Install Python 3 on Linux (Redhat, CentOS, Ubuntu)

Leave a reply

Learn how to install python 3 on Linux like Redhat, centos, ubuntu, etc. Also, learn how to get rid of a few python related errors.

By default, all of the Linux distros have pre-installed Python. Most of it is Python 2.x. not Python 3.x. Many of nowadays tools, scripts, etc need Python version 3 (python3) for compiling.

In this article, we will see how to install python3 step by step on Linux like RHEL, centos, ubuntu, etc.

If your package manager repo does offer python3 for install then you can easily install it from there,. If not then follow this process to install from source code.

Let’s get into the step by step Python installation from its source code. As of today, the Latest Python release is 3.6.3 and it’s available here.

Step 1.

Download source code from the Python website on your server using tools like wget. We are using the latest release link here.

root@kerneltalks # wget https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tar.xz
--2017-11-05 12:13:48--  https://www.python.org/ftp/python/3.6.3/Python-3.6.3.tar.xz
Resolving www.python.org (www.python.org)... 151.101.8.223, 2a04:4e42:2::223
Connecting to www.python.org (www.python.org)|151.101.8.223|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16974296 (16M) [application/octet-stream]
Saving to: ‘Python-3.6.3.tar.xz’

100%[==============================================================================================================================>] 16,974,296  4.21MB/s   in 4.0s

2017-11-05 12:13:52 (4.01 MB/s) - ‘Python-3.6.3.tar.xz’ saved [16974296/16974296]

Step 2.

Un-tar downloaded file and navigate to newly created Python directory Python-3.6.3. Also, make sure you have a GCC package installed on your system. If not install package gcc before proceeding to the next step.

root@kerneltalks # tar xf Python-3.6.3.tar.xz
root@kerneltalks # cd Python-3.6.3

Step 3.

Now its time to compile the source code. Execute configure script in Python-3.6.3 directory.

root@kerneltalks # ./configure
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking for python3.6... no
checking for python3... no
checking for python... python
checking for --enable-universalsdk... no
checking for --with-universal-archs... no
checking MACHDEP... linux
checking for --without-gcc... no
checking for --with-icc... no
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for a sed that does not truncate output... /bin/sed
checking for --with-cxx-main=<compiler>... no
checking for g++... no
configure:

  By default, distutils will build C++ extension modules with "g++".
  If this is not intended, then set CXX on the configure command line.

checking for the platform triplet based on compiler characteristics... x86_64-linux-gnu
checking for -Wl,--no-as-needed... yes
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for the Android API level... not Android
checking for --with-suffix...
checking for case-insensitive build directory... no
checking LIBRARY... libpython$(VERSION)$(ABIFLAGS).a
checking LINKCC... $(PURIFY) $(MAINCC)
checking for GNU ld... yes
checking for inline... inline
checking for --enable-shared... no
checking for --enable-profiling... no
checking LDLIBRARY... libpython$(VERSION)$(ABIFLAGS).a
checking for ranlib... ranlib
checking for ar... ar
checking for readelf... readelf
checking for a BSD-compatible install... /bin/install -c
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for --with-pydebug... no
checking for --with-assertions... no
checking for --enable-optimizations... no
checking for --with-lto... no
checking target system type... x86_64-pc-linux-gnu
checking for -llvm-profdata... no
checking for llvm-profdata... ''
checking for -Wextra... yes
checking whether gcc accepts and needs -fno-strict-aliasing... no
checking if we can turn off gcc unused result warning... yes
checking if we can turn off gcc unused parameter warning... yes
checking if we can turn off gcc missing field initializers warning... yes
checking if we can turn on gcc mixed sign comparison warning... yes
checking if we can turn on gcc unreachable code warning... no
checking whether pthreads are available without options... no
checking whether gcc accepts -Kpthread... no
checking whether gcc accepts -Kthread... no
checking whether gcc accepts -pthread... yes
checking whether g++ also accepts flags for thread support... no
checking for ANSI C header files... (cached) yes
checking asm/types.h usability... yes
checking asm/types.h presence... yes
checking for asm/types.h... yes
checking conio.h usability... no
checking conio.h presence... no
checking for conio.h... no
checking direct.h usability... no
checking direct.h presence... no
checking for direct.h... no
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking grp.h usability... yes
checking grp.h presence... yes
checking for grp.h... yes
checking ieeefp.h usability... no
checking ieeefp.h presence... no
checking for ieeefp.h... no
checking io.h usability... no
checking io.h presence... no
checking for io.h... no
checking langinfo.h usability... yes
checking langinfo.h presence... yes
checking for langinfo.h... yes
checking libintl.h usability... yes
checking libintl.h presence... yes
checking for libintl.h... yes
checking process.h usability... no
checking process.h presence... no
checking for process.h... no
checking pthread.h usability... yes
checking pthread.h presence... yes
checking for pthread.h... yes
checking sched.h usability... yes
checking sched.h presence... yes
checking for sched.h... yes
checking shadow.h usability... yes
checking shadow.h presence... yes
checking for shadow.h... yes
checking signal.h usability... yes
checking signal.h presence... yes
checking for signal.h... yes
checking stropts.h usability... no
checking stropts.h presence... no
checking for stropts.h... no
checking termios.h usability... yes
checking termios.h presence... yes
checking for termios.h... yes
checking for unistd.h... (cached) yes
checking utime.h usability... yes
checking utime.h presence... yes
checking for utime.h... yes
checking poll.h usability... yes
checking poll.h presence... yes
checking for poll.h... yes
checking sys/devpoll.h usability... no
checking sys/devpoll.h presence... no
checking for sys/devpoll.h... no
checking sys/epoll.h usability... yes
checking sys/epoll.h presence... yes
checking for sys/epoll.h... yes
checking sys/poll.h usability... yes
checking sys/poll.h presence... yes
checking for sys/poll.h... yes
checking sys/audioio.h usability... no
checking sys/audioio.h presence... no
checking for sys/audioio.h... no
checking sys/xattr.h usability... yes
checking sys/xattr.h presence... yes
checking for sys/xattr.h... yes
checking sys/bsdtty.h usability... no
checking sys/bsdtty.h presence... no
checking for sys/bsdtty.h... no
checking sys/event.h usability... no
checking sys/event.h presence... no
checking for sys/event.h... no
checking sys/file.h usability... yes
checking sys/file.h presence... yes
checking for sys/file.h... yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/kern_control.h usability... no
checking sys/kern_control.h presence... no
checking for sys/kern_control.h... no
checking sys/loadavg.h usability... no
checking sys/loadavg.h presence... no
checking for sys/loadavg.h... no
checking sys/lock.h usability... no
checking sys/lock.h presence... no
checking for sys/lock.h... no
checking sys/mkdev.h usability... no
checking sys/mkdev.h presence... no
checking for sys/mkdev.h... no
checking sys/modem.h usability... no
checking sys/modem.h presence... no
checking for sys/modem.h... no
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking sys/random.h usability... no
checking sys/random.h presence... no
checking for sys/random.h... no
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking sys/sendfile.h usability... yes
checking sys/sendfile.h presence... yes
checking for sys/sendfile.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/statvfs.h usability... yes
checking sys/statvfs.h presence... yes
checking for sys/statvfs.h... yes
checking for sys/stat.h... (cached) yes
checking sys/syscall.h usability... yes
checking sys/syscall.h presence... yes
checking for sys/syscall.h... yes
checking sys/sys_domain.h usability... no
checking sys/sys_domain.h presence... no
checking for sys/sys_domain.h... no
checking sys/termio.h usability... no
checking sys/termio.h presence... no
checking for sys/termio.h... no
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking sys/times.h usability... yes
checking sys/times.h presence... yes
checking for sys/times.h... yes
checking for sys/types.h... (cached) yes
checking sys/uio.h usability... yes
checking sys/uio.h presence... yes
checking for sys/uio.h... yes
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking sys/utsname.h usability... yes
checking sys/utsname.h presence... yes
checking for sys/utsname.h... yes
checking sys/wait.h usability... yes
checking sys/wait.h presence... yes
checking for sys/wait.h... yes
checking pty.h usability... yes
checking pty.h presence... yes
checking for pty.h... yes
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking sys/resource.h usability... yes
checking sys/resource.h presence... yes
checking for sys/resource.h... yes
checking netpacket/packet.h usability... yes
checking netpacket/packet.h presence... yes
checking for netpacket/packet.h... yes
checking sysexits.h usability... yes
checking sysexits.h presence... yes
checking for sysexits.h... yes
checking bluetooth.h usability... no
checking bluetooth.h presence... no
checking for bluetooth.h... no
checking linux/tipc.h usability... yes
checking linux/tipc.h presence... yes
checking for linux/tipc.h... yes
checking linux/random.h usability... yes
checking linux/random.h presence... yes
checking for linux/random.h... yes
checking spawn.h usability... yes
checking spawn.h presence... yes
checking for spawn.h... yes
checking util.h usability... no
checking util.h presence... no
checking for util.h... no
checking alloca.h usability... yes
checking alloca.h presence... yes
checking for alloca.h... yes
checking endian.h usability... yes
checking endian.h presence... yes
checking for endian.h... yes
checking sys/endian.h usability... no
checking sys/endian.h presence... no
checking for sys/endian.h... no
checking sys/sysmacros.h usability... yes
checking sys/sysmacros.h presence... yes
checking for sys/sysmacros.h... yes
checking for dirent.h that defines DIR... yes
checking for library containing opendir... none required
checking whether sys/types.h defines makedev... yes
checking bluetooth/bluetooth.h usability... no
checking bluetooth/bluetooth.h presence... no
checking for bluetooth/bluetooth.h... no
checking for net/if.h... yes
checking for linux/netlink.h... yes
checking for linux/can.h... yes
checking for linux/can/raw.h... yes
checking for linux/can/bcm.h... yes
checking for clock_t in time.h... yes
checking for makedev... yes
checking for le64toh... yes
checking Solaris LFS bug... no
checking for mode_t... yes
checking for off_t... yes
checking for pid_t... yes
checking for size_t... yes
checking for uid_t in sys/types.h... yes
checking for ssize_t... yes
checking for __uint128_t... yes
checking size of int... 4
checking size of long... 8
checking size of long long... 8
checking size of void *... 8
checking size of short... 2
checking size of float... 4
checking size of double... 8
checking size of fpos_t... 16
checking size of size_t... 8
checking size of pid_t... 4
checking size of uintptr_t... 8
checking for long double support... yes
checking size of long double... 16
checking size of _Bool... 1
checking size of off_t... 8
checking whether to enable large file support... no
checking size of time_t... 8
checking for pthread_t... yes
checking size of pthread_t... 8
checking for --enable-framework... no
checking for dyld... no
checking the extension of shared libraries... .so
checking LDSHARED... $(CC) -shared
checking CCSHARED... -fPIC
checking LINKFORSHARED... -Xlinker -export-dynamic
checking CFLAGSFORSHARED...
checking SHLIBS... $(LIBS)
checking for sendfile in -lsendfile... no
checking for dlopen in -ldl... yes
checking for shl_load in -ldld... no
checking for library containing sem_init... -lpthread
checking for textdomain in -lintl... no
checking aligned memory access is required... no
checking for --with-hash-algorithm... default
checking for --with-address-sanitizer... no
checking for t_open in -lnsl... no
checking for socket in -lsocket... no
checking for --with-libs... no
checking for pkg-config... /bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for --with-system-expat... no
checking for --with-system-ffi... yes
checking for --with-system-libmpdec... no
checking for --enable-loadable-sqlite-extensions... no
checking for --with-tcltk-includes... default
checking for --with-tcltk-libs... default
checking for --with-dbmliborder...
checking for --with-threads... yes
checking if PTHREAD_SCOPE_SYSTEM is supported... yes
checking for pthread_sigmask... yes
checking for pthread_atfork... yes
checking if --enable-ipv6 is specified... yes
checking if RFC2553 API is available... yes
checking ipv6 stack type... linux-glibc
checking for CAN_RAW_FD_FRAMES... yes
checking for --with-doc-strings... yes
checking for --with-pymalloc... yes
checking for --with-valgrind... no
checking for --with-dtrace... no
checking for dlopen... yes
checking DYNLOADFILE... dynload_shlib.o
checking MACHDEP_OBJS... none
checking for alarm... yes
checking for accept4... yes
checking for setitimer... yes
checking for getitimer... yes
checking for bind_textdomain_codeset... yes
checking for chown... yes
checking for clock... yes
checking for confstr... yes
checking for ctermid... yes
checking for dup3... yes
checking for execv... yes
checking for faccessat... yes
checking for fchmod... yes
checking for fchmodat... yes
checking for fchown... yes
checking for fchownat... yes
checking for fexecve... yes
checking for fdopendir... yes
checking for fork... yes
checking for fpathconf... yes
checking for fstatat... yes
checking for ftime... yes
checking for ftruncate... yes
checking for futimesat... yes
checking for futimens... yes
checking for futimes... yes
checking for gai_strerror... yes
checking for getentropy... no
checking for getgrouplist... yes
checking for getgroups... yes
checking for getlogin... yes
checking for getloadavg... yes
checking for getpeername... yes
checking for getpgid... yes
checking for getpid... yes
checking for getpriority... yes
checking for getresuid... yes
checking for getresgid... yes
checking for getpwent... yes
checking for getspnam... yes
checking for getspent... yes
checking for getsid... yes
checking for getwd... yes
checking for initgroups... yes
checking for kill... yes
checking for killpg... yes
checking for lchmod... no
checking for lchown... yes
checking for linkat... yes
checking for lstat... yes
checking for lutimes... yes
checking for mmap... yes
checking for memrchr... yes
checking for mbrtowc... yes
checking for mkdirat... yes
checking for mkfifo... yes
checking for mkfifoat... yes
checking for mknod... yes
checking for mknodat... yes
checking for mktime... yes
checking for mremap... yes
checking for nice... yes
checking for openat... yes
checking for pathconf... yes
checking for pause... yes
checking for pipe2... yes
checking for plock... no
checking for poll... yes
checking for posix_fallocate... yes
checking for posix_fadvise... yes
checking for pread... yes
checking for pthread_init... no
checking for pthread_kill... yes
checking for putenv... yes
checking for pwrite... yes
checking for readlink... yes
checking for readlinkat... yes
checking for readv... yes
checking for realpath... yes
checking for renameat... yes
checking for select... yes
checking for sem_open... yes
checking for sem_timedwait... yes
checking for sem_getvalue... yes
checking for sem_unlink... yes
checking for sendfile... yes
checking for setegid... yes
checking for seteuid... yes
checking for setgid... yes
checking for sethostname... yes
checking for setlocale... yes
checking for setregid... yes
checking for setreuid... yes
checking for setresuid... yes
checking for setresgid... yes
checking for setsid... yes
checking for setpgid... yes
checking for setpgrp... yes
checking for setpriority... yes
checking for setuid... yes
checking for setvbuf... yes
checking for sched_get_priority_max... yes
checking for sched_setaffinity... yes
checking for sched_setscheduler... yes
checking for sched_setparam... yes
checking for sched_rr_get_interval... yes
checking for sigaction... yes
checking for sigaltstack... yes
checking for siginterrupt... yes
checking for sigpending... yes
checking for sigrelse... yes
checking for sigtimedwait... yes
checking for sigwait... yes
checking for sigwaitinfo... yes
checking for snprintf... yes
checking for strftime... yes
checking for strlcpy... no
checking for symlinkat... yes
checking for sync... yes
checking for sysconf... yes
checking for tcgetpgrp... yes
checking for tcsetpgrp... yes
checking for tempnam... yes
checking for timegm... yes
checking for times... yes
checking for tmpfile... yes
checking for tmpnam... yes
checking for tmpnam_r... yes
checking for truncate... yes
checking for uname... yes
checking for unlinkat... yes
checking for unsetenv... yes
checking for utimensat... yes
checking for utimes... yes
checking for waitid... yes
checking for waitpid... yes
checking for wait3... yes
checking for wait4... yes
checking for wcscoll... yes
checking for wcsftime... yes
checking for wcsxfrm... yes
checking for wmemcmp... yes
checking for writev... yes
checking for _getpty... no
checking whether dirfd is declared... yes
checking for chroot... yes
checking for link... yes
checking for symlink... yes
checking for fchdir... yes
checking for fsync... yes
checking for fdatasync... yes
checking for epoll... yes
checking for epoll_create1... yes
checking for kqueue... no
checking for prlimit... yes
checking for ctermid_r... no
checking for flock declaration... yes
checking for flock... yes
checking for getpagesize... yes
checking for broken unsetenv... no
checking for true... true
checking for inet_aton in -lc... yes
checking for chflags... no
checking for lchflags... no
checking for inflateCopy in -lz... no
checking for hstrerror... yes
checking for inet_aton... yes
checking for inet_pton... yes
checking for setgroups... yes
checking for openpty... no
checking for openpty in -lutil... yes
checking for forkpty... yes
checking for memmove... yes
checking for fseek64... no
checking for fseeko... yes
checking for fstatvfs... yes
checking for ftell64... no
checking for ftello... yes
checking for statvfs... yes
checking for dup2... yes
checking for strdup... yes
checking for getpgrp... yes
checking for setpgrp... (cached) yes
checking for gettimeofday... yes
checking for clock_gettime... yes
checking for clock_getres... yes
checking for clock_settime... yes
checking for major... yes
checking for if_nameindex... yes
checking for lockf... yes
checking for getaddrinfo... yes
checking getaddrinfo bug... no
checking for getnameinfo... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for struct tm.tm_zone... yes
checking for struct stat.st_rdev... yes
checking for struct stat.st_blksize... yes
checking for struct stat.st_flags... no
checking for struct stat.st_gen... no
checking for struct stat.st_birthtime... no
checking for struct stat.st_blocks... yes
checking for struct passwd.pw_gecos... yes
checking for struct passwd.pw_passwd... yes
checking for time.h that defines altzone... no
checking whether sys/select.h and sys/time.h may both be included... yes
checking for addrinfo... yes
checking for sockaddr_storage... yes
checking for sockaddr_alg... yes
checking whether char is unsigned... no
checking for an ANSI C-conforming const... yes
checking for working volatile... yes
checking for working signed char... yes
checking for prototypes... yes
checking for variable length prototypes and stdarg.h... yes
checking for socketpair... yes
checking if sockaddr has sa_len member... no
checking for gethostbyname_r... yes
checking gethostbyname_r with 6 args... yes
checking for __fpu_control... yes
checking for --with-fpectl... no
checking for --with-libm=STRING... default LIBM="-lm"
checking for --with-libc=STRING... default LIBC=""
checking for x64 gcc inline assembler... yes
checking whether C doubles are little-endian IEEE 754 binary64... yes
checking whether C doubles are big-endian IEEE 754 binary64... no
checking whether C doubles are ARM mixed-endian IEEE 754 binary64... no
checking whether we can use gcc inline assembler to get and set x87 control word... yes
checking whether we can use gcc inline assembler to get and set mc68881 fpcr... no
checking for x87-style double rounding... no
checking for acosh... yes
checking for asinh... yes
checking for atanh... yes
checking for copysign... yes
checking for erf... yes
checking for erfc... yes
checking for expm1... yes
checking for finite... yes
checking for gamma... yes
checking for hypot... yes
checking for lgamma... yes
checking for log1p... yes
checking for log2... yes
checking for round... yes
checking for tgamma... yes
checking whether isinf is declared... yes
checking whether isnan is declared... yes
checking whether isfinite is declared... yes
checking whether tanh preserves the sign of zero... yes
checking whether log1p drops the sign of negative zero... no
checking whether POSIX semaphores are enabled... yes
checking for broken sem_getvalue... no
checking whether RTLD_LAZY is declared... yes
checking whether RTLD_NOW is declared... yes
checking whether RTLD_GLOBAL is declared... yes
checking whether RTLD_LOCAL is declared... yes
checking whether RTLD_NODELETE is declared... yes
checking whether RTLD_NOLOAD is declared... yes
checking whether RTLD_DEEPBIND is declared... yes
checking digit size for Python's longs... no value specified
checking wchar.h usability... yes
checking wchar.h presence... yes
checking for wchar.h... yes
checking size of wchar_t... 4
checking for UCS-4 tcl... no
checking whether wchar_t is signed... yes
no usable wchar_t found
checking whether byte ordering is bigendian... no
checking ABIFLAGS... m
checking SOABI... cpython-36m-x86_64-linux-gnu
checking LDVERSION... $(VERSION)$(ABIFLAGS)
checking whether right shift extends the sign bit... yes
checking for getc_unlocked() and friends... yes
checking how to link readline libs... none
checking for rl_callback_handler_install in -lreadline... no
checking for rl_pre_input_hook in -lreadline... no
checking for rl_completion_display_matches_hook in -lreadline... no
checking for rl_resize_terminal in -lreadline... no
checking for rl_completion_matches in -lreadline... no
checking for append_history in -lreadline... no
checking for broken nice()... no
checking for broken poll()... no
checking for struct tm.tm_zone... (cached) yes
checking for working tzset()... yes
checking for tv_nsec in struct stat... yes
checking for tv_nsec2 in struct stat... no
checking curses.h usability... no
checking curses.h presence... no
checking for curses.h... no
checking ncurses.h usability... no
checking ncurses.h presence... no
checking for ncurses.h... no
checking for term.h... no
checking whether mvwdelch is an expression... no
checking whether WINDOW has _flags... no
checking for is_term_resized... no
checking for resize_term... no
checking for resizeterm... no
configure: checking for device files
checking for /dev/ptmx... yes
checking for /dev/ptc... no
checking for %zd printf() format support... yes
checking for socklen_t... yes
checking for broken mbstowcs... no
checking for --with-computed-gotos... no value specified
checking whether gcc -pthread supports computed gotos... yes
checking for build directories... done
checking for -O2... yes
checking for glibc _FORTIFY_SOURCE/memmove bug... no
checking for gcc ipa-pure-const bug... no
checking for stdatomic.h... no
checking for GCC >= 4.7 __atomic builtins... yes
checking for ensurepip... upgrade
checking if the dirent structure of a d_type field... yes
checking for the Linux getrandom() syscall... yes
checking for the getrandom() function... no
configure: creating ./config.status
config.status: creating Makefile.pre
config.status: creating Modules/Setup.config
config.status: creating Misc/python.pc
config.status: creating Misc/python-config.sh
config.status: creating Modules/ld_so_aix
config.status: creating pyconfig.h
creating Modules/Setup
creating Modules/Setup.local
creating Makefile


If you want a release build with all stable optimizations active (PGO, etc),
please run ./configure --enable-optimizations

Step 4.

Now run make followed by make install to complete the installation. Both commands output is not given here since its pretty long.

root@kerneltalks # make
root@kerneltalks # make install

Step 5.

Check Python installed version from Python prompt.

root@kerneltalks # python3
Python 3.6.3 (default, Nov  5 2017, 12:28:06)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>

You can see in the above output Python 3.6.3 shows we have installed python v3 successfully.

Troubleshooting Python issues

When using or compiling Python programs you might run into below errors. I have listed their solutions for your quick reference.

Error : ImportError: No module named 'zlib'

Solution: Install zlib-devel (zlib development tools) package and re-install python

Error : ImportError: cannot import name 'HTTPSConnection'

Solution: Install OpenSSL-devel (Open SSL development tools) package and re-install python

Error : zipimport.ZipImportError: can't decompress data; zlib not available

Solution: This error is seen during Python installation if zlib is not installed on the server. Install zlib package

What are the huge pages in Linux?

9 Replies

Learn about huge pages in Linux. Understand what is huge pages, how to configure it, how to check the current state, and how to disable it.

In this article, we will walk you through details about huge pages so that you will be able to answer: what are huge pages in Linux? How to enable/disable huge pages? How to determine huge page value? in Linux like RHEL6, RHEL7, Ubuntu, etc.

Lets start with Huge pages basics.

What is Huge page in Linux?

Huge pages are helpful in virtual memory management in the Linux system. As the name suggests, they help is managing huge size pages in memory in addition to standard 4KB page size. You can define as huge as 1GB page size using huge pages.

During system boot, you reserve your memory portion with huge pages for your application. This memory portion i.e. these memory occupied by huge pages is never swapped out of memory. It will stick there until you change your configuration. This increases application performance to a great extent like Oracle database with pretty large memory requirements.

Why use huge page?

In virtual memory management, the kernel maintains a table in which it has a mapping of the virtual memory address to a physical address. For every page transaction, the kernel needs to load related mapping. If you have small size pages then you need to load more numbers of pages resulting kernel to load more mapping tables. This decreases performance.

Using huge pages means you will need fewer pages. This decreases the number of mapping tables to load by the kernel to a great extent. This increases your kernel-level performance which ultimately benefits your application.

In short, by enabling huge pages, the system has fewer page tables to deal with and hence less overhead to access/maintain them!

How to configure huge pages?

Run below command to check current huge pages details.

root@kerneltalks # grep Huge /proc/meminfo
AnonHugePages:         0 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB

In the above output, you can see the one-page size is 2MB Hugepagesize and a total of 0 pages on the system HugePages_Total. This huge page size can be increased from 2MB to max 1GB.

Run below script to get how much huge pages your system needs currently. The script is from Oracle and can be found.

#!/bin/bash
#
# hugepages_settings.sh
#
# Linux bash script to compute values for the
# recommended HugePages/HugeTLB configuration
#
# Note: This script does calculation for all shared memory
# segments available when the script is run, no matter it
# is an Oracle RDBMS shared memory segment or not.
# Check for the kernel version
KERN=`uname -r | awk -F. '{ printf("%d.%d\n",$1,$2); }'`
# Find out the HugePage size
HPG_SZ=`grep Hugepagesize /proc/meminfo | awk {'print $2'}`
# Start from 1 pages to be on the safe side and guarantee 1 free HugePage
NUM_PG=1
# Cumulative number of pages required to handle the running shared memory segments
for SEG_BYTES in `ipcs -m | awk {'print $5'} | grep "[0-9][0-9]*"`
do
   MIN_PG=`echo "$SEG_BYTES/($HPG_SZ*1024)" | bc -q`
   if [ $MIN_PG -gt 0 ]; then
      NUM_PG=`echo "$NUM_PG+$MIN_PG+1" | bc -q`
   fi
done
# Finish with results
case $KERN in
   '2.4') HUGETLB_POOL=`echo "$NUM_PG*$HPG_SZ/1024" | bc -q`;
          echo "Recommended setting: vm.hugetlb_pool = $HUGETLB_POOL" ;;
   '2.6' | '3.8' | '3.10' | '4.1' ) echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
    *) echo "Unrecognized kernel version $KERN. Exiting." ;;
esac
# End

You can save it in /tmp as hugepages_settings.sh and then run it like below :

root@kerneltalks # sh /tmp/hugepages_settings.sh
Recommended setting: vm.nr_hugepages = 124

Output will be similar to some number as shown in above sample output.

This means your system needs 124 huge pages of 2MB each! If you have set 4MB as page size then the output would have been 62. You got the point, right?

Configure hugepages in kernel

Now last part is to configure the above-stated kernel parameter and reload it. Add below value in /etc/sysctl.conf and reload configuration by issuing sysctl -p command.

vm.nr_hugepages=126

Notice that we added 2 extra pages in the kernel since we want to keep a couple of pages spare than the actual required number.

Now, huge pages have been configured in the kernel but to allow your application to use them you need to increase memory limits as well. The new memory limit should be 126 pages x 2 MB each = 252 MB i.e. 258048 KB.

You need to edit below settings in /etc/security/limits.conf

soft memlock 258048 
hard memlock 258048

Sometimes these settings are configured in app-specific files like for Oracle DB its in /etc/security/limits.d/99-grid-oracle-limits.conf

That’s it! You might want to restart your application to make use of these new huge pages.

How to disable hugepages?

HugePages are generally enabled by default. Use the below command to check the current state of huge pages.

root@kerneltalks # cat /sys/kernel/mm/transparent_hugepage/enabled
[always] madvise never

[always] flag in output shows that hugepages are enabled on system.

For RedHat based systems file path is /sys/kernel/mm/redhat_transparent_hugepage/enabled

If you want to disable huge pages then add transparent_hugepage=never at the end of kernel line in /etc/grub.conf and reboot the system.

check_mk error Cannot fetch deployment URL via curl error

Leave a reply

Article explaining ‘ERROR Cannot fetch deployment URL via curl: Couldn’t resolve host. The given remote host was not resolved.’ and how to resolve it.

check_mk is a utility that helps you configure your server to be monitored via nagios monitoring tool. While configuring one of the clients I came across below error :

ERROR Cannot fetch deployment URL via curl: Couldn't resolve host. The given remote host was not resolved.

This error came after I tried to register the client with the monitoring server with below command :

root@kerneltalks # /usr/bin/cmk-update-agent register -s monitor.kerneltalks.com -i master -H `hostname` -p http -U omdadmin -S ASFKWEFUNSHEFKG -v

Here in this command –

-s is monitoring server
-i is Name of Check_MK site on that server
-H is Hostname to fetch agent for
-p is protocol Either HTTP or HTTPS (default is HTTPS)
-U User-ID of a user who is allowed to download the agent.
-S is secret. Automation secret of that user (in case of automation user)
From the error, you can figure out that command is not able to resolve to monitor server DNS name monitor.kerneltalks.com

Solution

Its pretty simple. Check /etc/resolv.conf to make sure that you have proper DNS server entry for your environment. If it still doesn’t resolve the issue then you can add an entry in /etc/hosts for it.

root@kerneltalks # cat /etc/hosts
10.0.10.9 monitor.kerneltalks.com

Thats it. You would be able to register now successfully.

root@kerneltalks # /usr/bin/cmk-update-agent register -s monitor.kerneltalks.com -i master -H `hostname` -p http -U omdadmin -S ASFKWEFUNSHEFKG -v
Going to register agent at deployment server
Successfully registered agent for deployment.
You can now update your agent by running 'cmk-update-agent -v'
Saved your registration settings to /etc/cmk-update-agent.state.

By the way, you can directly use the IP address for -s switch and get rid of all the above jargon including error itself!

mount.nfs: requested NFS version or transport protocol is not supported

Leave a reply

Troubleshooting error ‘mount.nfs: requested NFS version or transport protocol is not supported’ and how to resolve it.

Another troubleshooting article aimed at specific errors and help you how to solve it. In this article, we will see how to resolve error ‘mount.nfs: requested NFS version or transport protocol is not supported’ seen on NFS client while trying to mount NFS share.

# mount 10.0.10.20:/data /data_on_nfs
mount.nfs: requested NFS version or transport protocol is not supported

Sometimes you see error mount.nfs: requested NFS version or transport protocol is not supported when you try to mount NFS share on NFS client. There are couple of reasons you see this error :

NFS services are not running on NFS server
NFS utils not installed on the client
NFS service hung on NFS server

NFS services at the NFS server can be down or hung due to multiple reasons like server utilization, server reboot, etc.

Solution 1:

To get rid of this error and successfully mount your share follow the below steps.

[root@kerneltalks]# service nfs status
rpc.svcgssd is stopped
rpc.mountd is stopped
nfsd is stopped
rpc.rquotad is stopped

In the above output you can see the NFS services are stopped on the server. Start them.

[root@kerneltalks]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Starting NFS daemon: [ OK ]
Starting RPC idmapd: [ OK ]

You might want to check for nfs-server or nfsserver service as well depends on your Linux distro.

Now try to mount NFS share on the client. And you will be able to mount them using the same command we see earlier!

Solution 2 :

If that doesn’t work for you then try installing package nfs-utils on your server and you will get through this error.

Solution 3 :

Open file /etc/sysconfig/nfs and try to check below parameters

# Turn off v4 protocol support
#RPCNFSDARGS="-N 4"
# Turn off v2 and v3 protocol support
#RPCNFSDARGS="-N 2 -N 3"

Removing hash from RPCNFSDARGS lines will turn off specific version support. This way clients with mentioned NFS versions won’t be able to connect to the NFS server for mounting share. If you have any of it enabled, try disabling it and mounting at the client after the NFS server service restarts.

Let us know if you have faced this error and solved it by any other methods in the comments below. We will update our article with your information to keep it updated and help the community live better!

How to test internet speed in Linux terminal

3 Replies

Learn how to use speedtest CLI tool to test internet speed in the Linux terminal. It also includes a one-liner python command to get speed details right away.

Most of us check the internet bandwidth speed whenever we connect to a new network or wifi. So why not our servers! Here is a tutorial that will walk you through to test internet speed in the Linux terminal.

Every one of us generally uses Speedtest by Ookla to check internet speed. It’s a pretty simple process for a desktop. Go to their website and just click the GO button. It will scan your location and speed test with the nearest server. If you are on mobile, they have their app for you. But if you are on the terminal with command-line interface things are little different. Let’s see how to check internet speed from the Linux terminal.

If you want to speed check only once and don’t want to download the tool on the server, jump here and see one-liner command.

Step 1 : Download speedtest cli tool

First of all, you have to download speedtest CLI tool from the GitHub repository. Nowadays, it also included in many well known Linux repositories as well. If it’s there then you can directly install that package on your Linux distro.

Let’s proceed with the Github download and install process. Install the git package depending on your distro. Then clone Github repo of speedtest like below:

[root@kerneltalks ~]# git clone https://github.com/sivel/speedtest-cli.git
Cloning into 'speedtest-cli'...
remote: Counting objects: 913, done.
remote: Total 913 (delta 0), reused 0 (delta 0), pack-reused 913
Receiving objects: 100% (913/913), 251.31 KiB | 143.00 KiB/s, done.
Resolving deltas: 100% (518/518), done.

It will be cloned to your present working directory. A new directory named speedtest-cli will be created. You can see the below files in it.

[root@kerneltalks ~]# cd speedtest-cli
[root@kerneltalks speedtest-cli]# ll
total 96
-rw-r--r--. 1 root root  1671 Oct  7 16:55 CONTRIBUTING.md
-rw-r--r--. 1 root root 11358 Oct  7 16:55 LICENSE
-rw-r--r--. 1 root root    35 Oct  7 16:55 MANIFEST.in
-rw-r--r--. 1 root root  5215 Oct  7 16:55 README.rst
-rw-r--r--. 1 root root    20 Oct  7 16:55 setup.cfg
-rw-r--r--. 1 root root  3196 Oct  7 16:55 setup.py
-rw-r--r--. 1 root root  2385 Oct  7 16:55 speedtest-cli.1
-rw-r--r--. 1 root root  1200 Oct  7 16:55 speedtest_cli.py
-rwxr-xr-x. 1 root root 47228 Oct  7 16:55 speedtest.py
-rw-r--r--. 1 root root   333 Oct  7 16:55 tox.ini

The python script speedtest.py is the one we will be using to check internet speed.

You can link this script for a command in /usr/bin so that all users on the server can use it. Or you can even create command alias for it and it will be easy for all users to use it.

Step 2 : Run python script

Now, run a python script without any argument and it will search the nearest server and test your internet speed.

[root@kerneltalks speedtest-cli]# python speedtest.py
Retrieving speedtest.net configuration...
Testing from Amazon (35.154.184.126)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Spectra (Mumbai) [1.15 km]: 8.174 ms
Testing download speed................................................................................
Download: 548.13 Mbit/s
Testing upload speed................................................................................................
Upload: 323.95 Mbit/s

I am on the AWS EC2 Linux server. That’s the bandwidth of the Amazon data center! 🙂

Different options with script

Few options which might be useful are as below :

To search speedtest servers nearby your location use --list switch and grep for your location name.

[root@kerneltalks speedtest-cli]#  python speedtest.py --list | grep -i mumbai
 2827) Bharti Airtel Ltd (Mumbai, India) [1.15 km]
 8978) Spectra (Mumbai, India) [1.15 km]
 4310) Hathway Cable and Datacom Ltd (Mumbai, India) [1.15 km]
 3315) Joister Broadband (Mumbai, India) [1.15 km]
 1718) Vodafone India (Mumbai, India) [1.15 km]
 6454) YOU Broadband India Pvt Ltd. (Mumbai, India) [1.15 km]
 9764) Railtel Corporation of india Ltd (Mumbai, India) [1.15 km]
 9584) Sheng Li Telecom (Mumbai, India) [1.15 km]
 7605) Idea Cellular Ltd. (Mumbai, India) [1.15 km]
 8122) Sify Technologies Ltd (Mumbai, India) [1.15 km]
 9049) I-ON (Mumbai, India) [1.15 km]
 6403) YOU Broadband India Pvt Ltd., Mumbai (Mumbai, India) [1.15 km]

You can see here, the first column is a server identifier followed by the name of the company hosting that server, location, and finally its distance from your location.

To test the internet speed using specific server use --server switch and server identifier from the previous output as an argument.

[root@kerneltalks speedtest-cli]# python speedtest.py --server 2827
Retrieving speedtest.net configuration...
Testing from Amazon (35.154.184.126)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Bharti Airtel Ltd (Mumbai) [1.15 km]: 13.234 ms
Testing download speed................................................................................
Download: 93.47 Mbit/s
Testing upload speed................................................................................................
Upload: 69.25 Mbit/s

To get the share link of your speed test, use –share switch. It will give you the URL of your test hosted on speedtest website. You can share this URL.

[root@kerneltalks speedtest-cli]# python speedtest.py --share
Retrieving speedtest.net configuration...
Testing from Amazon (35.154.184.126)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Spectra (Mumbai) [1.15 km]: 7.471 ms
Testing download speed................................................................................
Download: 621.00 Mbit/s
Testing upload speed................................................................................................
Upload: 367.37 Mbit/s
Share results: http://www.speedtest.net/result/6687428141.png

Observe the last line which includes the URL of your test result. If I download that image its the one below :

That’s it! But hey if you don’t want all this technical jargon, you can even use below one-liner to get speed test done right away.

Internet speed test using one liner in terminal

We are going to use a curl tool to fetch the above python script online and supply it to python for execution on the go!

[root@kerneltalks ~]# curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -

Above command will run the script and show you result on screen!

[root@kerneltalks speedtest-cli]# curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
Retrieving speedtest.net configuration...
Testing from Amazon (35.154.184.126)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Spectra (Mumbai) [1.15 km]: 12.599 ms
Testing download speed................................................................................
Download: 670.88 Mbit/s
Testing upload speed................................................................................................
Upload: 355.84 Mbit/s

I tested this tool on RHEL 7 server but the process is same on Ubuntu, Debian, Fedora, or CentOS.

Understand data center tiers: tier 1 to tier 4

1 Reply

Understand and learn about data center tier. The article explains the data center standardization matrix: tier 1 to tier 4 along with its eligibility criteria.

Most of our readers are system administrators and surely come across term call data center tiers in their sysadmin life. This article will walk you through what is data center tiers? Different types of data center tiers, what is tier 1, tier 2, tier 3, and tier 4 data center? Which tier data center have maximum availability? etc.

All these might be interview questions for system architects at the beginner level. As a sysadmin its always good to know data center tiers so that you are well verse with your company infrastructure and can decide if that can really deliver on SLAs defined in your environment.

Without further delay, lets start with our topic.

What is data center tier?

Datacenter tier is the standardization matrix that defines overall performance, availability, fault tolerance capability, operating environment of a data center. It defines how the data center is fault-tolerant, how it can sustain to failures of various components, power, connectivity links, etc. It defines availability being offered for hosted servers.

Basically data center tier helps customers to determine which tier is best suitable for their application depending on the SLA requirement and data critical index they have. Mission-critical services should be hosted under a higher tier data center whereas less critical data should be hosted in lower-tier data centers. Obviously cost is another factor here too. As you go on high with tier, cost increases for hosting.

Different data center tiers

There are 4 data center tier standards defined by Uptime Institute. They are as below :

Tier 1: Non-redundant capacity and single power, connectivity distribution
Tier 2: Tier 1 feature + redundant capacity
Tier 3: Tier 2 features + Multiple independent power, connectivity distribution + onsite energy production system
Tier 4: Tier 3 features + All components are fault-tolerant, continuous cooling equipment.

A detailed list of requirements to be fulfilled by the data center to be eligible for specific tier is available here.

Data center tier deciding factors :

Datacenter to be eligible for certain tier it should complete certain criteria (as we saw above). There are many factors that affect/help in achieving those criteria. These factors are as below –

Datacenter design, location
Mechanical infrastructure design
Technology infrastructure design
Electric power distribution
Cables distribution
Network and internet connectivity distribution
Fire protection
Security in terms of soft security and physical security controls like biometric etc
Energy production, use, efficiency
Waste management
Environmental control and effects
Cooling management
Capacity management

Accepted downtime and availability tier wise

Tier 1: 99.671% uptime, 28.8 hours downtime per year
Tier 2: 99.749% uptime, 22 hours downtime per year
Tier 3: 99.982% uptime, 1.6 hours downtime per year
Tier 4: 99.995% uptime, 26.3 minutes downtime per year

That’s all I have to share with you about data center tier standards. Feel free to point out mistakes, suggestions, feedback in the comments section below.

KernelTalks turned one!

Leave a reply

Kerneltalks blog turned one today. This article crafts a year blog journey in info-graphics! Keep visiting us. Thank you!

Yay! Happy Birthday KernelTalks!

Yup. The blog turned one today. It was slow but exponential growth for KernelTalks. Let me walk you through this one year journey with the info-graphic format below :

Kerneltalks one year journey Infographics

Thanks for stopping by! Subscribe us. Follow us. Contact us. Keep visiting us!

Have a happy shell!

device eth0 does not seem to be present, delaying initialization error on Linux VM

2 Replies

Step by step procedure to resolve “device eth0 does not seem to be present, delaying initialization.” error on Linux VM.

If you are working on VMware infrastructure when your Linux VM is hosted on it, you must have come across below error while bringing up Ethernet in Linux :

Bringing up interface eth0: Device eth0 does not seem to be present, delaying initialization.

root@kerneltalks # service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:  Device eth0 does not seem to be present, delaying initialization.
                                                           [FAILED]

In this article, we are going to resolve this error. First, let’s see the background of this error. This method works well on Red Hat, CentOS, Oracle Linux, etc.

This error comes up normally in VM which is cloned from other Linux VM or from the template. The root cause of this error is MAC address of eth0 which is same as the source (source VM or template) in its configuration file ifcfg-eth0. While as during boot NIC gets unique MAC address and it does not match with one in ifcfg-eth0.

So here are steps to resolve this error.

Step 1.

Remove file /etc/udev/ rules.d/70-persistent-net.rules and reboot the server.

root@kerneltalks # rm /etc/udev/rules.d/70-persistent-net.rules
root@kerneltalks # reboot

This ensures new fresh files to be generated at the next boot and get unique MAC assigned.

Step 2.

After reboot, confirm above file is generated again. It will look like :

root@kerneltalks # cat /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x15ad:0x07b0 (vmxnet3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:50:56:99:3f:25", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

Observe that new MAC is generated for eth1 (NAME="eth1"). Note down the MAC address from the file.

Step 3.

Now you have two choices :

Use eth1 as device name under ifcfg-eth0 config file.
Edit /etc/udev/ rules.d/70-persistent-net.rules with eth name as eth0

If you are choosing the first option then along with name change you need to change MAC.

root@kerneltalks # cat ifcfg-eth0
DEVICE=eth1
HWADDR=00:50:56:99:3f:25
TYPE=Ethernet
---- output truncated ----

If you are choosing the second option. Edit your ifcfg-eth0 located under /etc/sysconfig/network-scripts with new MAC address from above file. Also, since you made changes to /etc/udev/ rules.d/70-persistent-net.rules you have to again reboot the server. Rebooting the server here is important.

root@kerneltalks # cat ifcfg-eth0
DEVICE=eth0
HWADDR=00:50:56:99:3f:25
TYPE=Ethernet
---- output truncated ----

I would suggest going with the second choice since you will maintain naming conventions on your system. The first choice may create confusion to fellow sysadmins if you have more than one NIC on your server.

Step 4.

If you have used choice 1 i.e. using device name as eth1 under config file ifcfg-eth0 then you just need to restart network service and you should be all set.

root@kerneltalks # service network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]

If you have opted the second choice then reboot already taken care of things and your ethernet along with IP should be post-boot.

How to download files from EC2 to local machine using winSCP

Leave a reply

Learn how to transfer files between desktop and EC2 using WinSCP. Using key-based authentication, winSCP can be connected to EC2 to download/upload files from/to the server.

While working on the EC2 server hosted on AWS, one of the basic requirements you come across is to transfer data between your desktop/laptop and EC2 instance. Since EC2 uses key-based authentication, for beginners it’s hard to understand how to transfer data from desktop to EC2 cloud.

Normally, programs like WinSCP are used to transfer data between the Linux server and the windows machine. In this article we will walk you through how to add key-based authentication in WinSCP. Later how to download files from EC2 to the local machine.

Other EC2 related posts which might interest you :

Step 1: Know your DNS name

Make sure your EC2 instance is spun up. You have the Public DNS name of your EC2 instance. You can see it under instance description in your AWS EC2 console.

Take our AWS CSA exam quiz! Check your knowledge.

Refer screenshot below :

Step 2 : Set private key for authentication

Open WinSCP tool. Click on Advanced to open settings of tool.

Under settings, click on Authentication under SSH in the left panel. This will open up authentication settings on the right panel.

Under, Authentication parameters tick ‘Allow agent forwarding‘ and browse your private key file in it. This private key file is key the same file you use to authenticate to EC2 when connecting via PuTTY

Click OK and close settings.

Step 3 : Connect

Copy public DNS of your EC2 instance, username as ec2-user for RedHat (different Linux distro has diff default logins in AWS. List of all is here) and hit connect. It will pop up to accept the key if you are connecting for the first time via WinSCP. Accept it and you will be connected to the EC2 server!

I have created small GIF which shows whole above process. Have a look .

Now you can download or upload files from EC2 to local like you normally do!

How to reset iptables to the default settings

10 Replies

Learn how to reset iptables to default settings. The default setting of iptable is to accept all for all types of connections.

In our last post, we saw iptables basics, where we learned about how iptables works, what are the policies, and how to configure iptables policies.

While working on iptables, if you get confused about policies and you need to start afresh then you need to reset iptables to default settings. By default, I mean to set accept all policy and flush any existing configured rules from settings.

In this article, we will walk through a set of commands to reset iptables to default settings. This can also be treated as how to reset firewall in Linux like ubuntu, centos, Redhat, Debian, etc. It’s a pretty simple 2 steps process.

Step 1 : Set accept all policy to all connections

Using the below set of commands you will set accept rule for all types of connections.

root@kerneltalks # iptables -P INPUT ACCEPT
root@kerneltalks # iptables -P OUTPUT ACCEPT
root@kerneltalks # iptables -P FORWARD ACCEPT

This will confirm, iptables gonna accept all requests for all types of connections.

Step 2 : Delete all existing rules.

Using below set of commands, delete your currently configured rules from iptables.

root@kerneltalks # iptables -F INPUT
root@kerneltalks # iptables -F OUTPUT
root@kerneltalks # iptables -F FORWARD

Or you can do it in single command –

root@kerneltalks # iptables -F

That’s it! Your iptables are reset to default settings i.e. accept all! Now, neatly and carefully design your policies and configure them.