centos7 | Any IT here? Help Me!

Install netdata monitoring in CentOS 7

netdata became a great tool for admins to monitor in real time their servers!
At first it was just an additional not mandatory tool to check what’s going on with the servers for the last hour or so, but it evolved to really handy and informative monitoring server tracking every seconds what is going on with the server and server’s most used services like database, web, application service.
Today in version 1.9 (this installation howto is for netdata 1.9) it could track activity at least of this services:

apache          hddtemp          postgres
beanstalk       haproxy          rabbitmq
ceph            isc_dhcpd        retroshare
bind_rndc       ipfs             redis
couchdb         memcached        sensors
chrony          mdstat           samba
cpufreq         mongodb          squid
dns_query_time  nginx            springboot
dnsdist         mysql            smartd_log
elasticsearch   nsd              tomcat
dovecot         nginx_plus       web_log
exim            ovpn_status_log  varnish
example         ntpd             fronius
freeradius      postfix          named
fail2ban        phpfpm           snmp
go_expvar       powerdns         stiebeleltron

And some of these plugins support multiple programs and services, for example web_log supports the access/error logs of the major web servers at the moment.

The installation is really simple netdata includes a script to facilitate the installation process.
Here are the minimal steps to install this great software:

STEP 1) Install dependencies, because will pull it from the official repository we also need git command

yum install -y git gcc make autoconf automake pkgconfig zlib-devel libuuid-devel curl nodejs freeipmi freeipmi-devel elfutils-libelf cmake openssl-devel libuv-devel

As you can see there is a nodejs packet, which depends on additional repository (you could skip this, just the modules, which depends on nodejs won’t work, as if now only the plugins using nodejs are located in “/etc/netdata/node.d/” and they are not so many).

yum -y install epel-release
yum -y install nodejs

STEP 2) Clone the netdata repository

cd
git clone https://github.com/firehol/netdata

STEP 3) Instal netdata

cd netdata
CFLAGS="-march=native -O2 -msse3 -fomit-frame-pointer -pipe" ./netdata-installer.sh --install /usr/local/netdata

Install the netdata software in a separate directory and if you clean the system, just delete this directory. The example above uses

/usr/local/netdata

all files will be installed there.
As you can see the installation output the path of your files

   - the daemon     at /usr/local/netdata/netdata/usr/sbin/netdata
   - config files   in /usr/local/netdata/netdata/etc/netdata
   - web files      in /usr/local/netdata/netdata/usr/share/netdata
   - plugins        in /usr/local/netdata/netdata/usr/libexec/netdata
   - cache files    in /usr/local/netdata/netdata/var/cache/netdata
   - db files       in /usr/local/netdata/netdata/var/lib/netdata
   - log files      in /usr/local/netdata/netdata/var/log/netdata
   - pid file       at /usr/local/netdata/netdata/var/run/netdata.pid
   - logrotate file at /etc/logrotate.d/netdata

STEP 4) USE firewall and open the port 19999 of your server to check e able to load the monitoring page

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="<YOURIP>" port protocol="tcp" port="19999" accept"
firewall-cmd --add-rich-rule="rule family="ipv4" source address="<YOURIP>" port protocol="tcp" port="19999" accept"

Because firewalld is the default firewall under CentOS 7 we used it ot show you how to let your IP access netdata web – replace with your current trusted IP.

* The installation process creates start/stop unit files for systemd and tells you how to update it (even you can run it automatically in a cron job)

To stop netdata run:
  systemctl stop netdata
To start netdata run:
  systemctl start netdata
 
Uninstall script generated: ./netdata-uninstaller.sh
Update script generated   : ./netdata-updater.sh
 
netdata-updater.sh can work from cron. It will trigger an email from cron
only if it fails (it does not print anything when it can update netdata).
Run this to automatically check and install netdata updates once per day:
 
sudo ln -s /root/netdata/netdata-updater.sh /etc/cron.daily/netdata-updater

* Here is the output of an installation help menu – it also hints the dependencies it may need:

[root@srv.local netdata]# ./netdata-installer.sh --help

  ^
  |.-.   .-.   .-.   .-.   .-.   .  netdata                          .-.   .-
  |   '-'   '-'   '-'   '-'   '-'   installer command line options  '   '-'  
  +----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--->


./netdata-installer.sh <installer options>

Valid <installer options> are:

   --install /PATH/TO/INSTALL

        If you give: --install /opt
        netdata will be installed in /opt/netdata

   --dont-start-it

        Do not (re)start netdata.
        Just install it.

   --dont-wait

        Do not wait for the user to press ENTER.
        Start immediately building it.

   --auto-update | -u

        Install netdata-updater to cron,
        to update netdata automatically once per day
        (can only be done for installations from git)

   --enable-plugin-freeipmi
   --disable-plugin-freeipmi

        Enable/disable the FreeIPMI plugin.
        Default: enable it when libipmimonitoring is available.

   --enable-plugin-nfacct
   --disable-plugin-nfacct

        Enable/disable the nfacct plugin.
        Default: enable it when libmnl and libnetfilter_acct are available.

   --enable-lto
   --disable-lto

        Enable/disable Link-Time-Optimization
        Default: enabled

   --zlib-is-really-here
   --libs-are-really-here

        If you get errors about missing zlib,
        or libuuid but you know it is available,
        you have a broken pkg-config.
        Use this option to allow it continue
        without checking pkg-config.

Netdata will by default be compiled with gcc optimization -O2
If you need to pass different CFLAGS, use something like this:

  CFLAGS="<gcc options>" ./netdata-installer.sh <installer options>

For the installer to complete successfully, you will need
these packages installed:

   gcc make autoconf automake pkg-config zlib1g-dev (or zlib-devel)
   uuid-dev (or libuuid-devel)

For the plugins, you will at least need:

   curl, bash v4+, python v2 or v3, node.js

* netdata in action

main menu — All real-time monitoring plugins, System Overview opened

* And here is the output of an installation process:

[root@lsrv3 netdata]# CFLAGS="-march=native -O2 -msse3 -fomit-frame-pointer -pipe" ./netdata-installer.sh --install /usr/local/netdata

  ^
  |.-.   .-.   .-.   .-.   .  netdata                                        
  |   '-'   '-'   '-'   '-'   real-time performance monitoring, done right!  
  +----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--->


  You are about to build and install netdata to your system.

  It will be installed at these locations:

   - the daemon     at /usr/local/netdata/netdata/usr/sbin/netdata
   - config files   in /usr/local/netdata/netdata/etc/netdata
   - web files      in /usr/local/netdata/netdata/usr/share/netdata
   - plugins        in /usr/local/netdata/netdata/usr/libexec/netdata
   - cache files    in /usr/local/netdata/netdata/var/cache/netdata
   - db files       in /usr/local/netdata/netdata/var/lib/netdata
   - log files      in /usr/local/netdata/netdata/var/log/netdata
   - pid file       at /usr/local/netdata/netdata/var/run/netdata.pid
   - logrotate file at /etc/logrotate.d/netdata

  This installer allows you to change the installation path.
  Press Control-C and run the same command with --help for help.

Press ENTER to build and install netdata to '/usr/local/netdata/netdata' > 

 --- Run autotools to configure the build environment --- 
[/root/netdata]# ./autogen.sh 
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I m4
autoreconf: configure.ac: tracing
autoreconf: configure.ac: not using Libtool
autoreconf: running: /usr/bin/autoconf --force
autoreconf: running: /usr/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
autoreconf: Leaving directory `.'
 OK   

[/root/netdata]# ./configure --prefix=/usr/local/netdata/netdata/usr --sysconfdir=/usr/local/netdata/netdata/etc --localstatedir=/usr/local/netdata/netdata/var --with-zlib --with-math --with-user=netdata CFLAGS=-march=native\ -O2\ -msse3\ -fomit-frame-pointer\ -pipe 
checking whether to enable maintainer-specific portions of Makefiles... no
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking how to create a pax tar archive... gnutar
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for __attribute__((returns_nonnull))... no
checking for __attribute__((malloc))... yes
checking for __attribute__((noreturn))... yes
checking for __attribute__((noinline))... yes
checking for __attribute__((format))... yes
checking for __attribute__((warn_unused_result))... yes
checking for struct timespec... yes
checking for clockid_t... yes
checking for library containing clock_gettime... none required
checking for clock_gettime... yes
checking for sched_setscheduler... yes
checking for sched_get_priority_min... yes
checking for sched_get_priority_max... yes
checking for nice... yes
checking for recvmmsg... yes
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for inline... inline
checking whether strerror_r is declared... yes
checking for strerror_r... yes
checking whether strerror_r returns char *... yes
checking for _Generic... no
checking for __atomic... yes
checking size of void *... 8
checking whether sys/types.h defines makedev... yes
checking for sys/types.h... (cached) yes
checking for netinet/in.h... yes
checking for arpa/nameser.h... yes
checking for netdb.h... yes
checking for resolv.h... yes
checking for sys/prctl.h... yes
checking for linux/netfilter/nfnetlink_conntrack.h... yes
checking for accept4... yes
checking operating system... linux
checking if compiler needs -Werror to reject unknown flags... no
checking for the pthreads library -lpthreads... no
checking whether pthreads work without any flags... no
checking whether pthreads work with -Kthread... no
checking whether pthreads work with -kthread... no
checking for the pthreads library -llthread... no
checking whether pthreads work with -pthread... yes
checking for joinable pthread attribute... PTHREAD_CREATE_JOINABLE
checking if more special flags are required for pthreads... no
checking for PTHREAD_PRIO_INHERIT... yes
checking for sin in -lm... yes
checking if libm should be used... yes
checking for ZLIB... yes
checking if zlib should be used... yes
checking for UUID... yes
checking for memory allocator... system
checking for mallopt... yes
checking for mallinfo... yes
checking for LIBCAP... no
checking if libcap should be used... no
checking if apps.plugin should be enabled... yes
checking for IPMIMONITORING... yes
checking for
        ipmi_monitoring_sensor_readings_by_record_id,
        ipmi_monitoring_sensor_readings_by_sensor_type,
        ipmi_monitoring_sensor_read_sensor_number,
        ipmi_monitoring_sensor_read_sensor_name,
        ipmi_monitoring_sensor_read_sensor_state,
        ipmi_monitoring_sensor_read_sensor_units,
        ipmi_monitoring_sensor_iterator_next,
        ipmi_monitoring_ctx_sensor_config_file,
        ipmi_monitoring_ctx_sdr_cache_directory,
        ipmi_monitoring_ctx_errormsg,
        ipmi_monitoring_ctx_create
     in -lipmimonitoring... yes
checking ipmi_monitoring.h usability... yes
checking ipmi_monitoring.h presence... yes
checking for ipmi_monitoring.h... yes
checking ipmi_monitoring_bitmasks.h usability... yes
checking ipmi_monitoring_bitmasks.h presence... yes
checking for ipmi_monitoring_bitmasks.h... yes
checking if freeipmi.plugin should be enabled... yes
checking for NFACCT... no
checking for LIBMNL... no
checking if nfacct.plugin should be enabled... no
checking for setns... yes
checking if cgroup-network can be enabled... yes
checking whether C compiler accepts -flto... yes
checking if -flto builds executables... yes
checking if LTO should be enabled... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating charts.d/Makefile
config.status: creating conf.d/Makefile
config.status: creating netdata.spec
config.status: creating python.d/Makefile
config.status: creating node.d/Makefile
config.status: creating plugins.d/Makefile
config.status: creating src/Makefile
config.status: creating system/Makefile
config.status: creating web/Makefile
config.status: creating diagrams/Makefile
config.status: creating makeself/Makefile
config.status: creating contrib/Makefile
config.status: creating tests/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
 OK   

 --- Cleanup compilation directory --- 
 --- Compile netdata --- 
[/root/netdata]# make -j8 
make  all-recursive
make[1]: Entering directory `/root/netdata'
Making all in charts.d
make[2]: Entering directory `/root/netdata/charts.d'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/root/netdata/charts.d'
Making all in conf.d
make[2]: Entering directory `/root/netdata/conf.d'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/root/netdata/conf.d'
Making all in diagrams
make[2]: Entering directory `/root/netdata/diagrams'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/root/netdata/diagrams'
Making all in makeself
make[2]: Entering directory `/root/netdata/makeself'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/root/netdata/makeself'
Making all in node.d
make[2]: Entering directory `/root/netdata/node.d'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/root/netdata/node.d'
Making all in plugins.d
make[2]: Entering directory `/root/netdata/plugins.d'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/root/netdata/plugins.d'
Making all in python.d
make[2]: Entering directory `/root/netdata/python.d'
if sed \
        -e 's#[@]localstatedir_POST@#/usr/local/netdata/netdata/var#g' \
        -e 's#[@]sbindir_POST@#/usr/local/netdata/netdata/usr/sbin#g' \
        -e 's#[@]sysconfdir_POST@#/usr/local/netdata/netdata/etc#g' \
        -e 's#[@]pythondir_POST@#/usr/local/netdata/netdata/usr/libexec/netdata/python.d#g' \
        python-modules-installer.sh.in > python-modules-installer.sh.tmp; then \
        mv "python-modules-installer.sh.tmp" "python-modules-installer.sh"; \
else \
        rm -f "python-modules-installer.sh.tmp"; \
        false; \
fi
make[2]: Leaving directory `/root/netdata/python.d'
Making all in src
make[2]: Entering directory `/root/netdata/src'
gcc -DHAVE_CONFIG_H -I. -I..  -DVARLIB_DIR="\"/usr/local/netdata/netdata/var/lib/netdata\"" -DCACHE_DIR="\"/usr/local/netdata/netdata/var/cache/netdata\"" -DCONFIG_DIR="\"/usr/local/netdata/netdata/etc/netdata\"" -DLOG_DIR="\"/usr/local/netdata/netdata/var/log/netdata\"" -DPLUGINS_DIR="\"/usr/local/netdata/netdata/usr/libexec/netdata/plugins.d\"" -DRUN_DIR="\"/usr/local/netdata/netdata/var/run/netdata\"" -DWEB_DIR="\"/usr/local/netdata/netdata/usr/share/netdata/web\""          -march=native -O2 -msse3 -fomit-frame-pointer -pipe -pthread -flto -MT apps_plugin.o -MD -MP -MF .deps/apps_plugin.Tpo -c -o apps_plugin.o apps_plugin.c
make[2]: Leaving directory `/root/netdata'
make[1]: Leaving directory `/root/netdata'
 OK   

 --- Restore user edited netdata configuration files --- 
 --- Fix generated files permissions --- 
[/root/netdata]# find ./system/ -type f -a \! -name \*.in -a \! -name Makefile\* -a \! -name \*.conf -a \! -name \*.service -a \! -name \*.logrotate -exec chmod 755 \{\} \; 
 OK   

 --- Add user netdata to required user groups --- 
Adding netdata user group ...
[/root/netdata]# groupadd -r netdata 
 OK   

Adding netdata user account with home /usr/local/netdata/netdata ...
[/root/netdata]# useradd -r -g netdata -c netdata -s /usr/sbin/nologin --no-create-home -d /usr/local/netdata/netdata netdata 
 OK   

Group 'docker' does not exist.
Adding netdata user to the nginx group ...
[/root/netdata]# usermod -a -G nginx netdata 
 OK   

Group 'varnish' does not exist.
Adding netdata user to the haproxy group ...
[/root/netdata]# usermod -a -G haproxy netdata 
 OK   

Adding netdata user to the adm group ...
[/root/netdata]# usermod -a -G adm netdata 
 OK   

Group 'nsd' does not exist.
Group 'proxy' does not exist.
Group 'squid' does not exist.
Group 'ceph' does not exist.
 --- Install logrotate configuration for netdata --- 
[/root/netdata]# cp system/netdata.logrotate /etc/logrotate.d/netdata 
 OK   

[/root/netdata]# chmod 644 /etc/logrotate.d/netdata 
 OK   

 --- Read installation options from netdata.conf --- 

    Permissions
    - netdata user     : netdata
    - netdata group    : netdata
    - web files user   : netdata
    - web files group  : netdata
    - root user        : root

    Directories
    - netdata conf dir : /usr/local/netdata/netdata/etc/netdata
    - netdata log dir  : /usr/local/netdata/netdata/var/log/netdata
    - netdata run dir  : /usr/local/netdata/netdata/var/run
    - netdata lib dir  : /usr/local/netdata/netdata/var/lib/netdata
    - netdata web dir  : /usr/local/netdata/netdata/usr/share/netdata/web
    - netdata cache dir: /usr/local/netdata/netdata/var/cache/netdata

    Other
    - netdata port     : 19999

 --- Fix permissions of netdata directories (using user 'netdata') --- 
[/root/netdata]# mkdir -p /usr/local/netdata/netdata/var/run 
 OK   

[/root/netdata]# chown -R root:netdata /usr/local/netdata/netdata/etc/netdata 
 OK   

[/root/netdata]# find /usr/local/netdata/netdata/etc/netdata -type f -exec chmod 0640 \{\} \; 
 OK   

[/root/netdata]# find /usr/local/netdata/netdata/etc/netdata -type d -exec chmod 0755 \{\} \; 
 OK   

[/root/netdata]# chown -R netdata:netdata /usr/local/netdata/netdata/usr/share/netdata/web 
 OK   

[/root/netdata]# find /usr/local/netdata/netdata/usr/share/netdata/web -type f -exec chmod 0664 \{\} \; 
 OK   

[/root/netdata]# find /usr/local/netdata/netdata/usr/share/netdata/web -type d -exec chmod 0775 \{\} \; 
 OK   

[/root/netdata]# chown -R netdata:netdata /usr/local/netdata/netdata/var/lib/netdata 
 OK   

[/root/netdata]# chown -R netdata:netdata /usr/local/netdata/netdata/var/cache/netdata 
 OK   

[/root/netdata]# chown -R netdata:netdata /usr/local/netdata/netdata/var/log/netdata 
 OK   

[/root/netdata]# chmod 755 /usr/local/netdata/netdata/var/log/netdata 
 OK   

[/root/netdata]# chown netdata:root /usr/local/netdata/netdata/var/log/netdata 
 OK   

[/root/netdata]# chown -R root /usr/local/netdata/netdata/usr/libexec/netdata 
 OK   

[/root/netdata]# find /usr/local/netdata/netdata/usr/libexec/netdata -type d -exec chmod 0755 \{\} \; 
 OK   

[/root/netdata]# find /usr/local/netdata/netdata/usr/libexec/netdata -type f -exec chmod 0644 \{\} \; 
 OK   

[/root/netdata]# find /usr/local/netdata/netdata/usr/libexec/netdata -type f -a -name \*.plugin -exec chmod 0755 \{\} \; 
 OK   

[/root/netdata]# find /usr/local/netdata/netdata/usr/libexec/netdata -type f -a -name \*.sh -exec chmod 0755 \{\} \; 
 OK   

[/root/netdata]# chown root:netdata /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/apps.plugin 
 OK   

[/root/netdata]# chmod 0750 /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/apps.plugin 
 OK   

[/root/netdata]# setcap cap_dac_read_search\,cap_sys_ptrace+ep /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/apps.plugin 
 OK   

[/root/netdata]# chown root:netdata /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/freeipmi.plugin 
 OK   

[/root/netdata]# chmod 4750 /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/freeipmi.plugin 
 OK   

[/root/netdata]# chown root:netdata /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/cgroup-network 
 OK   

[/root/netdata]# chmod 4750 /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/cgroup-network 
 OK   

[/root/netdata]# chown root /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/cgroup-network-helper.sh 
 OK   

[/root/netdata]# chmod 0550 /usr/local/netdata/netdata/usr/libexec/netdata/plugins.d/cgroup-network-helper.sh 
 OK   

[/root/netdata]# chmod a+rX /usr/local/netdata/netdata/usr/libexec 
 OK   

[/root/netdata]# chmod a+rX /usr/local/netdata/netdata/usr/share/netdata 
 OK   

 --- Install netdata at system init --- 
Installing systemd service...
[/root/netdata]# cp system/netdata.service /etc/systemd/system/netdata.service 
 OK   

[/root/netdata]# systemctl daemon-reload 
 OK   

[/root/netdata]# systemctl enable netdata 
Created symlink from /etc/systemd/system/multi-user.target.wants/netdata.service to /etc/systemd/system/netdata.service.
 OK   

 --- Start netdata --- 
[/root/netdata]# /usr/bin/systemctl stop netdata 
 OK   

[/root/netdata]# /usr/bin/systemctl restart netdata 
 OK   

OK. NetData Started!


-------------------------------------------------------------------------------

Downloading default configuration from netdata...
[/root/netdata]# curl -s -o /usr/local/netdata/netdata/etc/netdata/netdata.conf.new http://localhost:19999/netdata.conf 
 OK   

[/root/netdata]# mv /usr/local/netdata/netdata/etc/netdata/netdata.conf.new /usr/local/netdata/netdata/etc/netdata/netdata.conf 
 OK   

 OK  New configuration saved for you to edit at /usr/local/netdata/netdata/etc/netdata/netdata.conf 

[/root/netdata]# chown netdata /usr/local/netdata/netdata/etc/netdata/netdata.conf 
 OK   

[/root/netdata]# chmod 0664 /usr/local/netdata/netdata/etc/netdata/netdata.conf 
 OK   

 --- Check KSM (kernel memory deduper) --- 
 --- Check version.txt --- 
 --- Check apps.plugin --- 
 --- Generate netdata-uninstaller.sh --- 
 --- Basic netdata instructions --- 

netdata by default listens on all IPs on port 19999,
so you can access it with:

  http://this.machine.ip:19999/

To stop netdata run:

  systemctl stop netdata

To start netdata run:

  systemctl start netdata


Uninstall script generated: ./netdata-uninstaller.sh
Update script generated   : ./netdata-updater.sh

netdata-updater.sh can work from cron. It will trigger an email from cron
only if it fails (it does not print anything when it can update netdata).
Run this to automatically check and install netdata updates once per day:

sudo ln -s /root/netdata/netdata-updater.sh /etc/cron.daily/netdata-updater

 --- We are done! --- 

  ^
  |.-.   .-.   .-.   .-.   .-.   .  netdata                          .-.   .-
  |   '-'   '-'   '-'   '-'   '-'   is installed and running now!  -'   '-'  
  +----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+-----+--->

  enjoy real-time performance and health monitoring...

Delete millions of files slowly without loading the server

There a situations when we need to delete a great deal of files from our filesystem and if we just execute

rm -Rf

the server will surely get loaded and the service it provides will degrade! What if you cannot reformat the filesystem, because the server use it extensively, but you need to delete let’s say a couple of millions file from it? We can use find and usleep (in most linux distro this program is installed by an additional package). The idea is to delete files one by one tuning the pause between every delete. Here you can execute this command in the background or a screen:

find /mnt/storage/old/ -type f -exec echo {} \; -exec rm {} \; -exec usleep 200000 \;

usleep accepts microseconds, so 200000 microseconds are 0.2 seconds. You can tune it precisely with a step of just a microsecond. In the real world under the bash console we probably will use values of max 1/10 of a second around above 100000 microseconds. Execute the command and then watch your server load and tune.

usleep in CentOS 7 is installed with package “initscripts”, which is installed by default
usleep in Ubuntu is missing and probably won’t find any safe place to download a package to install, but it can be sort of replace with “sleep <floating_point_number>s”, GNU sleep could accept floating point number for the delay and when added “s” at the end it could sleep for a fractions of a seconds. So the command for the Ubuntu is slightly changed:
```
find /mnt/storage/old/ -type f -exec echo {} \; -exec rm {} \; -exec sleep 0.2s \;
```
not GNU version of sleep require NUMBER, so the smallest sleep is only 1 second, which is too big for the purpose. Check your man manual to see if your system has GNU sleep command.

Howto do a netinstall of CentOS 7 (7.4.1708) – minimal server installation

Minimal net install is useful when a dedicated server is installed from a IPMI KVM or Dell iDRAC, HP iLO, IBM IMM or where the initial client side download of files need to be minimal.
For amd64 CentOS 7 the net install bootable media is located here (now the current latest release is 7.4.1708, but you can check the last directory with 7. for the time you follow this howto):

http://mirror.leaseweb.com/centos/7.4.1708/isos/x86_64/CentOS-7-x86_64-NetInstall-1708.iso

Now this version is deprecated and you could have problems downloading it, so you could try the CentOS vault – http://vault.centos.org/7.4.1708/isos/x86_64/ Just follow the instructions for downloading.
Download it and put it on a cd or usb, the boot from it and follow the steps bellow:

STEP 1) Select “Install CentOS 7” and press “Enter”

STEP 2) Wait for the installation to boot

STEP 3) This is the first step, you could choose your Country and language, English is the default.

STEP 4) Setup the right time and time zone of your server, this step is important, the clock of the server is really important for your software to work properly!

STEP 5) Often servers are set with UTC time, which is never changed (no summer saving time!). UTC is Coordinated Universal Time and first you must select “Etc” from the first dropdown menu.

STEP 6) Next let’s configure the network, because we are doing a network installation you need Internet connection to install the CentOS 7.

STEP 7) Click to configure the selected network adapter on the right.

STEP 8) Click on the menu “IPv4 Settings”, then choose from the dropdown menu “Manual” (technically you can leave it Automattically as the default is, but this is a server howto it is not very clever your IP to be assigned by a DHCP server, but your setup could vary). Then click on “Add” and write your IP address, network mask and gateway, then in the DNS Servers write your local (and fast!) DNS server, if you have more than one separate them with comas.

STEP 9) Click “General” menu and then check the “Automatically connect to this network when it is available” – this is very important, because if you do not check, when you reboot the server, it won’t start the network! Click Save.

STEP 10) You can see the network is up and connected. Set a host name to your server and click on “Apply” and that’s all for the network configuration, click on “Done”.

STEP 11) Click on “Installation Source” to setup the source of your installation files, because this is network installation this step is mandatory.

STEP 12) Set the URL from where the setup will download packages and installation files. Set the nearest source to your server, you can check mirrors here:

https://www.centos.org/download/mirrors/

At present the latest version of CentOS 7 is 7.4.1708, but after a while it could be other, so browse the latest version directory, then you must choose directory “/os/” (there are probably many others, but we need especially “os”) and then “/x86_64/”. And then click on “Done”. That’s all you’ve configured the installation source, so now the setup knows where to look for packages and metadata for the installation process.

STEP 13) Choose your software to install. Click on “Software Selection”.

STEP 14) Because this howto is a minimal installation you should check “Minimal Install” , but you could choose another option below, the one suited best for your future server. And then click on “Done” to save the configuration.

STEP 15) Click on “Installation Destination” to set the hard drive and partitions layout configuration for your server.

STEP 16) The default is to leave the how disk to the setup to manage (make sure the “Automatically configure partitioning.” is checked), it will use the how hard drive checked from the Local Standard Disks. Check all the local disks you want to use in your server if more than one. If your disk has partitions you may be prompted to acquire free space by deleting existing partitions – be careful with this option, think twice before deleting partitions! Click on “Done” to save configuration.

STEP 17) Click on “Security policy” to setup a default security policy as selinux – use it whenever it is available!

STEP 18) Click on the “Standard System Security Porfile”, which will enable SELINUX security in your installation and then click “Select Profile”, after clicking the button will become grayed and the selection will have a green check in the right. Then click on “Done”.

STEP 19) We are all done and it is time to start the real installation of the system. Till now we’ve just configured the installation process. So click on “Begin Installation”.

STEP 20) When the installation process is running you are prompt to set the root password and to add users. For clarity we set only the root password.

STEP 21) Set two times your password for the root user and then click “Done”.

STEP 22) The installation process is still running, just wait to finish.

STEP 23) You can see how many packets are install and the current installing packet and number.

STEP 24) If everything goes with no errors and probably it will be with no errors you must click on “Reboot” to reboot the server in the newly installed OS.

STEP 25) Grub2 and two options to select, the default is the latest kernel installed.

STEP 26) And the server is at login. The ssh server is also installed and you can access the server via ssh on the default port 22 and root login is permitted.

How to install the latest linux kernel (mainline) in CentOS 7 distro

Here you can see the steps to install the latest (mainline stable) kernel under CentOS 7, whether we need the latest driver, because we bought a new laptop released for the first time last month with the latest hardware or there is a hot fix of some nasty bug it is of no matter.
Here are the steps about installing the latest kernel to our CentOS 7, you must have root access:

STEP 1 Import the public key of the repository, which offer us the packages of the CentOS 7 mainline stable kernel (and some other kernels, like the Red Hat Enterprise Linux (RHEL) 6 and 7 and more, you can check out the site). The site of the repository is

https://elrepo.org/

Import the public key
```
#change to root user (skip the first line if you are root)
sudo su
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
```
STEP 2 Check the latest version of the rpm install package of the repository, the command is under

To install ELRepo for RHEL-7, SL-7 or CentOS-7:

So at present the latest version is “7.0-3” and execute to wget to download the package for the repository elrepo:
```
wget http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
```
STEP 3 Install the elrepo package with yum (you can do it with rpm command, but let yum manage all your packages and metadata for them!)
```
yum -y install ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm
```
STEP 4 List the available kernels from the elrepo to choose the one you like
```
yum list available --disablerepo='*' --enablerepo=elrepo-kernel
```
To install the latest mainline kernel you must use package starting with

kernel-ml-*

at moment of writing the latest mainline kernel is

4.15.4-1.el7.elrepo

So execute
```
yum install -y --enablerepo=elrepo-kernel kernel-ml
```
And it will pull the

kernel-ml-4.15.4-1.el7.elrepo.x86_64

and install it

STEP 5 Check if you are going to boot the new kernel, you’ve installed and set the right one to boot

cat /boot/grub2/grubenv |grep saved
# GRUB Environment Block
saved_entry=CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)

And as you see, no it’ll not boot to the new kernel, so you must configure grub2 to boot your newly just installed kernel. First check all the installed kernels, set the right kernel and then it is mandatory to call

grub2-mkconfig

to update the grub2 configuration:

[root@srv ~]# awk -F\' /^menuentry/{print\$2} /boot/grub2/grub.cfg 
CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-0a26fe4b81d845209fb8958c8e29d600) 7 (Core)

The position 0 (YES, it starts from ZERO!) is “CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)”, so you have two options to set it:

grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg

Check to see if everything is OK with

[root@srv ~]# cat /boot/grub2/grubenv |grep saved
saved_entry=0

or you can set the name of the kernel to boot with

grub2-set-default "CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)"
grub2-mkconfig -o /boot/grub2/grub.cfg

Check to see if everything is OK with

[root@srv ~]# cat /boot/grub2/grubenv |grep saved
saved_entry=CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)

STEP 6 is just to reboot

reboot

STEP 4 Verification of running the latest kernel

root@srv:~# uname -a
Linux srv.local 4.15.4-1.el7.elrepo.x86_64 #1 SMP Sat Feb 17 13:35:20 EST 2018 x86_64 x86_64 x86_64 GNU/Linux

Install log of the procedure (your output may vary depending on your hardware installed in your system):

[root@srv ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
[root@srv ~]# wget http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
--2018-02-19 10:20:42--  http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
Resolving www.elrepo.org (www.elrepo.org)... 69.195.83.87
Connecting to www.elrepo.org (www.elrepo.org)|69.195.83.87|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8656 (8.5K) [application/x-rpm]
Saving to: ‘elrepo-release-7.0-3.el7.elrepo.noarch.rpm’

100%[=======================================================================>] 8,656       --.-K/s   in 0.001s  

2018-02-19 10:20:42 (6.97 MB/s) - ‘elrepo-release-7.0-3.el7.elrepo.noarch.rpm’ saved [8656/8656]
[root@srv ~]# yum -y install ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm 
Loaded plugins: fastestmirror
Examining ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm: elrepo-release-7.0-3.el7.elrepo.noarch
Marking ./elrepo-release-7.0-3.el7.elrepo.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package elrepo-release.noarch 0:7.0-3.el7.elrepo will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================
 Package              Arch         Version                   Repository                                     Size
=================================================================================================================
Installing:
 elrepo-release       noarch       7.0-3.el7.elrepo          /elrepo-release-7.0-3.el7.elrepo.noarch       5.2 k

Transaction Summary
=================================================================================================================
Install  1 Package

Total size: 5.2 k
Installed size: 5.2 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : elrepo-release-7.0-3.el7.elrepo.noarch                                                        1/1 
  Verifying  : elrepo-release-7.0-3.el7.elrepo.noarch                                                        1/1 

Installed:
  elrepo-release.noarch 0:7.0-3.el7.elrepo                                                                       

Complete!
[root@srv ~]# yum list available --disablerepo='*' --enablerepo=elrepo-kernel
Loaded plugins: fastestmirror                                                                                                                                               
Loading mirror speeds from cached hostfile                                                                                                                                  
 * elrepo-kernel: mirrors.netix.net                                                                                                                                         
Available Packages                                                                                                                                                          
kernel-lt.x86_64                                                                      4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-devel.x86_64                                                                4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-doc.noarch                                                                  4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-headers.x86_64                                                              4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools.x86_64                                                                4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools-libs.x86_64                                                           4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-lt-tools-libs-devel.x86_64                                                     4.4.116-1.el7.elrepo                                                     elrepo-kernel
kernel-ml.x86_64                                                                      4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-devel.x86_64                                                                4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-doc.noarch                                                                  4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-headers.x86_64                                                              4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools.x86_64                                                                4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools-libs.x86_64                                                           4.15.4-1.el7.elrepo                                                      elrepo-kernel
kernel-ml-tools-libs-devel.x86_64                                                     4.15.4-1.el7.elrepo                                                      elrepo-kernel
perf.x86_64                                                                           4.15.4-1.el7.elrepo                                                      elrepo-kernel
python-perf.x86_64                                                                    4.15.4-1.el7.elrepo                                                      elrepo-kernel
[root@srv ~]# yum install -y --enablerepo=elrepo-kernel kernel-ml
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.uni-sofia.bg
 * elrepo: mirrors.netix.net
 * elrepo-kernel: mirrors.netix.net
 * extras: centos.uni-sofia.bg
 * updates: centos.uni-sofia.bg
Resolving Dependencies
--> Running transaction check
---> Package kernel-ml.x86_64 0:4.15.4-1.el7.elrepo will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================
 Package                               Arch                               Version                                           Repository                                 Size
============================================================================================================================================================================
Installing:
 kernel-ml                             x86_64                             4.15.4-1.el7.elrepo                               elrepo-kernel                              44 M

Transaction Summary
============================================================================================================================================================================
Install  1 Package

Total download size: 44 M
Installed size: 195 M
Downloading packages:
kernel-ml-4.15.4-1.el7.elrepo.x86_64.rpm                                                                                                             |  44 MB  00:00:10     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : kernel-ml-4.15.4-1.el7.elrepo.x86_64                                                                                                                     1/1 
  Verifying  : kernel-ml-4.15.4-1.el7.elrepo.x86_64                                                                                                                     1/1 

Installed:
  kernel-ml.x86_64 0:4.15.4-1.el7.elrepo                                                                                                                                    

Complete!
[root@srv ~]# cat /boot/grub2/grubenv |grep saved
# GRUB Environment Block
saved_entry=CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
[root@srv ~]# awk -F\' /^menuentry/{print\$2} /etc/grub2.cfg
CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)
CentOS Linux (3.10.0-693.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-0a26fe4b81d845209fb8958c8e29d600) 7 (Core)
[root@srv ~]# grub2-set-default "CentOS Linux (4.15.4-1.el7.elrepo.x86_64) 7 (Core)"
[root@srv ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.4-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-4.15.4-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-0a26fe4b81d845209fb8958c8e29d600
Found initrd image: /boot/initramfs-0-rescue-0a26fe4b81d845209fb8958c8e29d600.img
done
[root@srv ~]# reboot
Connection to 192.168.0.18 closed by remote host.
Connection to 192.168.0.18 closed.
...
...
...
[root@srv ~]# uname -a
Linux srv.local 4.15.4-1.el7.elrepo.x86_64 #1 SMP Sat Feb 17 13:35:20 EST 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@srv ~]#

Ryzen Threadripper kernel problems with PCIe – wifi, network, video problems

If you have Ryzen Threadripper (in my case 1950X) and Ubuntu 17.10 (because the others versions do not boot at all!) with the latest kernel 4.15.x and the default vmlinuz-4.13.0-21-generic you might experience frequently wifi, network cards and video cards problems like wifi disconnects and network cards lost connections and some kind of freezes for a second or two of the video! If you have Ryzen Threadripper 1950X and or ASUS ROG ZENITH EXTREME (or any other motherboard with the chipset AMD X399) and ubuntu 17.10 or probably any linux distro with any kernel you might experience really unstable system. Look at your dmesg and if you see something like

[   18.669950] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   18.669966] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   18.669970] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   18.669973] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   18.669975] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   23.805640] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   23.805664] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   23.805669] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   23.805674] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   23.805678] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   23.838698] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   23.838716] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   23.838720] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   23.838725] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   23.838728] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   36.124101] atlantic: link change old 0 new 100
[   36.124222] IPv6: ADDRCONF(NETDEV_CHANGE): enp65s0: link becomes ready
[   52.294413] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   52.294436] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   52.294441] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   52.294446] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   52.294449] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.275256] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.275289] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.275293] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.275298] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.275301] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.418493] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.418517] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.418522] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.418527] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.418530] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[   53.649938] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[   53.649962] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[   53.649967] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[   53.649972] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[   53.649975] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[  113.294411] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  113.294434] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  113.294439] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[  113.294444] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000040/00006000
[  113.294450] pcieport 0000:00:01.1:    [ 6] Bad TLP               
[  265.469397] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  265.469419] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  265.469424] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Transmitter ID)
[  265.469429] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00001000/00006000
[  265.469438] pcieport 0000:00:01.1:    [12] Replay Timer Timeout  
[  533.031982] dpc 0000:00:01.1:pcie010: DPC containment event, status:0x1f00 source:0x0000
[  533.032004] pcieport 0000:00:01.1: AER: Corrected error received: id=0000
[  533.032009] pcieport 0000:00:01.1: PCIe Bus Error: severity=Corrected, type=Data Link Layer, id=0009(Receiver ID)
[  533.032014] pcieport 0000:00:01.1:   device [1022:1453] error status/mask=00000080/00006000
[  533.032022] pcieport 0000:00:01.1:    [ 7] Bad DLLP

Apparently everything on the pci express could be affected! So till the kernel team fixes the issues, you can use the following workaround: add to the kernel boot parameters

pcie_aspm=off

Under Ubuntu you can add in the file

/etc/default/grub

the following line

GRUB_CMDLINE_LINUX="pcie_aspm=off"

And then execute

update-grub

the changes to take effect in the grub configuration. Then reboot the machine!

Under CentOS 7 the configuration file and the line to put are the same just the update of the grub configuration is different:

For UEFI-based systems execute:

grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

For legacy-BIOS systems execute:
```
grub2-mkconfig -o /boot/grub2/grub.cfg
```

*You should know what is your setup, probably UEFI-based, you could check in your boot directory, if there is /boot/efi/EFI/centos/grub.cfg you probably should use the option for UEFI-based, if you do not have any “efi” directory under “/boot” use the second option for legacy-BIOS.
Then reboot the machine!

How to proper enable the selinux in a CentOS7 installed server

These days many dedicated servers are offered with automation installation of operating systems and it have never been so easy and fast to pay a server and to get it up in minutes! Yes, we are talking for dedicated machines not virtual servers or cloud ones, but many cloud ones are in the same situation, when the host uses full virtualization.
It is fast, you can choose from many different linux distros and the installation is unattended and happens immediately, but in most cases the selinux is disabled, because is more easy for the support, for the user, for the admin, and for the offered preinstalled software…If you do not have some strange software in most cases it is advisable to enable the selinux, because it is of great security enhancement for your server and for the software in general. It is very simple to enable selinux, but there is an additional step, which if you omit, the server will probably get unusable (probably you won’t be able even to ssh it or login). These steps are tested under CentOS7, but probably works in all other distros, which support selinux!
So here are the steps:

STEP 1) Enable selinux in configuration

Edit the configuration file in

/etc/selinux/config

SELINUX=enforcing

STEP 2) relabel the file system

When using the selinux, there are labels (extended attributes of the file system), which are additional layer of security. Every system comes with prebuild rules instructing what label is set in which file or directory, so when you enable the selinux you must relabel the entire file system (or at least the root partition, to be able to boot normally). This is done with just a line of code below:

touch /.autorelabel

STEP 3) reboot

To take effect the changes made above the server must be rebooted.

reboot

The init process will find the file from step 2 “/.autorelabel” and will initiate a proper relabel according the current selinux rules file, then the server will be rebooted automatically again, the relabel could take time and it depends on the number of files you have in your server, just keep patient.
After the second reboot (which is automatically after the relabeling)

4) Recommendations

USE SELINUX, do not disable it! In most cases it is really simple to configure it in minutes for the need of your special software and for the generic one bet it there are rules offered in the distro’s packet system.

4) Post install check

You can check if the selinux is enabled with

[root@srv ~]# getenforce 
Enforcing
[root@srv ~]#

PHP posix_kill missing in CentOS7

So you think you PHP code is running ok and your script for killing bad guys is perfect. Let’s assume you made a script to kill processes according to some criteria, put you script on your good all CentOS 7 server, but suddenly you encounter the error:

PHP Fatal error: Call to undefined function posix_kill() in ./kill-process.php on line 64
Killed process id: 21899
PHP Fatal error: Call to undefined function posix_kill() in ./kill-process.php on line 64
Killed process id: 21899
PHP Fatal error: Call to undefined function posix_kill() in ./kill-process.php on line 64

So you just missed a php plugin and there it is: “php-process”. Just install it with yum!

yum install -y php-process

And the error will disappear and the next time you want to kill some bad process you’ll sure do it!