LINUX – Using Local YUM REPO on RedHat 7 using DVD ISO

Often I need to install packages that are on the RHEL install DVD and being able to use the install ISO without having a Red Hat subscription or license is extremely useful.

  • Mount the DVD to cdrom folder
mkdir /cdrom
 mount /dev/cdrom /cdrom
  • Create yum local repo file:
cd /etc/yum.repos.d
 vi local.repo

and past this content:

[LocalRepo]
 name=Local Repository
 baseurl=file:///cdrom
 enabled=1
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

save the file and clean yum repository cache:

yum clean all

Job done.

Linux – CentOS – disable/enable SELinux

From  CentOS 7 SELinux is enabled and set to enforcing by default.

To disable it pernamently open and edit /etc/selinux/config
and set the SELINUX=enforcing to permissive or disabled

After that change is made it is necessary to restart the system.

There is another way to disable it right away by running this command:

#setenforce 0

than to check the status run:

#sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

Systemd – creating a custom service

Generally speaking when creating new custom service, best practice dictates that it is saved in the /etc/systemd/system directory (as opposed to the /lib/systemd/system)

My template for systemd service startup script:

[Unit]
Description=My service description
After=sshd.service

[Service]
ExecStart=/full/path/to/command -with "Parameters"

[Install]
WantedBy=multi-user.target

The script is saved as service_name.service under /etc/systemd/system
Once the service unit file is saved it needs to be enabled:

systemctl enable service_name.service
systemctl start service_name
systemctl status service_name

and to double check:

journalctl -xn

to see if there are any errors caused by the new service.

To memorise few useful systemd terms I have created a memrise course:

memrise_systemd

NGINX – (13: Permission denied) while connecting to upstream node.js server

While experimenting with simple node.js server on CentOS 7 and nginx upstream directive I run into some issues. I was able to access the node.js server running on port 8080 but when trying to access it via nginx I was getting error msg: (13: Permission denied) while connecting to upstream and 502 Bad Gateway error in the browser.

2016/01/10 14:34:55 [crit] 16705#0: *2 connect() to [::1]:8080 failed (13: Permission denied) while connecting to upstream, client: 172.31.123.123, server: www.mynode.local, request: "GET / HTTP/1.0", upstream: "http://[::1]:8080/", host: "www.mynode.local"

It turned out to be SELinux issue. I checked for errors in the SELinux logs:
cat /var/log/audit/audit.log | grep nginx | grep denied
where I found few clues:
type=AVC msg=audit(1452436495.252:181): avc: denied { name_connect } for pid=16705 comm="nginx" dest=8080 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=tcp_socket

And found that running the following commands fixed my issue:
cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx
semodule -i mynginx.pp

After that everything was working as expected.