Recent Changes - Search:
Thanks to OZU Thanks to OZU
Linked In

links

Reviews

Admin

1&1

edit SideBar

Main /

BaseCentos5

Gotchas of the 1&1 base Centos 64 bit cloud server image

  • iptables is enabled by default on the minimal centos install. Either configure it, or use an external one (1&1 control panel gives you access to a cisco HW FW), and disable it thusly
    • /etc/rc.d/init.d/iptables stop
      • or
    • service iptables stop
      • and to disable from startup:
    • chkconfig iptables off
  • It only has java 1.4 installed by default.
  • Its in BST, not UTC, and ntp is not enabled (so the time will not be exact).
  • Swap is only 2GB, even if you ordered 8GB memory. swap should be 16GB in this case.
  • zip is installed, but not unzip. The mind boggles.
  • sendmail nor postfix is installed. exim is, but its permissions are broken.

Useful utils:

  • chkconfig to manage your rcx.d scripts & services. chkconfig --list shows whats installed as a service and what run levels they start at.

Info:

  • yum list - shows packages available
  • yum list installed - shows packages installed.
  • java -version - if its not 1.5 or 1.6, you need to update it.
  • free tells you how much mem and swap you have. generally, swap should be twice your mem.

Set new hostname:

  1. hostname zzz.yyy.co.uk
  2. edit hostname in: /etc/sysconfig/network
  3. edit /etc/hosts and add hostname once to external IP:
    127.0.0.1 localhost.localdomain localhost
87.106.99.99 zzz.yyy.co.uk zzz

fix mail

  • # mkdir /var/log/exim
  • # chown exim:exim /var/log/exim
  • # service exim restart
  • now try to telnet to port 25 from the localhost, should let you in.

Update existing packages

  • yum update

Install apps

  • yum install telnet (for testing local ports etc)
  • yum install java-1.6.0-openjdk-devel

  • yum install tomcat5 tomcat5-webapps tomcat5-admin-webapps
  • vi /etc/tomcat5/tomcat5.conf - make your config changes.
  • NOTE: webappdir is /usr/share/tomcat5/webapps by default.
  • mkdir /usr/logs
  • delete these symlinks from /usr/share/tomcat5/common/endorsed:
    • lrwxrwxrwx 1 root root 36 Jun 24 13:46 [jaxp_parser_impl].jar -> /usr/share/java/jaxp_parser_impl.jar
    • lrwxrwxrwx 1 root root 36 Jun 24 13:46 [xml-commons-apis].jar -> /usr/share/java/xml-commons-apis.jar
  • service tomcat5 start
  • Note: to use the tomcat status/manager/administrator, you will need to edit your conf/tomcat-users.xml to something like this:
    <?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin" password="somepass" roles="admin,manager"/>
</tomcat-users>

  • yum install httpd httpd-devel httpd-manual
  • service httpd start

  • yum install subversion

  • yum install unzip

Configure the timezone to UTC.

  • mv /etc/localtime /etc/localtime.bak
  • ln -s /usr/share/zoneinfo/UTC /etc/localtime
  • the date command should now say UTC.
  • 1&1 recommend this:
    • yum update tzdata

Fix the date & time

  1. date mmddhhmm
  2. /sbin/hwclock --systohc --utc
  3. - possibly try this:
  4. edit /boot/grub/grub.conf and add "noapic nolapic divider=10 nolapic_timer" to end of kernel line and reboot

setup ntp.

  • ntp package should already be installed. see if its running with this:
    • pgrep ntpd
  • if it doenst return a process ID, do this:
    • chkconfig ntpd on
  • That should get it to start on bootup.
  • To manually start/stop/restart use this:
    • /etc/init.d/ntpd [start|stop|restart]
  • ALTERNATIVE INSTRUCTIONS:
    • Start the service:
      • service ntpd restart
    • Auto start service on startup:
      • chkconfig --level 345 ntpd on
      • chkconfig --level 0126 ntpd off
      • chkconfig --list | grep ntpd
        • ntpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
    • Check its syncing (look for the offset going down)
      • ntpq -p

Fixing broken 1&1 ntp setup.

If you use their plain centos image, and start ntp, it may quickly go wrong. In your ntp.cof will be the the centos.pool ntp servers. However, with the 1&1 default firewall at least, these are not reachable. In this file are also two 1&1 ntp servers. With this standard ntp.conf file, the time will quickly diverge from the actual time by about half an hour a day. When it is a day out, ntp will kill itself. To fix:

  1. comment out the centos pool servers.
  2. in /etc/ntp.conf change this:
    1. server ntp2.pureserver.info
    2. server ntp1.pureserver.info
  3. to this:
    1. server 212.227.123.64 burst iburst
    2. server 195.20.224.142 burst iburst
  4. and comment out the following:
    1. server 127.127.1.0 # local clock
    2. fudge 127.127.1.0 stratum 10

Install VNC

  • yum install vnc-server
  • yum install twm
  • yum install xterm
  • yum install xsetroot
  • useradd myvncuser (insert your username here)
  • passwd myvncuser (set pass)
  • su - myvncuser
  • vncpasswd (set pass)
  • edit /etc/sysconfig/vncservers:
    • VNCSERVERS="1:myvncuser"
    • VNCSERVERARGS[1]="-geometry 800x600"
    • NOTE: this is for testing - add the extra security parameters after (e.g. -localhost).
  • you can connect to server via browser on 580X where X is the number of the user (e.g. 1 or 2 etc) or on 590X using a vnc viewer app.
  • Start vnc as root:
    • /sbin/service vncserver start
  • or make it start automatcially at run level 3/4/5:
    • chkconfig httpd on

install oracle

  • Download oracle zip files from oracle.com to your local machine. In my case it was the 64 bit linux 11gR2 version. sftp (e.g. using filezilla) to a suitable dir, e.g. /home/oracle/download.
  • accroding to [http://www.jameskoopmann.com/docs/Install_Oracle11gCentOS5.htm], you need the following packages installed:
     rpm -q binutils \
            compat-libstdc++ \
            elfutils-libelf \
            elfutils-libelf-devel \
            glibc \
            glibc-common \
            glibc-devel \
            glibc-headers \
            gcc \
            gcc-c++ \
            libaio-devel \
            libaio \
            libgcc \
            libstdc++ \
            libstdc++ \
            make \
            sysstat \
            unixODBC \
            unixODBC-devel
  • Install the missing pre-requisites:
    • yum -y install libstdc++
    • yum -y install compat-libstdc++-33
    • yum -y install compat-libstdc++-33.x86_64
    • yum -y install elfutils-libelf-devel.x86_64
    • yum -y install gcc-c++.x86_64
    • yum -y install libaio
    • yum -y install libaio-devel
    • yum -y install libaio-devel.x86_64
    • yum -y install make.x86_64
    • yum -y install sysstat.x86_64
    • yum -y install unixODBC
    • yum -y install unixODBC-devel
    • yum -y install unixODBC.x86_64 unixODBC-devel.x86_64
    • yum -y install pdksh
  • setup the users and groups
    • groupadd oinstall
    • groupadd dba
    • useradd -g oinstall -G dba -s /bin/bash oracle
    • passwd oracle - set a password.
  • modify the kernel parameters by adding/editing to your /etc/sysctl.conf. NOTE: oracle generates a file (/tmp/CVU_11.2.0.1.0_oracle/runfixup.sh) which you can run to do all this if you want, when it checks the pre-requisites during installation.

net.core.rmem_default = 4194304 net.core.rmem_max = 4194304 net.core.wmem_default = 262144 kernel.sem = 250 32000 100 128 fs.file-max = 6815744 net.ipv4.ip_local_port_range = 9000 65500 net.core.wmem_max = 1048576 fs.aio-max-nr = 1048576 @]

  • Add the following lines to /etc/security/limits.conf
    oracle soft nproc  2047
oracle hard nproc  16384
oracle soft nofile 1024
oracle hard nofile 65536
  • Add the following lines to /etc/pam.d/login (note the pam file is located for me in /lib64/security/, not /lib/security/
    • session required pam_limits.so
  • Add the following lines to /etc/profile
    if [ $USER = "oracle" ]; then
  if [ $SHELL = "/bin/ksh" ]; then
    ulimit -p 16384
    ulimit -n 65536
  else
    ulimit -u 16384 -n 65536
  fi
fi
  • pick a mount point that has enough space: /home in my case (as 1&1 don't give enough space in other partitions in their builds)
    • # df -k
  • # mkdir /home/oracle/app/oracle/product/11.2.0
  • # chown -R oracle:oinstall /home/oracle/app
  • # chmod -R 775 /home/oracle/app
  • As Oracle:
    • # su – oracle
    • Add this to end of .bash_profile: umask 022
    • $ . ./.bash_profile
  • unzip the downloaded zip files:
    • $ cd /home/oracle
    • $ unzip /home/oracle/download/*.zip
  • Now you have a new dir: database, in your oracle dir.
  • fire up a VNC session, and in an xterm (as oracle user) execute this:
    • $ export ORACLE_BASE=/home/oracle/app/oracle
    • $ export ORACLE_SID=orcl
    • $ unset ORACLE_HOME
    • $ unset TNS_ADMIN
    • $ /home/oracle/database/runInstaller
    • I ignored the wining about 256 colours.
    • Now you get the oracle installation wizard/witch
      • Select Installation Option
        • Create and conigure a databse
      • System Class
        • Server Class
      • Node Selection
        • Single instance database installation
      • Select Install Type
        • Typical Install
      • Typical Installation Configuration
        • accept defaults except:
          • Database File location: /home/oracle/oradata
          • enter an admin password.
      • Oracle Inventory
        • Next to defaults
      • Prerequisit checks
        • Mine failed on several kernal parameters (ran /tmp/CVU_11.2.0.1.0_oracle/runfixup.sh which cured that), server missing 32 bit packages (installed with yum), and winged mightily about the lack of swap. I ignored this for now, and let it rip. Somewhere in the wizard, I set the char set to UTF-8: anything else is madness.
    • Run any scripts as root it asks at the end of the install
    • delete your .zip files and the dir you unzipped them to.
    • Add this to the oracle .bash_profile:
      export ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1
export PATH=$ORACLE_HOME/bin:$PATH
export ORACLE_UNQNAME=orcl
    • No idea what a UNQNAME is, but without it you cant start the enterprise manager.
  • to manage the enterprise manager:
    • $ ./emctl start | stop dbconsole
    • hit this URL https://your.server.com:1158/em/console/logon/logon
    • Make sure you trust the certificate (assuming you havent bought a real one).
    • you can login with SYS asDBA, but I would like to know how to login as a normal admin user.
  • setup oracle backups using the em console.
    • Database->availability->Manage/Scheduled Backup
    • Put in your unix oracle username and password.
    • select "schedule oracle-suggested backup"
    • Disk
    • default flash recovery area: /home/oracle/app/oracle/flash_recovery_area
    • Next
    • setup backup time to say 4am, and time zone to UTC.
    • next it generates this:
      Daily Script:
run {
allocate channel oem_disk_backup device type disk;
recover copy of database with tag 'ORA_OEM_LEVEL_0';
backup incremental level 1 cumulative  copies=1 for recover of copy with tag 'ORA_OEM_LEVEL_0' database;
}
    • Hit submit job. this gives a nasty error:
    • ORA-20446: The owner of the job is not registered ORA-06512: at "SYSMAN.MGMT_JOBS", line 168 ORA-06512: at "SYSMAN.MGMT_JOBS", line 86 ORA-06512: at line 1

Firewall

Create a new rule set something like this. 
Default-Policy: DENY
Number Remote IP Remote Port Local Port Protocol Action Status
1	All	Any	80	TCP	Allow	Active
2	All	Any	443	TCP	Allow	Active
3	All	Any	8443	TCP	Allow	Active
4	80.24.93.213/32	Any	22	TCP	Allow	Active
5	80.206.160.75/32	Any	22	TCP	Allow	Active
6	All	Any	8080	TCP	Allow	Active

Confluence.

Installing confluence is a pain because their installation documentation is very poor.

  • create an installation dir, and unzip confluence into it. It is unclear if this directory can be deleted after the installation.
  • Create a home directory, e.g. /home/confluence.
  • increase your min heap, e.g. by adding this to /etc/profile:
    export CATALINA_OPTS="-Xms128m -Xmx1024m -XX:MaxPermSize=192m -Djava.awt.headless=true"
    • The undocumented secret critical step is you need to change the ownership of this home dir thus:
    • chown tomcat:tomcat /home/confluence
  • Undocumented Oracle steps:
    • (optional) Create a new table space(s), e.g:
      CREATE TABLESPACE CONFLUENCE DATAFILE 
  '/home/oracle/oradata/orcl/confluence.dbf' SIZE 32M AUTOEXTEND ON NEXT 32M MAXSIZE UNLIMITED
LOGGING
ONLINE
PERMANENT
EXTENT MANAGEMENT LOCAL AUTOALLOCATE
BLOCKSIZE 8K
SEGMENT SPACE MANAGEMENT AUTO
FLASHBACK OFF;
    • Create a new oracle user, e.g. CONFLUENCE
      CREATE USER CONFLUENCE
  IDENTIFIED BY <password>
  DEFAULT TABLESPACE CONFLUENCE
  TEMPORARY TABLESPACE TEMP
  PROFILE DEFAULT
  ACCOUNT UNLOCK;
  -- 1 Tablespace Quota for CONFLUENCE 
  ALTER USER CONFLUENCE QUOTA UNLIMITED ON CONFLUENCE;
    • give it permissions we think confluence needs:
      GRANT  CONNECT TO CONFLUENCE;
GRANT RESOURCE TO CONFLUENCE;
GRANT CREATE TABLE TO CONFLUENCE;
GRANT  CREATE SYNONYM TO CONFLUENCE;
GRANT CREATE ROLE TO CONFLUENCE;
GRANT CREATE TYPE TO CONFLUENCE;
GRANT CREATE SEQUENCE TO CONFLUENCE;
GRANT CREATE TRIGGER TO CONFLUENCE;
GRANT CREATE PROCEDURE TO CONFLUENCE;
GRANT CREATE DATABASE LINK TO CONFLUENCE;
GRANT CREATE VIEW TO CONFLUENCE;
GRANT UNLIMITED TABLESPACE TO CONFLUENCE;
  • Now do the undocumented step of copying an oracle ojdbc jar into the confluence installation dirs, e.g:
    • # cp /home/oracle/app/oracle/product/11.2.0/dbhome_1/jdbc/lib/ojdbc6.jar /home/downloads/confluence-3.2.1_01/confluence/WEB-INF/lib/
    • restart tomcat (service tomcat5 restart).
  • go to http://myserver.com:8080/confluence/ and enter your license (you have to go to my.atlassian.com to get this - another undocumented step).
  • Next say you want to create a direct DB connection to oracle, and enter the confluence username, connection string password etc.
  • Add this to the /etc/exim/exim.conf 
    fixed_plain:
  driver = plaintext
  public_name = PLAIN
  server_prompts = :
  server_condition = \
    ${if and {{eq{$auth2}{confluence-email-user}}{eq{$auth3}{confluence-pass}}}}
  server_set_id = $auth2
    • Use that usr/pass in the confluence mail setup.
  • fix the mail library conflicts by deleting or moving:
    • mail-1.4.1.jar
    • activation-1.0.2.jar
    • out of <Confluence-install-dir>/confluence/WEB-INF/lib
  • Fix the broken tomcat 5.5.23, buy downloading tomcat 5.5.17, taking out the naming-factory.jar and replacing the one in the /usr/share/tomcat5/lib dir as its missing some classes (tomcat team cant package their own product). https://issues.apache.org/bugzilla/show_bug.cgi?id=40668

backups

on another 1&1 root server (standard plesk install)

  1. NOTE: stupidly, 1&1 standard centos image has no mounted /home partition, so you cant put anything in /home or it will flood the small / partition.
  2. # groupadd skillkash
  3. # useradd -g skillkash -d /var/home/backup -s /bin/bash backup
  4. # passwd skillkash
  5. now you can sftp to the box (assuming no fw) with password..
  6. Edit /etc/ssh/sshd_config on server you connect to and make sure the following lines are uncommented:
    RSAAuthentication yes
PubkeyAuthentication yes
  7. On machine you connect from:
    1. ssh-keygen -t rsa
    2. hit enter so you dont set a password.
  8. On server
    1. in the target user home dir, create or edit ~/.ssh/authorized_keys
    2. chmod 700 .ssh
    3. chmod 600 .ssh/authorized_keys
    4. Paste in the contents of the ~/.ssh/id_rsa.pub on the client machine into the authorized_keys on the server machine.
    5. scp away!
Edit - History - Print - Recent Changes - Search
Page last modified on August 01, 2011, at 08:22 PM