officially best way to get up to date LAMP on RHEL6

Q: How do I update php, mysql, and apache on RHEL6 without breaking stuff?

A: Use the great packages from IUS!

1. set up the IUS repo

$ wget
$ wget
$ sudo rpm -Uvh ius-release*.rpm epel-release*.rpm

2. make sure you have an up to date ca-certificates bundle installed.

3. See what php packages are available: yum list | grep -w ius | grep ^php

4. The “downside” (a minor inconvenience) of the greatness of the IUS is that the packages they build provides the same things as the original outdated redhat packages, but don’t obsolete them. This is intentional, and what makes me think it is the best way to obtain a current LAMP on RHEL or CentOS. What this boils down to is that the IUS packages have different names but cannot be installed at the same time as the RedHat/CentOS packages.
This means that we must uninstall the original packages (if they are installed) before we can install the more recent IUS packages.

IUS provides a neat yum plugin called “replace”, that can be used to do this en masse for a whole bunch of packages based on a certain name. If you have the stock packages “php”, “php-devel”, “php-common” and “php-cli” installed, you can “upgrade” them to the IUS php54 equivalents with a pretty oneliner like “yum replace php –replace-with php54“! (If you want to use the plugin, first install it with: “sudo yum install yum-plugin-replace“).

5. install the IUS packages the usual way if not using the replace plugin.

In case of RHEL6, postfix (terribly outdated 2.6.6) requires mysql-libs, so you cannot install mysql55 straight away. What I did was two-steps:

# yum erase postfix
# yum install postfix php54 mysql55-server

This means that I uninstalled postfix which was dependent on mysql-libs, and then reinstalled it at the same time as php54 and mysql55. Then it uses mysql55-libs instead.

 Package          Arch      Version               Repository               Size
 mysql55          x86_64    5.5.31-1.ius.el6      ius                     9.1 M
 mysql55-server   x86_64    5.5.31-1.ius.el6      ius                     9.6 M
 php54            x86_64    5.4.16-1.ius.el6      ius                     2.7 M
 postfix          x86_64    2:2.6.6-2.2.el6_1     rhel-x86_64-server-6    2.0 M
Installing for dependencies:
 apr              x86_64    1.3.9-5.el6_2         rhel-x86_64-server-6    123 k
 apr-util         x86_64    1.3.9-3.el6_0.1       rhel-x86_64-server-6     87 k
 apr-util-ldap    x86_64    1.3.9-3.el6_0.1       rhel-x86_64-server-6     15 k
 httpd            x86_64    2.2.15-28.el6_4       rhel-x86_64-server-6    821 k
 httpd-tools      x86_64    2.2.15-28.el6_4       rhel-x86_64-server-6     73 k
 mailcap          noarch    2.1.31-2.el6          rhel-x86_64-server-6     27 k
 mysql55-libs     x86_64    5.5.31-1.ius.el6      ius                     783 k
 mysqlclient16    x86_64    5.1.61-1.ius.el6      ius                     3.8 M
 perl-DBD-MySQL   x86_64    4.013-3.el6           rhel-x86_64-server-6    134 k
 perl-DBI         x86_64    1.609-4.el6           rhel-x86_64-server-6    707 k
 php54-cli        x86_64    5.4.16-1.ius.el6      ius                     2.6 M
 php54-common     x86_64    5.4.16-1.ius.el6      ius                     894 k

Transaction Summary
Install      15 Package(s)

That’s all, folks!

Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again

Error: Cannot retrieve repository metadata (repomd.xml) for repository: epel. Please verify its path and try again

I tried installing EPEL on a fresh install of RHEL6, and after adding the repo, yum fails with the above error. I have RHEL6.1 (Santiago) and get the above error.

This happens because the RHEL/CentOS installation doesn’t trust the HTTPS certificate used by, that is issued by “GeoTrust SSL CA“.

In my case the package ca-certificates was not installed and the /etc/pki/tls/certs/ folder didn’t contain any ca-bundle.crt or !

Solution: yum install ca-certificates

(I had to temporarily rpm –erase epel-release first, to get yum working again)

I once got the same error message eventhout ca-certificates was installed and up to date. Then it was a firewall blocking https (port 443) traffic.

I worked around that by changing from https to http in /etc/yum.repos.d/epel.repo

Howto install perl modules

I often find myself trying to install (binary) packages that have dependencies to perl modules.

Because I work on varying platforms, sometimes RHEL/RedHat, CentOS, sometimes Debian based, like Ubuntu, and sometimes, less often now, but maybe I will go back again, to Gentoo. In many ways my ideal platform.

However, Perl is wicked, and the concept of perl modules in a package manager is even more crazy.

What are we going to do when we need a new version of a software (say, amavisd-new) that is not available in the distros package library?

I’m thinking, build from source and you can’t go wrong, right?

In the case of amavisd-new, these are the listed prerequisites:

Archive::Zip   (Archive-Zip-x.xx) (1.14 or later, currently 1.23)
Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later, currently 2.008)
Compress::Raw::Zlib (Compress-Raw-Zlib) (2.017 or later)
Convert::TNEF  (Convert-TNEF-x.xx)
Convert::UUlib ( (1.08 or later, stick to new versions!)
MIME::Base64   (MIME-Base64-x.xx)
MIME::Parser   (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.425)
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
Net::Server    (Net-Server-x.xx) (version 0.88 finally does setuid right)
Digest::MD5    (Digest-MD5-x.xx) (2.22 or later)
IO::Stringy    (
Time::HiRes    (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
Unix::Syslog   (
BerkeleyDB     with bdb library (preferably 4.4.20 or later)
Mail::DKIM     (Mail-DKIM-0.31 or later)

So, if I’m going to install amavisd-new, from souce, on a RHEL6 server, what do I need to do? -Well, I’ll show what I did. Not neccessarily what is the best thing to do… OK?

yum install cpan
perl -MCPAN -e shell

(going with the defaults, automatic is nice)

When I attempted to install the first module (Archive::Zip), I discovered that I did not have web access from my server, so I had to download the CPAN modules by hand. I did this by using the powerful search tool, and just pasting the package name (Archive::Zip) in the search box and then downloading the tar.gz packages one at a time.

Manual installation of 1 CPAN package:

tar zxf Archive-Zip-1.31_04.tar.gz
cd Archive-Zip-1.31_04
perl Makefile.PL
make test
sudo make install

Had I had internet connection available:

perl -MCPAN -e 'install Archive::Zip'

The beauty of CPAN installation is that it resolves dependencies automatically.

authorized_keys SELinux pubkey authentication on RHEL / CentOS

So, you have correct permissions on your home directory and all the way up to /, with no other-writable directories in the path, as well as correct permissions on the .ssh directory in $HOME, and it still doesn’t work? You probably have SELinux, and need to put the newly created files in the correct security context. Do it with restorecon like this:

chmod 700 ~/.ssh
cd ~/.ssh
chmod 600 ~/.ssh/*
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
chmod 644 ~/.ssh/config
restorecon -R -v ~/.ssh


Moved to new hosting

Hello again!

I recently had some very nice experiences with gandi simple hosting (where the story tellers guild is located), which is in effect a “hosted VPS”, that is, a hosted solution, but with a private set of apache, mysql, APC and Varnish threads. Very cool indeed.

So I’m now moving this blog to the same platform.

10 minutes of work, and all appears to be working as expected.

The steps:

  1. create the vhost(s) (with/without www.)
  2. add temp /etc/hosts entries while testing
  3. mysqldump the database (I took one of the cron-generated ones that was only an hour old)
  4. copy the files from the old DocumentRoot (put -r in sftp works in ubuntu for a recursive put, which was needed due to the amount of files)
  5. verify
  6. remove temporary /etc/hosts entry
  7. update DNS records to point to the new host

To finalize, I installed the varnish http purge plugin.
Looking forward to seeing the impact on performance in google webmaster tools.

Get rid of fruit flies!

Have you ever forgotten a tomato in a window, or perhaps a banana skid in a not-so-well-closed container? Has it resulted in a family of fruit flies? (Also called vinegar flies)?

Do you want to get rid of them? Here’s how…

1. take away everything they can eat and lay their eggs in. This is important, since the females can produce up to 1000 eggs each day, and it takes only a week for them to hatch.

2. take a glass or metal container you don’t love that much – this will be their graveyard

3. add 2 part of something sweet, for instance honey or syrup

4. add 1 part of vinegar (guess why they’re called vinegar flies?)

5. add 1 or 2 parts of water, and make sure everything blends well.

6. Place it near the flies to see if they’re interested in the treat. The purpose is to mimic the smell of old/ripe fruit, where they prefer to lay their eggs and breed.

7. Finally, add a drop or two of washing-up liquid. This will get rid of the surface tension, making a nasty surprise for the flies when they try to land on the drink you prepared for them. They will sink to the bottom and drown.

8. wait and enjoy the show. Silly flies.


db2 SQL2036N and SQL1652N

When performing the db2move load -lo replace to continue the “restore” from my previous post, I failed once more, this time with first SQLSTATE SQL2036N, “The path for the file or device path/device is not valid.”, and later (after chmod o+x on the directory), SQLSTATE SQL1652N, “File I/O error occurred”.

Why does IBM write this kind of misleading error messages? What’s wrong with a simple ENOPERM, ENOENT, “Permission Denied”, or “No such file or directory” message?

I am logged in as user ‘root‘, but the db2move command simply seem to tell another DB2 process to load the import files, and this is probably a privilege separated process that can’t open the directory containing my *.ixf files.

So, chmod o+x on the directory to the rescue! (Solved the SQL2036N) – Only to have it fail with another error when it is the actual files that cannot be opened by the unprivileged user.

chmod o+r on the files to the rescue, then! 🙂 (Solved the SQL1652N).

Yes, both these error messages were due to the fact that the files were not readable by anyone but root. Hope this helps someone! (Feel free to investigate the advertisements if you find any of my tips useful!) Nudge, nudge, know what I mean, know what I mean? 🙂

db2 SQLSTATE 57019 because of BACKUP PENDING

I created a new db2 database, updated LOGARCHMETH1, LOGFILSIZ and some other things, then tried to import data created with db2move and db2look with a command like this:

db2 -tvf filename.dat

It failed, with SQLSTATE=57019, because of BACKUP PENDING.

I didn’t feel like performing a backup on an empty database, so I did this to solve the problem:

db2dart databasename /CHST /WHAT DBBP off

where “databasename” was obviously the name of my database. This successfully changed the state of the DB Backup Pending flag to “off”, which allowed me to do my import! Yay!

(Re)discover new LUN in linux without rebooting

Note to self… Has 1 disk (/dev/sda) and want to “find” newly added disk (/dev/sdb) without reboot:

echo 'scsi add-single-device 0 0 1 0' > /proc/scsi/scsi

The first “0” is the controller, next “0” is the SCSI channel, the “1” is the target ID, and the last “0” the H-LUN.

After repartitioning with fdisk, the kernel remembers the old partition table, so remove the device and add it again to refresh it:

echo 'scsi remove-single-device 0 0 1 0' > /proc/scsi/scsi
echo 'scsi add-single-device 0 0 1 0' > /proc/scsi/scsi

0x800704CF when restoring a windows system image?

Windows 7 has really nice backup and recovery features. However, they are not as well worked out as the day-to-day windows features, and, hence, lacking in user-friendliness.

I struggled quite some time before I realised the error message 0x800704CF was due to the network chip driver not being loaded. What I had to do to be able to restore the system image over the network, was to first load the network driver from the CD-Rom that came with the motherboard.

What really fooled me the most was the authentication dialog probing for network credentials popping up. Why ask if you don’t have access to the network?

For my new Asus P8Z68-V Pro motherboard, to load the network driver, I had to browse to E:\Drivers\LAN\APPS\SETUP\SETUPBD\Winx64\, and instead of double-clicking on an INF or SYS file, I had to launch the program:


by means of a right click on the SetupBD Application, and then selecting “Run As Administrator”.