I’ve been using CentOS since 2005 for most of my serious professional deployments. While it has its annoyances (like the spat with Google who refused to support Chrome on it), it has been a very stable and manageable OS. If you think you might be interested in Red Hat, you probably can’t go wrong with an evaluation of CentOS.

Proxy

Using yum with a proxy is sometimes necessary on off network machines.

Add this to main section in /etc/yum.conf.

[main]
proxy=http://avproxy.example.edu:3128

Custom Start Up Scripts

This article has good details. Basically, edit something in /etc/systemd/system/ to be like the others there but what you want.

Here’s a full example of how I did this.

/data/isbd/isbdd_starter
#!/bin/bash
# Chris X Edwards
# A simple program to cleanly bring up and control a daemon.
DAEMON="isbdd"
SERVDIR="/home/ec2-user/isbd/isbd_server/"
#CONFIG="${SERVDIR}/isbdd.conf"
LOGFILE="/home/ec2-user/isbd/data/${DAEMON}.log"
#START_CMD="${SERVDIR}/${DAEMON} -c ${CONFIG} >> ${LOGFILE}"
PYTHON="/usr/bin/python"
START_CMD="${PYTHON} ${SERVDIR}/${DAEMON}"

function serverpid {
    pidof ${START_CMD}
}
function isup {
    if serverpid > /dev/null; then return 0; else return 1; fi
}
function status {
    if isup ; then
        echo "${DAEMON} is running with pid: $(serverpid)"
    else
        echo "${DAEMON} does not seem to be running."
        ps -ef | grep ${DAEMON}
    fi
    exit
}
function starts {
    if isup ; then
        status
    else
        echo "Starting ${DAEMON}..."
        ${START_CMD} >> ${LOGFILE} &
        status
        exit
    fi
}
function stops {
    if isup ; then
        echo "Stopping ${DAEMON} running with pid: $(serverpid)"
        kill $(serverpid)
    else
        echo "${DAEMON} is not running."
    fi
}
if [ "$1" == "start" ]; then
    starts
elif [ "$1" == "stop" ]; then
    stops
    exit
elif [ "$1" == "restart" ]; then
    stops
    starts
else
    status
fi

You can put that where you want; I left it with the server program. Then you need one of these which I left in the same place.

/data/isbd/isbdd.service
[Unit]
Description=ISBD Daemon - xed.ch/p/isbd - Receives Satellite Messages
After=network.target

[Service]
ExecStart=/data/isbd/isbdd_starter start
ExecReload=/data/isbd/isbdd_starter reload
ExecStop=/data/isbd/isbdd_starter stop

# supress to log debug and error output also to /var/log/messages
StandardOutput=null
StandardError=null
Type=forking

[Install]
WantedBy=network.target

Then you need to put symlink here.

cd /usr/lib/systemd/system
ln -s /root/isbd_server/isbdd.service

Then you "enable" it which makes a sym link to this in /etc/systemd/system. (But my method keeps the original with the rest of the server’s stuff.)

systemctl enable isbdd.service

And now when you reboot the thing, it should be running the server. Well, it seems to be working for me! Note that I’m not saying this is properly done, but it does work.

Expanding Minimal

Sometimes installing just the "minimal" package set keeps the most unnecessary cruft from accumulating. But wow is it minimal.

Misc

  • screen

  • lftp

  • htop ← Not standard!

  • psmisc (killall, pkill, pstree)

Vim

yum install vim

rsync

yum install rsync

ifconfig

What? How can you leave this command out? Turns out with a minimal install of CentOS 7 it does not come included! Here are some more details.

You can use ip addr and ip link.

You can also do yum provides ifconfig. Ok, that actually doesn’t work. So just install net-tools and ifconfig is there. Also provides these important ones.

  • arp

  • netstat

  • route

bind-utils

Important network tools.

  • dig

  • host

  • nslookup

Time and NTP

Forget to do the time configuration at install?

timedatectl set-timezone America/Los_Angeles
yum install ntp
vi /etc/ntp.conf # Replace ^server lines with time.example.edu
ntpdate time.example.edu
systemctl enable ntpd
systemctl start ntpd
systemctl status ntpd

Firewall

You can check (and, stop, start) if the firewall is running with this.

systemctl status firewalld
systemctl stop firewalld
systemctl start firewalld

You can open firewall ports like this.

firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --reload     # This is needed for add-port to take effect!
firewall-cmd --permanent --zone=public --list-all
systemctl enable firewalld
# Undo that change...
firewall-cmd --permanent --zone=public --remove-port=80/tcp

Cups

Often I get called about problems like this.

[root@ws6-alab ~]# lpq
HP-Color-LaserJet-cp2025dn-2 is not ready
Rank    Owner   Job     File(s)                         Total Size
1st     msuser  744     sky.jpg                         230400 bytes

So I do a lprm 744 and the job disappears, but…

[root@ws6-alab ~]# lpq
HP-Color-LaserJet-cp2025dn-2 is not ready
no entries

…still not ready.

One solution that seemed to work is simply this.

# cupsenable HP-Color-LaserJet-cp2025dn-2

Also make sure that the ErrorPolicy setting in /etc/cups/printers.conf is set to retry-job and not to stop-printer. Which is just stupid, right?

Firing Gnome

As in "You’re fired!"

This extremely helpful guide worked for me very well on CentOS 7. Basically…

sudo yum install epel-release
sudo yum groupinstall "X Window system"
sudo yum groupinstall "MATE Desktop"            # <- OR s/MATE Desktop/xfce/
sudo systemctl isolate graphical.target

Then restart and choose your target WM from the GDM or LightDM login thing.

Fixing Focus Follows Mouse

Some people (ok one important person) likes focus follows mouse (FFM) and the latest CentOS 7 Gnome 3 makes that somewhat tricky. Here’s what I came up with. These may need to be changed with gsettings or some other tool, but let’s just stick to gsettings.

$ gsettings list-recursively | grep 'raise\|focus' | grep pref
org.gnome.desktop.wm.preferences focus-new-windows 'smart'
org.gnome.desktop.wm.preferences raise-on-click true
org.gnome.desktop.wm.preferences auto-raise false
org.gnome.desktop.wm.preferences focus-mode 'click'
org.gnome.desktop.wm.preferences auto-raise-delay 500

Try this.

$ gsettings org.gnome.desktop.wm.preferences focus-mode '*VAL'
$ gsettings org.gnome.desktop.wm.preferences auto-raise true
Table 1. VAL can be

click

default focus

mouse

focus is definitely where mouse is

sloppy

focus is usually where mouse is except for alt-tab (and?)

Good info here:

Perl5 Directory

Why is CentOS 7 creating a perl5 directory in every user’s home directory on login? Dang good question. This cures it.

rpm -e perl-homedir

Good to keep an eye on what’s happening in /etc/profile.d since it seems to be filled with "helpful" mischief these days.

Clearing Users From Log In Menu

This has been slowly driving me crazy for 5 years. People become users and then they leave. I like to leave their accounts active for a while but even if I get rid of their accounts their names show up in the list of log in names shown on the log in screen. Technically in the "display manager’s" log in feature. Using an LDAP system my machines start to get huge lists of people who sat at a machine just once. How can I keep old users from showing up on this?

After tons of searching I finally figured it out. I figured out that on CentOS the responsible package/system/whatever was "ConsoleKit". This command is what is used (with some tweaking) to populate the log in menu.

ck-history --frequent

Great! So where does that come from? This was much harder to track down. At first I thought it might be in /var/cache/gdm which does have directories for defunct users. Feel free to delete those. But that wasn’t it. After reading the source code of ck-history I finally found it in /var/log/ConsoleKit/history. It turns out that the log in screen searches through this file for all unique users ever time the display manager displays this log in menu. Little wonder the whole thing is slow. Anyway, to remove an old name from showing up on a display manager menu do something like this.

sudo sed -i '/unix-user=20060/d' /var/log/ConsoleKit/history

Of course deleting the file completely gives you a fresh start with this.

This file can be handy to see who’s idle. Check out the idle-since-hint in the output of ck-list-sessions.

Apache On CentOS 7

CentOS 7 "improved" way too much. Now I don’t know how to do much of anything. Of course everything now has an automagical RH enterprise script. Fun! Here are some things to consider when getting Apache working.

sudo yum install httpd
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
sudo systemctl start httpd.service
sudo systemctl stop httpd.service
sudo systemctl enable httpd

Nvidia Drivers

Systemd vs. SysVinit

Well, this is confusing, but probably a good thing ultimately. In the old days there used to be a directory called /etc/init.d/ which contained start up scripts. Now that is not so true. Now (CentOS 7 and beyond) you should use the systemctl command for starting and stopping services. Pleasantly, the very poorly named chkconfig command also seems to have been replaced by this.

Check out this handy guide and man systemctl for details.

Installation

See my notes on yum and rpm for issues specific to Red Hat style package management.

USB Install

Looks like CentOS 7 does not play well with unetbootin (which is a bizarrely complex Ubuntu tool). To install, just download:

ftp://mirror.ucsd.edu:/centos/7/isos/x86_64/CentOS-7.0-1406-x86_64-NetInstall.iso

Don’t use unetbootin. Just use dd if=/tmp/CentOS-7.0-1406-x86_64-NetInstall.iso of=/dev/sdc

Note that if your USB memory stick is already partitioned with /dev/sdc1, that will all get hosed.

Installation Mirror

ftp:://mirror.ucsd.edu/centos/7/os/x86_64 link

Install one place move to another

I had a problem once where I installed CentOS 7 on a test machine so that it would be preinstalled on the hard drive. When I put the hard drive into the actual machine it was destined for, no workie.

The key was to regenerate an initramfs file. The trick is to boot into the rescue kernel (which did work for me) and then use something like

yum remove kernel-2.6.18-194.el5

(Get a list with rpm -qa | grep kernel | sort.)

Then just run the similar command but with install to reinstall it.