Author: neoX

How to configure openvpn client with an ovpn single configuration file

One file for configuration is always a good thing. We can pack everything needed for a openvpn client configuration in one single file, when using certificate authorization. If you use password authorization it is not possible, because the username and password must be in another file, but with certificate we can inline everything in one configuration file. Below is the template of such file:

client
dev tun
proto tcp
comp-lzo
verb 3
 
remote [IP] [PORT]
resolv-retry infinite
nobind

persist-key
persist-tun

<ca>
-----BEGIN CERTIFICATE-----
[CA_CERTIFICATE]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[CLIENT_CERTIFICATE]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[CLIENT_KEY]
-----END PRIVATE KEY-----
</key>

#uncomment to route these IP/Networks requested by the client
#route [IP1] [MASK1]
#route [IP2] [MASK2]

To get it working you should change the

  • Remote IP and port – replace [IP] [PORT] with your IP and PORT of the openvpn server you use.
  • copy everything between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” from the certificate authority (CA) file and replace with [CA_CERTIFICATE]
  • copy everything between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” from the certificate file and replace with [CLIENT_CERTIFICATE]
  • copy everything between “—–BEGIN PRIVATE KEY—–” and “—–END PRIVATE KEY—-” from the certificate file and replace with [CLIENT_KEY]

You can also uncomment the route lines to enable specific routes through the VPN, such routes are probably not included in the server configuration, but the user could add them, too.
Save the above file (best with extension .ovpn) and then import it in any openvpn client under Linux, Windows and Android. The file contains everything the openvpn client needs to establish a vpn connection

How to install the latest linux kernel (mainline) in CentOS 7 distro

Here you can see the steps to install the latest (mainline stable) kernel under CentOS 7, whether we need the latest driver, because we bought a new laptop released for the first time last month with the latest hardware or there is a hot fix of some nasty bug it is of no matter.
Here are the steps about installing the latest kernel to our CentOS 7, you must have root access:

  • STEP 1 Import the public key of the repository, which offer us the packages of the CentOS 7 mainline stable kernel (and some other kernels, like the Red Hat Enterprise Linux (RHEL) 6 and 7 and more, you can check out the site). The site of the repository is

    https://elrepo.org/

    Import the public key

    #change to root user (skip the first line if you are root)
sudo su
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
  • STEP 2 Check the latest version of the rpm install package of the repository, the command is under

    To install ELRepo for RHEL-7, SL-7 or CentOS-7:

    So at present the latest version is “7.0-3” and execute to wget to download the package for the repository elrepo:

    wget http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
  • STEP 3 Install the elrepo package with yum (you can do it with rpm command, but let yum manage all your packages and metadata for them!) 
    yum -y install ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm

    STEP 4 List the available kernels from the elrepo to choose the one you like

    yum list available --disablerepo='*' --enablerepo=elrepo-kernel

    To install the latest mainline kernel you must use package starting with

    kernel-ml-*

    at moment of writing the latest mainline kernel is

    4.15.4-1.el7.elrepo

    So execute

    yum install -y --enablerepo=elrepo-kernel kernel-ml

    And it will pull the

    kernel-ml-4.15.4-1.el7.elrepo.x86_64

    and install it

    • STEP 5 Check if you are going to boot the new kernel, you’ve installed and set the right one to boot

    cat /boot/grub2/grubenv |grep saved
# GRUB Environment Block
saved_entry=CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)

    And as you see, no it’ll not boot to the new kernel, so you must configure grub2 to boot your newly just installed kernel. First check all the installed kernels, set the right kernel and then it is mandatory to call

    grub2-mkconfig

    to update the grub2 configuration:

    [root@srv ~]# awk -F\' /^menuentry/{print\$2} /boot/grub2/grub.cfg 
CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-0a26fe4b81d845209fb8958c8e29d600) 7 (Core)

    The position 0 (YES, it starts from ZERO!) is “CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)”, so you have two options to set it:

    grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg

    Check to see if everything is OK with

    [root@srv ~]# cat /boot/grub2/grubenv |grep saved
saved_entry=0

    or you can set the name of the kernel to boot with

    grub2-set-default "CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)"
grub2-mkconfig -o /boot/grub2/grub.cfg

    Check to see if everything is OK with

    [root@srv ~]# cat /boot/grub2/grubenv |grep saved
saved_entry=CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)
  • STEP 6 is just to reboot 
    reboot

    STEP 4 Verification of running the latest kernel

    root@srv:~# uname -a
Linux srv.local 4.15.4-1.el7.elrepo.x86_64 #1 SMP Sat Feb 17 13:35:20 EST 2018 x86_64 x86_64 x86_64 GNU/Linux

Install log of the procedure (your output may vary depending on your hardware installed in your system):

[root@srv ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
[root@srv ~]# wget http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
--2018-02-19 10:20:42--  http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
Resolving www.elrepo.org (www.elrepo.org)... 69.195.83.87
Connecting to www.elrepo.org (www.elrepo.org)|69.195.83.87|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8656 (8.5K) [application/x-rpm]
Saving to: ‘elrepo-release-7.0-3.el7.elrepo.noarch.rpm’

100%[=======================================================================>] 8,656       --.-K/s   in 0.001s  

2018-02-19 10:20:42 (6.97 MB/s) - ‘elrepo-release-7.0-3.el7.elrepo.noarch.rpm’ saved [8656/8656]
[root@srv ~]# yum -y install ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm 
Loaded plugins: fastestmirror
Examining ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm: elrepo-release-7.0-3.el7.elrepo.noarch
Marking ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package elrepo-release.noarch 0:7.0-3.el7.elrepo will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
 Package              Arch         Version                   Repository                                     Size
=================================================================================================================
Installing:
 elrepo-release       noarch       7.0-3.el7.elrepo          /elrepo-release-7.0-3.el7.elrepo.noarch       5.2 k

Transaction Summary
=================================================================================================================
Install  1 Package

Total size: 5.2 k
Installed size: 5.2 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : elrepo-release-7.0-3.el7.elrepo.noarch                                                        1/1 
  Verifying  : elrepo-release-7.0-3.el7.elrepo.noarch                                                        1/1 

Installed:
  elrepo-release.noarch 0:7.0-3.el7.elrepo                                                                       

Complete!
[root@srv ~]# yum list available --disablerepo='*' --enablerepo=elrepo-kernel
Loaded plugins: fastestmirror                                                                                                                                               
Loading mirror speeds from cached hostfile                                                                                                                                  
 * elrepo-kernel: mirrors.netix.net                                                                                                                                         
Available Packages                                                                                                                                                          
kernel-lt.x86_64                                                                      4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-devel.x86_64                                                                4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-doc.noarch                                                                  4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-headers.x86_64                                                              4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools.x86_64                                                                4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools-libs.x86_64                                                           4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools-libs-devel.x86_64                                                     4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-ml.x86_64                                                                      4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-devel.x86_64                                                                4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-doc.noarch                                                                  4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-headers.x86_64                                                              4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools.x86_64                                                                4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools-libs.x86_64                                                           4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools-libs-devel.x86_64                                                     4.15.4-1.el7.elrepo                                                      elrepo-kernel
perf.x86_64                                                                           4.15.4-1.el7.elrepo                                                      elrepo-kernel
python-perf.x86_64                                                                    4.15.4-1.el7.elrepo                                                      elrepo-kernel
[root@srv ~]# yum install -y --enablerepo=elrepo-kernel kernel-ml
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.uni-sofia.bg
 * elrepo: mirrors.netix.net
 * elrepo-kernel: mirrors.netix.net
 * extras: centos.uni-sofia.bg
 * updates: centos.uni-sofia.bg
Resolving Dependencies
--> Running transaction check
---> Package kernel-ml.x86_64 0:4.15.4-1.el7.elrepo will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================
 Package                               Arch                               Version                                           Repository                                 Size
============================================================================================================================================================================
Installing:
 kernel-ml                             x86_64                             4.15.4-1.el7.elrepo                               elrepo-kernel                              44 M

Transaction Summary
============================================================================================================================================================================
Install  1 Package

Total download size: 44 M
Installed size: 195 M
Downloading packages:
kernel-ml-4.15.4-1.el7.elrepo.x86_64.rpm                                                                                                             |  44 MB  00:00:10     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : kernel-ml-4.15.4-1.el7.elrepo.x86_64                                                                                                                     1/1 
  Verifying  : kernel-ml-4.15.4-1.el7.elrepo.x86_64                                                                                                                     1/1 

Installed:
  kernel-ml.x86_64 0:4.15.4-1.el7.elrepo                                                                                                                                    

Complete!
[root@srv ~]# cat /boot/grub2/grubenv |grep saved
# GRUB Environment Block
saved_entry=CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
[root@srv ~]# awk -F\' /^menuentry/{print\$2} /etc/grub2.cfg
CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-0a26fe4b81d845209fb8958c8e29d600) 7 (Core)
[root@srv ~]# grub2-set-default "CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)"
[root@srv ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.4-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-4.15.4-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-0a26fe4b81d845209fb8958c8e29d600
Found initrd image: /boot/initramfs-0-rescue-0a26fe4b81d845209fb8958c8e29d600.img
done
[root@srv ~]# reboot
Connection to 192.168.0.18 closed by remote host.
Connection to 192.168.0.18 closed.
...
...
...
[root@srv ~]# uname -a
Linux srv.local 4.15.4-1.el7.elrepo.x86_64 #1 SMP Sat Feb 17 13:35:20 EST 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@srv ~]#

How to install the latest linux kernel (mainline) in Ubuntu (17.10) distro

Sometimes we need to install the latest kernel version of our linux distro (btw it is called “mainline” if you need to google something about it)! Whether we need the latest driver, because we bought a new laptop released for the first time last month with the latest hardware or there is a hot fix of some nasty bug it is of no matter. Here are the steps (and some troubleshooting) about installing the latest kernel to our Ubuntu install 17.10 (with old versions like 16, 15 and 14 should be the same):

  • STEP 1 is to choose our desired kernel from

    http://kernel.ubuntu.com/~kernel-ppa/mainline/

    Open this address in your favorite browser and choose the latest. In our example the latest kernel, which is no release candidate, 4.14.15. Enter the directory

    http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.15.1/

    and choose your build, for example amd64 for your 64bit setup (and for most cases choose -generic- one)

    mkdir /root/latestkernel
cd /root/latestkernel
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.15.1/linux-headers-4.15.1-041501_4.15.1-041501.201802031831_all.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.15.1/linux-headers-4.15.1-041501-generic_4.15.1-041501.201802031831_amd64.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.15.1/linux-image-4.15.1-041501-generic_4.15.1-041501.201802031831_amd64.deb
  • STEP 2 after successfully downloading the 3 files just install them with “dpkg” (the package manager tool) 
    sudo dpkg -i linux-headers-4.15.1*.deb linux-image-4.15.1*.deb
  • STEP 3 is just to reboot your machine, the installation setup did everything you needed to load this kernel 
    reboot

    STEP 4 Verification of running the latest kernel

    root@srv:~# uname -a
Linux srv.local 4.15.1-041501-generic #201802031831 SMP Sat Feb 3 18:32:13 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Install log of the procedure (your output may vary depending on your hardware installed in your system):

root@srv:~/latestkernel# sudo dpkg -i linux-headers-4.15.1*.deb linux-image-4.15.1*.deb
Selecting previously unselected package linux-headers-4.15.1-041501.
(Reading database ... 200430 files and directories currently installed.)
Preparing to unpack linux-headers-4.15.1-041501_4.15.1-041501.201802031831_all.deb ...
Unpacking linux-headers-4.15.1-041501 (4.15.1-041501.201802031831) ...
Selecting previously unselected package linux-headers-4.15.1-041501-generic.
Preparing to unpack linux-headers-4.15.1-041501-generic_4.15.1-041501.201802031831_amd64.deb ...
Unpacking linux-headers-4.15.1-041501-generic (4.15.1-041501.201802031831) ...
Selecting previously unselected package linux-image-4.15.1-041501-generic.
Preparing to unpack linux-image-4.15.1-041501-generic_4.15.1-041501.201802031831_amd64.deb ...
Examining /etc/kernel/preinst.d/
run-parts: executing /etc/kernel/preinst.d/intel-microcode 4.15.1-041501-generic /boot/vmlinuz-4.15.1-041501-generic
Done.
Unpacking linux-image-4.15.1-041501-generic (4.15.1-041501.201802031831) ...
Setting up linux-headers-4.15.1-041501 (4.15.1-041501.201802031831) ...
Setting up linux-headers-4.15.1-041501-generic (4.15.1-041501.201802031831) ...                                                                                             
Setting up linux-image-4.15.1-041501-generic (4.15.1-041501.201802031831) ...                                                                                               
Running depmod.                                                                                                                                                             
update-initramfs: deferring update (hook will be called later)                                                                                                              
Examining /etc/kernel/postinst.d.                                                                                                                                           
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.15.1-041501-generic /boot/vmlinuz-4.15.1-041501-generic                                                      
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.15.1-041501-generic /boot/vmlinuz-4.15.1-041501-generic                                                       
update-initramfs: Generating /boot/initrd.img-4.15.1-041501-generic                                                                                                         
run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.15.1-041501-generic /boot/vmlinuz-4.15.1-041501-generic                                                   
run-parts: executing /etc/kernel/postinst.d/update-notifier 4.15.1-041501-generic /boot/vmlinuz-4.15.1-041501-generic                                                       
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.15.1-041501-generic /boot/vmlinuz-4.15.1-041501-generic                                                        
Generating grub configuration file ...                                                                                                                                      
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.                                                                   
Found linux image: /boot/vmlinuz-4.15.1-041501-generic                                                                                                                      
Found initrd image: /boot/initrd.img-4.15.1-041501-generic                                                                                                                  
Found linux image: /boot/vmlinuz-4.14.15-041415-generic                                                                                                                     
Found initrd image: /boot/initrd.img-4.14.15-041415-generic                                                                                                                 
Found linux image: /boot/vmlinuz-4.13.0-32-generic
Found initrd image: /boot/initrd.img-4.13.0-32-generic
Found linux image: /boot/vmlinuz-4.13.0-21-generic
Found initrd image: /boot/initrd.img-4.13.0-21-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
root@srv:~/latestkernel#

Access Violation error, when compiling packages in Gentoo

Sometimes if you try to emerge a package in Gentoo you could receive error in the configure phase of the compilation process. The example below is with the emerging the PHP – dev-lang/php-5.6.33:5.6::gentoo, but could happen with many other packages, which are rather old and probably not maintained or the sandbox or even the portage packages are old.
So here is the error and the compilation stops:

srv ~ # emerge -av --nodeps "<php-7"
...
checking for mmap() using MAP_ANON shared memory support... yes
checking for mmap() using /dev/zero shared memory support... yes
checking for mmap() using shm_open() shared memory support...  * ACCESS DENIED:  open_wr:      /run/test.shm.8811LBKone
no
checking for mmap() using regular file shared memory support... yes
...
checking for mmap() using MAP_ANON shared memory support... yes
checking for mmap() using /dev/zero shared memory support... yes
checking for mmap() using shm_open() shared memory support...  * ACCESS DENIED:  open_wr:      /run/test.shm.180309hAMbj
no
checking for mmap() using regular file shared memory support... yes
....
Thank you for using PHP.
config.status: creating php5.spec
config.status: creating main/build-defs.h
config.status: creating scripts/phpize
config.status: creating scripts/man1/phpize.1
config.status: creating scripts/php-config
config.status: creating scripts/man1/php-config.1
config.status: creating ext/phar/phar.1
config.status: creating ext/phar/phar.phar.1
config.status: creating main/php_config.h
config.status: executing libtool commands
config.status: executing default commands
>>> Source configured.
 * --------------------------- ACCESS VIOLATION SUMMARY ---------------------------
 * LOG FILE: "/var/log/sandbox/sandbox-13466.log"
 * 
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line

F: open_wr
S: deny
P: /run/test.shm.21532Xx6ViE
A: /run/test.shm.21532Xx6ViE
R: /run/test.shm.21532Xx6ViE
C: ./conftest 

F: open_wr
S: deny
P: /run/test.shm.31817hurGxH
A: /run/test.shm.31817hurGxH
R: /run/test.shm.31817hurGxH
C: ./conftest 

F: open_wr
S: deny
P: /run/test.shm.8811LBKone
A: /run/test.shm.8811LBKone
R: /run/test.shm.8811LBKone
C: ./conftest 

F: open_wr
S: deny
P: /run/test.shm.180309hAMbj
A: /run/test.shm.180309hAMbj
R: /run/test.shm.180309hAMbj
C: ./conftest 
 * --------------------------------------------------------------------------------

>>> Failed to emerge dev-lang/php-5.6.33, Log file:

>>>  '/var/tmp/portage/dev-lang/php-5.6.33/temp/build.log'

You could try adding “-sandbox” to feature in “/etc/portage/make.conf”

FEATURES="-sandbox"

But

the sandbox feature is very important and should not be disabled by default.

And that’s why sometime when you disable it with “-sandbox” you still get access violation and you still cannot install/compile the package!
The thing is you see the error and you can fix it easily. The important part is the directory, which causes the error, in the above example with “dev-lang/php”, but could be any other Gentoo package, the problem is the writing permission for files in “/run” directory. So open the configuration file

/etc/sandbox.d/00default

and you’ll see the there is a variable called SANDBOX_WRITE, which accept paths. If you add to this variable at the end the directory “/run” or your access violated directory you’ll be able to install/compile your package with no problems, for the above problem the solution was:

SANDBOX_WRITE="/usr/tmp/conftest:/usr/lib/conftest:/usr/lib32/conftest:/usr/lib64/conftest:/usr/tmp/cf:/usr/lib/cf:/usr/lib32/cf:/usr/lib64/cf:/run"

Ryzen Threadripper kernel problems with PCIe – wifi, network, video problems

If you have Ryzen Threadripper (in my case 1950X) and Ubuntu 17.10 (because the others versions do not boot at all!) with the latest kernel 4.15.x and the default vmlinuz-4.13.0-21-generic you might experience frequently wifi, network cards and video cards problems like wifi disconnects and network cards lost connections and some kind of freezes for a second or two of the video! If you have Ryzen Threadripper 1950X and or ASUS ROG ZENITH EXTREME (or any other motherboard with the chipset AMD X399) and ubuntu 17.10 or probably any linux distro with any kernel you might experience really unstable system. Look at your dmesg and if you see something like

[   18.669950] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   18.669966] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   18.669970] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   18.669973] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   18.669975] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   23.805640] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   23.805664] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   23.805669] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   23.805674] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   23.805678] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   23.838698] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   23.838716] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   23.838720] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   23.838725] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   23.838728] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   36.124101] atlantic: link change old 0 new 100
[   36.124222] IPv6: ADDRCONF(NETDEV_CHANGE): enp65s0: link becomes ready
[   52.294413] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   52.294436] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   52.294441] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   52.294446] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   52.294449] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.275256] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.275289] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.275293] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.275298] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.275301] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.418493] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.418517] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.418522] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.418527] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.418530] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.649938] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.649962] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.649967] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.649972] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.649975] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[  113.294411] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  113.294434] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  113.294439] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[  113.294444] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[  113.294450] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[  265.469397] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  265.469419] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  265.469424] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Transmitter ID)
[  265.469429] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00001000/00006000
[  265.469438] pcieport 0000:00:01.1:    [12] Replay Timer Timeout  
[  533.031982] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  533.032004] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  533.032009] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[  533.032014] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000080/00006000
[  533.032022] pcieport 0000:00:01.1:    [ 7] Bad DLLP

Apparently everything on the pci express could be affected! So till the kernel team fixes the issues, you can use the following workaround: add to the kernel boot parameters

pcie_aspm=off

Under Ubuntu you can add in the file

/etc/default/grub

the following line

GRUB_CMDLINE_LINUX="pcie_aspm=off"

And then execute

update-grub

the changes to take effect in the grub configuration. Then reboot the machine!

Under CentOS 7 the configuration file and the line to put are the same just the update of the grub configuration is different:

  • For UEFI-based systems execute: 
    grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
  • For legacy-BIOS systems execute: 
    grub2-mkconfig -o /boot/grub2/grub.cfg

*You should know what is your setup, probably UEFI-based, you could check in your boot directory, if there is /boot/efi/EFI/centos/grub.cfg you probably should use the option for UEFI-based, if you do not have any “efi” directory under “/boot” use the second option for legacy-BIOS.
Then reboot the machine!

xmr-stak GPU disabled after kernel or driver updated

Sometime when the user upgrades the kernel or the graphic card driver (NVIDIA or ATI) under Ubuntu (it is essentially the same with the other distros) we may encounter errors with xmr-stak and even not to be able to use our graphic card for mining!
Here we have an UBUNTU 17.10.1 and when we updated the kernel to the latest our mining xmr-stak software stopped using the NVIDIA card:

-------------------------------------------------------------------
[2018-02-16 12:17:11] : Start mining: MONERO
WARNING: NVIDIA Insufficient driver!
WARNING: NVIDIA no device found
[2018-02-16 12:17:11] : WARNING: backend NVIDIA disabled.
[2018-02-16 12:17:11] : WARNING: UNKNOWN_ERROR when calling clGetPlatformIDs for number of platforms.
[2018-02-16 12:17:11] : WARNING: No OpenCL platform found.
[2018-02-16 12:17:11] : WARNING: No AMD OpenCL platform found. Possible driver issues or wrong vendor driver.
[2018-02-16 12:17:11] : WARNING: backend AMD disabled.
[2018-02-16 12:17:11] : Starting 1x thread, affinity: 0.
[2018-02-16 12:17:11] : hwloc: memory pinned

As you can see the NVIDIA backend is disabled! In fact the driver seemed OK and loaded and even the X was working.
So in such a situation just reinstall the NVIDIA driver and install the software dependecies for the mining xmr-software (detailed explanation here)
Here what you can do:

sudo apt-get purge nvidia-*
sudo apt-get -y install libboost-all-dev libleveldb-dev libcurl4-openssl-dev libmicrohttpd-dev libminiupnpc-dev libgmp-dev  cuda nvidia-opencl-dev libmicrohttpd-dev libssl-dev cmake build-essential
sudo reboot

And you’ll have again an usable and properly installed GPU mining system.

Here is the log of the reinstallation, check it if you think you are going in the wrong direction, when purging the driver:

root@srv2:~/xmr-stak/build/bin# apt-get purge nvidia-*
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  bbswitch-dkms cuda-command-line-tools-9-1 cuda-compiler-9-1 cuda-cublas-9-1 cuda-cublas-dev-9-1 cuda-cudart-9-1 cuda-cudart-dev-9-1 cuda-cufft-9-1 cuda-cufft-dev-9-1
  cuda-cuobjdump-9-1 cuda-cupti-9-1 cuda-curand-9-1 cuda-curand-dev-9-1 cuda-cusolver-9-1 cuda-cusolver-dev-9-1 cuda-cusparse-9-1 cuda-cusparse-dev-9-1
  cuda-documentation-9-1 cuda-driver-dev-9-1 cuda-gdb-9-1 cuda-gpu-library-advisor-9-1 cuda-libraries-9-1 cuda-libraries-dev-9-1 cuda-license-9-1 cuda-memcheck-9-1
  cuda-misc-headers-9-1 cuda-npp-9-1 cuda-npp-dev-9-1 cuda-nsight-9-1 cuda-nvcc-9-1 cuda-nvdisasm-9-1 cuda-nvgraph-9-1 cuda-nvgraph-dev-9-1 cuda-nvml-dev-9-1
  cuda-nvprof-9-1 cuda-nvprune-9-1 cuda-nvrtc-9-1 cuda-nvrtc-dev-9-1 cuda-nvtx-9-1 cuda-nvvp-9-1 cuda-samples-9-1 cuda-toolkit-9-1 cuda-tools-9-1 cuda-visual-tools-9-1
  dkms freeglut3 freeglut3-dev lib32gcc1 libc6-i386 libglu1-mesa-dev libice-dev libsm-dev libvdpau1 libxi-dev libxmu-dev libxmu-headers libxnvctrl0 libxt-dev
  linux-headers-4.13.0-21 linux-headers-4.13.0-21-generic linux-image-4.13.0-21-generic linux-image-extra-4.13.0-21-generic linux-signed-image-4.13.0-21-generic
  linux-signed-image-4.13.0-31-generic mesa-vdpau-drivers nvidia-modprobe nvidia-prime nvidia-settings screen-resolution-extra vdpau-driver-all
Use 'apt autoremove' to remove them.
The following packages will be REMOVED:
  cuda* cuda-9-1* cuda-demo-suite-9-1* cuda-drivers* cuda-runtime-9-1* libcuda1-390* nvidia-390* nvidia-390-dev* nvidia-opencl-icd-390*
0 upgraded, 0 newly installed, 9 to remove and 14 not upgraded.
After this operation, 369 MB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 311518 files and directories currently installed.)
Removing cuda (9.1.85-1) ...
Removing cuda-9-1 (9.1.85-1) ...
Removing cuda-demo-suite-9-1 (9.1.85-1) ...
Removing cuda-runtime-9-1 (9.1.85-1) ...
Removing cuda-drivers (390.12-1) ...
Removing libcuda1-390 (390.25-0ubuntu0~gpu17.10.1) ...
Removing nvidia-opencl-icd-390 (390.25-0ubuntu0~gpu17.10.1) ...
Removing nvidia-390-dev (390.25-0ubuntu0~gpu17.10.1) ...
Removing nvidia-390 (390.30-0ubuntu1) ...
Removing all DKMS Modules
Done.
update-alternatives: using /usr/lib/nvidia-390-prime/ld.so.conf to provide /etc/ld.so.conf.d/x86_64-linux-gnu_GL.conf (x86_64-linux-gnu_gl_conf) in auto mode
update-alternatives: using /usr/lib/nvidia-390-prime/ld.so.conf to provide /etc/ld.so.conf.d/x86_64-linux-gnu_EGL.conf (x86_64-linux-gnu_egl_conf) in auto mode
update-alternatives: using /usr/lib/nvidia-390-prime/alt_ld.so.conf to provide /etc/ld.so.conf.d/i386-linux-gnu_GL.conf (i386-linux-gnu_gl_conf) in auto mode
update-alternatives: using /usr/lib/nvidia-390-prime/alt_ld.so.conf to provide /etc/ld.so.conf.d/i386-linux-gnu_EGL.conf (i386-linux-gnu_egl_conf) in auto mode
update-alternatives: using /usr/lib/x86_64-linux-gnu/mesa/ld.so.conf to provide /etc/ld.so.conf.d/x86_64-linux-gnu_GL.conf (x86_64-linux-gnu_gl_conf) in auto mode
update-alternatives: using /usr/lib/x86_64-linux-gnu/mesa-egl/ld.so.conf to provide /etc/ld.so.conf.d/x86_64-linux-gnu_EGL.conf (x86_64-linux-gnu_egl_conf) in auto mode
INFO:Disable nvidia-390
DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/put_your_quirks_here
DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/dell_latitude
DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/lenovo_thinkpad
update-initramfs: deferring update (trigger activated)
Processing triggers for initramfs-tools (0.125ubuntu12) ...
update-initramfs: Generating /boot/initrd.img-4.15.3-041503-generic
cryptsetup: WARNING: target cryptswap1 has a random key, skipped
Processing triggers for libc-bin (2.26-0ubuntu2.1) ...
Processing triggers for man-db (2.7.6.1-2) ...
(Reading database ... 310876 files and directories currently installed.)
Purging configuration files for nvidia-opencl-icd-390 (390.25-0ubuntu0~gpu17.10.1) ...
Purging configuration files for nvidia-390 (390.30-0ubuntu1) ...
update-initramfs: deferring update (trigger activated)
Processing triggers for initramfs-tools (0.125ubuntu12) ...
update-initramfs: Generating /boot/initrd.img-4.15.3-041503-generic
cryptsetup: WARNING: target cryptswap1 has a random key, skipped
root@srv2:~/xmr-stak/build/bin# apt-get -y install libboost-all-dev libleveldb-dev libcurl4-openssl-dev libmicrohttpd-dev libminiupnpc-dev libgmp-dev  cuda nvidia-opencl-dev libmicrohttpd-dev libssl-dev cmake build-essential
Reading package lists... Done
Building dependency tree       
Reading state information... Done
build-essential is already the newest version (12.4ubuntu1).
cmake is already the newest version (3.9.1-1).
libgmp-dev is already the newest version (2:6.1.2+dfsg-1).
libleveldb-dev is already the newest version (1.20-1).
libboost-all-dev is already the newest version (1.62.0.1).
libmicrohttpd-dev is already the newest version (0.9.55-1).
nvidia-opencl-dev is already the newest version (8.0.61-1).
libcurl4-openssl-dev is already the newest version (7.55.1-1ubuntu2.3).
libminiupnpc-dev is already the newest version (1.9.20140610-4ubuntu1.1).
libssl-dev is already the newest version (1.0.2g-1ubuntu13.3).
The following packages were automatically installed and are no longer required:
  linux-headers-4.13.0-21 linux-headers-4.13.0-21-generic linux-image-4.13.0-21-generic linux-image-extra-4.13.0-21-generic linux-signed-image-4.13.0-21-generic
  linux-signed-image-4.13.0-31-generic
Use 'apt autoremove' to remove them.
The following NEW packages will be installed:
  cuda cuda-9-1 cuda-demo-suite-9-1 cuda-drivers cuda-runtime-9-1 libcuda1-390 nvidia-390 nvidia-390-dev nvidia-opencl-icd-390
The following packages will be upgraded:
  nvidia-modprobe nvidia-settings
2 upgraded, 9 newly installed, 0 to remove and 12 not upgraded.
Need to get 3948 kB/88,1 MB of archives.
After this operation, 369 MB of additional disk space will be used.
Get:1 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1704/x86_64  cuda-runtime-9-1 9.1.85-1 [2534 B]
Get:2 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1704/x86_64  cuda-demo-suite-9-1 9.1.85-1 [3943 kB]
Get:3 http://developer.download.nvidia.com/compute/cuda/repos/ubuntu1704/x86_64  cuda-9-1 9.1.85-1 [2560 B]
Fetched 3948 kB in 3s (1003 kB/s)  
Selecting previously unselected package nvidia-390.
(Reading database ... 310871 files and directories currently installed.)
Preparing to unpack .../00-nvidia-390_390.30-0ubuntu1_amd64.deb ...
Unpacking nvidia-390 (390.30-0ubuntu1) ...
Selecting previously unselected package nvidia-390-dev.
Preparing to unpack .../01-nvidia-390-dev_390.30-0ubuntu1_amd64.deb ...
Unpacking nvidia-390-dev (390.30-0ubuntu1) ...
Selecting previously unselected package libcuda1-390.
Preparing to unpack .../02-libcuda1-390_390.30-0ubuntu1_amd64.deb ...
Unpacking libcuda1-390 (390.30-0ubuntu1) ...
Preparing to unpack .../03-nvidia-modprobe_390.30-0ubuntu1_amd64.deb ...
Unpacking nvidia-modprobe (390.30-0ubuntu1) over (390.12-0ubuntu1) ...
Preparing to unpack .../04-nvidia-settings_390.30-0ubuntu1_amd64.deb ...
Unpacking nvidia-settings (390.30-0ubuntu1) over (390.25-0ubuntu0~gpu17.10.1) ...
Selecting previously unselected package nvidia-opencl-icd-390.
Preparing to unpack .../05-nvidia-opencl-icd-390_390.30-0ubuntu1_amd64.deb ...
Unpacking nvidia-opencl-icd-390 (390.30-0ubuntu1) ...
Selecting previously unselected package cuda-drivers.
Preparing to unpack .../06-cuda-drivers_390.30-1_amd64.deb ...
Unpacking cuda-drivers (390.30-1) ...
Selecting previously unselected package cuda-runtime-9-1.
Preparing to unpack .../07-cuda-runtime-9-1_9.1.85-1_amd64.deb ...
Unpacking cuda-runtime-9-1 (9.1.85-1) ...
Selecting previously unselected package cuda-demo-suite-9-1.
Preparing to unpack .../08-cuda-demo-suite-9-1_9.1.85-1_amd64.deb ...
Unpacking cuda-demo-suite-9-1 (9.1.85-1) ...
Selecting previously unselected package cuda-9-1.
Preparing to unpack .../09-cuda-9-1_9.1.85-1_amd64.deb ...
Unpacking cuda-9-1 (9.1.85-1) ...
Selecting previously unselected package cuda.
Preparing to unpack .../10-cuda_9.1.85-1_amd64.deb ...
Unpacking cuda (9.1.85-1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for desktop-file-utils (0.23-1ubuntu3) ...
Setting up nvidia-390 (390.30-0ubuntu1) ...
update-alternatives: using /usr/lib/nvidia-390/ld.so.conf to provide /etc/ld.so.conf.d/x86_64-linux-gnu_GL.conf (x86_64-linux-gnu_gl_conf) in auto mode
update-alternatives: warning: skip creation of /usr/share/grub-gfxpayload-lists/blacklist/10_proprietary-graphics-drivers because associated file /usr/share/nvidia-390/nvidia-390.grub-gfxpayload (of link group x86_64-linux-gnu_gl_conf) doesn't exist
update-alternatives: using /usr/lib/nvidia-390/ld.so.conf to provide /etc/ld.so.conf.d/x86_64-linux-gnu_EGL.conf (x86_64-linux-gnu_egl_conf) in auto mode
update-alternatives: using /usr/lib/nvidia-390/alt_ld.so.conf to provide /etc/ld.so.conf.d/i386-linux-gnu_GL.conf (i386-linux-gnu_gl_conf) in auto mode
update-alternatives: using /usr/lib/nvidia-390/alt_ld.so.conf to provide /etc/ld.so.conf.d/i386-linux-gnu_EGL.conf (i386-linux-gnu_egl_conf) in auto mode
update-alternatives: using /usr/share/nvidia-390/glamor.conf to provide /usr/share/X11/xorg.conf.d/glamoregl.conf (glamor_conf) in auto mode
dpkg: error: version '-' has bad syntax: revision number is empty
dpkg: error: version '-' has bad syntax: revision number is empty
dpkg: error: version '-' has bad syntax: revision number is empty
dpkg: error: version '-' has bad syntax: revision number is empty
dpkg: error: version '-' has bad syntax: revision number is empty
update-initramfs: deferring update (trigger activated)

A modprobe blacklist file has been created at /etc/modprobe.d to prevent Nouveau from loading. This can be reverted by deleting /etc/modprobe.d/nvidia-graphics-drivers.conf.
A new initrd image has also been created. To revert, please replace /boot/initrd-4.15.3-041503-generic with /boot/initrd-$(uname -r)-backup.

*****************************************************************************
*** Reboot your computer and verify that the NVIDIA graphics driver can   ***
*** be loaded.                                                            ***
*****************************************************************************

INFO:Enable nvidia-390
DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/put_your_quirks_here
DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/dell_latitude
DEBUG:Parsing /usr/share/ubuntu-drivers-common/quirks/lenovo_thinkpad
Adding system user `nvidia-persistenced' (UID 123) ...
Adding new group `nvidia-persistenced' (GID 129) ...
Adding new user `nvidia-persistenced' (UID 123) with group `nvidia-persistenced' ...
Not creating home directory `/'.
Loading new nvidia-390-390.30 DKMS files...
Building for 4.15.3-041503-generic
Building for architecture x86_64
Building initial module for 4.15.3-041503-generic
Done.

nvidia_390:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/4.15.3-041503-generic/updates/dkms/

nvidia_390_modeset.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/4.15.3-041503-generic/updates/dkms/

nvidia_390_drm.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/4.15.3-041503-generic/updates/dkms/

nvidia_390_uvm.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/4.15.3-041503-generic/updates/dkms/

depmod...

DKMS: install completed.
Setting up nvidia-390-dev (390.30-0ubuntu1) ...
Setting up nvidia-settings (390.30-0ubuntu1) ...
Processing triggers for libc-bin (2.26-0ubuntu2.1) ...
Setting up nvidia-modprobe (390.30-0ubuntu1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for gnome-menus (3.13.3-6ubuntu5) ...
Setting up nvidia-opencl-icd-390 (390.30-0ubuntu1) ...
Setting up libcuda1-390 (390.30-0ubuntu1) ...
Setting up cuda-drivers (390.30-1) ...
Setting up cuda-runtime-9-1 (9.1.85-1) ...
Setting up cuda-demo-suite-9-1 (9.1.85-1) ...
Setting up cuda-9-1 (9.1.85-1) ...
Setting up cuda (9.1.85-1) ...
Processing triggers for initramfs-tools (0.125ubuntu12) ...
update-initramfs: Generating /boot/initrd.img-4.15.3-041503-generic
cryptsetup: WARNING: target cryptswap1 has a random key, skipped
Processing triggers for shim-signed (1.33.1~17.10.1+13-0ubuntu2) ...
Secure Boot not enabled on this system.
Processing triggers for libc-bin (2.26-0ubuntu2.1) ...
root@srv2:~/xmr-stak/build/bin#

systemd can be used to run your application as a daemon

A nice feature of systemd is the scripts could be daemonized without any modifications of the scripts like standard stdin, stdout, stderr to be redirected to null (and even in some languages is not that simple!).
So if you want to run your ordinary script as daemon under a systemd linux distro, create a systemd service file in

/etc/systemd/system/myscript.service

Replace “myscript” with the nme of your script.

[Install]
WantedBy=multi-user.target

[Unit]
Description=<my_script_description>
After=syslog.target
After=network.target

[Service]
Type=simple
User=<run_as_user>
Group=<run_as_group_group>
ExecStart=<your_path_and_script_name_here>

# Give the script some time to startup
TimeoutSec=300
#EnvironmentFile=/etc/<filename>

[Install]
WantedBy=multi-user.target

So change the following according your needs:

  • <my_script_description> – description of your script/program with couple of words
  • <run_as_user> – the user under which will be executed
  • <run_as_group_group> – the group under which will be executed
  • <your_path_and_script_name_here> – the absolute path and filename to the script or program to be executed
  • Uncomment “EnvironmentFile” line if you would like to have different environment file for your script

And then you can run it with

systemctl start myscript

And you can enable it to start at boot

systemctl enable myscript

And also you can see the output of the script on syslog or with

systemctl status myscript

Here is an example of running a python script as a daemon with systemd.
The python script is

/usr/local/bin/mypythonscript.py

and the service name is

/etc/systemd/system/mypythonscript.service

Description=My python script daemon
After=syslog.target
After=network.target

[Service]
Type=simple
User=root
Group=root
ExecStart=/usr/bin/python /usr/local/bin/mypythonscript.py

# Give the script some time to startup
TimeoutSec=300

[Install]
WantedBy=multi-user.target

And you can see handful of information for the state of your script with

systemctl status mypythonscript

The uptime of your script and output if any

* mypythonscript.service
   Loaded: loaded (/etc/systemd/system/mypythonscript.service; disabled; vendor preset: enabled)
   Active: active (running) since Thu 2018-01-04 13:58:34 UTC; 1 months 12 days ago
 Main PID: 29654 (python)
   CGroup: /system.slice/mypythonscript.service
           `-37421 /usr/bin/python /usr/local/bin/mypythonscript.py

Jan 12 10:05:21 srv.local systemd[1]: [/etc/systemd/system/mypythonscript.service:3] Assignment outside of section. Ignoring.
Jan 12 10:05:21 srv.local systemd[1]: [/etc/systemd/system/mypythonscript.service:1] Assignment outside of section. Ignoring.

Avoiding Esc (escape) key, a key combination to simulate it

Writing the last howto there was an idea: how to simulate the ESC key, when the key is not available in our keyboard, which is very often these days. Mobile traffic is the ruler coming from mobile devices, of course! So why to limit console users (probably mainly admins?) only to desktop or “qwerty” keyboards? The tables could weight under 500 grams and event smartphones could be used to ssh to a server and what if you do not have ESC key, but need to use it? You can try the following combination:

The escape key can be replaced with pressing and holding CTRL and pressing “[” (left square bracket) = “CTRL+[”

So next time when trying to use ssh or console under Android or iOS or any device try this combination at lease it could be faster than selecting a menu for a predefined keys like ESC key.

vim – edit, save and exit, it is too simple!

Do not blame admins (or in general users, too) of using nano (pico) it is away too simple for simple tasks, which are probably the most cases under console.

    • Save a file – press Esc key, then press and hold SHIFT and then press colons “:”, the bottom line of your screen will change and will start with colons “:”, then type the key “w” and then hit Enter key, so you’ve just saved the opened file.
        1. press Esc
        2. press and hold SHIFT
        3. press the key with colons “:
        4. type “w
        5. hit Enter key
    • Save a file and quit – press Esc key, then press and hold SHIFT and then press colons “:”, the bottom line of your screen will change and will start with colons “:”, then type the key “x” and then hit Enter key, so you’ve just saved the opened file.
        1. press Esc
        2. press and hold SHIFT
        3. press the key with colons “:
        4. type “x
        5. hit Enter key
    • Save all opened files – press Esc key, then press and hold SHIFT and then press colons “:”, the bottom line of your screen will change and will start with colons “:”, then type the key “wa” and then hit Enter key, so you’ve just saved the opened file.
        1. press Esc
        2. press and hold SHIFT
        3. press the key with colons “:
        4. type “wa
        5. hit Enter key
    • Quit without saving, just quit the vim – press Esc key, then press and hold SHIFT and then press colons “:”, the bottom line of your screen will change and will start with colons “:”, then type the key “q!” and then hit Enter key
        1. press Esc
        2. press and hold SHIFT
        3. press the key with colons “:
        4. type “q!
        5. hit Enter key
  • Enable auto save with two ESC keys – create or edit file

    ~/.vimrc

    Add the following line:

    map <Esc><Esc> :w<CR>

* The Esc can be avoided

The escape key can be replaced with pressing and holding CTRL and pressing “[” (left square bracket) = “CTRL+[” and if your “[” is hard typing, you can try CTRL plus “c” = “CTRL+c”, all this is needed to be sure you are not in vim’s insert mode. Avoiding Esc – escape button could be useful under not qwerty keyboards of the mobile devices – smartphones, tablets and so on.

How to proper enable the selinux in a CentOS7 installed server

These days many dedicated servers are offered with automation installation of operating systems and it have never been so easy and fast to pay a server and to get it up in minutes! Yes, we are talking for dedicated machines not virtual servers or cloud ones, but many cloud ones are in the same situation, when the host uses full virtualization.
It is fast, you can choose from many different linux distros and the installation is unattended and happens immediately, but in most cases the selinux is disabled, because is more easy for the support, for the user, for the admin, and for the offered preinstalled software…If you do not have some strange software in most cases it is advisable to enable the selinux, because it is of great security enhancement for your server and for the software in general. It is very simple to enable selinux, but there is an additional step, which if you omit, the server will probably get unusable (probably you won’t be able even to ssh it or login). These steps are tested under CentOS7, but probably works in all other distros, which support selinux!
So here are the steps:

STEP 1) Enable selinux in configuration

Edit the configuration file in

/etc/selinux/config

SELINUX=enforcing

STEP 2) relabel the file system

When using the selinux, there are labels (extended attributes of the file system), which are additional layer of security. Every system comes with prebuild rules instructing what label is set in which file or directory, so when you enable the selinux you must relabel the entire file system (or at least the root partition, to be able to boot normally). This is done with just a line of code below:

touch /.autorelabel

STEP 3) reboot

To take effect the changes made above the server must be rebooted.

reboot

The init process will find the file from step 2 “/.autorelabel” and will initiate a proper relabel according the current selinux rules file, then the server will be rebooted automatically again, the relabel could take time and it depends on the number of files you have in your server, just keep patient.
After the second reboot (which is automatically after the relabeling)

4) Recommendations

USE SELINUX, do not disable it! In most cases it is really simple to configure it in minutes for the need of your special software and for the generic one bet it there are rules offered in the distro’s packet system.

4) Post install check

You can check if the selinux is enabled with

[root@srv ~]# getenforce 
Enforcing
[root@srv ~]#