Question: How to install Apache and configure Apache httpd to run as a service?
Installing the Apache package
If you have the apache package downloaded, you can install it using rpm command as root user.
# rpm -ivh httpd
If you have yum repository configured, use the recommended way of installing Apache httpd, i.e. with “yum install” command.
# yum install httpd
Installing httpd as a service
Enable the http service on startup with the below command. This will enable it for runlevels 2,3,4 & 5 :
# chkconfig httpd on
To start the httpd service :
# service httpd start
For RHEL 7
With RHEL 7 you use the systemctl command to enable the service:
# systemctl enable httpd.service
With RHEL 7 you use the systemctl command to start the service:
# systemctl start httpd.service
yum-cron is an optional package starting from Red Hat Enterprise Linux 6, this is a plugin for yum. From man page of yum-cron :
The yum-cron package provides a convenient way to check for, download and apply updates automatically. The cron jobs from the yum-cron package are active immediately after installing the package and there’s no extra configuration necessary. The job will be run when your normal daily cron jobs are set to run.
To install yum-cron package
# yum -y install yum-cron # chkconfig yum-cron on
Configuration for RHEL 6
To exclude packages using yum-cron edit the /etc/sysconfig/yum-cron to have the packeges to be excluded in the automatic uodate :
To start yum-cron service after editing configuration file.
# service yum-cron start
Configuration for RHEL 7
To exclude packages using yum-cron edit the /etc/yum/yum-cron.conf to have the packeges to be excluded in the automatic uodate :
In RHEL 7 you can use following options in yum-cron configuration file, to install security updates.
[commands] # What kind of update to use: # default = yum upgrade # security = yum --security upgrade # security-severity:Critical = yum --sec-severity=Critical upgrade # minimal = yum --bugfix upgrade-minimal # minimal-security = yum --security upgrade-minimal # minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal update_cmd = default
To start yum-cron service after editing configuration file.
# systemctl start yum-cron
Question: How to open a port in RHEL 7 using the firewall-cmd command?
To begin with check the firewalld status using the systemctl command :
# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2016-10-29 21:47:04 IST; 1 weeks 4 days ago Main PID: 1055 (firewalld) CGroup: /system.slice/firewalld.service └─1055 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Oct 29 21:46:50 localhost.localdomain systemd: Starting firewalld - dynamic firewall daemon... Oct 29 21:47:04 localhost.localdomain systemd: Started firewalld - dynamic firewall daemon.
Execute these commands to add a port to the firewall:
The command below will open the port effective immediately, but will not persist across reboots:
# firewall-cmd --add-port=[YOUR PORT]/tcp
For example, to open TCP port 2222 :
# firewall-cmd --add-port=2222/tcp
The following command will create a persistent rule, but will not be put into effect immediately:
# firewall-cmd --permanent --add-port=[YOUR PORT]/tcp
For Example, to open TCP port 2222 :
# firewall-cmd --permanent --add-port=2222/tcp
By default, RHEL 7 uses the FirewallD service to provide network security. FirewallD must be stopped and disabled when using the iptables service:
# systemctl stop firewalld.service # systemctl disable firewalld.service
# systemctl enable iptables.service # systemctl start iptables.service
The iptables service is now provided by a separate package called
# yum info iptables-services Name : iptables-services Arch : x86_64 Version : 1.4.21 Release : 13.el7 Size : 23 k Repo : installed From repo : anaconda Summary : iptables and ip6tables services for iptables URL : http://www.netfilter.org/ License : GPLv2 Description : iptables services for IPv4 and IPv6 : : This package provides the services iptables and ip6tables that have been split : out of the base package since they are not active by default anymore.
The iptables-services package may need to be installed 1st:
# systemctl -a|grep iptables ● iptables.service not-found inactive dead iptables.service
Stop and disable the firewalld service first.
# systemctl stop firewalld.service # systemctl disable firewalld.service Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
If you try to enable the iptables service, it would fail.
# systemctl enable iptables.service Failed to execute operation: No such file or directory
Install the iptables-services package.
# yum install iptables-services -y
Enable the iptables service :
# systemctl enable iptables.service Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
Start the iptables service :
# systemctl start iptables.service #
When trying to start/enable the iptables daemon you receive the errors:
# systemctl enable iptables Failed to issue method call: Access denied
# systemctl start iptables Failed to start iptables.service: Unit iptables.service failed to load: No such file or directory.
Starting with RHEL 7, firewalld is introduced and by default the iptables package is not installed on the system. This is done to avoid conflict in running both iptables and firewalld.
Make sure you have the
The package “iptables-services” needs to be installed before you are able to start the service.
# yum install iptables-services
Question : I cannot reach my Samba server after starting the service. How do I open the port to be able to connect to my Samba server?
If running FirewallD, it is mandatory to open the ports used by the Samba server in order for it to properly accept clients. To begin with check the firewalld status using the systemctl command :
# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active:
active (running)since Sat 2016-10-29 21:47:04 IST; 1 weeks 4 days ago Main PID: 1055 (firewalld) CGroup: /system.slice/firewalld.service └─1055 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Oct 29 21:46:50 localhost.localdomain systemd: Starting firewalld - dynamic firewall daemon... Oct 29 21:47:04 localhost.localdomain systemd: Started firewalld - dynamic firewall daemon./pre>
# firewall-cmd --list-ports # firewall-cmd --list-services
Once you have confirmed that the samba ports are not open on the system, open the Samba port using the following FirewallD command:
# firewall-cmd --add-service=samba
The above command will change the runtime, opening the port temporarily. Make the changes permanent using the following command (this will persist through reboot):
# firewall-cmd --add-service=samba --permanent
To verify if the samba service is added to the firewalld use :
# firewall-cmd --list-services dhcpv6-client
As you can see samba service is now added to the firewall and samba ports are now open.
Question : My system is taking a lot of time to boot. How can I find out which services are taking long time to start?
systemd-analyze command can be utilized to find out information about how much each service took to start.
# systemd-analyze time Startup finished in 1.267s (kernel) + 6.798s (initrd) + 1min 2.139s (userspace) = 1min 10.205s
To find out, how much time each unit took to start, run systemd-analyze blame.
# systemd-analyze blame 24.728s dev-mapper-centos\x2droot.device 15.135s kdump.service 14.670s plymouth-quit-wait.service 14.210s firewalld.service 9.835s accounts-daemon.service 7.383s ModemManager.service 7.259s libvirtd.service 7.257s systemd-logind.service 7.177s ksm.service 7.081s gssproxy.service 7.067s avahi-daemon.service 7.062s rsyslog.service 7.039s abrt-ccpp.service
As you see the output is sorted according to the time taken by each unit, you can easily find out which service is taking more time during booting and can dig down deeper to analyze the issue.
At certain steps, the boot cannot proceed until all dependencies for unit are satisfied. To see units at these critical points run systemd-analyze critical-chain.
# systemd-analyze critical-chain The time after the unit is active or started is printed after the "@" character. The time the unit takes to start is printed after the "+" character. graphical.target @1min 2.102s └─multi-user.target @1min 2.102s └─abrt-vmcore.service @1min 1.228s +872ms └─kdump.service @46.090s +15.135s └─remote-fs.target @46.086s └─remote-fs-pre.target @46.083s └─iscsi-shutdown.service @45.951s +99ms └─network.target @45.944s └─network.service @44.959s +975ms └─NetworkManager.service @38.653s +689ms └─firewalld.service @24.439s +14.210s └─basic.target @23.850s └─sockets.target @23.849s └─cups.socket @23.847s └─sysinit.target @23.618s └─systemd-update-utmp.service @23.603s +13ms └─auditd.service @22.959s +643ms └─systemd-tmpfiles-setup.service @22.726s +230ms └─rhel-import-state.service @22.431s +294ms └─local-fs.target @22.428s └─boot.mount @19.675s +2.126s └─dev-disk-by\x2duuid-7de2053c\x2d44d7\x2d4f33\x2db522\x2d81dee2f6b69b.device @19.652s
SVG graphic image can be plot which contains detailing about system services start time, highlighting the time they spent on initialization. Make sure you have enabled graphical display mode or have x-windows enabled in order to see the plot.
# systemd-analyze plot > plot.svg # eog plot.svg
Here is a snip from sample plot on my CentOS 7 machine. Zoom in to check the waterfall clearly.
Systemd has replaced sysVinit as the default service manager in RHEL 7. Some of the sysVinit commands have been symlinked to their RHEL 7 counterparts, however this will eventually be deprecated in favor of the standard systemd commands in the future.
SysVinit V/s systemd runlevels
Here is a comparison between SysVinit runlevels V/s systemd targets.
|Sysvinit Runlevel||Systemd Target||Function|
|0||runlevel0.target, poweroff.target||System halt/shutdown|
|1, s, single||runlevel1.target, rescue.target||Single-user mode|
|2, 4||runlevel2.target, runlevel4.target, multi-user.target||User-defined/Site-specific runlevels. By default, identical to 3.|
|3||runlevel3.target, multi-user.target||Multi-user, non-graphical mode, text console only|
|5||runlevel5.target, graphical.target||Multi-user, graphical mode|
Changing runlevels with systemd
The runlevel target can be changed by using the systemctl isolate command :
# systemctl isolate multi-user.target
To view what targets are available you can issue the list-units option with the type target
# systemctl list-units --type=target
Run level 3 is emulated by multi-user.target. This is done by symbolic link and can be used interchangeably
# systemctl isolate multi-user.target # systemctl isolate runlevel3.target # ls -l /usr/lib/systemd/system/runlevel3.target lrwxrwxrwx 1 root root 17 Oct 18 11:41 /usr/lib/systemd/system/runlevel3.target -> multi-user.target
Run level 5 is emulated by graphical.target. This is also done by symbolic link and can be used interchangeably
# systemctl isolate graphical.target # systemctl isolate runlevel5.target # ls -l /usr/lib/systemd/system/runlevel5.target lrwxrwxrwx 1 root root 16 Oct 18 11:41 /usr/lib/systemd/system/runlevel5.target -> graphical.target
Changing the default runlevel
The default runlevel can be changed by using the set-default option.
# systemctl set-default multi-user.target
To get the currently set default, you can use the get-default option.
# systemctl get-default
The default runlevel in systemd can also be set using the below method (not recommended though).
# ln -sf /lib/systemd/system/
The default target can also be set in the kernel line during boot by adding the following option :
ifconfig is missing in the Minimal Install of Red Hat Enterprise Linux 7 (RHEL 7):
# ifconfig -bash: ifconfig: command not found
In 2009, Red Hat decided to deprecate ifconfig as the default command line network interface management utility, because the “net-tools” package (which provides ifconfig) did not support InfiniBand addresses (commonly used interconnect in high-performance computing applications). InfiniBand addresses were too big for ifconfig to display; therefore, it was necessary to deprecate ifconfig and to find a tool that could display long InfiniBand addresses.
You can still install net-tools package to get the ifconfig command working. The following command will install “net-tools” on your system:
# yum install net-tools
Alternatives to ifconfig
Use ip addr to see the IP addresses of your networking devices:
# ip addr 1: lo:
mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777736: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:45:e9:ae brd ff:ff:ff:ff:ff:ff inet 192.168.1.107/24 brd 192.168.1.255 scope global dynamic eno16777736 valid_lft 86349sec preferred_lft 86349sec inet6 fe80::20c:29ff:fe45:e9ae/64 scope link valid_lft forever preferred_lft forever
Use the command nmcli d show (NetworkManager Command Line Interface, device, show) to see more in-depth information about your networking devices:
# nmcli d show GENERAL.DEVICE: eno16777736 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:45:E9:AE GENERAL.MTU: 1500 GENERAL.STATE: 100 (connected) GENERAL.CONNECTION: eno16777736 GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/3 WIRED-PROPERTIES.CARRIER: on IP4.ADDRESS: 192.168.1.107/24 IP4.GATEWAY: 192.168.1.1 IP4.DNS: 184.108.40.206 IP4.DNS: 220.127.116.11 IP6.ADDRESS: fe80::20c:29ff:fe45:e9ae/64 IP6.GATEWAY: GENERAL.DEVICE: lo GENERAL.TYPE: loopback GENERAL.HWADDR: 00:00:00:00:00:00 GENERAL.MTU: 65536 GENERAL.STATE: 10 (unmanaged) GENERAL.CONNECTION: -- GENERAL.CON-PATH: -- IP4.ADDRESS: 127.0.0.1/8 IP4.GATEWAY: IP6.ADDRESS: ::1/128 IP6.GATEWAY:
With SysV init, by default, getty processes are started on the first six virtual consoles. They can be accessed with the Ctrl+Alt+F1 to Ctrl+Alt+F6 key combination. systemd starts the getty processes only when needed. That means, only after you change to, for instance, the second virtual terminal by pressing Ctrl+Alt+F2 is the getty process started in that terminal.
Systemd provides a template unit file for serial getty. Template file can be found here
1. First copy the template:
# cp /usr/lib/systemd/system/serial-getty@.service [email protected]
2. Then edit the file and modify the agetty line:
[Service] ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 %I $TERM <-- Change this parameter Type=idle
3. Create a symlink:
# ln -s [email protected] /etc/systemd/system/getty.target.wants/
4. Reload the daemon and start the service: