Howto do a netinstall of CentOS 7 (7.4.1708) – minimal server installation

Minimal net install is useful when a dedicated server is installed from a IPMI KVM or Dell iDRAC, HP iLO, IBM IMM or where the initial client side download of files need to be minimal.
For amd64 CentOS 7 the net install bootable media is located here (now the current latest release is 7.4.1708, but you can check the last directory with 7. for the time you follow this howto):

http://mirror.leaseweb.com/centos/7.4.1708/isos/x86_64/CentOS-7-x86_64-NetInstall-1708.iso

Now this version is deprecated and you could have problems downloading it, so you could try the CentOS vault – http://vault.centos.org/7.4.1708/isos/x86_64/ Just follow the instructions for downloading.
Download it and put it on a cd or usb, the boot from it and follow the steps bellow:

STEP 1) Select “Install CentOS 7” and press “Enter”

main menu
Select CentOS 7 Installation

STEP 2) Wait for the installation to boot

main menu
Booting the installation

STEP 3) This is the first step, you could choose your Country and language, English is the default.

main menu
Country and language selection

STEP 4) Setup the right time and time zone of your server, this step is important, the clock of the server is really important for your software to work properly!

main menu
Date & Time

STEP 5) Often servers are set with UTC time, which is never changed (no summer saving time!). UTC is Coordinated Universal Time and first you must select “Etc” from the first dropdown menu.

main menu
Date & Time – UTC selected

STEP 6) Next let’s configure the network, because we are doing a network installation you need Internet connection to install the CentOS 7.

main menu
Network & Host Name

STEP 7) Click to configure the selected network adapter on the right.

main menu
Configure network Adapter

STEP 8) Click on the menu “IPv4 Settings”, then choose from the dropdown menu “Manual” (technically you can leave it Automattically as the default is, but this is a server howto it is not very clever your IP to be assigned by a DHCP server, but your setup could vary). Then click on “Add” and write your IP address, network mask and gateway, then in the DNS Servers write your local (and fast!) DNS server, if you have more than one separate them with comas.

main menu
IPv Settings

STEP 9) Click “General” menu and then check the “Automatically connect to this network when it is available” – this is very important, because if you do not check, when you reboot the server, it won’t start the network! Click Save.

main menu
General Adapter settings

STEP 10) You can see the network is up and connected. Set a host name to your server and click on “Apply” and that’s all for the network configuration, click on “Done”.

main menu
Host Name setup

STEP 11) Click on “Installation Source” to setup the source of your installation files, because this is network installation this step is mandatory.

main menu
Installation Destination

STEP 12) Set the URL from where the setup will download packages and installation files. Set the nearest source to your server, you can check mirrors here:

https://www.centos.org/download/mirrors/

At present the latest version of CentOS 7 is 7.4.1708, but after a while it could be other, so browse the latest version directory, then you must choose directory “/os/” (there are probably many others, but we need especially “os”) and then “/x86_64/”. And then click on “Done”. That’s all you’ve configured the installation source, so now the setup knows where to look for packages and metadata for the installation process.

main menu
URL of the OS packages.

STEP 13) Choose your software to install. Click on “Software Selection”.

main menu
Software Selection

STEP 14) Because this howto is a minimal installation you should check “Minimal Install” , but you could choose another option below, the one suited best for your future server. And then click on “Done” to save the configuration.

main menu
Minimal Install

STEP 15) Click on “Installation Destination” to set the hard drive and partitions layout configuration for your server.

main menu
Installation Destination

STEP 16) The default is to leave the how disk to the setup to manage (make sure the “Automatically configure partitioning.” is checked), it will use the how hard drive checked from the Local Standard Disks. Check all the local disks you want to use in your server if more than one. If your disk has partitions you may be prompted to acquire free space by deleting existing partitions – be careful with this option, think twice before deleting partitions! Click on “Done” to save configuration.

main menu
Device selection – hard disk and partition configuration

STEP 17) Click on “Security policy” to setup a default security policy as selinux – use it whenever it is available!

main menu
Security Policy

STEP 18) Click on the “Standard System Security Porfile”, which will enable SELINUX security in your installation and then click “Select Profile”, after clicking the button will become grayed and the selection will have a green check in the right. Then click on “Done”.

main menu
Standard System Security Profile – SELINUX

STEP 19) We are all done and it is time to start the real installation of the system. Till now we’ve just configured the installation process. So click on “Begin Installation”.

main menu
Begin Installation

STEP 20) When the installation process is running you are prompt to set the root password and to add users. For clarity we set only the root password.

main menu
Root password setup

STEP 21) Set two times your password for the root user and then click “Done”.

main menu
Enter root password

STEP 22) The installation process is still running, just wait to finish.

main menu
Starting package installation process

STEP 23) You can see how many packets are install and the current installing packet and number.

main menu
Installing packages…

STEP 24) If everything goes with no errors and probably it will be with no errors you must click on “Reboot” to reboot the server in the newly installed OS.

main menu
Installation ready. Reboot

STEP 25) Grub2 and two options to select, the default is the latest kernel installed.

main menu
Grub2, default kernel boot

STEP 26) And the server is at login. The ssh server is also installed and you can access the server via ssh on the default port 22 and root login is permitted.

main menu
Login

How to install the latest linux kernel (mainline) in CentOS 7 distro

Here you can see the steps to install the latest (mainline stable) kernel under CentOS 7, whether we need the latest driver, because we bought a new laptop released for the first time last month with the latest hardware or there is a hot fix of some nasty bug it is of no matter.
Here are the steps about installing the latest kernel to our CentOS 7, you must have root access:

  • STEP 1 Import the public key of the repository, which offer us the packages of the CentOS 7 mainline stable kernel (and some other kernels, like the Red Hat Enterprise Linux (RHEL) 6 and 7 and more, you can check out the site). The site of the repository is

    https://elrepo.org/

    Import the public key

    #change to root user (skip the first line if you are root)
    sudo su
    rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
    
  • STEP 2 Check the latest version of the rpm install package of the repository, the command is under

    To install ELRepo for RHEL-7, SL-7 or CentOS-7:

    So at present the latest version is “7.0-3” and execute to wget to download the package for the repository elrepo:

    wget http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
    
  • STEP 3 Install the elrepo package with yum (you can do it with rpm command, but let yum manage all your packages and metadata for them!)
    yum -y install ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm
    

    STEP 4 List the available kernels from the elrepo to choose the one you like

    yum list available --disablerepo='*' --enablerepo=elrepo-kernel
    

    To install the latest mainline kernel you must use package starting with

    kernel-ml-*

    at moment of writing the latest mainline kernel is

    4.15.4-1.el7.elrepo

    So execute

    yum install -y --enablerepo=elrepo-kernel kernel-ml
    

    And it will pull the

    kernel-ml-4.15.4-1.el7.elrepo.x86_64

    and install it

  • STEP 5 Check if you are going to boot the new kernel, you’ve installed and set the right one to boot

    cat /boot/grub2/grubenv |grep saved
    # GRUB Environment Block
    saved_entry=CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
    

    And as you see, no it’ll not boot to the new kernel, so you must configure grub2 to boot your newly just installed kernel. First check all the installed kernels, set the right kernel and then it is mandatory to call

    grub2-mkconfig

    to update the grub2 configuration:

    [root@srv ~]# awk -F\' /^menuentry/{print\$2} /boot/grub2/grub.cfg 
    CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)
    CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
    CentOS Linux (0-rescue-0a26fe4b81d845209fb8958c8e29d600) 7 (Core)
    

    The position 0 (YES, it starts from ZERO!) is “CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)”, so you have two options to set it:

    grub2-set-default 0
    grub2-mkconfig -o /boot/grub2/grub.cfg
    

    Check to see if everything is OK with

    [root@srv ~]# cat /boot/grub2/grubenv |grep saved
    saved_entry=0
    

    or you can set the name of the kernel to boot with

    grub2-set-default "CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)"
    grub2-mkconfig -o /boot/grub2/grub.cfg
    

    Check to see if everything is OK with

    [root@srv ~]# cat /boot/grub2/grubenv |grep saved
    saved_entry=CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)
    
  • STEP 6 is just to reboot
    reboot
    

    STEP 4 Verification of running the latest kernel

    root@srv:~# uname -a
    Linux srv.local 4.15.4-1.el7.elrepo.x86_64 #1 SMP Sat Feb 17 13:35:20 EST 2018 x86_64 x86_64 x86_64 GNU/Linux
    

Install log of the procedure (your output may vary depending on your hardware installed in your system):

[root@srv ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
[root@srv ~]# wget http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
--2018-02-19 10:20:42--  http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
Resolving www.elrepo.org (www.elrepo.org)... 69.195.83.87
Connecting to www.elrepo.org (www.elrepo.org)|69.195.83.87|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8656 (8.5K) [application/x-rpm]
Saving to: ‘elrepo-release-7.0-3.el7.elrepo.noarch.rpm’

100%[=======================================================================>] 8,656       --.-K/s   in 0.001s  

2018-02-19 10:20:42 (6.97 MB/s) - ‘elrepo-release-7.0-3.el7.elrepo.noarch.rpm’ saved [8656/8656]
[root@srv ~]# yum -y install ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm 
Loaded plugins: fastestmirror
Examining ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm: elrepo-release-7.0-3.el7.elrepo.noarch
Marking ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package elrepo-release.noarch 0:7.0-3.el7.elrepo will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
 Package              Arch         Version                   Repository                                     Size
=================================================================================================================
Installing:
 elrepo-release       noarch       7.0-3.el7.elrepo          /elrepo-release-7.0-3.el7.elrepo.noarch       5.2 k

Transaction Summary
=================================================================================================================
Install  1 Package

Total size: 5.2 k
Installed size: 5.2 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : elrepo-release-7.0-3.el7.elrepo.noarch                                                        1/1 
  Verifying  : elrepo-release-7.0-3.el7.elrepo.noarch                                                        1/1 

Installed:
  elrepo-release.noarch 0:7.0-3.el7.elrepo                                                                       

Complete!
[root@srv ~]# yum list available --disablerepo='*' --enablerepo=elrepo-kernel
Loaded plugins: fastestmirror                                                                                                                                               
Loading mirror speeds from cached hostfile                                                                                                                                  
 * elrepo-kernel: mirrors.netix.net                                                                                                                                         
Available Packages                                                                                                                                                          
kernel-lt.x86_64                                                                      4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-devel.x86_64                                                                4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-doc.noarch                                                                  4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-headers.x86_64                                                              4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools.x86_64                                                                4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools-libs.x86_64                                                           4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools-libs-devel.x86_64                                                     4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-ml.x86_64                                                                      4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-devel.x86_64                                                                4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-doc.noarch                                                                  4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-headers.x86_64                                                              4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools.x86_64                                                                4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools-libs.x86_64                                                           4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools-libs-devel.x86_64                                                     4.15.4-1.el7.elrepo                                                      elrepo-kernel
perf.x86_64                                                                           4.15.4-1.el7.elrepo                                                      elrepo-kernel
python-perf.x86_64                                                                    4.15.4-1.el7.elrepo                                                      elrepo-kernel
[root@srv ~]# yum install -y --enablerepo=elrepo-kernel kernel-ml
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.uni-sofia.bg
 * elrepo: mirrors.netix.net
 * elrepo-kernel: mirrors.netix.net
 * extras: centos.uni-sofia.bg
 * updates: centos.uni-sofia.bg
Resolving Dependencies
--> Running transaction check
---> Package kernel-ml.x86_64 0:4.15.4-1.el7.elrepo will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================
 Package                               Arch                               Version                                           Repository                                 Size
============================================================================================================================================================================
Installing:
 kernel-ml                             x86_64                             4.15.4-1.el7.elrepo                               elrepo-kernel                              44 M

Transaction Summary
============================================================================================================================================================================
Install  1 Package

Total download size: 44 M
Installed size: 195 M
Downloading packages:
kernel-ml-4.15.4-1.el7.elrepo.x86_64.rpm                                                                                                             |  44 MB  00:00:10     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : kernel-ml-4.15.4-1.el7.elrepo.x86_64                                                                                                                     1/1 
  Verifying  : kernel-ml-4.15.4-1.el7.elrepo.x86_64                                                                                                                     1/1 

Installed:
  kernel-ml.x86_64 0:4.15.4-1.el7.elrepo                                                                                                                                    

Complete!
[root@srv ~]# cat /boot/grub2/grubenv |grep saved
# GRUB Environment Block
saved_entry=CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
[root@srv ~]# awk -F\' /^menuentry/{print\$2} /etc/grub2.cfg
CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-0a26fe4b81d845209fb8958c8e29d600) 7 (Core)
[root@srv ~]# grub2-set-default "CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)"
[root@srv ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.4-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-4.15.4-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-0a26fe4b81d845209fb8958c8e29d600
Found initrd image: /boot/initramfs-0-rescue-0a26fe4b81d845209fb8958c8e29d600.img
done
[root@srv ~]# reboot
Connection to 192.168.0.18 closed by remote host.
Connection to 192.168.0.18 closed.
...
...
...
[root@srv ~]# uname -a
Linux srv.local 4.15.4-1.el7.elrepo.x86_64 #1 SMP Sat Feb 17 13:35:20 EST 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@srv ~]#

Ryzen Threadripper kernel problems with PCIe – wifi, network, video problems

If you have Ryzen Threadripper (in my case 1950X) and Ubuntu 17.10 (because the others versions do not boot at all!) with the latest kernel 4.15.x and the default vmlinuz-4.13.0-21-generic you might experience frequently wifi, network cards and video cards problems like wifi disconnects and network cards lost connections and some kind of freezes for a second or two of the video! If you have Ryzen Threadripper 1950X and or ASUS ROG ZENITH EXTREME (or any other motherboard with the chipset AMD X399) and ubuntu 17.10 or probably any linux distro with any kernel you might experience really unstable system. Look at your dmesg and if you see something like

[   18.669950] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   18.669966] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   18.669970] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   18.669973] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   18.669975] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   23.805640] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   23.805664] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   23.805669] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   23.805674] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   23.805678] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   23.838698] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   23.838716] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   23.838720] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   23.838725] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   23.838728] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   36.124101] atlantic: link change old 0 new 100
[   36.124222] IPv6: ADDRCONF(NETDEV_CHANGE): enp65s0: link becomes ready
[   52.294413] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   52.294436] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   52.294441] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   52.294446] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   52.294449] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.275256] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.275289] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.275293] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.275298] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.275301] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.418493] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.418517] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.418522] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.418527] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.418530] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.649938] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.649962] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.649967] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.649972] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.649975] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[  113.294411] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  113.294434] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  113.294439] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[  113.294444] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[  113.294450] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[  265.469397] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  265.469419] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  265.469424] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Transmitter ID)
[  265.469429] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00001000/00006000
[  265.469438] pcieport 0000:00:01.1:    [12] Replay Timer Timeout  
[  533.031982] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  533.032004] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  533.032009] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[  533.032014] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000080/00006000
[  533.032022] pcieport 0000:00:01.1:    [ 7] Bad DLLP      

Apparently everything on the pci express could be affected! So till the kernel team fixes the issues, you can use the following workaround: add to the kernel boot parameters

pcie_aspm=off

Under Ubuntu you can add in the file

/etc/default/grub

the following line

GRUB_CMDLINE_LINUX="pcie_aspm=off"

And then execute

update-grub

the changes to take effect in the grub configuration. Then reboot the machine!

Under CentOS 7 the configuration file and the line to put are the same just the update of the grub configuration is different:

  • For UEFI-based systems execute:
    grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
    
  • For legacy-BIOS systems execute:
    grub2-mkconfig -o /boot/grub2/grub.cfg
    

*You should know what is your setup, probably UEFI-based, you could check in your boot directory, if there is /boot/efi/EFI/centos/grub.cfg you probably should use the option for UEFI-based, if you do not have any “efi” directory under “/boot” use the second option for legacy-BIOS.
Then reboot the machine!

How to proper enable the selinux in a CentOS7 installed server

These days many dedicated servers are offered with automation installation of operating systems and it have never been so easy and fast to pay a server and to get it up in minutes! Yes, we are talking for dedicated machines not virtual servers or cloud ones, but many cloud ones are in the same situation, when the host uses full virtualization.
It is fast, you can choose from many different linux distros and the installation is unattended and happens immediately, but in most cases the selinux is disabled, because is more easy for the support, for the user, for the admin, and for the offered preinstalled software…If you do not have some strange software in most cases it is advisable to enable the selinux, because it is of great security enhancement for your server and for the software in general. It is very simple to enable selinux, but there is an additional step, which if you omit, the server will probably get unusable (probably you won’t be able even to ssh it or login). These steps are tested under CentOS7, but probably works in all other distros, which support selinux!
So here are the steps:

STEP 1) Enable selinux in configuration

Edit the configuration file in

/etc/selinux/config

SELINUX=enforcing

STEP 2) relabel the file system

When using the selinux, there are labels (extended attributes of the file system), which are additional layer of security. Every system comes with prebuild rules instructing what label is set in which file or directory, so when you enable the selinux you must relabel the entire file system (or at least the root partition, to be able to boot normally). This is done with just a line of code below:

touch /.autorelabel

STEP 3) reboot

To take effect the changes made above the server must be rebooted.

reboot

The init process will find the file from step 2 “/.autorelabel” and will initiate a proper relabel according the current selinux rules file, then the server will be rebooted automatically again, the relabel could take time and it depends on the number of files you have in your server, just keep patient.
After the second reboot (which is automatically after the relabeling)

4) Recommendations

USE SELINUX, do not disable it! In most cases it is really simple to configure it in minutes for the need of your special software and for the generic one bet it there are rules offered in the distro’s packet system.

4) Post install check

You can check if the selinux is enabled with

[root@srv ~]# getenforce 
Enforcing
[root@srv ~]#

PHP posix_kill missing in CentOS7

So you think you PHP code is running ok and your script for killing bad guys is perfect. Let’s assume you made a script to kill processes according to some criteria, put you script on your good all CentOS 7 server, but suddenly you encounter the error:

PHP Fatal error: Call to undefined function posix_kill() in ./kill-process.php on line 64
Killed process id: 21899
PHP Fatal error: Call to undefined function posix_kill() in ./kill-process.php on line 64
Killed process id: 21899
PHP Fatal error: Call to undefined function posix_kill() in ./kill-process.php on line 64

So you just missed a php plugin and there it is: “php-process”. Just install it with yum!

yum install -y php-process

And the error will disappear and the next time you want to kill some bad process you’ll sure do it!