How to install, update or delete font in Linux

Sometimes we need some extra fonts for creative work. Font installing is a very simple process. Follow the following step to install Fonts.

 

Step 1: Download or Arrange Font 

 Keep your font file ready. In my case, I download the font file from the internet. It's Zip File so extract it using Unzip Command.

Step 2: Install the Fonts

    In Linux, font binaries  are located either in system directory /user/share/fonts/ or user local font directory which is ~/.local/share/fonts/.

 I prefer ~/.local/share/fonts/ directory because I did not want this font available to other users.

When I check ~/.local/share directory fonts directory is not available so first I create it.

[yogesh@lap ~]$ mkdir  ~/.local/share/fonts

Move  Downloaded File to this fonts directory.

[yogesh@lap Downloads]$ mv Anurati_Free_Font.zip ~/.local/share/fonts/

Then I extract it using unzip command

[yogesh@lap fonts]$ unzip Anurati_Free_Font.zip 

Step 3: Clear and Regenerate Your font Cache

Next, Clear and regenerate your fonts cache using the following command.

[yogesh@lap fonts]$ fc-cache -f -v

Step 5: Verify the Installation

Confirm that the fonts are installed by displaying the paths and style definitions with the fc-list executable filtered on the font family name with grep

[yogesh@lap fonts]$ fc-list | grep -i Anurati
/home/yogesh/.local/share/fonts/ANURATI Free Font/Anurati-Regular.otf: Anurati:style=Regular

Now you  can open office and check your font.

CentOS 8 or RedHat 8 : docker run give error - docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.

After successful installation when i Try to test docker installation with sample container it give following error

[yogesh@devBase ~]$ systemctl start docker
[yogesh@devBase ~]$ docker run test
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.

Solution
Step 1 : Check docker group

[yogesh@devBase ~]$ cat /etc/group

docker:x:970:

if docker group does not exist create it

Step 2 : Add user to docker group

[yogesh@devBase ~]$ sudo usermod -aG docker ${USER}

Step 3 : Above two step not solved the problem now check /lib/systemd/system/docker.socket file.

[yogesh@devBase ~]$ ls -l /lib/systemd/system/docker.socket 
-rw-r--r--. 1 root root 197 Mar 11 06:56 /lib/systemd/system/docker.socket

if user and group of this file is root then change group to docker.

[yogesh@devBase ~]$ sudo chgrp docker /lib/systemd/system/docker.socket 
[sudo] password for yogesh: 
[yogesh@devBase ~]$ 

Step 4 : Give permission to group
[yogesh@devBase ~]$ sudo chmod g+w /lib/systemd/system/docker.socket
Step 5 : open new terminal and restart docker. now run docker run hello-world its working perfectly.

[yogesh@devBase ~]$ ls -l /lib/systemd/system/docker.socket 
-rw-rw-r--. 1 root docker 197 Mar 11 06:56 /lib/systemd/system/docker.socket

RedHat 8 or CentOS 8 : Docker Installation fails with Error : package docker-ce-3:19.03.8-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed

I have decided to use docker for ease of development of my application. when i installed according to docker documentation it fails and give following error.

[yogesh@devBase ~]$ sudo dnf install docker-ce docker-ce-cli containerd.io
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:00:26 ago on Wed 22 Apr 2020 09:21:50 PM IST.
Error: 
 Problem: package docker-ce-3:19.03.8-3.el7.x86_64 requires containerd.io >= 1.2.2-3, but none of the providers can be installed
  - cannot install the best candidate for the job
  - package containerd.io-1.2.10-3.2.el7.x86_64 is excluded
  - package containerd.io-1.2.13-3.1.el7.x86_64 is excluded
  - package containerd.io-1.2.2-3.3.el7.x86_64 is excluded
  - package containerd.io-1.2.2-3.el7.x86_64 is excluded
  - package containerd.io-1.2.4-3.1.el7.x86_64 is excluded
  - package containerd.io-1.2.5-3.1.el7.x86_64 is excluded
  - package containerd.io-1.2.6-3.3.el7.x86_64 is excluded
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages)

Solution
To resolve above error first install containerd.io.

[yogesh@devBase ~]$ sudo dnf install https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.13-3.1.el7.x86_64.rpm
[sudo] password for yogesh: 
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:07:11 ago on Wed 22 Apr 2020 09:21:50 PM IST.
containerd.io-1.2.13-3.1.el7.x86_64.rpm                                                                                22 kB/s |  23 MB     17:46    
Dependencies resolved.
======================================================================================================================================================
 Package                              Architecture                  Version                                 Repository                           Size
======================================================================================================================================================
Installing:
 containerd.io                        x86_64                        1.2.13-3.1.el7                          @commandline                         23 M
     replacing  runc.x86_64 1.0.0-64.rc9.module_el8.1.0+298+41f9343a

Transaction Summary
======================================================================================================================================================
Install  1 Package

Total size: 23 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                              1/1 
  Installing       : containerd.io-1.2.13-3.1.el7.x86_64                                                                                          1/2 
  Running scriptlet: containerd.io-1.2.13-3.1.el7.x86_64                                                                                          1/2 
  Obsoleting       : runc-1.0.0-64.rc9.module_el8.1.0+298+41f9343a.x86_64                                                                         2/2 
  Running scriptlet: runc-1.0.0-64.rc9.module_el8.1.0+298+41f9343a.x86_64                                                                         2/2 
  Verifying        : containerd.io-1.2.13-3.1.el7.x86_64                                                                                          1/2 
  Verifying        : runc-1.0.0-64.rc9.module_el8.1.0+298+41f9343a.x86_64                                                                         2/2 
Installed products updated.

Installed:
  containerd.io-1.2.13-3.1.el7.x86_64                                                                                                                 

Complete!

Once containerd.io install now install docker-ce and docker-ce-cli.

[yogesh@devBase ~]$ sudo dnf install docker-ce docker-ce-cli
[sudo] password for yogesh: 
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
CentOS-8 - AppStream                                                                                                  4.7 kB/s | 4.3 kB     00:00    
CentOS-8 - Base                                                                                                       1.1 kB/s | 3.8 kB     00:03    
CentOS-8 - cr                                                                                                         2.4 kB/s | 3.0 kB     00:01    
CentOS-8 - Extras                                                                                                     1.7 kB/s | 1.5 kB     00:00    
CentOS-8 - PowerTools                                                                                                 2.2 kB/s | 4.3 kB     00:01    
CentOS-8 - Plus                                                                                                       2.7 kB/s | 3.0 kB     00:01    
CentOS-8 - fasttrack                                                                                                  2.7 kB/s | 3.0 kB     00:01    
Amazon Corretto                                                                                                       1.5 kB/s | 2.9 kB     00:01    
Docker CE Stable - x86_64                                                                                             3.1 kB/s | 3.5 kB     00:01    
ELRepo.org Community Enterprise Linux Repository - el8                                                                1.0 kB/s | 2.9 kB     00:02    
ELRepo.org Community Enterprise Linux Repository - el8                                                                 23 kB/s | 147 kB     00:06    
ELRepo.org Community Enterprise Linux Kernel Repository - el8                                                         2.0 kB/s | 2.9 kB     00:01    
ELRepo.org Community Enterprise Linux Kernel Repository - el8                                                          30 kB/s | 939 kB     00:31    
ELRepo.org Community Enterprise Linux Extras Repository - el8                                                         1.8 kB/s | 2.9 kB     00:01    
ELRepo.org Community Enterprise Linux Extras Repository - el8                                                          12 kB/s |  31 kB     00:02    
Extra Packages for Enterprise Linux Modular 8 - x86_64                                                                3.1 kB/s | 9.8 kB     00:03    
Extra Packages for Enterprise Linux 8 - x86_64                                                                        5.8 kB/s | 3.1 kB     00:00    
Extra Packages for Enterprise Linux 8 - x86_64                                                                        9.9 kB/s | 6.4 MB     11:01    
google-chrome                                                                                                         3.5 kB/s | 1.3 kB     00:00    
google-chrome                                                                                                         4.9 kB/s | 3.5 kB     00:00    
RPM Fusion for EL 8 - Free - Updates                                                                                  1.9 kB/s | 3.7 kB     00:01    
RPM Fusion for EL 8 - Nonfree - Updates                                                                               3.8 kB/s | 3.7 kB     00:00    
Dependencies resolved.
======================================================================================================================================================
 Package                             Architecture                 Version                                Repository                              Size
======================================================================================================================================================
Installing:
 docker-ce                           x86_64                       3:19.03.8-3.el7                        docker-ce-stable                        25 M
 docker-ce-cli                       x86_64                       1:19.03.8-3.el7                        docker-ce-stable                        40 M
Installing dependencies:
 libcgroup                           x86_64                       0.41-19.el8                            BaseOS                                  70 k

Transaction Summary
======================================================================================================================================================
Install  3 Packages

Total size: 64 M
Total download size: 64 M
Installed size: 273 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] libcgroup-0.41-19.el8.x86_64.rpm: Already downloaded                                                                                       
[MIRROR] docker-ce-19.03.8-3.el7.x86_64.rpm: Curl error (28): Timeout was reached for https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-19.03.8-3.el7.x86_64.rpm [Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds]
(2/3): docker-ce-cli-19.03.8-3.el7.x86_64.rpm                                                                          37 kB/s |  40 MB     18:14    
(3/3): docker-ce-19.03.8-3.el7.x86_64.rpm                                                                              16 kB/s |  25 MB     25:21    
------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                  43 kB/s |  64 MB     25:21     
warning: /var/cache/dnf/docker-ce-stable-091d8a9c23201250/packages/docker-ce-19.03.8-3.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY
Docker CE Stable - x86_64                                                                                             3.5 kB/s | 1.6 kB     00:00    
Importing GPG key 0x621E9F35:
 Userid     : "Docker Release (CE rpm) <docker@docker.com>"
 Fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35
 From       : https://download.docker.com/linux/centos/gpg
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                              1/1 
  Installing       : docker-ce-cli-1:19.03.8-3.el7.x86_64                                                                                         1/3 
  Running scriptlet: docker-ce-cli-1:19.03.8-3.el7.x86_64                                                                                         1/3 
  Running scriptlet: libcgroup-0.41-19.el8.x86_64                                                                                                 2/3 
  Installing       : libcgroup-0.41-19.el8.x86_64                                                                                                 2/3 
  Running scriptlet: libcgroup-0.41-19.el8.x86_64                                                                                                 2/3 
  Installing       : docker-ce-3:19.03.8-3.el7.x86_64                                                                                             3/3 
  Running scriptlet: docker-ce-3:19.03.8-3.el7.x86_64                                                                                             3/3 
  Verifying        : libcgroup-0.41-19.el8.x86_64                                                                                                 1/3 
  Verifying        : docker-ce-3:19.03.8-3.el7.x86_64                                                                                             2/3 
  Verifying        : docker-ce-cli-1:19.03.8-3.el7.x86_64                                                                                         3/3 
Installed products updated.

Installed:
  docker-ce-3:19.03.8-3.el7.x86_64                 docker-ce-cli-1:19.03.8-3.el7.x86_64                 libcgroup-0.41-19.el8.x86_64                

Complete!
[yogesh@devBase ~]$ docker --help

Usage: docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/home/yogesh/.docker")
  -c, --context string     Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with
                           "docker context use")
  -D, --debug              Enable debug mode
  -H, --host list          Daemon socket(s) to connect to
  -l, --log-level string   Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/home/yogesh/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/home/yogesh/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/home/yogesh/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  builder     Manage builds
  config      Manage Docker configs
  container   Manage containers
  context     Manage contexts
  engine      Manage the docker engine
  image       Manage images
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  trust       Manage trust on Docker images
  volume      Manage volumes

Commands:
  attach      Attach local standard input, output, and error streams to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  deploy      Deploy a new stack or update an existing stack
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.
[yogesh@devBase ~]$ docker --version
Docker version 19.03.8, build afacb8b
[yogesh@devBase ~]$ 

Docker install successfully.

Question : How do I open my application with the Launcher app file .desktop

I've a problem with the application Oracle SQL Developer, I can only run it going to the terminal and only with the sudo command. My file is there : /usr/local/bin/sqldeveloper and to open it I have to do sudo sqldeveloper.

Now here is the code of my launcher app :

$ cat /usr/share/applications/Oracle-sqldeveloper.desktop 
[Desktop Entry]
Type=Application
Name=Oracle SQL Developer
Exec=sqldeveloper
Icon=/opt/sqldeveloper/icon.png
Terminal=false >> ~/.local/share/applications/sqldeveloper.desktop

I've already tried to put the full path in the Exec row but nothing, the app doesn't launch, there's the icon in the toolbar few second and it disappears.

Solutions

I also faced same issue, googled lot but nothing got helpful.. BTW I solved this problem by adding absolute path in /usr/share/applications/Oracle-sqldeveloper.desktop. If you want to run sqldeveloper from applications>programming menu then you need to edit your Oracle-sqldeveloper.desktop file. add absolute path which is Exec=/opt/sqldeveloper/sqldeveloper/bin/sqldeveloper in my case also change Terminal=true which show you other problem like java home etc, if java related issue then set according to terminal instruction after that change Terminal=false

 $ sudo vim /usr/share/applications/Oracle-sqldeveloper.desktop

    [Desktop Entry]
    Encoding=UTF-8
    Name=SQL Developer
    Comment=Oracle SQL Developer
    Icon=/opt/sqldeveloper/icon.png
    Exec=/opt/sqldeveloper/sqldeveloper/bin/sqldeveloper
    Terminal=true
    Type=Application
    X-Desktop-File-Install-Version=0.23
    Categories=X-Red-Hat-Extra;Application;Development;

 

Deinstallation of Oracle Database

deinstall stop the oracle software and remove it, including data files and recovery files.

deinstall utility exist in ORACLE_HOME/deinstall directory.

$ [oracle@devBase deinstall]$ pwd
/u01/app/oracle/product/19.3.0/dbhome_1/deinstall

Steps involved in deintallation of Oracle Software and data files.

Step 1 Backup all the data files.

Step 2 Switch into deinstall directory.

Step 3 Enter following command

$ [oracle@devBase deinstall]$ ./deinstall 

It start deinstallation process

Note : On CentOS 8 / RedHat 8 deinstalltion utility stop by throwing an error.

[oracle@devBase deinstall]$ ./deinstall
Checking for required files and bootstrapping ...
Please wait ...
Location of logs /tmp/deinstall2020-02-09_07-19-33AM/logs/

############ ORACLE DECONFIG TOOL START ############


######################### DECONFIG CHECK OPERATION START #########################
## [START] Install check configuration ##


Checking for existence of the Oracle home location /u01/app/oracle/product/19.3.0/dbhome_1
Oracle Home type selected for deinstall is: Oracle Single Instance Database
Oracle Base selected for deinstall is: /u01/app/oracle
Checking for existence of central inventory location /u01/app/oraInventory
ERROR: null

To solve this change CentOS / RedHat version temporarily by entering following command.

[oracle@devBase deinstall]$ export CV_ASSUME_DISTID=RHEL7.6

After that you can successfully execute deinstall utility.

You can also use various flags with deinstall such as -checkonly, -help etc. For complete information on options click here

Deep Dive : firewalld in CentOS 8 / CentOS 7 / RedHat 7 / RedHat 8

Introduction
firewalld (firewall demaon)  is firewall management tool to manage firewall. it is frontend controller for iptables. it is used to implement persistence traffic rules.

It is available in Command Line as well as Graphical Interface.

Note : It is not replacement of iptables, while it is wrapper of iptables, and  provide flexibility to manage iptables.

firewalld architecture

Installing and Managing firewalld

By default firewalld included with CentOS 8 / Redhat 8 / CentOS 7 / RedHat 7,but if it is not installed then we can installed it by following yum / dnf command.

$ sudo yum -y install firewalld

firewalld have two tools
1. Graphical -> firewall-config
2. Command Line -> firewall-cmd


Difference between ip*tables and firewalld

iptables stores configuration in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables while firewalld store it in various xml files  in /usr/lib/firewalld/ and /etc/firewalld/


with iptables service, every single change means flusing all the old rule and reading all new rule from /etc/sysconfig/iptables,while with firewalld there is no recreating of all the rules.


To Start the firewalld

 

$ sudo systemctl start firewalld

To enable firewalld - enable firewalld at boot time

$ sudo systemctl enable firewalld

To Stop and disable firewalld

$ sudo systemctl stop firewalld
$ sudo systemctl disable firewalld

To Check firewalld status 

$ firewall-cmd --state
running

To view status of firewall daemon

$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

   Active: active (running) since Tue 2018-01-02 10:27:26 IST; 1 day 2h ago

     Docs: man:firewalld(1)

 Main PID: 1081 (firewalld)

   CGroup: /system.slice/firewalld.service

           └─1081 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid



Jan 02 10:27:26 dev.driveo.in systemd[1]: Starting firewalld - dynamic firewall daemon...

Jan 02 10:27:26 dev.driveo.in systemd[1]: Started firewalld - dynamic firewall daemon.

Hint: Some lines were ellipsized, use -l to show in full.

To reload firewall configuration

$ firewall-cmd --reload

Configuration of firewalld

firewalld is configured with xml files.

configuration files are located in two directories :

• /usr/lib/firewalld - hold default configuration , like default zones and common services. Avoid updating them because these files are updated each time when firewalld package update
• /etc/firewalld - hold system configuration file. these file overwritten default configuration.

Configuration set

firewalld has two configuration sets : runtime and permanent.

runtime - configurations are volatile in nature at reboot it changed. runtime is default.

permanent - it persistence configuration not change after reboot.

Add rule to permanent or runtime

1 Permanent

$ sudo firewall-cmd --zone=public --add-service=http --permanent

2. Runtime

$ sudo firewall-cmd --zone=public --add-service=http

reload firewalld

reload command drop all runtime configuration

sudo firewall-cmd --reload

Firewall zones

zones are  pre-constructed rule sets for various trust level . After enabling firewalld first time public is default zone.

zones can be applied different network interface cards.

 drop

Any incoming network packets are dropped; there is no reply. Only outgoing network connections are possible.

block

Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only network connections initiated from within the system are possible.

public

For use in public areas. You do not trust the other computers on the network to not harm your computer. Only selected incoming connections are accepted.

external

For use on external networks with masquerading enabled, especially for routers. You do not trust the other computers on the network to not harm your computer. Only selected incoming connections are accepted.

dmz

For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.

work

For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.

home

For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.

internal

For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.

trusted

All network connections are accepted.        

The zone names and settings are proposals and can be changed according to the needs. A built-in zone cannot be removed, but it is possible to revert the zone configuration back to the initial defaults by loading the zone defaults either in the permanent configuration of firewall-config or firewall-cmd

To view default zones

sudo fiewall-cmd --get-default-zone

To set default zones

sudo firewall-cmd --set-default-zone=dmz


To view zones used by network interface card

sudo firewall-cmd --get-active-zone

To get all the configuration for a specific zone

sudo firewall-cmd --zone=public --list-all

To get all the configuration for all zones

sudo firewall-cmd --list-all-zones

Predefined Services

A service can be a list of local ports, protocols, source ports, and destinations as well as a list of firewall helper modules automatically loaded if a service is enabled.

To list all services available on the system, enter the following command:

~]$ firewall-cmd --get-services

To get the settings of a service, use the following command:

~]$ firewall-cmd --info-service=service-name 

we can also view available list of services by accessing /usr/lib/firewalld/services directory.

Note : /usr/lib/firewalld/services/ directory must not be edited. only the file inside /etc/firewalld/services should be edited.

Services can be add or edited by firewall-cmd , firewall-offline-cmd, firewall-config tools. alternatively we can edit /etc/firewalld/services/  xml files.

enter the following command to add a new and empty service:

~]$ firewall-cmd --permanent --new-service=service-name

To add a new service using a local file, use the following command:

~]$ firewall-cmd --permanent --new-service-from-file=service-name.xml

As soon as service settings are changed, an updated copy of the service is placed into /etc/firewalld/services/. 
As root, you can enter the following command to copy a service manually

~]# cp /usr/lib/firewalld/services/service-name.xml /etc/firewalld/services/service-name.xml

firewalld loads files from /usr/lib/firewalld/services in the first place. If files are placed in /etc/firewalld/services and they are valid, then these will override the matching files from /usr/lib/firewalld/services. The overriden files in /usr/lib/firewalld/services will be used as soon as the matching files in /etc/firewalld/services have been removed or if firewalld
 has been asked to load the defaults of the services. This applies to 
the permanent environment only. A reload is needed to get these 
fallbacks also in the runtime environment.

Configuring firewalld

firewall service can be configured by firewall-cmd ,firewall-config or firewall-offline-cmd or by editing xml configuration files.

1. firewall-config - it is graphical tool.

to start graphical interface enter following command.

$ firewall-config

Firewall configuration window open, note this command can be run as normal user but administrator password asked for validation.

How to install AWS CLI in CentOS (Linux) and setup programming environment

Introduction

AWS Command Line Interface(CLI) is a unified tool to manage your AWS Services. With the Help of this tool you can manage , configure and control multiple services.

AWS CLI Version 

Currently two version of AWS CLI - 

AWS CLI Version 1 -  It's Older version , have less feature than version 2.

AWS CLI Version 2 -  It's Latest version and supported all latest feature of AWS.

Step by Step Installing AWS CLI at Linux 

Installing AWS CLI Version 1 

Step 1 : First we update current system, to ensure all packages have latest version.

$ sudo yum -y update

Step 2 : You can install AWS CLI and its dependency by using pip. Check pip and python installation status.
If python3 is installed then it is recommended that use pip3 also. 

Check python installation status

$ python --version

or

$ python3 --version

Check pip installation status

$ pip --version

or

$ pip3 --version

If PIP already installed then ignore Step 3

Step 3 : Install pip - If you have don't have python or python3 on your Linux box then follow this step by step guide. Now download pip script provided by python packaging authority.  

• Download pip script by using curl with -O option.

$ curl -O https://bootstrap.pypa.io/get-pip.py

• For python

$ python get-pip.py --user

• For python3

$ python3 get-pip.py --user

• Now test pip install correctly

$ pip --version

pip 20.0.2 from /home/yogesh/.local/lib/python3.6/site-packages/pip (python 3.6)

or

$ pip3 --version

pip 20.0.2 from /home/yogesh/.local/lib/python3.6/site-packages/pip (python 3.6)

Step 4 : Install AWS CLI
Use pip or pip3 to install aws cli.

$ pip install --upgrade awscli --user

or

pip3 install --upgrade awscli --user

when you use --user switch, it install locally
Step 5 : Verify AWS CLI installation

aws --version

Installing AWS CLI Version 2

AWS CLI V2 is complete software package it not required any other package. you no need to install python.

Prerequisite 

Required unzip package to extract the downloaded file.

Step 1 : Download file using curl, use -o(smallcase letter o) option to rename downloaded file from awscli-exe-linux-x86_64.zip to awscliv2.zip

$curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

Step 2 : Unzip awscliv2.zip using unzip command

$ unzip awscliv2.zip

Step 3: Install 

$ sudo ./aws/install

optional switch

--install-dir - specific location other than default location which under current user.
--bin-dir - specific bin directory
--update - if you want update from version 1 to version 2

Update From AWS CLI version 1 to AWS CLI Version 2

Step 1 : Find bin directory of AWS CLI Version 1 result give --bin-dir parameter value

$ which aws 
 ~/.local/bin/aws

Step 2 : Find installation directory of AWS CLI Version 1. result give --install-dir parameter value. Most cases bin directory and installation directory in version 1 same

$ ls ~/.local/bin/aws 
lrwxrwxrwx. 1 oracle oinstall 43 Apr 11 20:51 /home/oracle/.local/bin/aws

Step 3 : use following command to upgrade from version 1 to version 2

sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update

Configure AWS CLI

1. Configure Credential - Use aws configure command to  set aws access key id, aws secret access key, default region name and default output format. 

[oracle@devBase aws]$ aws configure

AWS Access Key ID [****************ksdk]:

AWS Secret Access Key [****************klfk]:

Default region name [ap-south-1]:

Default output format [None]:

These information store under .aws directory of current user. This .aws directory have two file config and credentials. config file store region and output format while credentials store aws access key id and aws secret access key.

[oracle@devBase aws]$ ls ~/.aws/

config  credentials

[oracle@devBase aws]$ cat ~/.aws/config

[default]

region = ap-south-1


[oracle@devBase aws]$ cat ~/.aws/credentials

[default]

aws_access_key_id = jsdaflksdk

aws_secret_access_key = kfsldafklfk

Here [default] indicate that this is default profile.

How to update region, output format, aws access key id, aws secret access key

Use set option to set these value

[oracle@devBase aws]$ aws configure set region ap-south-2 --profile default
[oracle@devBase aws]$ aws configure get region --profile default
ap-south-2

Edit credential or config file

[oracle@devBase aws]$ vim ~/.aws/config 

How to add multiple profile

1. Using aws cli - use --profile switch to add different profile.

[oracle@devBase aws]$ aws configure --profile test
AWS Access Key ID [None]: asdfkasdkjf
AWS Secret Access Key [None]: akdfldsjakf
Default region name [None]: us-west-1 
Default output format [None]: table

you can check the result

[oracle@devBase aws]$ cat ~/.aws/credentials 
[default]
aws_access_key_id = jsdaflksdk
aws_secret_access_key = kfsldafklfk
[test]
aws_access_key_id = asdfkasdkjf
aws_secret_access_key = akdfldsjakf
[oracle@devBase aws]$ cat ~/.aws/config
[default]
region = ap-south-2
[profile test]
region = us-west-1
output = table

2. Edit config and credential file to add different profile.

$ vim ~/.aws/config

[default]
region = ap-south-2
[profile test]
region = us-west-1
output = table
[profile test2]
region = us-west-2
output = json

To use a named profile for multiple commands, you can avoid specifying the profile in every command by setting the AWS_PROFILE environment variable at the command line.

$ export AWS_PROFILE=test

Enable Command Completion

To enable command complettion, run the command for the shell that you're using. You can add the command to your shell's RC file to run it each time you open a new shell. In each command, replace the path /usr/local/aws/bin with the one found on your system in the previous section.

[oracle@devBase aws]$ complete -C '~/.local/bin/aws_completer' aws

note : replace above red marked path to your system aws_completer location.

Reference :

https://pip.pypa.io//en/latest/installing/#do-i-need-to-install-pip
https://www.digitalocean.com/community/tutorials/how-to-install-python-3-and-set-up-a-local-programming-environment-on-centos-7

error
https://github.com/pypa/pip/issues/4186
https://github.com/jasperproject/jasper-client/issues/17
https://github.com/ethereum/viper/issues/276
https://github.com/retspen/webvirtcloud/issues/137
https://github.com/aws/aws-cli/issues/2654
https://github.com/aws/aws-cli/issues/1522
https://stackoverflow.com/questions/31512422/pip-install-r-oserror-errno-13-permission-denied/31512489