CentOS Configure account to never expire / fix cron problem

CentOS have security measure to force users password expiration which can cause problems.
For example – you do not use passwords to log in to machines, and you prefer ssh keys. And the day the password for that user expires its cron jobs will stop working.

You can fix it with one of these, I prefer removing the expiration with chage:

chage -M -1 root

or

passwd -x -1 root

You can confirm with:

chage -l root

MariaDB master-slave cluster on Ubuntu

This article explains how to run MariaDB SQL server in as master/slave replication cluster on two Ubuntu virtual machines.

master: 192.168.122.25
slave: 192.168.122.26

1. Before anything else you need to update all packages on the two machines:

sudo apt update
sudo apt upgrade

2. First thing is to add the official MariaDB repo for the stable release from here – https://downloads.mariadb.org/mariadb/repositories/
In my case, for Ubuntu 18.04 I had to use this:

sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://ams2.mirrors.digitalocean.com/mariadb/repo/10.3/ubuntu bionic main'

3. Install it on both servers:

sudo apt install mariadb-server

You will have to provide password for the root user during install. Please note this is not the exisitng Ubuntu root user, but is new password the root user for mysql.

4. On both servers: sudo mysql_secure_installation
This will ask you for the root password you have set up in the previous step. You should remove anonymous users, disable remote root loginand remove test database. Basically answer yes[Y] to all if you are installing this on a machine available from the internet.

5. On both servers:

sudo systemctl enable mariadb.service
sudo systemctl start mariadb

The first command will make the mariadb server start every time the machine is re/started and the second will just the start service right now as it still not running.

6. On the master server create empty database

MariaDB [(none)]> mysql -uroot -p
MariaDB [(none)]> create database database_name;

7. On the master server we need to enable binary logging.
– Backup the original file in /etc/mysql/

cp my.cnf my.cnf.bkp

Add this new lines under the [mysqld] section, and replace the IP address with the one your master machine have.

#Replication settings
log-bin
server_id=1
bind-address=192.168.122.25
binlog-ignore-db = information_schema
binlog-ignore-db = mysql
binlog-ignore-db = performance_schema
binlog-ignore-db = test

This will replicate all new databases to the slave server, if you like to replicate just one specific database you should use

replicate-do-db = 

8. Now we need to login to the master sql server and create replication user and give the necessary grants.

MariaDB [(none)]> CREATE USER 'slave'@'localhost' IDENTIFIED BY 'SomePassword';
MariaDB [(none)]> GRANT REPLICATION SLAVE ON *.* TO slave IDENTIFIED BY 'SomePassword' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> FLUSH TABLES WITH READ LOCK;
MariaDB [(none)]> SHOW MASTER STATUS;

The last command output is important in order the slave to know from which point it should start replicating from.

Unlock the databases and exit:

MariaDB [(none)]> UNLOCK TABLES;
MariaDB [(none)]> exit;

9. Login to the slave and create another empty database with the same name and the slave user.

CREATE DATABASE DATABASE_NAME;
CREATE USER 'slave'@'localhost' IDENTIFIED BY 'SomePassword';
FLUSH PRIVILEGES;

10. Add this the to the [mysqld] section in /etc/mysql/my.cnf in the slave:

server_id=2

Note that the master have server_id=1 so you should have different IDs on the different servers.

11. Log in to the slave database and run the following commands in the MariaDB prompt. Double check the MASTER_LOG_FILE and MASTER_LOG_POS variables, which should be the same as the values returned by SHOW MASTER STATUS above.

MariaDB [(none)]> CHANGE MASTER TO
MASTER_HOST='192.168.122.25',
MASTER_USER='slave',
MASTER_PASSWORD='SomePassword',
MASTER_PORT=3306,
MASTER_LOG_FILE='mariadb-bin.000001',
MASTER_LOG_POS=314,
MASTER_CONNECT_RETRY=10,
MASTER_USE_GTID=current_pos;

Now start the slave and check the status without exiting the MariaDB prompt:

MariaDB [(none)]> START SLAVE;
MariaDB [(none)]> SHOW SLAVE STATUS\G;

12. Test the replication:
login in the master server and create table in our empty database:

CREATE TABLE IF NOT EXISTS names (
task_id INT AUTO_INCREMENT,
title VARCHAR(255) NOT NULL,
start_date DATE,
due_date DATE,
status TINYINT NOT NULL,
priority TINYINT NOT NULL,
description TEXT,
PRIMARY KEY (task_id)
) ENGINE=INNODB;

You should see the new table created on the slave server too.

13. Debug: If there is something wrong with the slave replication it should show with when you run

SHOW SLAVE STATUS\G;

Most of the time problems are easily resolved with updating the slave configuration with the

CHANGE MASTER

query, stopping and then starting the slave. Watch for log position and the log file name.

Top linux commands to use.

Table with the command I most often use and think are essential. Or some that are cool, but easy to forget/not so often used.

ctrl+rSearch in bash history
ctrl+eGo to the end of the line
ctrl+uCut the characters before the cursor
ctrl+yYank/paste, it can paste what you cut with ctrl+u
ctrl+shift+cCopy the marked text
ctrl+shift+vPaste the text from the previous command
ctrl+dClose bash sessions, same as to type exit
!$Get the last argument from the previous command
!*Get all the arguments from the previous command
historyDon’t add command to bash history. There is space in front of the command
disown -a && exitExit terminal, detach all background process, so they can run. Useful for long tasks.
fcOpen last command in editor. Fix very long one-liners if you mess them up.
ctrl+x+eCompose command in the default editor and execute it on save.
curl ifconfig.me Get your public IP from CLI.
very_long_command # labelLabel long commands, so it it easier to find in history. Everything after # is not executed as it is bash comment.
rm !(*.foo|*.bar|*.html) Remove all files except the ones with these extensions.
vim -x <FILENAME>Encrypt file in vim.
man hierShow filesystem hierarchy.
cat /etc/issue Get distro name.
ps aux | grep [p]rocess-name Find the process you are looking for, without showing the grep command itself.

Remap print key to Super(windows) in i3wm

My laptop keyboard is little annoying – it have a Print Screen(PrtSc) button between my right control and alt keys – usually around that area you will find the windows(super) key, so I wanted to remap it, when i am using i3wm.

So first of all you need to make sure what is your key “called”, you can to that with the xev program.

Then you need to get your modifier map with: xmodmap -pm
In my case my output was this:

xmodmap:  up to 4 keys per modifier, (keycodes in parentheses):

shift       Shift_L (0x32),  Shift_R (0x3e)
lock        Caps_Lock (0x42)
control     Control_L (0x25),  Control_R (0x69)
mod1        Alt_L (0x40),  Alt_R (0x6c),  Meta_L (0xcd)
mod2        Num_Lock (0x4d)
mod3      
mod4        Super_L (0x85),  Super_R (0x86),  Super_L (0xce),  Hyper_L (0xcf)
mod5        ISO_Level3_Shift (0x5c),  Mode_switch (0xcb)

I use mod4 for my i3 config, so I needed to add the Print key to the mod4 modifier with this command:

xmodmap -e "add mod4 = Print"

After that we see that Print is added to the mod4:

mod4        Print (0x6b),  Super_L (0x85),  Super_R (0x86),  Super_L (0xce),  Hyper_L (0xcf),  Print (0xda)

And you will probably want to add this command to your i3 config so it get excuted on each boot:

exec --no-startup-id /usr/bin/xmodmap -e "add mod4 = Print"

Mount directory into the RAM

Needed to mount WordPress cache folder into the RAM of one VPS, to get that little bit of extra speed.
To mount it temporary and see how it works for you, you can use:

mount -t tmpfs -o size=64M tmpfs /absolute/path/to/your/folder/

To make it permanent you need to add this in the /etc/fstab file:

tmpfs /absolute/path/to/your/folder tmpfs defaults,size=64M 0 0

Systemd simple service

This a template for simple sysmtemd service to change the ownership of a file, since in my case the file is in /sys and it is generated on boot, so using acl didn’t help me. I had to use this hack to change the ownership of a file on each boot.
What I need is a write permissions to a file in order to change the brightness on my laptop with i3wm.

The file is /etc/systemd/system/brightness.service
but there is symlink from the /etc/systemd/system/multi-user.target.wants directory.

This are the contents of the service file:

[Unit]
Description=Alter permissionsfor brightness

[Service]
ExecStart=/bin/chmod go+rw /sys/class/backlight/intel_backlight/brightness
ExecStop=/bin/chmod go+rw /sys/class/backlight/intel_backlight/brightness

[Install]
WantedBy=multi-user.target

You will also want to enable and start the service with:

systemctl enable brightness.service
systemctl start brightness.service

All of this action is happening on Ubuntu 18.04

Remove files that are not in a list

Needed to remove bunch of files that are not matching list given to me, so to leave only the files that are on the list, which turned out to be a little hard, or at least for me.

That did the trick:

 find . -name "*" | grep -vFf update_images.csv | xargs rm -f

If the file names contain white spaces, you will have to use the following command, but I haven’t tested it myself:

find . -name "*" | grep -vFf update_images.csv |sed 's/^/"/;s/$/"/' | xargs rm -rf

MySQL tuning for low memory servers

If you are running couple of sites on a small VPS and you have 512-1024MB RAM, you are probably not amazed by mysql eating 400 just to start.
You can cut 200-300 of that memory usage by disabling performance schema in your config file – usually called my.cnf

performance_schema = off

If you are wondering if you should disable it and what will happen – you most probably don’t need that feature so it is safe to disable it. In a few words – it is to help you tune the SQL server, queries, find bottlenecks etc.
You can get more info here – MySQL performance schema

php-fpm child processes memory usage

Often you need to adjust php-fpm for the memory available, and to do so you need to average the child processes memory usage.

Human readable:

 ps -eo size,pid,user,command --sort -size | awk '{ hr=$1/1024 ; printf("%13.2f Mb ",hr) } { for ( x=4 ; x<=NF ; x++ ) { printf("%s ",$x) } print "" }' | grep php-fpm 

and also machine friendly:

 ps -ylC php-fpm --sort:rss 

Fix i3wm tearing in ubuntu

i3 is great window manger, but for some time I had struggles fixing some tearing it had, until I found recently this answer, which fixed it for me.

You will have to install the comptom composite manager with:

sudo apt install compton

then use the following config in ~./config/compton.conf or wherever you prefer to keep you config files. Then place this in that config file:

# basic configuration
backend = "glx";
vsync = "opengl-swc";

glx-copy-from-front = true;
glx-swap-method = 2;
xrender-sync = true;
xrender-sync-fence = true;

# transparancy settings for i3
opacity-rule = [
    "0:_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'"
];

Or this variation:

backend = "glx";
glx-no-stencil = true;
paint-on-overlay = true;
vsync = "opengl-swc";

Now you can start compton with that config file to test if it solves the problem for you:

compton --config ~/.config/compton.conf -b 

If that work for you, you can place it in your i3wm config file, so it will be loaded on startup –

  exec --no-startup-id compton --config ~/.config/compton.conf -b