How To Install Linux, Nginx, MySQL (MariaDB), PHP-FPM (LEMP) Stack on CentOS Stream 9

main menu
dnf mariadb

This article presents how to install a Web server with application back-end PHP and database back-end MySQL using MariaDB. All the software installed throughout this article is from the CentOS Stream 9 official repositories including the EPEL repository. The machine is installed with a minimal installation of CentOS Stream 9 and there is a how-to here – Network installation of CentOS Stream 9 (20220606.0) – minimal server installation.
Here are the steps to perform:

  1. Install, configure and start the database MariaDB.
  2. Install, configure and start the PHP-FPM and PHP cli.
  3. Install, configure and start the Web server Nginx.
  4. Configure the system – firewall and SELinux.
  5. Test the installation with a phpMyAdmin installation.
  6. Bonus – Nginx HTTPS with SSL certificate – self-signed and letsencrypt.

STEP 1) Install, configure and start the database MariaDB.

First, install the MariaDB server by:

dnf install -y mariadb-server

To configure the MariaDB server, the main file is /etc/my.cnf, which just includes all files under the folder /etc/my.cnf.d/

[root@srv ~]# cat /etc/my.cnf
#
# This group is read both both by the client and the server
# use it for options that affect everything
#
[client-server]

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

[root@srv ~]# ls -altr /etc/my.cnf.d/
total 32
-rw-r--r--.  1 root root  295 Mar 25  2022 client.cnf
-rw-r--r--.  1 root root  120 May 18 07:55 spider.cnf
-rw-r--r--.  1 root root  232 May 18 07:55 mysql-clients.cnf
-rw-r--r--.  1 root root  763 May 18 07:55 enable_encryption.preset
-rw-r--r--.  1 root root 1458 Jun 13 13:24 mariadb-server.cnf
-rw-r--r--.  1 root root   42 Jun 13 13:29 auth_gssapi.cnf
drwxr-xr-x.  2 root root 4096 Oct  6 06:34 .
drwxr-xr-x. 81 root root 4096 Oct  6 06:34 ..

The most important file for the MariaDB server is /etc/my.cnf.d/mariadb-server.cnf, where all the server options are included. Under section “[mysqld]” add options to tune the MariaDB server. Supported options could be found here: https://mariadb.com/kb/en/mysqld-options/
Add the following options under “[mysqld]” in /etc/my.cnf.d/mariadb-server.cnf

# Generic
skip-external-locking
skip-character-set-client-handshake
skip-name-resolve

key_buffer_size                 = 1024M
sort_buffer_size                = 200K
net_buffer_length               = 64K
read_buffer_size                = 256K
read_rnd_buffer_size            = 512K
myisam_sort_buffer_size         = 256M
thread_cache_size               = 100
max_connections                 = 1000
max_heap_table_size             = 512M
open_files_limit                = 30000
max_allowed_packet              = 16M
myisam-recover-options  = BACKUP

sync_binlog=0
sql_mode="NO_ENGINE_SUBSTITUTION"

# InnoDB
innodb_buffer_pool_size = 4G
innodb_log_buffer_size = 24M
innodb_log_file_size = 128M
innodb_flush_method = O_DIRECT
innodb_file_per_table
innodb_flush_log_at_trx_commit = 0
innodb_lock_wait_timeout = 150
innodb_thread_concurrency = 0

The most important options is innodb_buffer_pool_size, which should be 70% of available RAM (for machines with low amount of RAM, those above the 32G the percentage should be higher) or the size of the database.
It’s worth noting that no additional configuration is required to start the MariaDB server, but it’s good to make some optimization even for a test/staging/dev environment.
Second, start the services and enable it to start on boot. Check if the services has started successfully:

[root@srv ~]# systemctl enable mariadb
Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.
[root@srv ~]# systemctl start mariadb
[root@srv ~]# systemctl status mariadb
● mariadb.service - MariaDB 10.5 database server
     Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
     Active: active (running) since Thu 2022-10-06 07:04:00 UTC; 5s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 3810 ExecStartPre=/usr/libexec/mariadb-check-socket (code=exited, status=0/SUCCESS)
    Process: 3832 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir mariadb.service (code=exited, s>
    Process: 3937 ExecStartPost=/usr/libexec/mariadb-check-upgrade (code=exited, status=0/SUCCESS)
   Main PID: 3921 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 15 (limit: 23072)
     Memory: 369.3M
        CPU: 1.291s
     CGroup: /system.slice/mariadb.service
             └─3921 /usr/libexec/mariadbd --basedir=/usr

Oct 06 07:04:00 srv mariadb-prepare-db-dir[3871]: you need to be the system 'mysql' user to connec>
Oct 06 07:04:00 srv mariadb-prepare-db-dir[3871]: After connecting you can set the password, if yo>
Oct 06 07:04:00 srv mariadb-prepare-db-dir[3871]: able to connect as any of these users with a pas>
Oct 06 07:04:00 srv mariadb-prepare-db-dir[3871]: See the MariaDB Knowledgebase at https://mariadb>
Oct 06 07:04:00 srv mariadb-prepare-db-dir[3871]: Please report any problems at https://mariadb.or>
Oct 06 07:04:00 srv mariadb-prepare-db-dir[3871]: The latest information about MariaDB is availabl>
Oct 06 07:04:00 srv mariadb-prepare-db-dir[3871]: Consider joining MariaDB's strong and vibrant co>
Oct 06 07:04:00 srv mariadb-prepare-db-dir[3871]: https://mariadb.org/get-involved/
Oct 06 07:04:00 srv mariadbd[3921]: 2022-10-06  7:04:00 0 [Note] /usr/libexec/mariadbd (mysqld 10.>
[root@srv ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
        ├─agetty
        ├─anacron
        ├─auditd───{auditd}
        ├─chronyd
        ├─crond
        ├─dbus-broker-lau───dbus-broker
        ├─firewalld───{firewalld}
        ├─irqbalance───{irqbalance}
        ├─mariadbd───7*[{mariadbd}]
        ├─mdadm
        ├─polkitd───5*[{polkitd}]
        ├─rsyslogd───2*[{rsyslogd}]
        ├─sshd───sshd───sshd───bash───pstree
        ├─systemd───(sd-pam)
        ├─systemd-journal
        ├─systemd-logind
        └─systemd-udevd

MariaDB server will accept connections through the Unix socket file: /var/lib/mysql/mysql.sock. If the user wants to accept network connections to the MariaDB server, the following options should be enabled (uncomment it or add it) in /etc/my.cnf.d/mariadb-server.cnf:

bind-address=0.0.0.0

It will accept connections on all network interfaces, if only on a specific one is desired, just add the IP instead of 0.0.0.0.

Secure the installation with the MariaDB tool: mysql_secure_installation. This build-in tool presents several questions, which are considered to make the current installation of MariaDB more secure. By default, the MariaDB root password (the user with all privileges) has no password, so this tool sets root password and more.

[root@srv ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

For user convinience, add the root password in /root/.my.cnf as follow and the system root user will enter the MariaDB console without entering a password.

root@srv ~]# cat /root/.my.cnf 
[client]
password="Thiu6je1ba:u4AhNgo0E"
[root@srv ~]# chmod 400 /root/.my.cnf
[root@srv ~]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> ^DBye
root@srv ~]# 

STEP 2) Install, configure and start the application part – PHP-FPM and PHP cli.

FPM is FastCGI Process Manager, it starts a daemon, which runs a predefined number of PHP-FPM processes and it waits for Unix or TCP/IP connections to process them with PHP processor.
First, install PHP-FPM and PHP cli.

dnf install -y php-fpm php-cli php-pdo php-mbstring php-mysqlnd php-gd php-intl

There are two parts of PHP configuration:

  • PHP configuration – the application, which processes the PHP files. The configuration is in /etc/php.ini and the custom modules configurations are in the directory /etc/php.d/
  • PHP FPM configuration – the process, which controls the execution of the PHP daemon, which process the PHP files. The configuration is in /etc/php-fpm.conf and custom daemons’ configurations (there may be multiple instances of the daemon, each of which will start its own tree of processes) are under /etc/php-fpm.d/. By default, there is only one pool of PHP-FPM processes with configuration file /etc/php-fpm.d/www.conf

PHP configuration

The configuration is in file /etc/php.ini and in general, there are 3 important options:

.....
date.timezone = UTC
.....
memory_limit = 256M
.....
max_execution_time = 60
.....

The file is around 1660 lines with options and comments, but in most cases, the first limits to hit are the above ones. By default, date.timezone is not set and is commented, so comment it out and set a value, the time zone, which used by the date functions – http://php.net/date.timezone. The second memory_limit is how much memory is allowed for each process and the third max_execution_time is how much time is allowed a process to take before being killed by the PHP.

PHP FPM Configuration

/etc/php-fpm.conf – defines global configuration for all pools and includes the files for each pool in /etc/php-fpm.d/. So the first pool, which will start one PHP process tree is in /etc/php-fpm.d/www.conf
Here are the important options, which should be uncommented or modified as follows:

.....
user = nginx
group = nginx
.....
listen.backlog = 1024
.....
pm.max_requests = 20000
.....

Set the user to be nginx, because this Web server will be used. The backlog means how many connections to queue when there are connections to the process, which cannot be processed immediately.
Interesting options to manage the process counts of the PHP processes are: pm.max_children, pm.start_servers, pm.min_spare_servers, pm.max_spare_servers, pm.process_idle_timeout, pm.max_requests (always set a limit to how many requests a process can accept, memory leaks do exists, so restarting a PHP process is a good thing! Be careful, with low values on a busy server.)
The default configuration will accept connections only through the Unix socket file: /run/php-fpm/www.sock. To accept network connections modify the listen and listen.allowed_clients options:

.....
listen="10.10.10.10:9000"
.....
;listen.allowed_clients=
.....

The PHP-FPM will accept network connections from IP 10.10.10.10 on port 9000.
In the configuration file there are many comments, which the user should read, because they may help him to find interesting options like access logging, slow logging, error logging, status and ping pages and more.
Start and enable on boot the PHP-FPM service:

[root@srv ~]# systemctl enable php-fpm
Created symlink /etc/systemd/system/multi-user.target.wants/php-fpm.service → /usr/lib/systemd/system/php-fpm.service.
[root@srv ~]# systemctl start php-fpm
[root@srv ~]# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
     Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2022-10-06 08:06:42 UTC; 3s ago
   Main PID: 4817 (php-fpm)
     Status: "Ready to handle connections"
      Tasks: 6 (limit: 23072)
     Memory: 10.4M
        CPU: 83ms
     CGroup: /system.slice/php-fpm.service
             ├─4817 "php-fpm: master process (/etc/php-fpm.conf)"
             ├─4818 "php-fpm: pool www"
             ├─4819 "php-fpm: pool www"
             ├─4820 "php-fpm: pool www"
             ├─4821 "php-fpm: pool www"
             └─4822 "php-fpm: pool www"

Oct 06 08:06:42 srv systemd[1]: Starting The PHP FastCGI Process Manager...
Oct 06 08:06:42 srv systemd[1]: Started The PHP FastCGI Process Manager.

There is a master PHP-FPM process, which ran 5 process to accept connections.
Fix the PHP session write permissions with:

[root@srv ~]# ls -altrZ /var/lib/php/
total 24
drwxrwx---.  2 root apache system_u:object_r:httpd_var_run_t:s0 4096 Aug  1 09:42 wsdlcache
drwxrwx---.  2 root apache system_u:object_r:httpd_var_run_t:s0 4096 Aug  1 09:42 session
drwxr-xr-x.  2 root root   system_u:object_r:httpd_var_lib_t:s0 4096 Aug  1 09:42 peclxml
drwxrwx---.  2 root apache system_u:object_r:httpd_var_lib_t:s0 4096 Aug  1 09:42 opcache
drwxr-xr-x.  6 root root   system_u:object_r:httpd_var_lib_t:s0 4096 Oct  6 07:32 .
drwxr-xr-x. 27 root root   system_u:object_r:var_lib_t:s0       4096 Oct  6 08:15 ..
[root@srv ~]# chown root:nginx /var/lib/php/wsdlcache/
[root@srv ~]# chown root:nginx /var/lib/php/session/
[root@srv ~]# chown root:nginx /var/lib/php/opcache/
[root@srv ~]# ls -altrZ /var/lib/php/
total 24
drwxrwx---.  2 root nginx system_u:object_r:httpd_var_run_t:s0 4096 Aug  1 09:42 wsdlcache
drwxr-xr-x.  2 root root  system_u:object_r:httpd_var_lib_t:s0 4096 Aug  1 09:42 peclxml
drwxrwx---.  2 root nginx system_u:object_r:httpd_var_lib_t:s0 4096 Aug  1 09:42 opcache
drwxr-xr-x.  6 root root  system_u:object_r:httpd_var_lib_t:s0 4096 Oct  6 07:32 .
drwxr-xr-x. 27 root root  system_u:object_r:var_lib_t:s0       4096 Oct  6 08:15 ..
drwxrwx---.  2 root nginx system_u:object_r:httpd_var_run_t:s0 4096 Oct  6 09:34 session

The directories’ groups are apache, but nginx is used, that’s why the user should be change. A blank page may be displayed if the PHP-FPM could not write to these directories.
The SELinux permission are fine.

STEP 3) Install, configure and start the Web server Nginx.

First, install the Nginx server.

dnf install -y nginx

The main configuration file is in /etc/nginx/nginx.conf, where are defined the virtual hosts (server sections) for this server. By default, only the HTTP (without SSL certificate) is defined, the SSL one is commented.
By default, Nginx defines default domain “_”, which accepts all no other sector is defined. So if the user wants to have a custom server block, the best it to copy the whole default block and modify the following options: server_name, root, include at least.

]
.....
    server {
        listen       80;
        listen       [::]:80;
        server_name  example.mydomain.com;
        root         /var/www/html/example.mydomain.com;

        # Load configuration files for the example.mydomain.com server block.
        include /etc/nginx/sites.d/example.mydomain.com.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
.....

Make sure to create the /etc/nginx/sites.d/example.mydomain.com.conf. It is a good idea always to split different server blocks in different configuration files or at least, the specific options. It should be noted that to process a PHP-FPM requests, the above block must defines a similar location directive (mentioned below), so just copying the /etc/nginx/default.d/php.conf to /etc/nginx/sites.d/example.mydomain.com.conf is enough to begin with.
Installing the Nginx at the last step will ensure the existence of two important files for the PHP-FPM.
There are two more important directories:

  • modular configuration files/etc/nginx/conf.d/ all files with extension .conf. Configuration file for multiple server sectors (i.e. for multiple virtual hosts). The options in these files will tune and be visible for all domains. At present, there is only one file – /etc/nginx/conf.d/php-fpm.conf :
    # PHP-FPM FastCGI server
    # network or unix domain socket configuration
    
    upstream php-fpm {
            server unix:/run/php-fpm/www.sock;
    }
    

    It defines an upstream group of servers for the application back-end, i.e. PHP-FPM, which accept connections through Unix socket file /run/php-fpm/www.sock. The socket file is the same as in the configuration section of PHP-FPM.

  • default server block configuration files – /etc/nginx/default.d/. Configuration options only for one server block, i.e. virtual host (domain) – the default one, which accepts all requests if no other server section for the requested domain is defined. There is only one file /etc/nginx/default.d/php.conf, which define a section instructing Nginx to open a connection through the defined upstream to the PHP-FPM process:
    # pass the PHP scripts to FastCGI server
    #
    # See conf.d/php-fpm.conf for socket configuration
    #
    index index.php index.html index.htm;
    
    location ~ \.(php|phar)(/.*)?$ {
        fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
    
        fastcgi_intercept_errors on;
        fastcgi_index  index.php;
        include        fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  PATH_INFO $fastcgi_path_info;
        fastcgi_pass   php-fpm;
    }
    

    So if a request to a file with extension “.php” in the server including this location, the request will be handled to the upstream server and the PHP-FPM process will process the request.

For completeness, this article should show how to add a configuration for the domain and not to use the default domain (and server block section). Even the PHP-FPM should be removed from the default, because the default should serve only static content. So here is the final configuration with a fake domain:

  • /etc/nginx/nginx.conf configuration:
    .....
        server {
            listen       80;
            listen       [::]:80;
            server_name  _;
            root         /usr/share/nginx/html;
    
            # Load configuration files for the default server block.
            # include /etc/nginx/default.d/*.conf;
    
            error_page 404 /404.html;
            location = /404.html {
            }
    
            error_page 500 502 503 504 /50x.html;
            location = /50x.html {
            }
        }
    
        server {
            listen       80;
            listen       [::]:80;
            server_name  example.mydomain.com;
            root         /var/www/html/example.mydomain.com;
    
            # Load configuration files for the default server block.
            include /etc/nginx/sites.d/example.mydomain.com.conf;
    
            error_page 404 /404.html;
            location = /404.html {
            }
    
            error_page 500 502 503 504 /50x.html;
            location = /50x.html {
            }
        }
    .....
    
  • Remove the PHP-FPM location configuration for the default server block and add it to the example.mydomain.com.
    mv /etc/nginx/default.d/php.conf /etc/nginx/sites.d/example.mydomain.com.conf
    

Finally, test the configuration and start the service. Enable it to start on boot.

[root@srv ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@srv ~]# systemctl start nginx
[root@srv ~]# systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@srv ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
    Drop-In: /usr/lib/systemd/system/nginx.service.d
             └─php-fpm.conf
     Active: active (running) since Thu 2022-10-06 09:20:03 UTC; 9s ago
   Main PID: 5106 (nginx)
      Tasks: 3 (limit: 23072)
     Memory: 2.9M
        CPU: 68ms
     CGroup: /system.slice/nginx.service
             ├─5106 "nginx: master process /usr/sbin/nginx"
             ├─5107 "nginx: worker process"
             └─5108 "nginx: worker process"

Oct 06 09:20:03 srv systemd[1]: Starting The nginx HTTP and reverse proxy server...
Oct 06 09:20:03 srv nginx[5104]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Oct 06 09:20:03 srv nginx[5104]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Oct 06 09:20:03 srv systemd[1]: Started The nginx HTTP and reverse proxy server.

STEP 4) Configure the system – firewall and SELinux

By default, CentOS Stream 9 uses firewalld service and firewall-cmd cli to control it. Allow HTTP trafffic to the server:

[root@srv ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[root@srv ~]# firewall-cmd --permanent --add-service=http
success
[root@srv ~]# firewall-cmd --reload
success
[root@srv ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3
  sources: 
  services: cockpit dhcpv6-client http ssh
  ports: 
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

If the web root directories is under /var/www there is no need to tune the SELinux. If the user want to change to another location not under /var/www, the SELinux label httpd_sys_content_t must be added to the parent directory.
For example, if the web root directories are under /mnt/storage/www, the following commands should be issued:

[root@srv ~]# semanage fcontext -a -t httpd_sys_rw_content_t '/mnt/storage/www(/.*)?'
[root@srv ~]# restorecon -Rv /mnt/storage/www
Relabeled /mnt/storage/www from unconfined_u:object_r:mnt_t:s0 to unconfined_u:object_r:httpd_sys_rw_content_t:s0

Otherwise, the SELinux will block any web request to the /mnt/storage/www.

STEP 5) Test all the three components – Nginx, PHP-FPM and MariaDB.

First test is Nginx+PHP-FPM and it purpose is to show phpinfo() page. Create a file /var/www/html/example.mydomain.com/test.php with the content as shown below and then set the owner to “nginx:nginx”.

[root@srv ~]# cat /var/www/html/example.mydomain.com/test.php
<?php
phpinfo();
[root@srv ~]# chown -R nginx:nginx /var/www/html/example.mydomain.com

main menu
phpinfo page

Second, test the Nginx+PHP-FPM + MariaDB, i.e. the connectivity to the database from the application layer PHP-FPM.
Just download the phpMyAdmin package from https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-all-languages.zip or the latest version. Unpack, add default config and load it in the browser:

[root@srv ~]# cd /var/www/html/example.mydomain.com
[root@srv example.mydomain.com]# wget https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-all-languages.zip
--2022-10-06 09:28:27--  https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-all-languages.zip
Resolving files.phpmyadmin.net (files.phpmyadmin.net)... 185.76.8.4, 2a02:6ea0:d900::3
Connecting to files.phpmyadmin.net (files.phpmyadmin.net)|185.76.8.4|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14112668 (13M) [application/zip]
Saving to: ‘phpMyAdmin-5.2.0-all-languages.zip’

phpMyAdmin-5.2.0-all-lan 100%[=================================>]  13.46M  6.30MB/s    in 2.1s    

2022-10-06 09:28:30 (6.30 MB/s) - ‘phpMyAdmin-5.2.0-all-languages.zip’ saved [14112668/14112668]

[root@srv example.mydomain.com]# unzip phpMyAdmin-5.2.0-all-languages.zip 
Archive:  phpMyAdmin-5.2.0-all-languages.zip
   creating: phpMyAdmin-5.2.0-all-languages/
 extracting: phpMyAdmin-5.2.0-all-languages/.rtlcssrc.json
.....
.....
  inflating: phpMyAdmin-5.2.0-all-languages/yarn.lock  
[root@srv example.mydomain.com]# mv phpMyAdmin-5.2.0-all-languages phpmyadmin
[root@srv example.mydomain.com]# cd phpmyadmin
[root@srv example.mydomain.com]# cp config.sample.inc.php config.inc.php

Then open the browser and login with MariaDB root account and the password set in the (STEP 1). The phpMyAdmin should be located in http://example.mydomain.com/phpmyadmin/.

main menu
phpMyAdmin

Bonus) Nginx HTTPS with SSL certificate – self-signed and letsencrypt.

Two types of certificate generations for the HTTPS server block will be presented in this section:

  1. Self-signed certificate. The browsers will report it is unsafe and the user should accept the certificate before viewing the site. It is convinient for development stage.
  2. Letsencrypt certificate – the software needed and how to generate. A free and valid certificate. More info – https://letsencrypt.org/

Generate self-signed certificate

Generate the self-signed certificate and configure the firewall to accept HTTPS connections.

[root@srv ~]# openssl genrsa -out /etc/ssl/nginx/example.mydomain.com.key 4096
[root@srv ~]# openssl req -new -key /etc/ssl/nginx/example.mydomain.com.key -out /etc/ssl/nginx/example.mydomain.com.csr -subj '/C=us/ST=newyork/L=newyork/O=mygroup/OU=servicing/CN=example.mydomain.com/emailAddress=admin@mydomain.com'
[root@srv ~]# openssl x509 -req -days 365 -in /etc/ssl/nginx/example.mydomain.com.csr -signkey /etc/ssl/nginx/example.mydomain.com.key -out /etc/ssl/nginx/example.mydomain.com.crt
[root@srv ~]# chmod 400 /etc/ssl/nginx/*
[root@srv ~]# ls -altr /etc/ssl/nginx/
total 20
drwxr-xr-x. 3 root root 4096 Oct  6 11:10 ..
-r--------. 1 root root 3268 Oct  6 11:11 example.mydomain.com.key
-r--------. 1 root root 1765 Oct  6 11:12 example.mydomain.com.csr
drwxr-xr-x. 2 root root 4096 Oct  6 11:13 .
-r--------. 1 root root 2049 Oct  6 11:13 example.mydomain.com.crt
[root@srv ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@srv ~]# systemctl restart nginx
[root@srv ~]# firewall-cmd --permanent --add-service=https
success
[root@srv ~]# firewall-cmd --reload
success

Here is the Nginx server block (in /etc/nginx.nginx.conf below the above two server blocks) for the HTTPS connections:

.....
    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  example.mydomain.com;
        root         /var/www/html/example.mydomain.com;

        ssl_certificate "/etc/ssl/nginx/example.mydomain.com.crt";
        ssl_certificate_key "/etc/ssl/nginx/example.mydomain.com.key";
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/sites.d/example.mydomain.com.conf;

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
.....

Test and restart the Nginx web server.

[root@srv ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@srv ~]# systemctl restart nginx

The phpMyAdmin should be located in https://example.mydomain.com/phpmyadmin/.

main menu
https phpMyAdmin

Letsencrypt certificate

Install the needed software. certbot is the command-line tool to generate, renewn and manage Let’s Encrypt SSL Certificates.

dnf install -y epel-release
dnf install -y certbot

The domain example.mydomain.com must have an accessible Internet IP, which the servers behind the letsencrypt organization would access using HTTP/HTTPS.

[root@srv ~]# certbot certonly --webroot -w /var/www/html/example.mydomain.com -d example.mydomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for example.mydomain.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.mydomain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/example.mydomain.com/privkey.pem
This certificate expires on 2023-01-04.
These files will be updated when the certificate renews.

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The Nginx configuration in /etc/nginx/nginx.conf looks like:

.....
    server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  example.mydomain.com;
        root         /var/www/html/example.mydomain.com;

        ssl_certificate "/etc/letsencrypt/live/example.mydomain.com/fullchain.pem";
        ssl_certificate_key "/etc/letsencrypt/live/example.mydomain.com/privkey.pem";
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/sites.d/example.mydomain.com.conf;

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
.....

Essensially the same with the self-singed one, but with modified the path of ssl_certificate and ssl_certificate_key.
Test and restart the Nginx web server.

[root@srv ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@srv ~]# systemctl restart nginx

The phpMyAdmin should be located in https://example.mydomain.com/phpmyadmin/, but this time the SSL certificate will be valid for example.mydomain.com and no errors or crititcal warnings will receive the users of the site.

How to upgrade to CentOS Stream 9 from CentOS Stream 8

This article will show how to update to CentOS Stream 9 from CentOS Stream 8.

main menu
grub entries

If only official repositories are used it is fairly easy to upgrade to the new rolling based CentOS Stream 9 release, which follows the Red Hat Enterprise Linux 9. Using unofficial or users’ repositories CentOS Stream 8 may lead to unstable system or break user’s system following this tutorial. First, check out for CentOS Stream 9 compatibility issues the currently installed repositories if some specific or unofficial are used.
The following article uses a CentOS Stream 9 with only the official default repositories and in addition, the EPEL repository, which has a CentOS Stream 9 support.
How to install – Network installation of CentOS Stream 9 (20220606.0) – minimal server installation with additional information about important CentOS Stream 9 URLs and links and what kind of software the user can expect to have Software and technical details of CentOS Stream 9 minimal install. Camparing the packages of the two systems – a clean install of CentOS Stream 9 and an upgrade from CentOS Stream 8, the clean install has 377 packages installed and the upgrade has 387 packages installed. The strated processes are the same except the chronyd service is not started on boot. chronyd daemon offers a time synchronization.

STEP 1) All installed packages should be updated to the latest versions.

[root@srv ~]# dnf update -y
Last metadata expiration check: 0:09:08 ago on Tue Oct  4 12:12:07 2022.
Dependencies resolved.
Nothing to do.
Complete!

The DNF tool reports that all packages are up-to-date, because there is nothing to upgrade.

STEP 2) A cleanup of all packages, which are not required anymore.

Check orphan and leaves packages. Some of the packages here may be used by the user explicitly, so it is important to know the system. Remove the packages if not used by the system and they are showed as an output of the following commands and they are not used by the user of the system.

[root@srv ~]# dnf repoquery --unneeded
Last metadata expiration check: 0:12:56 ago on Tue Oct  4 12:12:07 2022.
NetworkManager-initscripts-updown-1:1.40.0-1.el8.noarch
grub2-tools-efi-1:2.02-129.el8.x86_64
libmetalink-0:0.1.3-7.el8.x86_64
pciutils-0:3.7.0-1.el8.x86_64
python3-configobj-0:5.0.6-11.el8.noarch
python3-schedutils-0:0.6-6.el8.x86_64
rdma-core-0:41.0-1.el8.x86_64
[root@srv ~]# dnf repoquery --extras
Last metadata expiration check: 0:00:12 ago on Tue Oct  4 12:34:17 2022.

Remove the unneeded packages:
Keep on reading!

Generate the rescue kernel boot entry in CentOS Stream 9

main menu
Generate the rescue kernel

Regenerating the vmlinuz and initramfs for the rescue kernel of currently installed kernel under CentOS Stream 9 is really simple. There is a package dracut-config-rescue, which delivers a bash script (/usr/lib/kernel/install.d/51-dracut-rescue.install) to help generate a rescue kernel.

STEP 1) Move the old rescue kernel in a backup directory.

Remove the current rescue kernel from the /boot.

[root@srv ~]# ls -altr /boot/|grep rescue
-rwxr-xr-x.  1 root root 10030216 Apr 12  2021 vmlinuz-0-rescue-b2a198ecbfdd451cb905f76f825af01e
-rw-------.  1 root root 77700560 Apr 12  2021 initramfs-0-rescue-b2a198ecbfdd451cb905f76f825af01e.img
[root@srv ~]# mkdir /tmp/old-rescue
[root@srv ~]# mv /boot/*-rescue-* /tmp/old-rescue/
[root@srv ~]# ls -altr /tmp/old-rescue/
total 85684
-rwxr-xr-x. 1 root root 10030216 Apr 12  2021 vmlinuz-0-rescue-b2a198ecbfdd451cb905f76f825af01e
-rw-------. 1 root root 77700560 Apr 12  2021 initramfs-0-rescue-b2a198ecbfdd451cb905f76f825af01e.img
drwxrwxrwt. 9 root root     4096 Oct  5 10:00 ..
drwxr-xr-x. 2 root root     4096 Oct  5 10:01 .
[root@srv ~]# mv /boot/loader/entries/b2a198ecbfdd451cb905f76f825af01e-0-rescue.conf /tmp/old-rescue/

STEP 2) Regenerate the rescue kernel and the Grub boot entry.

Regenerate the with the /usr/lib/kernel/install.d/51-dracut-rescue.install the rescue kernel and the Grub entry by executing the following command:

[root@srv ~]# /usr/lib/kernel/install.d/51-dracut-rescue.install add $(uname -r) /boot /boot/vmlinuz-$(uname -r)

The command does not output anything on successful generation, but there are 3 new files with rescue in the name:

[root@srv ~]# find /boot/ -name '*rescue*'
/boot/loader/entries/b2a198ecbfdd451cb905f76f825af01e-0-rescue.conf
/boot/vmlinuz-0-rescue-b2a198ecbfdd451cb905f76f825af01e
/boot/initramfs-0-rescue-b2a198ecbfdd451cb905f76f825af01e.img

Here are the valid arguments to generate the rescue kernel:

  1. add – the command what to do the script.
  2. kernel version – the kernel version, for which the script to generate the rescue kernel.
  3. boot directory – the boot directory, where the rescue kernel will be saved.
  4. kernel image – the kernel image against the script will produce the rescue kernel.

Bonus) Additional information.

It is interesting to mention, now, the script /usr/lib/kernel/install.d/51-dracut-rescue.install seems unfinished, because it does not include “USAGE” output and “remove” command is not implemented! The usage part is even stranger, because when the script is executed with wrong or without arguments it throws error for missing “usage command” (in fact, “usage” bash function):

[root@srv ~]# /usr/lib/kernel/install.d/51-dracut-rescue.install
/usr/lib/kernel/install.d/51-dracut-rescue.install: line 129: usage: command not found

The remove command is just not implemented and it exits the script with 0, which WILL NOT remove a kernel rescue entry.

[root@srv ~]# grep remove -A 4 /usr/lib/kernel/install.d/51-dracut-rescue.install
    remove)
        exit 0
        ;;

    *)

This is the situation for the latest version at present:

[root@srv ~]# dnf info dracut-config-rescue
Last metadata expiration check: 1:35:30 ago on Wed 05 Oct 2022 09:06:59 AM UTC.
Installed Packages
Name         : dracut-config-rescue
Version      : 057
Release      : 13.git20220816.el9
Architecture : x86_64
Size         : 3.5 k
Source       : dracut-057-13.git20220816.el9.src.rpm
Repository   : @System
From repo    : baseos
Summary      : dracut configuration to turn on rescue image generation
URL          : https://dracut.wiki.kernel.org/
License      : GPLv2+ and LGPLv2+ and GPLv2
Description  : This package provides the configuration to turn on the rescue initramfs
             : generation with dracut.

More topics on CentOS Stream 9 here.

Run LXC Ubuntu 22.04 LTS container with bridged network under CentOS Stream 9

In continuation of the previous article Run LXC CentOS Stream 9 container with bridged network under CentOS Stream 9, this time the LXC container will be Ubuntu 22.04 LTS Jammy Jellyfish.
To receive a better understanding why to use LXC or a much detailed information of some steps in this article it is better to visit the previously mention article and the original Run LXC CentOS 8 container with bridged network under CentOS 8.

STEP 1) Install the needed software EPEL repository and the LXC and its dependencies

To install LXC software the EPEL CentOS Stream 9 repository must be installed. At present, the LXC included in CentOS Stream 9 EPEL repository is 4.0.

dnf install -y epel-release
dnf install -y lxc lxc-templates container-selinux
dnf install -y wget tar

lxc-templates uses template “download” to download different Linux distribution images from http://images.linuxcontainers.org/, which now redirects to http://uk.lxd.images.canonical.com/ (an Ubuntu lxd images mirror).
The container-selinux should be installed only if the host, i.e. the CentOS Stream 9 install, is with enabled SELinux. The packages offers additional SELinux rules or for the LXC and LXC tools like lxc-attach and more.

STEP 2) Create a Ubuntu 22.04 LTS with the help of LXC templates

[root@srv ~]# lxc-create --template download -n mycontainer -- --dist centos --release 9-Stream --arch amd64

In addition, there is a “–variant” option along with “--dist” and “--release” to specify which variant to install – default, cloud, desktop or other. There is a variant column in the table on the images’ page mentioned above.
Keep on reading!

Run LXC CentOS Stream 9 container with bridged network under CentOS Stream 9

In continue of the previous article with CentOS 8 – Run LXC CentOS 8 container with bridged network under CentOS 8, here is an updated version with CentOS Stream 9 running LXC container. In this case, the LXC container is CentOS Stream 9, too.
Under CentOS 8, the LXC software is from branch 3.x, but in CentOS Stream 9 the LXC is 4.x and there are some differences in the LXC configuration file.
It’s worth mentioning the differences between docker/podman containers and LXC from the previous article:

  • Multiprocesses.
  • Easy configuration modification. Even hot-plugin supported.
  • Unprivileged Linux containers.
  • Complex network setups. Multiple network interfaces connected to different networks, for example.
  • Live systemd, i.e. systemd or SysV init are booted as usual. Much of the software relies on systemd/udev features and in many cases, it is really hard to run a software without a systemd or init process

Here are the steps to boot a CentOS Stream 9 container under CentOS Stream 9 host server:

STEP 1) Install EPEL repository.

EPEL CentOS Stream 9 repository now includes LXC 4.0 software.

dnf install -y epel-release

STEP 2) Install LXC software and start LXC service.

At present, the LXC software version is 4.0.12. The package lxc-templates includes template scripts to create a Linux distribution environment like CentOS, Ubuntu, Debian, Gentoo, ArchLinux, Oracle, Alpine, and many others and it also includes the configuration templates to start these Linux distributions. In fact, lxc-templates now includes a download script to download images from the Internet.

dnf install -y lxc lxc-templates container-selinux
dnf install -y wget tar

The wget and tar are required if LXC templates installation is going to be performed.
There is an additional package for container’s SELinux, which should be installed before starting the LXC service, because some of the SELinux rules may not apply in the system. If the SELinux is disabled the installation of container-selinux package might be skipped.

STEP 3) Create a CentOS Stream 9 container with the help of LXC templates and run it.

Use the lxc-templates to prepare a CentOS Stream 9 container environment. The currently available containers are listed here http://images.linuxcontainers.org/, which now redirects to http://uk.lxd.images.canonical.com/ (an Ubuntu lxd images mirror). Check out the URL and choose the right container. Here the CentOS Stream 9 amd64, i.e. release 9-Stream, is used.

[root@srv ~]# lxc-create --template download -n mycontainer -- --dist centos --release 9-Stream --arch amd64

In addition, there is a “–variant” option along with “--dist” and “--release” to specify which variant to install – default, cloud, desktop or other. There is a variant column in the table on the images’ page mentioned above.
Keep on reading!

Delete an Offline RAID6 virtual drive and create a new one with AVAGO storcli

Offline virtual device means it cannot be used because the missing or bad or failed disks are more than the fault tolerance it is offering. In this case, there is a RAID 6 on a AVAGO MegaRAID 3018 controller with 2 x RAID6 virtual drives with 6 disks each. One of the virtual drives misses 3 of the 6 disks in the group, so this virtual drive is in Offline state and it cannot be repaired. Three new disks are put to replace the failed disks. Here is what command to issue with the AVAGO command-line utility storcli under CentOS 7 to delete and then create a healthy new RAID 6 virtual drive:

  1. Delete the Offline virtual drive.
  2. Create a new RAID 6 virtual drive with 6 disks.
  3. Initialize the newly create virtual drive to make it consistent.

On each step, it is included additional show storcli commands to better preset what happens in reality and how the controller reflects the changes.
The initial state of the whole configuration is shown below:

[root@srv ~]# /opt/MegaRAID/storcli/storcli64 /c0 show
Generating detailed summary of the adapter, it may take a while to complete.

CLI Version = 007.0709.0000.0000 Aug 14, 2018
Operating system = Linux 3.10.0-957.1.3.el7.x86_64
Controller = 0
Status = Success
Description = None

Product Name = AVAGO 3108 MegaRAID
Serial Number = FW-AC5CMJEAARBWA
SAS Address =  500304802426b600
PCI Address = 00:01:00:00
System Time = 09/20/2022, 14:09:12
Mfg. Date = 00/00/00
Controller Time = 09/20/2022, 14:09:08
FW Package Build = 24.21.0-0028
BIOS Version = 6.36.00.2_4.19.08.00_0x06180202
FW Version = 4.680.00-8290
Driver Name = megaraid_sas
Driver Version = 07.705.02.00-rh1
Current Personality = RAID-Mode 
Vendor Id = 0x1000
Device Id = 0x5D
SubVendor Id = 0x15D9
SubDevice Id = 0x809
Host Interface = PCI-E
Device Interface = SAS-12G
Bus Number = 1
Device Number = 0
Function Number = 0
Drive Groups = 2

TOPOLOGY :
========

----------------------------------------------------------------------------
DG Arr Row EID:Slot DID Type  State BT      Size PDC  PI SED DS3  FSpace TR 
----------------------------------------------------------------------------
 0 -   -   -        -   RAID6 OfLn  N  43.654 TB dflt N  N   dflt N      N  
 0 0   -   -        -   RAID6 Dgrd  N  43.654 TB dflt N  N   dflt N      N  
 0 0   0   -        -   DRIVE Msng  -  10.913 TB -    -  -   -    -      N  
 0 0   1   8:1      13  DRIVE Onln  N  10.913 TB dflt N  N   dflt -      N  
 0 0   2   8:2      10  DRIVE Onln  N  10.913 TB dflt N  N   dflt -      N  
 0 0   3   -        -   DRIVE Msng  -  10.913 TB -    -  -   -    -      N  
 0 0   4   8:4      11  DRIVE Onln  N  10.913 TB dflt N  N   dflt -      N  
 0 0   5   -        -   DRIVE Msng  -  10.913 TB -    -  -   -    -      N  
 1 -   -   -        -   RAID6 Optl  N  43.654 TB dflt N  N   dflt N      N  
 1 0   -   -        -   RAID6 Optl  N  43.654 TB dflt N  N   dflt N      N  
 1 0   0   8:6      20  DRIVE Onln  N  10.913 TB dflt N  N   dflt -      N  
 1 0   1   8:7      19  DRIVE Onln  N  12.732 TB dflt N  N   dflt -      N  
 1 0   2   8:8      18  DRIVE Onln  N  10.913 TB dflt N  N   dflt -      N  
 1 0   3   8:9      15  DRIVE Onln  N  10.913 TB dflt N  N   dflt -      N  
 1 0   4   8:10     12  DRIVE Onln  N  10.913 TB dflt N  N   dflt -      N  
 1 0   5   8:11     14  DRIVE Onln  N  10.913 TB dflt N  N   dflt -      N  
----------------------------------------------------------------------------

DG=Disk Group Index|Arr=Array Index|Row=Row Index|EID=Enclosure Device ID
DID=Device ID|Type=Drive Type|Onln=Online|Rbld=Rebuild|Dgrd=Degraded
Pdgd=Partially degraded|Offln=Offline|BT=Background Task Active
PDC=PD Cache|PI=Protection Info|SED=Self Encrypting Drive|Frgn=Foreign
DS3=Dimmer Switch 3|dflt=Default|Msng=Missing|FSpace=Free Space Present
TR=Transport Ready

Virtual Drives = 2

VD LIST :
=======

------------------------------------------------------------------
DG/VD TYPE  State Access Consist Cache Cac sCC      Size Name     
------------------------------------------------------------------
0/0   RAID6 OfLn  RW     No      RAWBD -   ON  43.654 TB storage1 
1/1   RAID6 Optl  RW     Yes     RAWBD -   ON  43.654 TB storage2 
------------------------------------------------------------------

Cac=CacheCade|Rec=Recovery|OfLn=OffLine|Pdgd=Partially Degraded|Dgrd=Degraded
Optl=Optimal|RO=Read Only|RW=Read Write|HD=Hidden|TRANS=TransportReady|B=Blocked|
Consist=Consistent|R=Read Ahead Always|NR=No Read Ahead|WB=WriteBack|
AWB=Always WriteBack|WT=WriteThrough|C=Cached IO|D=Direct IO|sCC=Scheduled
Check Consistency

Physical Drives = 12

PD LIST :
=======

---------------------------------------------------------------------------------
EID:Slt DID State DG      Size Intf Med SED PI SeSz Model                Sp Type 
---------------------------------------------------------------------------------
8:0       9 UGood -  12.732 TB SATA HDD N   N  512B ST14000NM001G-2KJ103 D  -    
8:1      13 Onln  0  10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
8:2      10 Onln  0  10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
8:3      17 UGood -  12.732 TB SATA HDD N   N  512B ST14000NM001G-2KJ103 D  -    
8:4      11 Onln  0  10.913 TB SATA HDD N   N  512B ST12000NM001G-2MV103 U  -    
8:5      16 UGood -  12.732 TB SATA HDD N   N  512B ST14000NM001G-2KJ103 D  -    
8:6      20 Onln  1  10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
8:7      19 Onln  1  12.732 TB SATA HDD N   N  512B ST14000NM001G-2KJ103 U  -    
8:8      18 Onln  1  10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
8:9      15 Onln  1  10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
8:10     12 Onln  1  10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
8:11     14 Onln  1  10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
---------------------------------------------------------------------------------

EID-Enclosure Device ID|Slt-Slot No.|DID-Device ID|DG-DriveGroup
DHS-Dedicated Hot Spare|UGood-Unconfigured Good|GHS-Global Hotspare
UBad-Unconfigured Bad|Onln-Online|Offln-Offline|Intf-Interface
Med-Media Type|SED-Self Encryptive Drive|PI-Protection Info
SeSz-Sector Size|Sp-Spun|U-Up|D-Down/PowerSave|T-Transition|F-Foreign
UGUnsp-Unsupported|UGShld-UnConfigured shielded|HSPShld-Hotspare shielded
CFShld-Configured shielded|Cpybck-CopyBack|CBShld-Copyback Shielded


Cachevault_Info :
===============

------------------------------------
Model  State   Temp Mode MfgDate    
------------------------------------
CVPM02 Optimal 28C  -    2018/01/11 
------------------------------------

The show storcli command for the first virtual drive “/c0/v0” is also possible:

[root@srv ~]# /opt/MegaRAID/storcli/storcli64 /c0/v0 show all
CLI Version = 007.0709.0000.0000 Aug 14, 2018
Operating system = Linux 3.10.0-957.1.3.el7.x86_64
Controller = 0
Status = Success
Description = None


/c0/v0 :
======

------------------------------------------------------------------
DG/VD TYPE  State Access Consist Cache Cac sCC      Size Name     
------------------------------------------------------------------
0/0   RAID6 OfLn  RW     No      RAWBD -   ON  43.654 TB storage1 
------------------------------------------------------------------

Cac=CacheCade|Rec=Recovery|OfLn=OffLine|Pdgd=Partially Degraded|Dgrd=Degraded
Optl=Optimal|RO=Read Only|RW=Read Write|HD=Hidden|TRANS=TransportReady|B=Blocked|
Consist=Consistent|R=Read Ahead Always|NR=No Read Ahead|WB=WriteBack|
AWB=Always WriteBack|WT=WriteThrough|C=Cached IO|D=Direct IO|sCC=Scheduled
Check Consistency


PDs for VD 0 :
============

---------------------------------------------------------------------------------
EID:Slt DID State DG      Size Intf Med SED PI SeSz Model                Sp Type 
---------------------------------------------------------------------------------
8:1      13 Onln   0 10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
8:2      10 Onln   0 10.913 TB SATA HDD N   N  512B ST12000NM0007-2A1101 U  -    
8:4      11 Onln   0 10.913 TB SATA HDD N   N  512B ST12000NM001G-2MV103 U  -    
---------------------------------------------------------------------------------

EID-Enclosure Device ID|Slt-Slot No.|DID-Device ID|DG-DriveGroup
DHS-Dedicated Hot Spare|UGood-Unconfigured Good|GHS-Global Hotspare
UBad-Unconfigured Bad|Onln-Online|Offln-Offline|Intf-Interface
Med-Media Type|SED-Self Encryptive Drive|PI-Protection Info
SeSz-Sector Size|Sp-Spun|U-Up|D-Down/PowerSave|T-Transition|F-Foreign
UGUnsp-Unsupported|UGShld-UnConfigured shielded|HSPShld-Hotspare shielded
CFShld-Configured shielded|Cpybck-CopyBack|CBShld-Copyback Shielded


VD0 Properties :
==============
Strip Size = 1.0 MB
Number of Blocks = 93746888704
VD has Emulated PD = Yes
Span Depth = 1
Number of Drives Per Span = 6
Write Cache(initial setting) = WriteBack
Disk Cache Policy = Disk's Default
Encryption = None
Data Protection = Disabled
Active Operations = None
Exposed to OS = Yes
OS Drive Name = N/A
Creation Date = 19-12-2018
Creation Time = 06:11:08 AM
Emulation type = default
Cachebypass size = Cachebypass-64k
Cachebypass Mode = Cachebypass Intelligent
Is LD Ready for OS Requests = Yes
SCSI NAA Id = 600304802426b60023ac9d7c0a7a305b
SCSI Unmap = No

Keep on reading!

Review of freshly installed CentOS Stream 9 Workstation (Gnome GUI)

After the tutorial of Install CentOS Stream 9 Workstation (Gnome GUI) this tutorial is mainly to see what to expect from a freshly installed CentOS Stream 9 Workstation installation – the look and feel of the GUI (Gnome – version 40).

  • Xorg X server – 1.20.11
  • GNOME (the GUI) – 40.4.0
  • linux kernel – 5.14.0

More technical details are available for the server installation, which is not different from the workstation but the GUI (Gnome) installed – Software and technical details of CentOS Stream 9 minimal install. The later article may be of interest to developers, too. The CentOS Stream 9 Workstation install may install all of the listed software for CentOS Stream 9 Server.
The idea of this tutorial is just to see what to expect from CentOS Stream 9 Workstation (Gnome)the look and feel of the GUI, the default installed programs and their look and how to do some basic steps with them. Here the reader finds more than 125 screenshots and not so many text the main idea is not to distract the user with much text and version information and 3 meaningless screenshot, which the reader cannot see anything for the user interface, but these days the user interface is the primary goal of a Desktop system. More reviews of the kind will follow in the future …

CentOS is a pretty stable Linux Distribution System, which follows the paid Red Hat enterprise RHEL 9. And if the user really just wants a stable OS with a GUI for the next let’s say 5-10 years with support and fast security updates the CentOS Stream 9 might be perfect for it! Developing on this platform should be easy, too, because it supports all kind of virtualization and despite it may not include the bleeding edge libraries and software, it is easy enough to install latest software in a full or para virtualization or a container!

For all installation and review articles real workstations are used, not virtual environments!

SCREENSHOT 1) Fedora Linux (5.14.0-119.el9.x86_64) 9

main menu
grub 2.06 entry boot

Keep on reading!

Install CentOS Stream 9 Workstation (Gnome GUI)

This is the latest CentOS version with a graphical interface Gnome for a workstation. If you are a developer or just a Linux user, which want to have a pretty stable Operating System, the CentOS Stream 9 may be an option for you. CentOS Stream 9 is based and follows the RedHat Enterprise Linux 9 – paid Linux for the enterprise world, which is available for free thanks to the Open-source Software. CentOS Stream 9 will receive all the updates from the paid Linux system RHEL 9 and the support will be 10 years from now. 5 years of full support and 5 more years of security updates. The use of CentOS Stream 9 assures the user to have a stable and secure Linux operating system, which will not bring fundamental changes and breaks things periodically as of a more enthusiastic Linux Distributions. More information for the system here – Software and technical details of CentOS Stream 9 minimal install and Software comparison Ubuntu server 22.04 LTS vs CentOS Stream 9 head-to-head
The CentOS Stream 9 has a generic installation wizard for multiple type of installations – server, server with gui, user workstation and so on. This article is to show what options to enable to install a user workstation with CentOS Stream 9 with a graphical interface – Gnome. Most of the people think CentOS as a server Linux Distribution, but in fact, it is ideal for a workstation, too, especially with the grade of stability and security these days.
This article uses network installation with the following media: http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/iso/CentOS-Stream-9-latest-x86_64-boot.iso which always points to the latest release of the CentOS Stream 9. The network installation will choose automatically the best mirror to download the packages for the system. There is an option to use an off-line installation with an 8G ISO disk. Check out for more ISOs here – http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/iso/

SCREENSHOT 1) Boot from the UEFI DVD-ROM device.

It is the same with the USB bootable removable drive. Choose the UEFI USB drive and boot the installation live drive.

main menu
UEFI BIOS DVD-ROM boot

Keep on reading!

Removing of kwayland-server and kwayland-server” is soft blocking kde-plasma/kwin-5.25.2

A big change for Plasma KDE happened two months ago – a “Merge kwayland-server into kwin“.
So after KDE Plasma 5.25, there is no kwayland-server any more (respectively no kwayland-server with version 5.25 and no package in Gentoo) and it may block a Gentoo update with the following error:

mydesktop root # emerge -va --verbose-conflicts --verbose --backtrack=300 $(qlist -IC|grep -i kde)
......
......
[ebuild     U  ] dev-util/kdevelop-php-22.04.2:5::gentoo [21.12.3:5::gentoo] USE="handbook -debug -test" 1,057 KiB
[ebuild     U  ] kde-apps/umbrello-22.04.2:5::gentoo [21.12.3:5::gentoo] USE="handbook php -debug -test" 5,544 KiB
[ebuild     U  ] kde-apps/kross-interpreters-22.04.2:5::gentoo [21.12.3:5::gentoo] USE="-debug" 149 KiB
[blocks B      ] kde-plasma/kwayland-server ("kde-plasma/kwayland-server" is soft blocking kde-plasma/kwin-5.25.2)

Total: 340 packages (329 upgrades, 5 new, 6 reinstalls), Size of downloads: 1,001,699 KiB
Conflict: 1 block (1 unsatisfied)

 * Error: The above package list contains packages which cannot be
 * installed at the same time on the same system.

  (kde-plasma/kwayland-server-5.24.5-r1:5/5::gentoo, ebuild scheduled for merge) pulled in by
    kde-plasma/kwayland-server
    kde-plasma/kwayland-server:5::gentoo required by @selected 
    kde-plasma/kwayland-server required by @selected 

  (kde-plasma/kwin-5.25.2:5/5::gentoo, ebuild scheduled for merge) pulled in by
    >=kde-plasma/kwin-5.25.2:5 required by (kde-plasma/plasma-desktop-5.25.2:5/5::gentoo, ebuild scheduled for merge) USE="handbook ibus kaccounts scim semantic-desktop -debug -emoji -telemetry -test" ABI_X86="(64)"
    >=kde-plasma/kwin-5.25.2:5[lock] required by (kde-plasma/plasma-meta-5.25.2:5/5::gentoo, ebuild scheduled for merge) USE="accessibility bluetooth browser-integration crash-handler crypt desktop-portal display-manager elogind gtk handbook kwallet legacy-systray networkmanager pulseaudio sddm smart wallpapers -colord -discover (-firewall) -grub -plymouth -sdk -systemd -thunderbolt" ABI_X86="(64)"
    >=kde-plasma/kwin-5.25.2:5 required by (kde-plasma/libkworkspace-5.25.2:5/5::gentoo, ebuild scheduled for merge) USE="-debug -test" ABI_X86="(64)"
    >=kde-plasma/kwin-5.25.2:5 required by (kde-plasma/plasma-workspace-5.25.2:5/5::gentoo, ebuild scheduled for merge) USE="calendar fontconfig geolocation handbook policykit semantic-desktop -appstream -debug -gps -screencast -telemetry -test" ABI_X86="(64)"

emerge could not continue with the upgrade to KDE Platform 5.25.2.

main menu
emerge error

kwayland-server is pulled by selected, but the last version of the package is from 5.24 release, which should immediately signal that there is something wrong with it, because the emerge command shows the latest KDE Plasma version to be 5.25 (with the exact version 5.25.2).

Solution – deselect/remove kde-plasma/kwayland-server

The solution is simple, just deselect it from the world slot to be sure it won’t be pulled again in the future. Remove the package manually if the error still persists, but only deselecting should work. Of course, it should not be selected in the command-line with emerge, neither. In general, such package won’t be available any more.
Always keep eye on the pulled versions and the versions you are trying to install, most of the time the problem is obvious and from a single “wrong/bad” package, which may generate e great deal of erroneous and frightening dependencies output.

mydesktop root # emerge --deselect kwayland-server
>>> Removing kde-plasma/kwayland-server from "world" favorites file...
>>> Removing kde-plasma/kwayland-server:5::gentoo from "world" favorites file...

And now the emerge command is OK and no problem with the dependencies and blocks:

mydesktop root # emerge -va --verbose-conflicts --verbose --backtrack=300 $(qlist -IC|grep -i kde|grep -v kwayland-server)
......
......
[ebuild  N     ] kde-plasma/kwin-5.25.2:5::gentoo  USE="accessibility (caps) handbook lock multimedia -debug -gles2-only -plasma -screencast -test" 6,468 KiB
[uninstall     ] kde-plasma/kwayland-server-5.24.3:5::gentoo  USE="-debug -doc -test" 
[blocks b      ] kde-plasma/kwayland-server ("kde-plasma/kwayland-server" is soft blocking kde-plasma/kwin-5.25.2)
[ebuild     U  ] kde-plasma/libkworkspace-5.25.2:5::gentoo [5.24.3:5::gentoo] USE="-debug -test" 0 KiB
......
......
[ebuild     U  ] kde-apps/akregator-22.04.2:5::gentoo [21.12.3:5::gentoo] USE="handbook -debug -speech -telemetry -test" 2,209 KiB

Total: 339 packages (328 upgrades, 5 new, 6 reinstalls, 1 uninstall), Size of downloads: 1,001,483 KiB
Conflict: 1 block (all satisfied)

More on Gentoo blocking – Gentoo update tips when updating packages with blocks and masked files

Review of freshly installed Fedora 36 KDE Plasma Desktop part 2 – System Settings

This is the part 2 of the Fedora 36 KDE Plasma Desktop review – Review of freshly installed Fedora 36 KDE Plasma Desktop (KDE GUI)
In part 2 the only the System Settings of KDE Plasma are presented – the central place to configure and tweak the KDE Plasma – the graphical desktop environment with customizable layouts and panels, virtual desktops and sophisticated widgets. Some of the settings require administrative account and whenever it is required the Plasma platform shows a authentication dialog to escalate privileges.
It worth mentioning the KDE Platform versions in Fedora 36:

  • KDE Plasma version: 5.24.3
  • KDE Frameworks version: 5.91.0
  • QT version: 5.15.3

The System Settings reflects the above versions and the functionality they incorporate.
The main components are:

  • Appearance
  • Workspace
    • Workspace Behavior
    • Windows Management
    • Shortcuts
    • Startup and Shutdown
    • Search
  • Personalization
    • Notifications
    • Users
    • Reginal Settings
    • Accessibility
    • Applications
    • KDE Wallet
    • Online Accounts
    • User Feedback
  • Network
    • Connections
    • Settings
  • Hardware
    • Input Devices
    • Display and Monitor
    • Audio
    • Power Management
    • Bluetooth
    • Color Corrections
    • KDE Connect
    • Printers
    • Removable Storage
    • Thunderbolt
  • System Administration
    • About this System
    • software Update

System Settings may alse be started from the console with

myuser@mydesktop ~ $ systemsettings

Here are the System Setting screenshots:

SCREENSHOT 1) Click on System Settings to launch the “System Settings” program. View and edit KDE and some Linux system settings.

main menu
Main Menu – Favorites

Keep on reading!