I’m not saying this is properly done, but it does work.

Latest Install Procedure (2018)

This will soon be in a kickstart file, but until then, this is the latest recipe.

  • Boot from flash drive, let installer start.

  • Click Done for English.

  • Configure networking.

    • Ignore ipv6

    • Manual ipv4 - add IP and NS

    • Specify host name

  • Configure time.

    • Los_Angeles

    • ntp (requires a mouse to set custom server)

  • Configure disk - I use manual and get ready to press done twice if you don’t configure a swap partition. Which I don’t.

  • Specify installation source - FTP, then mirror.example.edu/centos/7/os/x86_64.

  • Visit software selection. Don’t do anything other than "Minimal".

  • Start installation.

  • Set root pw.

  • Wait about 15 minutes.

  • At reboot, don’t just yank out install flash drive. Just click reboot. This ensures final cached disk writes actually go.

  • Log in. Immediately shutdown -h now. Remove USB. Restart.

  • Ah, the hanging while setting graphics later was trying to set things up remotely and not having a chance to agree to the license in the "Finish Installation" screen. So make sure you reboot and let that stupid screen come up. Agree and reboot one more time. In a kickstart, look for firstboot --disabled and eula --agreed.

  • Should be good to leave the room.

  • Log in to the machine.

  • yum -y update (get ready to say "y", even with the -y option, to accept GPG key.

  • yum -y install epel-release

  • yum groupinstall "MATE Desktop" - This installs 755 packages and takes quite a while (maybe 20 minutes, 12 w/SSD). Maybe try -y but there is a prompt to accept fedora keys. Also it seems that they just broke something so --skip-broken has been needed recently (with no apparent ill effects).

    • Try to skip this (caused hang remotely without license step, probably not needed) systemctl isolate graphical.target

    • systemctl set-default graphical.target

    • systemctl list-units --type=target

  • Optional - do this only if graphics (or HID) still don’t work after Mate is installed. yum groupinstall "X Window System" Had this problem (and was able to fix it) when trying to install with xorg-x11-drv-intel.

  • Install missing stuff. This all goes pretty quick, less than 4 minutes. yum install ...

    • vim tcsh rsync wget cvs htop nfs-tools asciidoc screen tmux inkscape lftp

    • libreoffice

  • Maybe also

    • bind-utils graphviz mariadb usbutils nfs-utils

    • libmng compat-libtiff3

    • cups xpdf ghostscript hplip cups-lpd

    • chromium

  • A good time to reboot and make sure it comes up properly.

  • If you’re setting this up a second time and the auth server already knows about this host, you may need to log in to the auth server’s management stuff and get rid of that host record.

  • For central authentication yum install freeipa-client

  • ipa-client-install --force-ntpd

    • auth-alab.ucex.edu

    • auth-alab.ucex.edu

    • yes (i.e. no DNS discovery)

    • yes (continue to configure with these values)

    • admin (authorized to enroll computers)

  • yum install nfs-utils (This can sometimes be pulled in as a dependency if you go in order, but if you set up mount points while you’re waiting, you’ll need to install this manually.)

  • Copy the nfs mounts from somewhere else. (Add correct source.) ssh xed@ws2-alab.example.edu grep nfs /etc/fstab >> /etc/fstab

    • Make mount points: mkdir /lab /data /pro /local /localSSD

    • mount -a

  • Disable SELinux that kills key-based SSH somehow.

    • getenforce

    • sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config

    • setenforce 0

  • Hook up local.

  • I was finding that IPA was really slow. Of course SELinux was involved even though it’s turned off. Add this line. selinux_provider = none to the [domain/auth-alab.example.edu] section in /etc/sssd/sssd.conf.

  • Set up a printer if necessary.

    • sudo system-config-printer

    • +Add button

    • Adjust Firewall

    • "Network Printer" - pick one if it shows up.

    • Using "HPLIP" (i.e. "Forward")

    • Check Duplexer Installed. Forward.

    • Printer name = hostname

Expanding Minimal

Sometimes installing just the "minimal" package set keeps the most unnecessary cruft from accumulating. But wow is it minimal. Note that it’s better to install minimal, update that, then install up-to-date versions of what you need, than to install stale maximal packages, and update all that.

Vim

yum install vim

rsync

yum install rsync

Misc

Stuff people sometimes need that may be missing.

  • screen & tmux

  • lftp

  • htop ← Not standard!

  • psmisc (killall, pkill, pstree)

  • inkscape

  • graphviz

  • gimp

  • libreoffice

  • bind-utils

    • dig

    • host

    • nslookup

ifconfig

What? How can you leave this command out? Turns out with a minimal install of CentOS 7 it does not come included! Here are some more details.

You can use ip addr and ip link.

You can also do yum provides ifconfig. Ok, that actually doesn’t work. So just install net-tools and ifconfig is there. Also provides these important ones.

  • arp

  • netstat

  • route

Time and NTP

Forget to do the time configuration at install?

timedatectl set-timezone America/Los_Angeles
yum install ntp
vi /etc/ntp.conf # Replace ^server lines with time.example.edu
ntpdate time.example.edu
systemctl enable ntpd
systemctl start ntpd
systemctl status ntpd

Firewall

You can check (and, stop, start) if the firewall is running with this.

systemctl status firewalld
systemctl stop firewalld
systemctl start firewalld

You can open firewall ports like this.

firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --reload     # This is needed for add-port to take effect!
firewall-cmd --permanent --zone=public --list-all
systemctl enable firewalld
# Undo that change...
firewall-cmd --permanent --zone=public --remove-port=80/tcp

Cups

Often I get called about problems like this.

[root@ws6-alab ~]# lpq
HP-Color-LaserJet-cp2025dn-2 is not ready
Rank    Owner   Job     File(s)                         Total Size
1st     msuser  744     sky.jpg                         230400 bytes

So I do a lprm 744 and the job disappears, but…

[root@ws6-alab ~]# lpq
HP-Color-LaserJet-cp2025dn-2 is not ready
no entries

…still not ready.

One solution that seemed to work is simply this.

# cupsenable HP-Color-LaserJet-cp2025dn-2

Also make sure that the ErrorPolicy setting in /etc/cups/printers.conf is set to retry-job and not to stop-printer. Which is just stupid, right?

Firing Gnome

As in "You’re fired!"

This extremely helpful guide worked for me very well on CentOS 7. Basically…

sudo yum install epel-release
sudo yum groupinstall "X Window system" # Was able to skip from minimal.
sudo yum groupinstall "MATE Desktop"    # <- OR s/MATE Desktop/xfce/
sudo systemctl isolate graphical.target
sudo systemctl set-default graphical.target

Then restart and choose your target WM from the GDM or LightDM login thing.

Firing Stupid Services

ModemManager? WTF? On by default apparently it deals with cell phone stuff. Here’s a good example of completely purging a stupid service.

$ systemctl  | grep -i modem
$ sudo systemctl stop ModemManager
$ sudo systemctl disable ModemManager
Removed symlink /etc/systemd/system/multi-user.target.wants/ModemManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.ModemManager1.service.

Troubleshooting lightdm

I had a problem where I installed the minimal system. Then Mate. Then the Elrepo nvidia drivers. Then my keyboard and mouse stopped working. This fixed it.

yum install xorg-x11-drv-evdev.x86_64
yum install xorg-x11-drv-evdev.i686
systemctl restart lightdm

Fixing Focus Follows Mouse

Some people (ok one important person) likes focus follows mouse (FFM) and the latest CentOS 7 Gnome 3 makes that somewhat tricky. Here’s what I came up with. These may need to be changed with gsettings or some other tool, but let’s just stick to gsettings.

$ gsettings list-recursively | grep 'raise\|focus' | grep pref
org.gnome.desktop.wm.preferences focus-new-windows 'smart'
org.gnome.desktop.wm.preferences raise-on-click true
org.gnome.desktop.wm.preferences auto-raise false
org.gnome.desktop.wm.preferences focus-mode 'click'
org.gnome.desktop.wm.preferences auto-raise-delay 500

Try this.

$ gsettings org.gnome.desktop.wm.preferences focus-mode '*VAL'
$ gsettings org.gnome.desktop.wm.preferences auto-raise true
Table 1. VAL can be

click

default focus

mouse

focus is definitely where mouse is

sloppy

focus is usually where mouse is except for alt-tab (and?)

Good info here:

http://askubuntu.com/questions/64605/how-do-i-set-focus-follows-mouse

Perl5 Directory

Why is CentOS 7 creating a perl5 directory in every user’s home directory on login? Dang good question. This cures it.

rpm -e perl-homedir

Good to keep an eye on what’s happening in /etc/profile.d since it seems to be filled with "helpful" mischief these days.

Clearing Users From Log In Menu

This has been slowly driving me crazy for 5 years. People become users and then they leave. I like to leave their accounts active for a while but even if I get rid of their accounts their names show up in the list of log in names shown on the log in screen. Technically in the "display manager’s" log in feature. Using an LDAP system my machines start to get huge lists of people who sat at a machine just once. How can I keep old users from showing up on this?

After tons of searching I finally figured it out. I figured out that on CentOS the responsible package/system/whatever was "ConsoleKit". This command is what is used (with some tweaking) to populate the log in menu.

ck-history --frequent

Great! So where does that come from? This was much harder to track down. At first I thought it might be in /var/cache/gdm which does have directories for defunct users. Feel free to delete those. But that wasn’t it. After reading the source code of ck-history I finally found it in /var/log/ConsoleKit/history. It turns out that the log in screen searches through this file for all unique users ever time the display manager displays this log in menu. Little wonder the whole thing is slow. Anyway, to remove an old name from showing up on a display manager menu do something like this.

sudo sed -i '/unix-user=20060/d' /var/log/ConsoleKit/history

Of course deleting the file completely gives you a fresh start with this.

This file can be handy to see who’s idle. Check out the idle-since-hint in the output of ck-list-sessions.

Apache On CentOS 7

CentOS 7 "improved" way too much. Now I don’t know how to do much of anything. Of course everything now has an automagical RH enterprise script. Fun! Here are some things to consider when getting Apache working.

sudo yum install httpd
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
sudo systemctl start httpd.service
sudo systemctl stop httpd.service
sudo systemctl enable httpd

Nvidia Drivers

Yup. Still a mess. This is helpful. http://www.dedoimedo.com/computers/centos-7-nvidia.html

This may be better yet. http://elrepo.org/tiki/kmod-nvidia

This one worked in CentOS 7.

http://www.advancedclustering.com/act-kb/installing-nvidia-drivers-rhel-centos-7/

I have had workstations that have serious lockup problems with nouveau. It could be unrelated but if not, that looks like this.

$ lsmod | grep nou
nouveau              1634298  9
video                  24520  1 nouveau
mxm_wmi                13021  1 nouveau
i2c_algo_bit           13413  1 nouveau
drm_kms_helper        163265  1 nouveau
ttm                    99345  1 nouveau
drm                   370825  7 ttm,drm_kms_helper,nouveau
i2c_core               40756  5 drm,i2c_piix4,drm_kms_helper,i2c_algo_bit,nouveau
wmi                    19070  2 mxm_wmi,nouveau

I have had good luck with the proprietary driver installed with packages on CentOS 7. That seems to come from elrepo.

$ sudo yum list installed | grep nvid
Loaded plugins: fastestmirror, langpacks, nvidia
kmod-nvidia.x86_64                    390.42-1.el7_4.elrepo          @elrepo
nvidia-detect.x86_64                  390.25-1.el7.elrepo            @elrepo
nvidia-x11-drv.x86_64                 390.42-1.el7.elrepo            @elrepo
nvidia-x11-drv-32bit.x86_64           390.42-1.el7.elrepo            @elrepo
yum-plugin-nvidia.noarch              1.0.2-1.el7.elrepo             @elrepo
$ lsmod | grep nv
nvidia_drm             39700  1
nvidia_modeset       1104417  3 nvidia_drm
nvidia              14337655  84 nvidia_modeset
drm_kms_helper        163265  1 nvidia_drm
drm                   370825  4 drm_kms_helper,nvidia_drm
i2c_core               40756  4 drm,i2c_i801,drm_kms_helper,nvidia
ipmi_msghandler        46608  2 ipmi_devintf,nvidia

I just had a big mess on an otherwise up-to-date CentOS 7 machine with this:

Error: Package: kmod-nvidia-390.48-2.el7_5.elrepo.x86_64 (elrepo)

I found this tip helpful. Basically show all of your options.

sudo yum --enablerepo=elrepo --showduplicates list kmod-nvidia

You may be able to upgrade through to one that works.

Systemd vs. SysVinit

See my notes on this tiresome topic.

Well, this is confusing, but probably a good thing ultimately. In the old days there used to be a directory called /etc/init.d/ which contained start up scripts. Now that is not so true. Now (CentOS 7 and beyond) you should use the systemctl command for starting and stopping services. Pleasantly, the very poorly named chkconfig command also seems to have been replaced by this.

Check out this handy guide and man systemctl for details.

Installation

See my notes on yum and rpm for issues specific to Red Hat style package management.

USB Install

Looks like CentOS 7 does not play well with unetbootin (which is a bizarrely complex Ubuntu tool). To install, just download:

ftp://mirror.example.edu:/centos/7/isos/x86_64/CentOS-7.0-1406-x86_64-NetInstall.iso

Don’t use unetbootin. Just use dd if=/tmp/CentOS-7.0-1406-x86_64-NetInstall.iso of=/dev/sdc

Note that if your USB memory stick is already partitioned with /dev/sdc1, that will all get hosed.

Installation Mirror

ftp:://mirror.example.edu/centos/7/os/x86_64 link

Install one place move to another

I had a problem once where I installed CentOS 7 on a test machine so that it would be preinstalled on the hard drive. When I put the hard drive into the actual machine it was destined for, no workie.

The key was to regenerate an initramfs file. The trick is to boot into the rescue kernel (which did work for me) and then use something like

yum remove kernel-2.6.18-194.el5

(Get a list with rpm -qa | grep kernel | sort.)

Then just run the similar command but with install to reinstall it.