Tag: RHEL

Install OpenLiteSpeed with PHP 8.1

These are the steps to install OpenLiteSpeed with lsphp81 on CentOS replacements like AlmaLinux 8 or RockyLinux 8.

First add LiteSpeed repositories for AlmaLinux 8 & CentOS 8 with following command:

rpm -Uvh http://rpms.litespeedtech.com/centos/litespeed-repo-1.1-1.el8.noarch.rpm

After you have installed the rpm package you will get /etc/yum.repos.d/litespeed.repo repo file which you will need to edit in order to avoid getting the following error when installing or updating packages with yum/dnf.

Invalid configuration value: failovermethod=priority in /etc/yum.repos.d/litespeed.repo; Configuration: OptionBinding with id "failovermethod" does not exist

This will happen because the ‘failovermethod’ option is not supported by dnf which comes with RHEL 8.

Comment out that line from /etc/yum.repos.d/litespeed.repo with following command:

sed -i 's/failovermethod=priority/#failovermethod=priority/' /etc/yum.repos.d/litespeed.repo

Install OpenLiteSpeed with following command:

dnf install openlitespeed

After you have installed OpenLiteSpeed install Extra Packages for Enterprise Linux (EPEL) repository with following command:

dnf install epel-release

After that install PHP 8.1 for OpenLiteSpeed with most commonly used packages:

dnf install lsphp81 lsphp81-common lsphp81-mysqlnd lsphp81-gd lsphp81-process lsphp81-mbstring lsphp81-xml lsphp81-opcache

If you wish to install a different version of PHP just replace lsphp81 with lsphp80 for PHP 8.0 or lsphp74 for PHP 7.4 and similar.

By default OpenLiteSpeed will run on port 8088 and its WebAdmin Console will run on port 7080.

OpenLiteSpeed WebAdmin Console will have default username admin but the admin password will be randomly generated.

If you want to reset OpenLiteSpeed admin password you can run /usr/local/lsws/admin/misc/admpass.sh script which can be used to set admin password to desired value.

If you run the script it will use username admin if you don’t specify any and will then ask you to input a new password for OpenLiteSpeed administration web interface.

/usr/local/lsws/admin/misc/admpass.sh 

Please specify the user name of administrator.
This is the user name required to login the administration Web interface.

User name [admin]: 

Please specify the administrator's password.
This is the password required to login the administration Web interface.

Password: 
Retype password: 
Administrator's username/password is updated successfully!

VMware rename CentOS 7 NIC names

CentOS 7 virtual machines on VMware will by default use predictable network device naming for network interfaces on the machine, causing their names to be in enoXXXXXXXX format.

This will cause issues when adding 10 or more additional IPs in WHM, as network interface name will be longer than the 15 characters.

Maximum length supported for network interface name on cPanel servers is 15 characters.

When starting ipaliases service, only first 9 additional IPs will be added, and for rest of the IPs error “RTNETLINK answers: Numerical result out of range” will be shown, and IPs will not be shown in ip addr, or ifconfig output.

[root@server ~]# /scripts/restartsrv_ipaliases
Waiting for "ipaliases" to stop ...finished.
Waiting for "ipaliases" to start ...finished.
Service Status
Startup Log
 Oct 03 20:29:20 server.example.com ipaliases[233833]: [FAILED]
 Oct 03 20:29:20 server.example.com ipaliases[233833]: Bringing up eno33559296:cp14 RTNETLINK answers: Numerical
result out of range
 Oct 03 20:29:20 server.example.com ipaliases[233833]: [FAILED]
 Oct 03 20:29:20 server.example.com ipaliases[233833]: Routing 204.93.248.69 RTNETLINK answers: Invalid argument
 Oct 03 20:29:20 server.example.com ipaliases[233833]: [FAILED]
 Oct 03 20:29:20 server.example.com ipaliases[233833]: Bringing up eno33559296:cp15 RTNETLINK answers: Numerical
result out of range
 Oct 03 20:29:20 server.example.com ipaliases[233833]: [FAILED]
 Oct 03 20:29:20 server.example.com ipaliases[233833]: Routing 204.93.248.70 RTNETLINK answers: Invalid argument
 Oct 03 20:29:20 server.example.com ipaliases[233833]: [FAILED]
 Oct 03 20:29:20 server.example.com systemd[1]: Started cPanel IP aliases service.
Log Messages
 Oct 3 20:29:20 server ipaliases: [FAILED]
 Oct 3 20:29:20 server ipaliases: Routing x.x.x.x RTNETLINK answers: Invalid argument
 Oct 3 20:29:20 server ipaliases: [FAILED]
 Oct 3 20:29:20 server ipaliases: Bringing up eno33559296:cp15 RTNETLINK answers: Numerical result out of range

To resolve the issues, network devices can be renamed back to old ethX type of naming.

To rename network devices to old names following steps are needed.

  1. Edit /etc/sysconfig/grub
  2. Update GRUB configuration with new kernel parameters
  3. Rename network files
  4. Edit renamed network files
  5. Reboot the server

To rename devices do the following

Edit /etc/sysconfig/grub

Find a line containing “GRUB_CMDLINE_LINUX”, and append “net.ifnames=0 biosdevname=0“ on the line.

File should look something like this.

[root@server ~]# cat /etc/sysconfig/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=myvg/rootvol rhgb quiet net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"

Update GRUB configuration with new kernel parameters, with following command:

grub2-mkconfig -o /boot/grub2/grub.cfg

Rename enoXXXXXXXX network files of all interfaces to ethX network file.

For example:

mv /etc/sysconfig/network-scripts/ifcfg-eno16777984 /etc/sysconfig/network-scripts/ifcfg-eth0
mv /etc/sysconfig/network-scripts/ifcfg-eno33557248 /etc/sysconfig/network-scripts/ifcfg-eth1

This will rename file ifcfg-eno16777984, to ifcfg-eth0, renaming interface eno16777984 to eth0, and will rename file ifcfg-eno33557248, to ifcfg-eth1, renaming interface eno33557248, to eth1.

Edit new ethX network files.

Replace value of both NAME and DEVICE field with new ethX names.

File should look something like this.

[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=static
NAME=eth0
UUID=b02f4abf-f6da-4ad4-b800-4abf4fe1d50d
DEVICE=eth0
ONBOOT=yes
NM_CONTROLLED=yes
IPADDR=x.x.x.x
NETMASK=255.255.255.0
GATEWAY=x.x.x.1

Reboot the server, and you should now see network interfaces using old CentOS 6 style names.

Additional changes for cPanel servers

Change public network interface in Basic cPanel & WHM Setup.

Go to Home »Server Configuration »Basic cPanel & WHM Setup and change public interface from old enoXXXXXXXX to new ethX name.

Change public interface to new name
Change public interface to new name

Restart ipaliases service with /scripts/restartsrv_ipaliases.

Reset root password on CentOS 6 machine

If you have forgotten root user password on your CentOS 6 machine, you can reset the password to new value, without knowing the old one, by booting the machine to single user mode, and resetting the password with passwd command.

Boot to single user mode

During the CentOS boot process, you will be presented with a countdown before CentOS boot process actually begins to load the OS.

Press any key to enter the GNU GRUB menu.

CentOS 6 boot countdown
CentOS boot countdown

On the GNU GRUB menu highlight the kernel you want to boot, and press ‘e’ key to edit the kernel commands before booting.

CentOS 6 kernel select
CentOS 6 kernel select

Once you have entered the kernel edit mode, find the line beginning with kernel, and highlight it, and press ‘e’ key to edit it.

Edit kernel line
Edit kernel line

On the end of the line add the word ‘single’, with white space before ‘single’, and press ENTER to accept the change.

Add single to then end of the kernel line
Add single to then end of the kernel line

Boot the machine with the edited kernel argument, and you will be logged in as root in single user mode.

Now just issue passwd command, and enter the new password two times, when asked.

Change password with passwd command
Change password with passwd command

Once you have changed the password, reboot the machine, and log to it with your new root password.

Yum and curl returning “Illegal instruction (core dumped)” on Xen

When running yum or curl commands on a CentOS 6 XenServer Virtual Machine you might be getting an “Illegal instruction (core dumped)” error returned in your console output.

root@server [~]# yum update
Loaded plugins: fastestmirror, rhnplugin
Setting up Update Process
Loading mirror speeds from cached hostfile
 * base: mirror.us.leaseweb.net
 * cloudlinux-x86_64-server-6: xmlrpc.cln.cloudlinux.com
 * extras: mirror.teklinks.com
 * updates: mirror.teklinks.com
Illegal instruction (core dumped)

The issue is due to Python attempting to execute a CPU opcode advertised as available by the server’s host node virtualization system (XEN), but is not actually supported by the host node’s hardware.

Workaround

Issue can be resolved by running export NSS_DISABLE_HW_AES=1, and then running yum update, to update to newer packages, after which issue should not be happening anymore.

root@server [~]# export NSS_DISABLE_HW_AES=1
root@server [~]# yum -y update
References:

https://www.centos.org/forums/viewtopic.php?t=58002

https://forums.cpanel.net/threads/kvm-xen-hw_aes-detection-issues-yum-update-illegal-instruction.551681/

CSF chattr and urlget warnings on restart

On most CentOS 7 machines you might be getting this type of warnings when restarting or updating ConfigServer Firewall (CSF), if you are missing certain commands or packages on your server.

*WARNING* Binary location for [CHATTR] [/usr/bin/chattr] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

You also might be getting notifications in mail from your Cron Daemon with subject /usr/sbin/csf -u and following message:

*WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

This warnings are showing because of missing packages not being installed on the server, and chattr command doesn’t exist.

[root@server ~]# type chattr
-bash: type: chattr: not found

To resolve CHATTR warning, you need to install e2fsprogs with

yum -y install e2fsprogs

To resolve URLGET warning you need to install perl-libwww-perl with

yum -y install perl-libwww-perl with

If you are getting following warning by mail notifications, or when running csf -u, you are missing perl-LWP-Protocol-https package.

[root@server ~]# csf -u
Oops: Unable to download: Protocol scheme 'https' is not supported (LWP::Protocol::https not installed)

Install perl-LWP-Protocol-https with:

yum -y install perl-LWP-Protocol-https

You might also be getting a following warning, if you don’t have host or unzip commands installed on your server.

*WARNING* Binary location for [UNZIP] [/usr/bin/unzip] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Binary location for [HOST] [/usr/bin/host] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable

To resolve HOST warning, you needs to install bind-utils package with

yum -y install bind-utils

To resolve UNZIP warning you need to install unzip package with

yum -y install unzip

tl;dr required packages for CSF

If you are getting any kind of warnings when doing csf -r on CentOS 7 server make sure you have following packages installed.

iptables-services
unzip
bind-utils
perl-libwww-perl
e2fsprogs
perl-LWP-Protocol-https

Needed packages can be installed with following commands:

yum -y install iptables-services
yum -y install unzip
yum -y install bind-utils
yum -y install perl-libwww-perl
yum -y install e2fsprogs
yum -y install perl-LWP-Protocol-https

References:

http://forum.configserver.com/viewtopic.php?t=8864

http://www.liquidweb.com/kb/csf-config-server-firewall-installation/

https://community.centminmod.com/threads/ensure-perl-crypt-ssleay-perl-net-ssleay-are-installed-for-csf-firewall.2183/