How to , and other stuff about linux, photo, php … Another blog just like others on internet

April 25, 2018

apparmor=”DENIED” operation=”open” profile=”/usr/sbin/mysqld”

Filed under: Linux — Tags: , , — admin @ 12:07 pm

Today try to move the path of mysql to new one , because on ec2 I was left without space.

Well I have stopped the mysqld copy files modity the my.cnf with new datadir but when try to start .. well didn’t started .. After a little dmesg search see that on ubuntu is apparmor .

Try to make alias into file /etc/mysql/mysql.conf.d/mysqld.cnf  but didn’t resolve the problem

Find out that you have to edit also /etc/apparmor.d/usr.sbin.mysqld

and add

/db/data/mysql r

/db/data/mysql** rwk

After this mysqld started with new path.

March 12, 2018

Amazon ec2 ami certbot-auto problem

Filed under: Linux — Tags: , , , , , , — admin @ 11:15 am

Today tried to renew some ssl and surprise

 

certbot-auto renew
Error: couldn’t get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 7, in <module>
from certbot.main import main
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py”, line 10, in <module>
import josepy as jose
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py”, line 41, in <module>
from josepy.interfaces import JSONDeSerializable
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py”, line 8, in <module>
from josepy import errors, util
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py”, line 4, in <module>
import OpenSSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py”, line 8, in <module>
from OpenSSL import rand, crypto, SSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py”, line 12, in <module>
from OpenSSL._util import (
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py”, line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

 

Well tryied everything

rm -rf /opt/eff.org    ( didn’t worked for me )

Reinstalled same problem.

The only solution was this found on a comment on github

$ unset PYTHON_INSTALL_LAYOUT
$ /opt/eff.org/certbot/venv/local/bin/pip install –upgrade certbot
$ /opt/eff.org/certbot/venv/local/bin/certbot –help

 

 

 

February 6, 2018

Prevent SSL redirect loop using WordPress and HAProxy

Filed under: Linux — Tags: , , , , — admin @ 11:21 am

I do have a haproxy that is serving the ssl frontend and the apache is on 80 port.  But the wordpress see the 80 port and is not forcing to use the ssl as links for css/js

So to force wordpress to generate ssl internal links you need to add this into wp-config.php

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
  $_SERVER['HTTPS']='on';


Offcourse on the haproxy you need to have

reqadd X-Forwarded-Proto:\ https

 

December 11, 2017

Redis can’t save in background

Filed under: Linux — Tags: , , — admin @ 10:53 am

Well I see something in log

[3765] 30 Jan 11:31:10 * 1 changes in 900 seconds. Saving…
[3765] 30 Jan 11:31:10 # Can’t save in background: fork: Cannot allocate memory

To fix this redis error you need to

echo 1 > /proc/sys/vm/overcommit_memory sysctl vm.overcommit_memory=1

 

December 8, 2017

centos 7 systemctl restart httpd or other service take long time

Filed under: Linux — Tags: , , , — admin @ 12:47 pm

Well on centos 7 I notice that when I run systemctl restart httpd sometime take a lot of time  to restart it .

After some search I found out that there is a TimeoutStopSec variable that do something like this

“Configures the time to wait for stop. If a service is asked to stop, but does not terminate in the specified time, it will be terminated forcibly via SIGTERM, and after another timeout of equal duration with SIGKILL (see KillMode= in systemd.kill(5)). Takes a unit-less value in seconds, or a time span value such as “5min 20s”. Pass “infinity” to disable the timeout logic. Defaults to DefaultTimeoutStopSec= from the manager configuration file”

So I modify the

/usr/lib/systemd/system/httpd.service and added the

TimeoutStopSec=5

Into it

You need to run systemctl daemon-reload after modify that file

[Service]

TimeoutStopSec=5

Older Posts »

Powered by WordPress