Newer PHP versions do not include PHP mcrypt library. The mcrypt module was part of PHP 5 till 7.1, in which it was deprecated and removed in 7.2. If you open the php.net documentation for mcrypt PHP functions you will see:
This function has been DEPRECATED as of PHP 7.1.0 and REMOVED as of PHP 7.2.0. Relying on this function is highly discouraged.
The mcrypt module is now in PHP PECL (repository for PHP Extensions) in https://pecl.php.net/package/mcrypt. As you can see in the description, this is a legacy module, which
Provides bindings for the unmaintained libmcrypt.
, so it is strongly recommended to replace it with OpenSSL (for example).
Still, if you need this legacy module – mcrypt and :
mkdir /root/mcrypt-php-module-manual
cd /root/mcrypt-php-module-manual
wget https://pecl.php.net/get/mcrypt-1.0.2.tgz
tar xzf mcrypt-1.0.2.tgz
cd mcrypt-1.0.2
phpize
aclocal
libtoolize --force
autoheader
autoconf
./configure
make
make install
Do not use “make -j N” (“make -j 8”, for example), because it may fail to compile. Keep on reading!
Invalid time could cause your server (or probably your virtual server or docker instance) to be unable to use Ubuntu’s packaging system apt. It is a typical thing if your virtual or docker instance does not use automatic time synchronization.
It is really important even small installation and virtualized environments to have automatic time synchronization or the service they provide could become error prone with time!
The “apt” just reports the repositories are not valid yet:
myuser@my-server-pc:~$ sudo su
root@my-server-pc:/home/myuser# apt update
Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Reading package lists... Done
E: Release file for http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease is not valid yet (invalid for another 151d 18h 5min 59s). Updates for this repository will not be applied.
E: Release file for http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease is not valid yet (invalid for another 151d 17h 16min 26s). Updates for this repository will not be applied.
E: Release file for http://archive.ubuntu.com/ubuntu/dists/bionic-security/InRelease is not valid yet (invalid for another 151d 17h 15min 3s). Updates for this repository will not be applied.
root@my-server-pc:/home/myuser# date
Thu Jan 17 15:11:56 UTC 2019
The clock shows 17 January 2019, but now is 18 June 2019! This is a Ubuntu virtual server with the minimal installation.
The solution is to synchronize your clock manually or use a service (the better way)!
Let’s say you update your software raid layout – create, delete or modify your software raid and reboot the system and your server does not start normally. After loading your remote video console (KVM) you see the boot process reports for a missing device and you are under console (dracut console). Your system is in “Emergency mode”.
The warning:
dracut-initqueue[504]: Warning: dracut-initqueue timeout - starting timeout scripts
dracut-initqueue[504]: Warning: dracut-initqueue timeout - starting timeout scripts
dracut-initqueue[504]: Warning: dracut-initqueue timeout - starting timeout scripts
....
....
dracut-initqueue[504]: Warning: could not boot.
dracut-initqueue[504]: Warning: /dev/disk/by-id/md-uuid-2fdc509e:8dd05ed3:c2350cb4:ea5a620d does not exist
Starting Dracut Emergency Shell...
Warning: /dev/disk/by-id/md-uuid-2fdc509e:8dd05ed3:c2350cb4:ea5a620d does not exist
Generating "/run/initramfs/rdsosreport.txt"
Entering emergency mode. Exit the shell to continue.
Type "journalctl" to view system logs.
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot
after mounting them and attach it to a bug report.
dracut:/#
This article is for problems, which occur after manipulating a storage RAID devices, not the system (root) or boot devices!!! If the missing device the RAID “md-uuid-2fdc509e:8dd05ed3:c2350cb4:ea5a620d does not exist” is either the root or the boot device, the propose solution here would not help with just exiting the Emergency Shell! In those cases, when the missing device is the root or boot before exiting the Emergency Shell the problem must be resolved, so the devices and their file system should be available. There is another article on the subject, which may help the reader in such cases – CentOS 8 dracut-initqueue timeout and could not boot – warning /dev/disk/by-id/md-uuid- does not exist – inactive raids.
SCREENSHOT 1) The boot process reports mutiple warning messages of dracut-initqueue timeout, because a drive cannot be found.
On some Linux distributions, systemd log files are not saved on your disk, but only temporary in the memory and when you reboot all logs are discarded. So the systemd logs are not persistent, which could lead to missing important information if you want to check them when you are booted in a rescue disk or even if you just reboot your server. for exmaple,
if some important service failed to boot and your server is unreachable and you boot in rescue CD you do not have logs to check why the service failed and the (error) output of the process of starting the services!
Here is how you can enable the systemd logs to be persistent i.e. save them on the disk. This is tested on CentOS 7, which by default saves the systemd logs on memory!
A power outrage caused one of our servers to shut down unexpectedly and after it had been powered up the server did not show up. The server was unreachable and apparently, the network did not bring up the interfaces.
Loading the IPMI KVM Console and rebooting the server there were three errors on the screen during the boot up of the CentOS 7:
[FAILED] Failed to start Security Audit Service.
See 'systemctl status auditd.service' for details.
....
....
[FAILED] Failed to start Authorization Manager.
See 'systemctl status polkit.service' for details.
....
....
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
And after the above last line, the system stopped loading.
The disks are clean, but there was no login service, so you cannot log in to the server through the keyboard and the monitor! There was no network as mentioned above, which meant no logging at all in the server. You might not know, but if auditd service is enabled you probably use Selinux!
STEP 1) Failed to start the three important services – Security Audit Service, Authorization Manager and Login Service.
So we ended up with unability to log in our server.
Not sure what exactly caused this problem (seems strange a perfectly working Selinux enabled CentOS 7 server to have miss-labeled files in the root only because of an unexpected shutdown), but to be able to fix the issue and bring back your server to life
you need a rescue CD/USB/DVD/PXE Server to boot from and mount the disks and relabel your root file system.
STEP 1) Boot from a rescue CD/USB/DVD/PXE Server.
In our case, we used the IPMI KVM Console and mounted a Gentoo ISO disk and then booted from it to have a bash shell in our system. Our root resides on software RAID 1, so cat the /proc/mdstat and mount your root file system somewhere (/mnt/gentoo is there by default…)
STEP 2) Booted in our rescue Gentoo CD and mount your root file system.
STEP 2) create a file “.autorelabel” in the mounting point of your root file system.
So in our case, we mounted our CentOS 7 root file system in /mnt/gentoo and you must create a file with patch “/mnt/gentoo/.autorelabel”. umount and reboot. And a few minutes later your server will be back from the dead. A quick and handful advice – edit your /etc/fstab to mount only the root file system by commenting out all other big storage mounts – of course, if it is possible. We have big storage with millions of files in /mnt/storage-01 and we put the “#” to comment out the line with it – we do not want to wait for relabeling this file system, because the problem apparently is in our root file system! If it is possible (it is highly recommended) to relabel only the root file system in such situations to be able to regain shell control over your server fast.
Bonus – booted in rescue but no logs
OK, we booted to the rescue and tried to see what was the error (with journalctl in chrooted /mnt/gentoo), which did not allow auditd, polkit and systemd-logind to fail to start, but it appeared by default the systemd logs are not persistent on the disk in CentOS 7, so when you reboot in rescue you do not have systemd logs from the last boot! As a piece of additional advice here you may consider enabling persistent systemd logs!
This article shows how to create multiple RAID 0 drives for each disk at once. For example, a controller with 4 disks using this feature you can create 4 groups of devices with one logical drive in it with RAID 0 type.
This is feature is a kind of HBA mode, but on steroids, because it uses the cache of the controller and the hardware controller (Smart Array) optimizations.
All of your disks and the space in them will be available to the OS, but through the Virtual Drive logic of HPE Smart Array. If you check out the article and why you may need JBOD here – Smart Array P440 – enable or disable HBA mode using Smart Storage Administrator it is mainly because of some file systems such as ZFS or Btrfs (even LVM and device mapper devices) have many more features than a hardware controller. So with this feature, you can easily have your disk “exported” to the OS and use the raid or more complex feature of ZFS, Btrfs, LVM, device mapper or another setup, but using the controller optimizations and cache. Be careful this setup could lead to much bigger risk of data loss on power outrages if write-back cache optimization is enabled. And the more complicated the file system (or device mapper) setup is the more problems it has on power outrages without battery unit back-up in the controller. Always use this feature with a healthy battery in the controller.
How to create multiple RAID 0 Virtual Devices on each disk attached to the controller at once:
STEP 1) Click on the controller “Create Arrays with RAID 0” on the left to create multiple arrays of type RAID 0 at once.
As a continuation of our series about HPE Smart Array P440 controller here how you can enable HBA mode of your controller. There are various scenarios why you may want to enable HBA such as:
JBOD mode -to use the disks in a sophisticated file system like ZFS, brtfs and more (or LVM, device mapper logical devices). You may have more features in the created logical device (or file system) – caching or managing the disks and so on
not using the cache (RAM) of the controller, so it may lower the risk of data loss caused by power outages
more platform independent when using software RAID / device mapper devices. When you create virtual drives in hardware mode, you must use only this type of proprietary controller or some compatible of the same company. When using software solution like software RAID or LVM (and the controller is in JBOD) you can move the disks with no problem to other hardware without the hardware controller.
* Some old controller (not this one) might have problems with SSDs such as timings when the disks start; when failing a disk (the SSD would probably fail with read-only, which means it could not be removed from the array and the metadata header cannot be changed to remove the disk); no TRIM support, which is essential for the disk endurance and many more.
After the screenshots, you can see the part of the Linux dmesg command with the lines related to the HP HPSA Driver and how the system sees the disks.
The following screenshots start with a controller in hardware mode in (HPE terms – Smart Array Mode), then enable the HBA mode, the OS will see the disks as JBOD and then again enable the hardware mode (Smart Array Mode):
SCREENSHOT 1) Click on the controller “Smart Array P440” on the left and then “Enable HBA Mode” to enable JBOD mode.
This article is to show you what different type of RAID logical drives and what strip size could be created on one Array consisted of multiple physical devices like hard drives or SSDs.
The following logical drives could be created or modified on Smart Array P440 with Smart Storage Administrator:
Multiple different RAID types with different strip sizes!!!
All RAID types could be modified and you could change the strip size to any type offered by the controller
Bigger RAID type logical drives could be change to smaller RAID type logical drives. Such as logical drives of RAID 5 type could be converted to RAID 0, RAID 1, RAID 6 with any strip size on-the-fly without losing your data. Read on to see all of the RAID type modifications you an make.
SCREENSHOT 1) Click on “Create Array” to create a new array.
If your quagga bgpd daemon is up and running (check out our article for Minimal quagga bgpd configuration to run and remote configure it) and you wonder how to check if everything is OK and the bgp session is established, here is a quick command line tip what you can do:
STEP 1) Check if your bgp daemon is connected to a remote bgp server (neighbor)
root@srv ~ # vtysh -c "show bgp neighbors"
BGP neighbor is 10.10.10.10, remote AS 16238, local AS 52218, external link
BGP version 4, remote router ID 10.10.10.131
BGP state = Established, up for 2d23h57m
Last read 00:00:03, hold time is 9, keepalive interval is 3 seconds
Neighbor capabilities:
4 Byte AS: advertised
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Graceful Restart Capabilty: advertised
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 1 2
Keepalives: 86323 86049
Route Refresh: 0 0
Capability: 0 0
Total: 86325 86052
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
Outbound path policy configured
Outgoing update prefix filter list is *anydns-pfx
12 accepted prefixes
Connections established 1; dropped 0
Last reset never
Local host: 10.10.10.5, Local port: 40172
Foreign host: 10.10.10.10, Foreign port: 179
Nexthop: 10.10.10.5
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
Read thread: on Write thread: off
STEP 2) Check the IP routes
root@srv ~ # vtysh -c "show ip bgp"
BGP table version is 0, local router ID is 10.10.10.5
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 10.10.10.10 0 30627 i
*> 10.10.11.240/28
10.10.10.10 0 0 30627 ?
*> 10.10.11.234/31
10.10.10.10 0 0 30627 ?
*> 10.10.12.236/31
10.10.10.10 0 0 30627 ?
*> 10.10.13.242/32
10.10.10.10 0 0 30627 ?
*> 10.10.14.0/24 10.10.10.10 0 0 30627 ?
*> 10.10.15.0/24 10.10.10.10 0 0 30627 ?
*> 10.10.16.0/24 10.10.10.10 0 0 30627 ?
*> 11.11.11.0/24 0.0.0.0 0 29873 i
*> 10.10.17.64/26 10.10.10.10 0 0 30627 ?
*> 10.10.18.240/29
10.10.10.10 0 0 30627 ?
*> 10.10.10.192/26
10.10.10.10 0 0 30627 ?
*> 10.10.10.192/26
10.10.10.10 0 0 30627 ?
Total number of prefixes 13
vtysh
vtysh – is the command line tool to manage Quagga BGP daemon locally.
Bonus Configuration
Here is our basic configuration in “/etc/quagga/bgpd.conf ”
Here we offer you a relatively new way of keeping your server’s time (or your computer and laptop) synchronized with a reliable time service on the Internet.
systemd has a built-in feature – a small daemon (systemd-timesyncd) to periodically to contact NTP servers and keep the server’s clock synchronized with them!
Of course, you must use systemd in your Linux distribution. This article is for those Linux systems using systemd, not for upstart (sysvinit, openrc, upstart, runit and so on). Most of the modern Linux distributions use the systemd like Fedora, Ubuntu, CentOS, RedHat, Gentoo, SuSe and many more.
Once there were not many options to keep your server’s clock synced with NTP servers. Now we have simpler programs (some of which by the way could act as clients only!!!) – chrony, openntpd, systemd-timesyncd and more.
This time synchronization service is not going to open server port 123, it does not have the server capabilities of an NTP server. So you won’t need any firewall rules (like for ntpd). It is a simple client service to sync your time and keep it synchronized all the time with accuracy not more than 100ms.
Do not expect complex clock discipline like training or compensating. It just sets the time according to a selected time server from the configuration file in “/etc/systemd/timesyncd.conf”. The polling interval is automatically adjusted in minimal and maximal values from the configuration file and the daemon decides which is the actual interval based on the near-term drift it thinks. Possible back running clock if it needs to set in the past. The quality of the clock source could not be checked, so
in any case, you may not expect more than 100ms accuracy.
Of course, this service is actively developed and it has already many changes from the base client once it was!
Here is how you can enable it. Here are the steps: Keep on reading!
Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.