CentOS 7.x Work log for dealing with CentOS 7.0 changes (systemd)

Starting a discussion thread and work log for dealing with CentOS 7.0 changes which will affect Centmin Mod .08 beta and higher.

Biggest change is CentOS 7.0's replacement of ini.d (SysVinit) with Systemd you can see changes below. So will have to rewrite Centmin Mod custom init.d files as well as change the commands which are invoked depending on whether CentOS 6.x or 7.0 is detected.

Wrote a test shell script to work out the CentOS 7.0 vs 6.x detection and a cmservice function to carry out the appropriate commands depending on if CentOS 7 or CentOS 6 is detected.

---

Code:

#!/bin/bash
CMSDEBUG=y
TESTEDCENTOSVER='7.0'
CENTOSVER=$(cat /etc/redhat-release | awk '{ print $3 }')

if [ "$CENTOSVER" == 'release' ]; then
    CENTOSVER=$(cat /etc/redhat-release | awk '{ print $4 }' | cut -d . -f1,2)
    if [[ "$(cat /etc/redhat-release | awk '{ print $4 }' | cut -d . -f1)" = '7' ]]; then
        CENTOS_SEVEN='7'
    fi
fi

if [[ "$CMSDEBUG" = [yY] ]]; then
    if [[ "$CENTOS_SEVEN" != '7' ]]; then
            echo "Detected 6.5"
    else
            echo "Detected 7.0"
    fi
fi

cmservice() {
    servicename=$1
    action=$2
    if [[ "$CENTOS_SEVEN" != '7' ]]; then
        echo "service ${servicename} $action"
        if [[ "$CMSDEBUG" = [nN] ]]; then
            service ${servicename} $action
        fi
    else
        echo "systemctl $action ${servicename}.service"
        if [[ "$CMSDEBUG" = [nN] ]]; then
            systemctl $action ${servicename}.service
        fi
    fi
}

cmchkconfig() {
    servicename=$1
    status=$2
    if [[ "$CENTOS_SEVEN" != '7' ]]; then
        echo "chkconfig ${servicename} $status"
        if [[ "$CMSDEBUG" = [nN] ]]; then
            chkconfig ${servicename} $status
        fi
    else
        if [ "$status" = 'on' ]; then
            status=enable
        fi
        if [ "$status" = 'off' ]; then
            status=disable
        fi
        echo "systemctl $status ${servicename}.service"
        if [[ "$CMSDEBUG" = [nN] ]]; then
            systemctl $status ${servicename}.service
        fi
    fi
}

cmservice crond status
cmservice crond stop
cmservice crond start
cmservice crond restart

cmchkconfig crond on
cmchkconfig crond off

On a CentOS 6.5 system the following is outputted:

Code:

./ctest.sh 
Detected 6.5
service crond status
service crond stop
service crond start
service crond restart
chkconfig crond on
chkconfig crond off

On a CentOS 7.0 system the following is outputted:

Code:

./ctest.sh 
Detected 7.0
systemctl status crond.service
systemctl stop crond.service
systemctl start crond.service
systemctl restart crond.service
systemctl enable crond.service
systemctl disable crond.service

 

Would be great if anyone else more familiar with Systemd method of doing things (i.e. for Fedora etc) would chime in especially if I have any incorrect assumptions regarding the Systemd stuff

 

Added Github beta branches one for .08 beta and one specifically for .08 beta + CentOS

• https://github.com/centminmod/centminmod/commits/123.08beta01
• https://github.com/centminmod/centminmod/commits/123.08centos7beta01

.08 betas (especially CentOS 7 one) are not anywhere near fully working, just a work in progress

 

A slight problem if I decide to use MariaDB official YUM repo in CentOS 7.x and disable CentOS 7.x's own MariaDB packages as both are named mariadb in MariaDB official YUM repo and in CentOS 7.x.

/etc/yum.conf exclude=mariadb* line wouldn't suffice to disable CentOS 7.x mariadb packages as it would disable MariaDB official YUM too.

On CentOS 7.x MariaDB YUM packages by default

Code:

[root@centos7 tools]# yum -q list mariadb*
Installed Packages
mariadb-libs.x86_64                                                              1:5.5.35-3.el7                                                      @anaconda
Available Packages
mariadb.x86_64                                                                   1:5.5.37-1.el7_0                                                    updates
mariadb-bench.x86_64                                                             1:5.5.37-1.el7_0                                                    updates
mariadb-devel.i686                                                               1:5.5.37-1.el7_0                                                    updates
mariadb-devel.x86_64                                                             1:5.5.37-1.el7_0                                                    updates
mariadb-embedded.i686                                                            1:5.5.37-1.el7_0                                                    updates
mariadb-embedded.x86_64                                                          1:5.5.37-1.el7_0                                                    updates
mariadb-embedded-devel.i686                                                      1:5.5.37-1.el7_0                                                    updates
mariadb-embedded-devel.x86_64                                                    1:5.5.37-1.el7_0                                                    updates
mariadb-libs.i686                                                                1:5.5.37-1.el7_0                                                    updates
mariadb-libs.x86_64                                                              1:5.5.37-1.el7_0                                                    updates
mariadb-server.x86_64                                                            1:5.5.37-1.el7_0                                                    updates
mariadb-test.x86_64                                                              1:5.5.37-1.el7_0                                                    updates  

CentOS 6.5 and MariaDB official YUM packages

Code:

yum -q list mariadb*
Installed Packages
MariaDB-client.x86_64                                                          5.5.38-1.el6                                                           @mariadb
MariaDB-common.x86_64                                                          5.5.38-1.el6                                                           @mariadb
MariaDB-compat.x86_64                                                          5.5.38-1.el6                                                           @mariadb
MariaDB-devel.x86_64                                                           5.5.38-1.el6                                                           @mariadb
MariaDB-server.x86_64                                                          5.5.38-1.el6                                                           @mariadb
MariaDB-shared.x86_64                                                          5.5.38-1.el6                                                           @mariadb
Available Packages
MariaDB-test.x86_64                                                            5.5.38-1.el6                                                           mariadb

Might have to do the following for CentOS 7.x MariaDB YUM list, update, installs?

Code:

yum list mariadb* --disablerepo=* --enablerepo=mariadb

Code:

yum list mariadb* --disablerepo=* --enablerepo=mariadb
Loaded plugins: downloadonly, fastestmirror, priorities
Loading mirror speeds from cached hostfile
Installed Packages
MariaDB-client.x86_64                                                          5.5.38-1.el6                                                           @mariadb
MariaDB-common.x86_64                                                          5.5.38-1.el6                                                           @mariadb
MariaDB-compat.x86_64                                                          5.5.38-1.el6                                                           @mariadb
MariaDB-devel.x86_64                                                           5.5.38-1.el6                                                           @mariadb
MariaDB-server.x86_64                                                          5.5.38-1.el6                                                           @mariadb
MariaDB-shared.x86_64                                                          5.5.38-1.el6                                                           @mariadb
Available Packages
MariaDB-test.x86_64                                                            5.5.38-1.el6                                                           mariadb 

 

Nginx, memcached, nsd, and PHP-FPM are just apps which have custom init.d scripts in Centmin Mod currently, so will need the systemd equivalent for them for CentOS 7.x.

Decided to install memcached and php-fpm from default CentOS 7.0 YUM packages and dig into how they have things structured and configured for systemd etc.

memcached install

Code:

 yum -y install memcached
Loaded plugins: fastestmirror
base                                                                                                                                   | 3.6 kB  00:00:00    
extras                                                                                                                                 | 2.9 kB  00:00:00    
updates                                                                                                                                | 2.9 kB  00:00:00    
Loading mirror speeds from cached hostfile
* base: centos.mirror.serversaustralia.com.au
* extras: centos.mirror.serversaustralia.com.au
* updates: mirror.overthewire.com.au
Resolving Dependencies
--> Running transaction check
---> Package memcached.x86_64 0:1.4.15-9.el7 will be installed
--> Processing Dependency: libevent-2.0.so.5()(64bit) for package: memcached-1.4.15-9.el7.x86_64
--> Running transaction check
---> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================
Package                                Arch                                Version                                   Repository                         Size
==============================================================================================================================================================
Installing:
memcached                              x86_64                              1.4.15-9.el7                              base                               84 k
Installing for dependencies:
libevent                               x86_64                              2.0.21-4.el7                              base                              214 k

Transaction Summary
==============================================================================================================================================================
Install  1 Package (+1 Dependent package)

Total download size: 298 k
Installed size: 897 k
Downloading packages:
(1/2): memcached-1.4.15-9.el7.x86_64.rpm                                                                                               |  84 kB  00:00:00    
(2/2): libevent-2.0.21-4.el7.x86_64.rpm                                                                                                | 214 kB  00:00:00    
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                         482 kB/s | 298 kB  00:00:00    
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libevent-2.0.21-4.el7.x86_64                                                                                                               1/2
  Installing : memcached-1.4.15-9.el7.x86_64                                                                                                              2/2
  Verifying  : memcached-1.4.15-9.el7.x86_64                                                                                                              1/2
  Verifying  : libevent-2.0.21-4.el7.x86_64                                                                                                               2/2

Installed:
  memcached.x86_64 0:1.4.15-9.el7                                                                                                                            

Dependency Installed:
  libevent.x86_64 0:2.0.21-4.el7                                                                                                                             

Complete!

default installed memcached files

Code:

 rpm -ql memcached
/etc/sysconfig/memcached
/usr/bin/memcached
/usr/bin/memcached-tool
/usr/lib/systemd/system/memcached.service
/usr/share/doc/memcached-1.4.15
/usr/share/doc/memcached-1.4.15/AUTHORS
/usr/share/doc/memcached-1.4.15/CONTRIBUTORS
/usr/share/doc/memcached-1.4.15/COPYING
/usr/share/doc/memcached-1.4.15/ChangeLog
/usr/share/doc/memcached-1.4.15/NEWS
/usr/share/doc/memcached-1.4.15/README.md
/usr/share/doc/memcached-1.4.15/protocol.txt
/usr/share/doc/memcached-1.4.15/readme.txt
/usr/share/doc/memcached-1.4.15/threads.txt
/usr/share/man/man1/memcached-tool.1.gz
/usr/share/man/man1/memcached.1.gz

contents of /etc/sysconfig/memcached

Code:

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS=""

contents of systemd file /usr/lib/systemd/system/memcached.service

Code:

[Unit]
Description=Memcached
Before=httpd.service
After=network.target

[Service]
Type=simple
EnvironmentFile=-/etc/sysconfig/memcached
ExecStart=/usr/bin/memcached -u $USER -p $PORT -m $CACHESIZE -c $MAXCONN $OPTIONS

[Install]
WantedBy=multi-user.target

default status and is-active status

Code:

 systemctl status memcached
memcached.service - Memcached
   Loaded: loaded (/usr/lib/systemd/system/memcached.service; disabled)
   Active: inactive (dead)

Code:

 systemctl is-active memcached
unknown

start and enable memcached

Code:

 systemctl start memcached

ps aufx | grep memcached | grep -v grep
memcach+  2689  0.0  0.0 314820  1088 ?        Ssl  15:50   0:00 /usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024

Code:

 systemctl is-active memcached
active

Make sure memcached survives system reboot with equivalent chkconfig command.

Current status before enable is disabled

Code:

 systemctl status memcached
memcached.service - Memcached
   Loaded: loaded (/usr/lib/systemd/system/memcached.service; disabled)
   Active: active (running) since Wed 2014-07-09 15:50:20 EST; 43s ago
Main PID: 2689 (memcached)
   CGroup: /system.slice/memcached.service
           +-2689 /usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024

Jul 09 15:50:20 centos7.localdomain systemd[1]: Started Memcached.

Then enable for system reboots

Code:

 systemctl enable memcached
ln -s '/usr/lib/systemd/system/memcached.service' '/etc/systemd/system/multi-user.target.wants/memcached.service'

Then check status and see it's now enabled

Code:

 systemctl status memcached
memcached.service - Memcached
   Loaded: loaded (/usr/lib/systemd/system/memcached.service; enabled)
   Active: active (running) since Wed 2014-07-09 15:50:20 EST; 1min 33s ago
Main PID: 2689 (memcached)
   CGroup: /system.slice/memcached.service
           +-2689 /usr/bin/memcached -u memcached -p 11211 -m 64 -c 1024

Jul 09 15:50:20 centos7.localdomain systemd[1]: Started Memcached.

 

Wondering what's left in /etc/init.d/ on CentOS 7 ?

Code:

ls -lah /etc/init.d/
total 48K
drwxr-xr-x.  2 root root  110 Jul  8 13:29 .
drwxr-xr-x. 10 root root 4.0K Jun 27 21:07 ..
-rw-r--r--.  1 root root  14K Apr  3 01:30 functions
-rwxr-xr-x.  1 root root 2.3K Jun 10 11:34 iprdump
-rwxr-xr-x.  1 root root 2.2K Jun 10 11:34 iprinit
-rwxr-xr-x.  1 root root 2.3K Jun 10 11:34 iprupdate
-rwxr-xr-x.  1 root root 3.0K Apr  3 01:30 netconsole
-rwxr-xr-x.  1 root root 6.3K Apr  3 01:30 network
-rw-r--r--.  1 root root 1.2K Jun 10 15:35 README

Code:

 cat /etc/init.d/README
You are looking for the traditional init scripts in /etc/rc.d/init.d,
and they are gone?

Here's an explanation on what's going on:

You are running a systemd-based OS where traditional init scripts have
been replaced by native systemd services files. Service files provide
very similar functionality to init scripts. To make use of service
files simply invoke "systemctl", which will output a list of all
currently running services (and other units). Use "systemctl
list-unit-files" to get a listing of all known unit files, including
stopped, disabled and masked ones. Use "systemctl start
foobar.service" and "systemctl stop foobar.service" to start or stop a
service, respectively. For further details, please refer to
systemctl(1).

Note that traditional init scripts continue to function on a systemd
system. An init script /etc/rc.d/init.d/foobar is implicitly mapped
into a service unit foobar.service during system initialization.

Thank you!

Further reading:
        man:systemctl(1)
        man:systemd(1)
        http://0pointer.de/blog/projects/systemd-for-admins-3.html
        http://www.freedesktop.org/wiki/Software/systemd/Incompatibilities

So this part means init.d scripts would work 100% ?

Code:

cat /etc/init.d/functions
# -*-Shell-script-*-
#
# functions     This file contains functions to be used by most or all
#               shell scripts in the /etc/init.d directory.
#

TEXTDOMAIN=initscripts

# Make sure umask is sane
umask 022

# Set up a default search path.
PATH="/sbin:/usr/sbin:/bin:/usr/bin"
export PATH

if [ $PPID -ne 1 -a -z "$SYSTEMCTL_SKIP_REDIRECT" ] && \
                ( /bin/mountpoint -q /cgroup/systemd || /bin/mountpoint -q /sys/fs/cgroup/systemd ) ; then
        case "$0" in
        /etc/init.d/*|/etc/rc.d/init.d/*)
                _use_systemctl=1
                ;;
        esac
fi

systemctl_redirect () {
        local s
        local prog=${1##*/}
        local command=$2
        local options=""

        case "$command" in
        start)
                s=$"Starting $prog (via systemctl): "
                ;;
        stop)
                s=$"Stopping $prog (via systemctl): "
                ;;
        reload|try-reload)
                s=$"Reloading $prog configuration (via systemctl): "
                ;;
        restart|try-restart|condrestart)
                s=$"Restarting $prog (via systemctl): "
                ;;
        esac

        if [ -n "$SYSTEMCTL_IGNORE_DEPENDENCIES" ] ; then
                options="--ignore-dependencies"
        fi

        action "$s" /bin/systemctl $options $command "$prog.service"
}

# Get a sane screen width
[ -z "${COLUMNS:-}" ] && COLUMNS=80

if [ -z "${CONSOLETYPE:-}" ]; then
  if [ -c "/dev/stderr" -a -r "/dev/stderr" ]; then
    CONSOLETYPE="$(/sbin/consoletype < /dev/stderr 2>/dev/null)"
  else
    CONSOLETYPE="serial"
  fi
fi

if [ -z "${NOLOCALE:-}" ] && [ -z "${LANGSH_SOURCED:-}" ] && [ -f /etc/sysconfig/i18n -o -f /etc/locale.conf ] ; then
  . /etc/profile.d/lang.sh 2>/dev/null
  # avoid propagating LANGSH_SOURCED any further
  unset LANGSH_SOURCED
fi

# Read in our configuration
if [ -z "${BOOTUP:-}" ]; then
  if [ -f /etc/sysconfig/init ]; then
      . /etc/sysconfig/init
  else
    # This all seem confusing? Look in /etc/sysconfig/init,
    # or in /usr/share/doc/initscripts-*/sysconfig.txt
    BOOTUP=color
    RES_COL=60
    MOVE_TO_COL="echo -en \\033[${RES_COL}G"
    SETCOLOR_SUCCESS="echo -en \\033[1;32m"
    SETCOLOR_FAILURE="echo -en \\033[1;31m"
    SETCOLOR_WARNING="echo -en \\033[1;33m"
    SETCOLOR_NORMAL="echo -en \\033[0;39m"
    LOGLEVEL=1
  fi
  if [ "$CONSOLETYPE" = "serial" ]; then
      BOOTUP=serial
      MOVE_TO_COL=
      SETCOLOR_SUCCESS=
      SETCOLOR_FAILURE=
      SETCOLOR_WARNING=
      SETCOLOR_NORMAL=
  fi
fi

# Check if any of $pid (could be plural) are running
checkpid() {
        local i

        for i in $* ; do
                [ -d "/proc/$i" ] && return 0
        done
        return 1
}

# __proc_pids {program} [pidfile]
# Set $pid to pids from /var/run* for {program}.  $pid should be declared
# local in the caller.
# Returns LSB exit code for the 'status' action.
__pids_var_run() {
        local base=${1##*/}
        local pid_file=${2:-/var/run/$base.pid}

        pid=
        if [ -f "$pid_file" ] ; then
                local line p

                [ ! -r "$pid_file" ] && return 4 # "user had insufficient privilege"
                while : ; do
                        read line
                        [ -z "$line" ] && break
                        for p in $line ; do
                                [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] && pid="$pid $p"
                        done
                done < "$pid_file"

                if [ -n "$pid" ]; then
                        return 0
                fi
                return 1 # "Program is dead and /var/run pid file exists"
        fi
        return 3 # "Program is not running"
}

# Output PIDs of matching processes, found using pidof
__pids_pidof() {
        pidof -c -m -o $$ -o $PPID -o %PPID -x "$1" || \
                pidof -c -m -o $$ -o $PPID -o %PPID -x "${1##*/}"
}


# A function to start a program.
daemon() {
        # Test syntax.
        local gotbase= force= nicelevel corelimit
        local pid base= user= nice= bg= pid_file=
        local cgroup=
        nicelevel=0
        while [ "$1" != "${1##[-+]}" ]; do
          case $1 in
            '')    echo $"$0: Usage: daemon [+/-nicelevel] {program}"
                   return 1;;
            --check)
                   base=$2
                   gotbase="yes"
                   shift 2
                   ;;
            --check=?*)
                   base=${1#--check=}
                   gotbase="yes"
                   shift
                   ;;
            --user)
                   user=$2
                   shift 2
                   ;;
            --user=?*)
                   user=${1#--user=}
                   shift
                   ;;
            --pidfile)
                   pid_file=$2
                   shift 2
                   ;;
            --pidfile=?*)
                   pid_file=${1#--pidfile=}
                   shift
                   ;;
            --force)
                   force="force"
                   shift
                   ;;
            [-+][0-9]*)
                   nice="nice -n $1"
                   shift
                   ;;
            *)     echo $"$0: Usage: daemon [+/-nicelevel] {program}"
                   return 1;;
          esac
        done

        # Save basename.
        [ -z "$gotbase" ] && base=${1##*/}

        # See if it's already running. Look *only* at the pid file.
        __pids_var_run "$base" "$pid_file"

        [ -n "$pid" -a -z "$force" ] && return

        # make sure it doesn't core dump anywhere unless requested
        corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"

        # if they set NICELEVEL in /etc/sysconfig/foo, honor it
        [ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL"

        # if they set CGROUP_DAEMON in /etc/sysconfig/foo, honor it
        if [ -n "${CGROUP_DAEMON}" ]; then
                if [ ! -x /bin/cgexec ]; then
                        echo -n "Cgroups not installed"; warning
                        echo
                else
                        cgroup="/bin/cgexec";
                        for i in $CGROUP_DAEMON; do
                                cgroup="$cgroup -g $i";
                        done
                fi
        fi

        # Echo daemon
        [ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base"

        # And start it up.
        if [ -z "$user" ]; then
           $cgroup $nice /bin/bash -c "$corelimit >/dev/null 2>&1 ; $*"
        else
           $cgroup $nice runuser -s /bin/bash $user -c "$corelimit >/dev/null 2>&1 ; $*"
        fi

        [ "$?" -eq 0 ] && success $"$base startup" || failure $"$base startup"
}

# A function to stop a program.
killproc() {
        local RC killlevel= base pid pid_file= delay try

        RC=0; delay=3; try=0
        # Test syntax.
        if [ "$#" -eq 0 ]; then
                echo $"Usage: killproc [-p pidfile] [ -d delay] {program} [-signal]"
                return 1
        fi
        if [ "$1" = "-p" ]; then
                pid_file=$2
                shift 2
        fi
        if [ "$1" = "-d" ]; then
                delay=$(echo $2 | awk -v RS=' ' -v IGNORECASE=1 '{if($1!~/^[0-9.]+[smhd]?$/) exit 1;d=$1~/s$|^[0-9.]*$/?1:$1~/m$/?60:$1~/h$/?60*60:$1~/d$/?24*60*60:-1;if(d==-1) exit 1;delay+=d*$1} END {printf("%d",delay+0.5)}')
                if [ "$?" -eq 1 ]; then
                        echo $"Usage: killproc [-p pidfile] [ -d delay] {program} [-signal]"
                        return 1
                fi
                shift 2
        fi
      

        # check for second arg to be kill level
        [ -n "${2:-}" ] && killlevel=$2

        # Save basename.
        base=${1##*/}

        # Find pid.
        __pids_var_run "$1" "$pid_file"
        RC=$?
        if [ -z "$pid" ]; then
                if [ -z "$pid_file" ]; then
                        pid="$(__pids_pidof "$1")"
                else
                        [ "$RC" = "4" ] && { failure $"$base shutdown" ; return $RC ;}
                fi
        fi

        # Kill it.
        if [ -n "$pid" ] ; then
                [ "$BOOTUP" = "verbose" -a -z "${LSB:-}" ] && echo -n "$base "
                if [ -z "$killlevel" ] ; then
                       if checkpid $pid 2>&1; then
                           # TERM first, then KILL if not dead
                           kill -TERM $pid >/dev/null 2>&1
                           usleep 50000
                           if checkpid $pid ; then
                                try=0
                                while [ $try -lt $delay ] ; do
                                        checkpid $pid || break
                                        sleep 1
                                        let try+=1
                                done
                                if checkpid $pid ; then
                                        kill -KILL $pid >/dev/null 2>&1
                                        usleep 50000
                                fi
                           fi
                        fi
                        checkpid $pid
                        RC=$?
                        [ "$RC" -eq 0 ] && failure $"$base shutdown" || success $"$base shutdown"
                        RC=$((! $RC))
                # use specified level only
                else
                        if checkpid $pid; then
                                kill $killlevel $pid >/dev/null 2>&1
                                RC=$?
                                [ "$RC" -eq 0 ] && success $"$base $killlevel" || failure $"$base $killlevel"
                        elif [ -n "${LSB:-}" ]; then
                                RC=7 # Program is not running
                        fi
                fi
        else
                if [ -n "${LSB:-}" -a -n "$killlevel" ]; then
                        RC=7 # Program is not running
                else
                        failure $"$base shutdown"
                        RC=0
                fi
        fi

        # Remove pid file if any.
        if [ -z "$killlevel" ]; then
            rm -f "${pid_file:-/var/run/$base.pid}"
        fi
        return $RC
}

# A function to find the pid of a program. Looks *only* at the pidfile
pidfileofproc() {
        local pid

        # Test syntax.
        if [ "$#" = 0 ] ; then
                echo $"Usage: pidfileofproc {program}"
                return 1
        fi

        __pids_var_run "$1"
        [ -n "$pid" ] && echo $pid
        return 0
}

# A function to find the pid of a program.
pidofproc() {
        local RC pid pid_file=

        # Test syntax.
        if [ "$#" = 0 ]; then
                echo $"Usage: pidofproc [-p pidfile] {program}"
                return 1
        fi
        if [ "$1" = "-p" ]; then
                pid_file=$2
                shift 2
        fi
        fail_code=3 # "Program is not running"

        # First try "/var/run/*.pid" files
        __pids_var_run "$1" "$pid_file"
        RC=$?
        if [ -n "$pid" ]; then
                echo $pid
                return 0
        fi

        [ -n "$pid_file" ] && return $RC
        __pids_pidof "$1" || return $RC
}

status() {
        local base pid lock_file= pid_file=

        # Test syntax.
        if [ "$#" = 0 ] ; then
                echo $"Usage: status [-p pidfile] {program}"
                return 1
        fi
        if [ "$1" = "-p" ]; then
                pid_file=$2
                shift 2
        fi
        if [ "$1" = "-l" ]; then
                lock_file=$2
                shift 2
        fi
        base=${1##*/}

        if [ "$_use_systemctl" = "1" ]; then
                systemctl status ${0##*/}.service
                return $?
        fi

        # First try "pidof"
        __pids_var_run "$1" "$pid_file"
        RC=$?
        if [ -z "$pid_file" -a -z "$pid" ]; then
                pid="$(__pids_pidof "$1")"
        fi
        if [ -n "$pid" ]; then
                echo $"${base} (pid $pid) is running..."
                return 0
        fi

        case "$RC" in
                0)
                        echo $"${base} (pid $pid) is running..."
                        return 0
                        ;;
                1)
                        echo $"${base} dead but pid file exists"
                        return 1
                        ;;
                4)
                        echo $"${base} status unknown due to insufficient privileges."
                        return 4
                        ;;
        esac
        if [ -z "${lock_file}" ]; then
                lock_file=${base}
        fi
        # See if /var/lock/subsys/${lock_file} exists
        if [ -f /var/lock/subsys/${lock_file} ]; then
                echo $"${base} dead but subsys locked"
                return 2
        fi
        echo $"${base} is stopped"
        return 3
}

echo_success() {
  [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
  echo -n "["
  [ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS
  echo -n $"  OK  "
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
  echo -n "]"
  echo -ne "\r"
  return 0
}

echo_failure() {
  [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
  echo -n "["
  [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE
  echo -n $"FAILED"
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
  echo -n "]"
  echo -ne "\r"
  return 1
}

echo_passed() {
  [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
  echo -n "["
  [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
  echo -n $"PASSED"
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
  echo -n "]"
  echo -ne "\r"
  return 1
}

echo_warning() {
  [ "$BOOTUP" = "color" ] && $MOVE_TO_COL
  echo -n "["
  [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING
  echo -n $"WARNING"
  [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
  echo -n "]"
  echo -ne "\r"
  return 1
}

# Inform the graphical boot of our current state
update_boot_stage() {
  if [ -x /bin/plymouth ]; then
      /bin/plymouth --update="$1"
  fi
  return 0
}

# Log that something succeeded
success() {
  [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_success
  return 0
}

# Log that something failed
failure() {
  local rc=$?
  [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_failure
  [ -x /bin/plymouth ] && /bin/plymouth --details
  return $rc
}

# Log that something passed, but may have had errors. Useful for fsck
passed() {
  local rc=$?
  [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_passed
  return $rc
}

# Log a warning
warning() {
  local rc=$?
  [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_warning
  return $rc
}

# Run some action. Log its output.
action() {
  local STRING rc

  STRING=$1
  echo -n "$STRING "
  shift
  "$@" && success $"$STRING" || failure $"$STRING"
  rc=$?
  echo
  return $rc
}

# returns OK if $1 contains $2
strstr() {
  [ "${1#*$2*}" = "$1" ] && return 1
  return 0
}

# Check whether file $1 is a backup or rpm-generated file and should be ignored
is_ignored_file() {
    case "$1" in
        *~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave)
            return 0
            ;;
    esac
    return 1
}

# Evaluate shvar-style booleans
is_true() {
    case "$1" in
        [tT] | [yY] | [yY][eE][sS] | [tT][rR][uU][eE])
        return 0
        ;;
    esac
    return 1
}

# Evaluate shvar-style booleans
is_false() {
    case "$1" in
        [fF] | [nN] | [nN][oO] | [fF][aA][lL][sS][eE])
        return 0
        ;;
    esac
    return 1
}

# Apply sysctl settings, including files in /etc/sysctl.d
apply_sysctl() {
    if [ -x /lib/systemd/systemd-sysctl ]; then
        /lib/systemd/systemd-sysctl
    else
        for file in /usr/lib/sysctl.d/*.conf ; do
            is_ignored_file "$file" && continue
            [ -f /run/sysctl.d/${file##*/} ] && continue
            [ -f /etc/sysctl.d/${file##*/} ] && continue
            test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1
        done
        for file in /run/sysctl.d/*.conf ; do
            is_ignored_file "$file" && continue
            [ -f /etc/sysctl.d/${file##*/} ] && continue
            test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1
        done
        for file in /etc/sysctl.d/*.conf ; do
            is_ignored_file "$file" && continue
            test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1
        done
        sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1
    fi
}

# A sed expression to filter out the files that is_ignored_file recognizes
__sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d'

if [ "$_use_systemctl" = "1" ]; then
        if  [ "x$1" = xstart -o \
                "x$1" = xstop -o \
                "x$1" = xrestart -o \
                "x$1" = xreload -o \
                "x$1" = xtry-restart -o \
                "x$1" = xforce-reload -o \
                "x$1" = xcondrestart ] ; then

                systemctl_redirect $0 $1
                exit $?
        fi
fi

 

The new firewalld firewall in Redhat 7 and CentOS 7 is need dealing with as Centmin Mod installs CSF Firewall by default http://centminmod.com/csf_firewall.html

https://access.redhat.com/documenta.../html/Security_Guide/sec-Using_Firewalls.html and https://fedoraproject.org/wiki/FirewallD

Going back to using the iptables Service

To use the iptables and ip6tables services instead of firewalld, first disable firewalld by running the following command as root:

Code:

systemctl disable firewalld
systemctl stop firewalld

Then install the iptables-services package by entering the following command as root:

Code:

yum install iptables-services

Then, to start the iptables and ip6tables services, run the following commands as root:

Code:

systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables

 

Compared to iptables, firewalld might be easier to use like CSF Firewall. Just would need to get more familiar with it I suppose.

check firewalld status

Code:

[root@centos7 ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Thu 2014-07-10 14:38:42 EST; 6min ago
Main PID: 595 (firewalld)
   CGroup: /system.slice/firewalld.service
           +-595 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jul 10 14:38:42 centos7.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

check state

Code:

[root@centos7 ~]# firewall-cmd --state 
running

To list currently open ports via firewalld. No ports are open by default

Code:

[root@centos7 ~]# firewall-cmd --zone=public --list-ports

To add a port to a zone, for example to allow TCP traffic to port 8080 to the public zone, enter the following command as root:

Code:

firewall-cmd --zone=public --add-port=8080/tcp

To make this setting permanent, add the --permanent option and reload the firewall. Result

Code:

[root@centos7 ~]# firewall-cmd --zone=public --add-port=8080/tcp
success

[root@centos7 ~]# firewall-cmd --zone=public --list-ports 
8080/tcp

To add a range of ports to a zone, for example to allow the ports from 5060 to 5061 to the public zone, enter the following command as root:

Code:

firewall-cmd --zone=public --add-port=5060-5061/udp

To make this setting permanent, add the --permanent option and reload the firewall.

Code:

[root@centos7 ~]# firewall-cmd --zone=public --add-port=5060-5061/udp
success

[root@centos7 ~]# firewall-cmd --zone=public --list-ports       
5060-5061/udp 8080/tcp

Listing default predefined service files which set out default local and destination ports open to firewalld.

Code:

ls -alh /usr/lib/firewalld/services/
total 192K
drwxr-x---. 2 root root 4.0K Jul  8 13:29 .
drwxr-x---. 5 root root   49 Jul  8 13:29 ..
-rw-r-----. 1 root root  412 Jun 10 17:19 amanda-client.xml
-rw-r-----. 1 root root  320 Jun 10 17:19 bacula-client.xml
-rw-r-----. 1 root root  346 Jun 10 17:19 bacula.xml
-rw-r-----. 1 root root  305 Jun 10 17:19 dhcpv6-client.xml
-rw-r-----. 1 root root  234 Jun 10 17:19 dhcpv6.xml
-rw-r-----. 1 root root  227 Jun 10 17:19 dhcp.xml
-rw-r-----. 1 root root  346 Jun 10 17:19 dns.xml
-rw-r-----. 1 root root  374 Jun 10 17:19 ftp.xml
-rw-r-----. 1 root root  476 Jun 10 17:19 high-availability.xml
-rw-r-----. 1 root root  448 Jun 10 17:19 https.xml
-rw-r-----. 1 root root  353 Jun 10 17:19 http.xml
-rw-r-----. 1 root root  372 Jun 10 17:19 imaps.xml
-rw-r-----. 1 root root  454 Jun 10 17:19 ipp-client.xml
-rw-r-----. 1 root root  427 Jun 10 17:19 ipp.xml
-rw-r-----. 1 root root  517 Jun 10 17:19 ipsec.xml
-rw-r-----. 1 root root  233 Jun 10 17:19 kerberos.xml
-rw-r-----. 1 root root  221 Jun 10 17:19 kpasswd.xml
-rw-r-----. 1 root root  232 Jun 10 17:19 ldaps.xml
-rw-r-----. 1 root root  199 Jun 10 17:19 ldap.xml
-rw-r-----. 1 root root  385 Jun 10 17:19 libvirt-tls.xml
-rw-r-----. 1 root root  389 Jun 10 17:19 libvirt.xml
-rw-r-----. 1 root root  424 Jun 10 17:19 mdns.xml
-rw-r-----. 1 root root  211 Jun 10 17:19 mountd.xml
-rw-r-----. 1 root root  190 Jun 10 17:19 ms-wbt.xml
-rw-r-----. 1 root root  171 Jun 10 17:19 mysql.xml
-rw-r-----. 1 root root  324 Jun 10 17:19 nfs.xml
-rw-r-----. 1 root root  389 Jun 10 17:19 ntp.xml
-rw-r-----. 1 root root  335 Jun 10 17:19 openvpn.xml
-rw-r-----. 1 root root  433 Jun 10 17:19 pmcd.xml
-rw-r-----. 1 root root  474 Jun 10 17:19 pmproxy.xml
-rw-r-----. 1 root root  544 Jun 10 17:19 pmwebapis.xml
-rw-r-----. 1 root root  460 Jun 10 17:19 pmwebapi.xml
-rw-r-----. 1 root root  357 Jun 10 17:19 pop3s.xml
-rw-r-----. 1 root root  181 Jun 10 17:19 postgresql.xml
-rw-r-----. 1 root root  261 Jun 10 17:19 proxy-dhcp.xml
-rw-r-----. 1 root root  446 Jun 10 17:19 radius.xml
-rw-r-----. 1 root root  214 Jun 10 17:19 rpc-bind.xml
-rw-r-----. 1 root root  384 Jun 10 17:19 samba-client.xml
-rw-r-----. 1 root root  461 Jun 10 17:19 samba.xml
-rw-r-----. 1 root root  550 Jun 10 17:19 smtp.xml
-rw-r-----. 1 root root  463 Jun 10 17:19 ssh.xml
-rw-r-----. 1 root root  393 Jun 10 17:19 telnet.xml
-rw-r-----. 1 root root  301 Jun 10 17:19 tftp-client.xml
-rw-r-----. 1 root root  437 Jun 10 17:19 tftp.xml
-rw-r-----. 1 root root  211 Jun 10 17:19 transmission-client.xml
-rw-r-----. 1 root root  475 Jun 10 17:19 vnc-server.xml
-rw-r-----. 1 root root  310 Jun 10 17:19 wbem-https.xml

http.xml and https.xml contents

Code:

[root@centos7 ~]# cat /usr/lib/firewalld/services/http.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>WWW (HTTP)</short>
  <description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
  <port protocol="tcp" port="80"/>
</service>

Code:

[root@centos7 ~]# cat /usr/lib/firewalld/services/https.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Secure WWW (HTTPS)</short>
  <description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description>
  <port protocol="tcp" port="443"/>
</service>

Files in /usr/lib/firewalld/services/ must not be edited. Only the files in /etc/firewalld/services/ should be edited.

To list the system or user created services, issue the following command as root:

Code:

ls -lah /etc/firewalld/services/
total 4.0K
drwxr-x---. 2 root root    6 Jun 10 17:19 .
drwxr-x---. 5 root root 4.0K Jul  8 13:29 ..

Which is empty by default and falls back to the default pre-defined list.

Getting active services

Code:

firewall-cmd --get-service            
amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https

So all the following are the default active services and ports open ?

Code:

for p in $(ls /usr/lib/firewalld/services/); do cat /usr/lib/firewalld/services/${p}| grep 'port=' | awk -F ' ' '{print $3}' | awk -F\" '{print $2}'; done | sort -u

10080
111
1194
123
137
138
139
16509
16514
1812
1813
20048
2049
21
21064
22
2224
25
3121
3306
3389
389
4011
443
44321
44322
44323
44324
445
464
500
51413
53
5353
5404
5405
5432
546
547
5900-5903
5989
631
636
67
69
80
88
9101
9102
9103
993
995
tcp

The files /usr/lib/firewalld/services/ can be used as templates if you wish to add or change a service. As root, issue a command in the following format:

Code:

cp /usr/lib/firewalld/services/[service].xml /etc/firewalld/services/[service].xml

You may then edit the newly created file. firewalld will prefer files in /etc/firewalld/services/ but will fall back to /usr/lib/firewalld/services/ should a file be deleted, but only after a reload.

 

First attempt at .08 beta install as expected https://community.centminmod.com/threads/1-2-3-eva2000-08-beta-install-attempts-work-log.781/ = bugs galore

 

If folks want to help test Centmin Mod .08 + CentOS 7 branch read and follow instructions at https://community.centminmod.com/threads/how-to-help-test-08-centos-7-betas-with-github-code.813/

 

hmm the new ethernet adaptor naming convention in CentOS 7 will make it trickier to use bash to do some stuff https://www.centos.org/forums/viewtopic.php?f=47&t=47083

 

Ah need to update the Getting started guide http://centminmod.com/getstarted.html as CentOS 7 has they moved the location from

Code:

/etc/sysconfig/network

to

Code:

/etc/hostname

 

Looks like using php-fpm init.d from CentOS 6.x won't work as expected on CentOS 7.0 as the php-fpm created /var/run/php-fpm/php-fpm/pid is now located on /var/run which on CentOS 7.0 is a tmpfs ram disk mounted symlink to /run. So if you reboot your system on CentOS 7.0, the /var/run/php-fpm directory won't exist on CentOS 7.0. Need to fix that or convert to systemd based php-fpm script for CentOS 7.0

on rebooting CentOS 7.0 system with Centmin Mod .08 beta01 installed

Code:

service php-fpm restart
Gracefully shutting down php-fpm warning, no pid file found - php-fpm is not running ?
Starting php-fpm [23-Jul-2014 01:03:40] ERROR: Unable to create the PID file (/var/run/php-fpm/php-fpm.pid).: No such file or directory (2)
[23-Jul-2014 01:03:40] ERROR: FPM initialization failed
failed

Code:

ls -lah /var/run/   
total 48K
drwxr-xr-x  25 root  root   780 Jul 23 00:55 .
drwxr-xr-x. 18 root  root  4.0K Jul 23 00:55 ..
-rw-r--r--   1 root  root     4 Jul 23 00:55 auditd.pid
drwxr-xr-x   2 avahi avahi   80 Jul 23 00:55 avahi-daemon
drwxr-xr-x   2 root  root    40 Jul 23 00:55 console
-rw-r--r--   1 root  root     4 Jul 23 00:55 crond.pid
----------   1 root  root     0 Jul 23 00:55 cron.reboot
drwxr-xr-x   2 root  root    60 Jul 23 00:55 dbus
-rw-r--r--   1 root  root     5 Jul 23 00:55 dhclient-enp0s3.pid
prw-------   1 root  root     0 Jul 23 00:55 dmeventd-client
prw-------   1 root  root     0 Jul 23 00:55 dmeventd-server
drwxr-xr-x   2 root  root    40 Jul 23 00:55 faillock
drwxr-xr-x   3 root  root   100 Jul 23 00:55 initramfs
-rw-r--r--   1 root  root     4 Jul 23 00:55 iprdump.pid
-rw-r--r--   1 root  root     4 Jul 23 00:55 iprinit.pid
-rw-r--r--   1 root  root     4 Jul 23 00:55 iprupdate.pid
-rw-------   1 root  root     5 Jul 23 00:55 lfd.pid
drwxr-xr-x   6 root  root   140 Jul 23 00:55 lock
drwxr-xr-x   3 root  root    60 Jul 23 00:55 log
drwx------   2 root  root    60 Jul 23 00:55 lvm
-rw-r--r--   1 root  root     4 Jul 23 00:55 lvmetad.pid
drwxr-xr-x   2 root  root    60 Jul 23 00:55 mount
drwxrwxr-x   2 root  root    40 Jul 23 00:55 netreport
drwxr-xr-x   2 root  root    40 Jul 23 00:55 net-snmp
drwxr-xr-x   2 root  root    80 Jul 23 00:55 NetworkManager
drwxr-xr-x   2 root  root    40 Jul 23 00:55 plymouth
drwxr-xr-x   2 root  root    40 Jul 23 00:55 ppp
drwxr-xr-x   2 root  root    40 Jul 23 00:55 saslauthd
drwxr-xr-x   2 root  root    40 Jul 23 00:55 sepermit
drwxr-xr-x   2 root  root    40 Jul 23 00:55 setrans
-rw-r--r--   1 root  root     5 Jul 23 00:55 sshd.pid
drwx------   2 root  root    40 Jul 23 00:55 svnserve
-rw-r--r--   1 root  root     4 Jul 23 00:55 syslogd.pid
drwxr-xr-x  14 root  root   320 Jul 23 01:03 systemd
drwxr-xr-x   2 root  root    60 Jul 23 00:55 tmpfiles.d
drwxr-xr-x   2 root  root    60 Jul 23 00:55 tuned
drwxr-xr-x   7 root  root   180 Jul 23 00:55 udev
drwxr-xr-x   3 root  root    60 Jul 23 01:00 user
-rw-rw-r--   1 root  utmp  1.5K Jul 23 01:00 utmp

CentOS 7.0 /var/run is linked to /run which is tmpfs ram disk based !

Code:

df -Th
Filesystem              Type      Size  Used Avail Use% Mounted on
/dev/mapper/centos-root xfs        13G  4.2G  8.9G  32% /
devtmpfs                devtmpfs  915M     0  915M   0% /dev
tmpfs                   tmpfs     921M     0  921M   0% /dev/shm
tmpfs                   tmpfs     921M  8.4M  913M   1% /run
tmpfs                   tmpfs     921M     0  921M   0% /sys/fs/cgroup
tmpfs                   tmpfs     921M     0  921M   0% /tmp
/dev/sda1               xfs       497M   96M  402M  20% /boot

Code:

ls -lah /var/run
lrwxrwxrwx. 1 root root 6 Jul  8 03:28 /var/run -> ../run

Seems the same problem happens with NSD too and /var/run/nsd directory.

Quick work around is to add a check into php-fpm and nsd init.d scripts to re-create those directories if they don't exist.

for /etc/init.d/php-fpm

Code:

if [ ! -d /var/run/php-fpm ]; then
    mkdir -p /var/run/php-fpm
    touch /var/run/php-fpm/php-fpm.pid
    chown nginx:nginx /var/run/php-fpm
    chown root:root /var/run/php-fpm/php-fpm.pid
    chmod 1755 /var/run/php-fpm
    chmod 0644 /var/run/php-fpm/php-fpm.pid
fi

for /etc/init.d/nsd

Code:

if [ ! -d /var/run/nsd/ ]; then
    mkdir -p /var/run/nsd
    chown -R nsd:nsd /var/run/nsd/
fi