Notes On Installing CentOS 7 Server

I’ve been on a fedora kick lately, and naturally for my server needs I am using CentOS 7. I have never really used CentOS in production and there are a couple of gotchas that I ran into while getting everything set up that I wanted to jot down for future reference and also in case its useful to someone else.

Install Some Useful Packages

The default install of CentOS is pretty bare bones. I installed several packages to make it a bit more usable.

sudo yum install wget unzip git htop vim epel-release

I tried to get away without installing epel[3], but it’s too darn useful.

Enable SSH Login

I have no idea how or why this works (I think it might have something to do with SELinux), but in order to be able to SSH into your server you need to set up your authorized keys file like this[1]:

mkdir .ssh
chmod 755 .ssh/

# copy your id_rsa.pub file to .ssh/authorized_keys 
# you can do this with a text editor, or if its on github
# download it with wget https://github.com/$USER.keys and 
# rename it to be the .ssh/authorized_keys file 

chmod 600 .ssh/authorized_keys
sudo restorecon -R -v .ssh

After that be sure to set PasswordAuthentication no in /etc/ssh/sshd_config and restart the sshd service for this to take effect. sudo systemctl restart sshd.service.

Install Docker

I used a convenience script from the main docker docs [2], I also added myself to the docker user group in order be able to run docker commands without root.

curl -fsSL get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER

I am not using the root user to log in, I am using my own user.

If you want to use docker-compose, then (assuming you installed epel-release) you should install pip and docker-compose.

sudo yum install python34-pip
sudo pip3 install docker-compose

Allow outside connections

CentOS uses firewalld[4], it is a bit more complex than what I am used to with UFW, but certainly easier to use than iptables.

You can allow traffic on http and https with the following commands.

sudo firewall-cmd --zone=public --add-service=http
sudo firewall-cmd --zone=public --add-service=https

References
[1]Creating .ssh folder
[2]Install Docker on CentOS
[3]Extra Packages for Enterprise Linux
[4]DO firewalld guide

Installing Sage Math on Fedora 28

Sage Math is a massive collection of open source mathematical tools. I am using it as a part of going through the Free Linear Algebra Book.

On a fresh install of Fedora 28, when you run dnf install sagemath you will install dozens of different packages. However, when you try to launch the sage math program you will get an error message saying that sage math crashed.

┌────────────────────────────────────────────────────────────────────┐
│ SageMath version 8.0, Release Date: 2017-07-21                     │
│ Type "notebook()" for the browser-based notebook interface.        │
│ Type "help()" for help.                                            │
└────────────────────────────────────────────────────────────────────┘

**********************************************************************

Oops, Sage crashed. We do our best to make it stable, but...

A crash report was automatically generated with the following information:
  - A verbatim copy of the crash traceback.
  - A copy of your input history during this session.
  - Data on your current Sage configuration.

It was left in the file named:
    '/home/levlaz/.ipython/Sage_crash_report.txt'
If you can email this file to the developers, the information in it will help
them in understanding and correcting the problem.

You can mail it to: sage-support at sage-support@googlegroups.com
with the subject 'Sage Crash Report'.

If you want to do it now, the following command will work (under Unix):
mail -s 'Sage Crash Report' sage-support@googlegroups.com < /home/levlaz/.ipython/Sage_crash_report.txt

In your email, please also include information about:
- The operating system under which the crash happened: Linux, macOS, Windows,
  other, and which exact version (for example: Ubuntu 16.04.3, macOS 10.13.2,
  Windows 10 Pro), and whether it is 32-bit or 64-bit;
- How Sage was installed: using pip or conda, from GitHub, as part of
  a Docker container, or other, providing more detail if possible;
- How to reproduce the crash: what exact sequence of instructions can one
  input to get the same crash? Ideally, find a minimal yet complete sequence
  of instructions that yields the crash.

To ensure accurate tracking of this issue, please file a report about it at:
http://trac.sagemath.org

Hit <Enter> to quit (your terminal may close):

If you inspect the error file found in $HOME/.ipython/Sage_crash_report.txt you will see that there is a missing python dependency.

ImportError: No module named cypari2.gen

You can fix this error by installing the missing dependency with:

sudo dnf install python2-cypari2

Now you should be able to launch Sage Math without it crashing.

Install Netbeans on Debian Stable

Netbeans is a great open source Java IDE. For some reason it is missing from the current stable repository on debian. In order to get it installed as a regular desktop application in Debian Jessie (using GNOME) you should do the following:

  1. JDK 8 is required in order to use netbeans. The default-jdkpackage on Jessie installs jdk7. First you must enable debian backportsand then you You can install it with sudo apt install -t jessie-backports openjdk-8-jdk
  2. Download the latest version from the releases page. There are a couple different flavors. I usually choose the one that contains everything. This will download a bash installer script.
  3. Open up a terminal and navigate to wherever you downloaded the script from Step 2. Execute the script with sh netbeans*.sh
  4. This will run some pre-flight checks and then fire up an installation wizard that will guide you through the rest of the process.
  5. Once Netbeans has been installed you can launch it by clicking on the icon that should now be on your desktop.

Reading gz files with zcat

The Debian Policy Manual dictates that all packages should come with documentation. In order to save space in the debian archive these documents need to be compressed with gzip. There are a ton of these files floating around in the /usr/share/doc directory. Recently I wanted to read some of the documentation. If you try to open the file with cat it spits out binary gibberish. You can of course unzip the file as you normally would and open it up that way, but it turns out there is an easier way. Using zcat you can read the contents of compressed files just like you would with cat.

zcat is identical to gunzip -c. (On some systems, zcat may be installed as gzcat to preserve the original link to compress.) zcat uncompresses either a list of files on the command line or its standard input and writes the uncompressed data on standard output. zcat will uncompress files that have the correct magic number whether they have a .gz suffix or not. GZIP(1) man page.

By default, this will put all of the output into your terminal window, which is fine for most files. The other place where this can come in handy is when you are trying to look through compressed log files. In this case, having to scroll around the terminal may not be a great option. You can pipe the output of zcat into other programs such asless in order to be able to page through long files. For example, if I wanted to read the first 10 lines of a compressed log file, I could do so with the following command:

levlaz@debvm:/var/log$ sudo zcat syslog.2.gz | head -n 10

The output of this command would look like this:

May  2 22:27:43 debvm rsyslogd: [origin software="rsyslogd" swVersion="8.4.2" x-pid="585" x-info="http://www.rsyslog.com"] start
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x1a] high edge lint[0x1])
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x1b] high edge lint[0x1])
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x1c] high edge lint[0x1])
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x1d] high edge lint[0x1])
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x1e] high edge lint[0x1])
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x1f] high edge lint[0x1])
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x20] high edge lint[0x1])
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x21] high edge lint[0x1])
May  2 22:27:43 debvm kernel: [    0.000000] ACPI: LAPIC_NMI (acpi_id[0x22] high edge lint[0x1])

Help Out With Packages You Use in Debian

Many new and existing Debian users want to help make the distribution  better but do not quite know where to begin. Debian comes with a very handy package called how-can-i-help which tells you after each aptinvocation the current bugs that are associated with packages on your system. The “Work-Needing and Perspective Packages” (WNPP) listing is a bit overwhelming for new contributors. What better way to figure out what packages need your help than by seeing a list of them each time you use apt.

The first time you run apt after installing this package it will likely spit out a long list of packages that need your help. Each subsequent time it will only show new packages or changes. In order to see the master list again you can use the how-can-i-help --old command to see all packages that need your help. I think this is a great way to get engaged with the software that you rely on each day.

Although getting started with Debian development is not trivial, this lowers the barrier a bit and provides some clear direction on what to work on since the list includes packages that you are using every day.

Change the Default Terminal Editor in Debian

Debian comes with a very handy utility called update-alternatives that helps to set default tools for various tasks.

It is possible for several programs fulfilling the same or similar functions to be installed on a single system at the same time. For example, many systems have several text editors installed at once. This gives choice to the users of a system, allowing each to use a different editor, if desired, but makes it difficult for a program to make a good choice for an editor to invoke if the user has not specified a particular preference.

On Linode, it seems that the default editor is nano, I prefer to use vim for editing git commits, visudo, and other things that use the default editor which is symbolically linked through /usr/bin/editor. The update-alternatives package basically changes the symbolic links for you. In order to change your default editor, you simply need to run the following command:

sudo update-alternatives --config editor

The output of this command is shown below. You will see a list of all of your editors that you currently have installed and will be asked to make a choice.

There are 3 choices for the alternative editor (providing /usr/bin/editor).

Selection Path Priority Status
------------------------------------------------------------
 0 /bin/nano 40 auto mode
 1 /bin/nano 40 manual mode
 2 /usr/bin/vim.basic 30 manual mode
* 3 /usr/bin/vim.tiny 10 manual mode

Press enter to keep the current choice[*], or type selection number:

Behind the scenes you can see that all this does it updates the symbolic links.

levlaz@dev:~$ ls -al /usr/bin/editor
lrwxrwxrwx 1 root root 24 Feb 10 20:49 /usr/bin/editor -> /etc/alternatives/editor
levlaz@dev:~$ ls -al /etc/alternatives/editor
lrwxrwxrwx 1 root root 17 Apr 28 18:56 /etc/alternatives/editor -> /usr/bin/vim.tiny

There are many other things that can be configured this way. For more information reading the man page for update-alternatives is worthwhile.

An Ode to Linux Desktop Users Everywhere

Here’s to the crazy ones, the misfits, the rebels. The package makers, the man page writers. The rounded windows in Qt mixed with the less rounded windows of GTK. The ones who literally see things differently because of missing proprietary fonts.

They’re not fond of rules, installation wizards, double clicking and have no respect for the status quo.

You can downvote them, disagree with them, glorify or vilify them. About the only thing you cannot do is ignore them. Because they ship your bug fixes.

They invent. They imagine. They heal. They explore. They create. They inspire. They push the human race forward.

Maybe they have to be crazy. How else can you stare at an empty screen and know that you have to blacklist your video card driver? Or sit in silence while tweaking alsamixer on the command line? Or write bash aliases to reload your network driver kernel module each time your laptop resumes from suspension? We make tools for these kinds of people.

While some may see them as the crazy ones, we see genius. Because people who are crazy enough to think that they can run Linux on the desktop, are the ones who change the world.

Whatever hacky script you are writing already exists in GNU Core Utilities

When I think of bash, I think of writing hacky scripts that do random things utilizing “bash commands”. It turns out that the parts of bash that “do stuff” such as echo, cut, cat are part of a larger program called GNU Core Utilities.

The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system.These are the core utilities which are expected to exist on every operating system.

Source: Coreutils – GNU core utilities I am working on a general purpose backup utility and this evening I was moments away from writing something like this: perl -e (print split("/\//", "/foo/bar/baz.tar.gz")

My goal was to try to extract the base file name from a given directory (I recognize that that code does not actually do that). Then I realized that this was pure madness and there had to be a better way. This is when I discovered the handy basename program. It simply does the needful. GNU Core Utilities is full of all sorts of gems such as this one. My main takeaway from this is to read the entire GNU Core Utilities manual so I can stop writing horrible things.

Bash on Ubuntu on Windows

I just opened up a command prompt on Windows 10, typed in bash, and watched as Ubuntu was installed on my computer.

I never, in 1 million years, thought that I would ever live to see the day that this happened. With each passing announcement, upgrade, release, and blog post Microsoft is proving itself to be an innovative company once again. I have never been more excited about Windows than I am right now.

  1. This completely changes most of the things I said in this post.
  2. I have been saying for a while that I predict that the next version of Windows Server will basically be a Linux Distro. I think we are one step closer to making this a reality, and I think that this changes everything.
  3. I am so excited to see what will happen in the future with this partnership.

You can read more details here. My mind is too blown to say anything else about this right now.

Alpine Linux, wget, and ca-certificates

I’ve been working with Alpine Linux this week. This tiny Linux distribution is an excellent choice for a base docker image or, in my case, for a low power VPS. I love how easy and fast it is to install and configure this distribution.

One stumbling block that I ran into was downloading random things from the internet with wget.

Unable to locally verify the issuer's authority.
To connect to dl.eff.org insecurely, use `--no-check-certificate'

I saw this timely tweet by Joe Gross the other day and decided that rather than ignoring the error messages that wget was throwing I would go and figure out what was wrong.

It turns out that when you make an 83MB distribution you need to cut some of the fat. The ca-certificates package that is common in every Linux Distribution under the sun is missing from the default installation of Alpine.

In order to resolve the angry warnings from wget, you can install the ca-certificates package with the following command:

apk -U add ca-certificates

This will make wget happy, and your server secure. In case you are wondering, skipping this step and running wget with --no-check-certificate totally works. However, it is also inviting a man in the middle attack. Don’t ever do this.