Differences

This shows you the differences between two versions of the page.

--- centos_8_migration_notes [2020/09/29 18:50] – created juckins
+++ centos_8_migration_notes [2020/10/15 18:32] – juckins
@@ Line 1: / Line 1: @@
-==== CentOS8 Migration Notes ====
+==== CentOS 8 Migration Notes ====
+<color #ed1c24>**Below is copied from [[centos_7_migration_notes|CentOS 7 Migration Notes]] so modify as needed.**</color>
+Other fixes:
+  * Disable WiFi LAN connection with ''# nmcli radio wifi off''
+  * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]
+For migrating a system from a different OS, take note of this info first:
+  * Make a test user on CentOS7 and one on CentOS8
+    * Compare hidden files to see if anything changed between OSs
+    * This allows for easy migrating of data for users' $HOME directories
+  * ensure all scripts make their own log file directory
+    * $log_dir = "/var/tmp/check_disk_space";
+    * mkdir ("$log_dir", 0755);
+    * should crons write to /tmp and then have a daily script that checks cron logs for errors?
+----
+  * Get inventory of users
+  * ///
+  * Check that PHP is working correctly, localhost/index.php tries to open a file
+    * check httpd.conf
+  * ///
+  * Clear all history from Firefox before testing phpmyadmin
+    * Check httpd logs for any errors, such as mod security
+    * uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security]] if necessary
+  * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]]
+  * <color #ed1c24>MySQL / MariaDB Database and users</color>
+    * [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|Reset mysql root password]]
+    * [[https://www.tecmint.com/install-lamp-on-centos-8/|Notes for installing LAMP]] on CentOS 8
+    * [[https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-centos-8]]
+    * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]
+      * Note that the restore of mysql does not use "--all-databases" option and is an error in link above
+    * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]
+    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]]
+      * They can be exported from phpmyadmin (but don't include root)
+  * export MySQL databases with mysqldump
+    * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]]
+    * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]]
+  * list of installed perl modules
+    * grep all .pl script and look for the "use " calls
+  * Copy the following to accessible location for restore after upgrade
+    * users' $HOME
+    * crons should be in each user's $HOME/crontab
+    * various processing log files from /var/tmp/
+    * /etc/ssh/*key* or possibly the entire directory contents (this may prevent man-in-the-middle attack messages but testing needed)
+    * /etc/hosts
+    * /etc/httpd/conf/httpd.conf
+    * Samba users, passwords, shares (for security cameras)
+      * /etc/samba/smb.conf
+      * /var/lib/samba/private/passdb.tbd
+      * /var/lib/samba/private/secrets.tbd
+      * Make sure service is running and will start at boot.
+      * Check output with: testparm -v
+  * nxclient-3.5.0-7.x86_64.rpm
+  * nxnode-3.5.0-9.x86_64.rpm
+  * nxserver-3.5.0-11.x86_64.rpm
+  * <del>skype-4.3.0.37-fedora.i586.rpm</del>
+  * verify services that should be installed/running in chkconfig
+  * Note firewall rules
+    * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]
+Must-Have functionality:
+  * Apache, MySQL, PHP, Perl
+  * [[https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7|fail2ban]]
+    * edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour
+    * Check logs: # cat /var/log/fail2ban.log
+    * Ensure service is running:
+      * ''# systemctl enable fail2ban''
+      * ''# systemctl restart fail2ban''
+  * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]
+  * Disable SELinux
+  * VSFTP (for security cameras)
+    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|Config instructions]]
+    * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]
+    * As root: setsebool -P allow_ftpd_full_access on
+    * As root: systemctl restart vsftpd
+    * As root: systemctl enable vsftpd
+  * Samba
+    * [[samba_file_sharing|Samba File Sharing]]
+  * <del>Skype</del>
+  * Virtual Box
+  * Working crontabs for each user
+  * [[python_notes|Install Python 3]]
+Customize MATE Desktop displays
+  * Adjust System > Preferences > Look and Feel > Appearance
+  * Under Fonts tab, set all to size 8
+  * Click Details, set resolution to 96 dpi, Smoothing Grayscale, Hinting Slight, Subpixel order RGB
+  * Firefox has large bullets for password masking.  Theme setting?
+  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=centos7_desktop.png|Configure Desktop]]
+  * Set up gnome-terminal preferences
+    * General: Font Monospace 9, No terminal bell
+    * Colors: Use colors from system theme
+    * Scrolling: unlimited
+    * Edit > Keyboard Shortcuts > Reset and Clear > F2
+  * Disable Vim auto-indent following [[vim_tips|Vi and Vim Tips]]
+Change setting on screensaver
+  * System > Preferences > Look and Feel > Screensaver
+System Monitor (needs mate-system-monitor and mate-applets RPMs):
+  * Right-click top panel > Add to Panel
+  * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
+  * Moving display of current CPU usage should appear
+----
+Database work:
+  * Backup /etc/my.cnf
+    * Add this line under [mysqld]
+      * default-storage-engine=MyISAM
+  * Add other database users with phpMyAdmin GUI
+    * set username
+    * set password
+    * select "Grant all privileges on wildcard name (username\_%)."
+  * Dump all databases from source server to sql file then import on target server
+    * mysqldump -u USER -p'PASS' DATABASE > /tmp/DATABASE.sql
+    * Ensure database on target server exists; create if necessary
+      * Tables migrated should be MyISAM
+      * Default database engine is InnoDB as<color #ed1c24>Red Highlighted Text</color> of MySQL 5.5
+      * [[https://dev.mysql.com/doc/refman/5.6/en/innodb-default-se.html|Perform some tests and queries]]
+        * The exact number of rows of InnoDB tables cannot be shown
+        * Need to monitor /var</fc>/lib/mysql for growing logs
+        * <color #ed1c24>CHECK</color>: [[http://stackoverflow.com/questions/3927690/howto-clean-a-mysql-innodb-storage-engine/4056261#4056261|Manage and Cleanup InnoDB Infrastructure]]
+        * [[http://dba.stackexchange.com/questions/8982/what-is-the-best-way-to-reduce-the-size-of-ibdata-in-mysql|Similar Post 1]]
+        * [[http://pc-freak.net/blog/fix-mysql-ibdata-file-size-ibdata1-file-growing-large-preventing-ibdata1-eating-disk-space/|Similar Post 2]]
+        * [[https://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html|dev.mysql info]]
+      * Alternatively, set MyISAM to default database engine
+      * systemctl start mariadb.service
+      * systemctl enable mariadb.service
+    * mysql DATABASE -h localhost -u USER -p'PASS' < /tmp/DATABASE.sql
+Setup ddclient:
+  * https://sourceforge.net/p/ddclient/wiki/Home/
+  * dnf -y install ddclient
+  * Use /etc/ddclient/* for configs from previous machine
+Setup duckdns:
+  * crontab is <code>~/duckdns/duck.sh >/dev/null 2>&1</code>
+Setup ydns:
+  * crontab is <code>~/ydns/updater.sh -V -u <snip> -p <snip> -H juckins.ydns.eu >>~/ydns/updater.log 2>&1</code>
+Firewall notes:
+  * Using firewall-config to close rules from previous machine
+rsync /var/www/html/
+  * test pages for proper display
+  * check soft link to phpmy is correct and current
+Restore and test crons
+  * check that each cron job runs and the specified log directory exists
+Backup /etc/selinux/config and change from enforcing to permissive
+Restore /etc/hosts from previous machine as needed
+Then, edit the network connections and make sure the "Ethernet" tab for the active connection, such as enp0s3, has the "Device" set to that interface.  Reboot to test.
+Download sample .png, .gif, .jpg images and test /usr/bin/display for any errors
+  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.gif|GIF image]]
+  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.jpg|JPG image]]
+  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.png|PNG image]]
+[[http://www.if-not-true-then-false.com/2014/install-oracle-java-8-on-fedora-centos-rhel/|Install Oracle Java]] (note, this is not the default CentOS, it will not auto-update)
+Install X2Go
+Restore Thunderbird profile
+Restore Firefox profile
+Restore VirtualBox and all machines
+Test ASMAD for processing end-to-end
+SSH issues
+  * Cannot ssh to yourself passwordlessly with default /etc/ssh/sshd_config
+  * Comment out the following line, like this:
+  * #AuthorizedKeysFile	.ssh/authorized_keys
+  * This allows you to NX into the CentOS7 machine
+  * Update to openssh seems to require RSA keys now and authorized_keys file instead of DSA keys and authorized_keys2 file
+  * Set "PermitRootLogin no"
+  * <del>But MATE does not work, tried KDE with dnf group install "KDE Plasma Workspaces" and seems to work better but still no icons on the screen</del>
+  * <del>But need to configure custom desktop to use /etc/X11/xinit/Xsession mate-session</del>
+  * <del>Also tried /usr/bin/startxfce4 but still general odd behavior</del>
+  * Additional tips: http://ubuntuforums.org/archive/index.php/t-941530.html
+  * systemctl restart sshd.service
+  * User accounts at remove machines connecting to the new machine will need their $HOME/.ssh/known_hosts either rebuilt or offending entries removed
+Update GRUB and splash screen
+  * My saved splash images with varying resolutions are in /root/downloads/splash
+  * <color #ed1c24>As of CentOS 7.2 cannot get custom splash image to appear at boot (with UEFI)</color>
+  * cd /etc/default
+  * cp grub grub.YYYYMMDD
+  * vi grub
+    * remove "rhgb quiet" from the GRUB_CMDLINE_LINUX call
+    * add "vga=0x317" to the GRUB_CMDLINE_LINUX call for better screen resolution (try 0x34b for 1920x1200x8 or 0x34c for 1920x1200x16, or vga=ask to see all available resolutions)
+    * comment out this line: GRUB_TERMINAL_OUTPUT="console"
+    * add this line: GRUB_BACKGROUND="/boot/grub2/splash.png"
+      * Ensure it is rw-r-r permissions
+      * [[http://192.168.1.14/dokuwiki/lib/exe/fetch.php?media=splash.png|Upload this image]] to the directory noted above
+  * For VM/BIOS-based installs, as root: grub2-mkconfig -o /boot/grub2/grub.cfg (Dell XPS 8930)
+  * For UEFI-based installs, as root: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
+  * More info at [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Customizing_the_GRUB_2_Configuration_File.html|Customizing the Grub2 Config File]] and [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Desktop_Migration_and_Administration_Guide/GRUB.html|RHEL7 GRUB Guide]]
+  * [[https://www.centos.org/forums/viewtopic.php?t=49321|Change GRUB Menu Resolution]]
+  * [[https://www.centos.org/forums/viewtopic.php?t=50957|Change GRUB2 splash screen in CentOS 7]]
+  * [[http://www.tuxfixer.com/set-grub2-custom-splash-screen-on-rhel-7-centos-7-uefi-and-legacy-bios-iso-image/]]
+  * [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/desktop_migration_and_administration_guide/grub]]
+    * Tried part about making a special font
+    * Tried installing all grub2* rpms
+    * Tried 640x480 small splash image
+<code>
+GRUB_CMDLINE_LINUX_DEFAULT="video=1024x768"
+GRUB_GFXMODE=1024x768
+GRUB_GFXPAYLOAD_LINUX=keep
+</code>
+Set default GRUB entry
+  * Download [[https://www.systutorials.com/3826/setting-default-entry-in-grub2-and-grub/|grub2-select.bash]]
+If GRUB2 no longer finds other OS to boot (such as Windows 10) use [[https://sourceforge.net/projects/boot-repair-cd/|SourceForge Boot Repair Disk]]
+Install [[clamav_antivirus|ClamAV]]
+Set up local printer(s)
+  * Note that Brother has notes for the HL2170W at https://support.brother.com/g/b/downloadlist.aspx?c=us&lang=en&prod=hl2170w_all&os=127
+    * RPM #1: brhl2170wlpr-2.0.2-1.i386.rpm
+    * RPM #2: cupswrapperHL2170W-2.0.2-1.i386.rpm
+    * Use 'lpstat' and 'lpq' to ensure it's a known destination printer
+  * [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Printer_Configuration.html#sec-Starting_Print_Settings_Config|RHEL7 Print Settings]]
+  * dnf install cups
+  * service cups start
+  * systemctl enable cups
+  * Use System > Administration > Print Settings
+    * Add printer with Network JetDirect by IP address
+    * Default printer driver works OK
+  * Or use web browser:
+  * # dnf install httpd
+  * # /bin/systemctl start httpd.service
+  * # dnf install system-config-firewall
+  * # firewall-config (or System > Administration > Firewall)
+    * Allow http and https as rules
+    * Sometimes the firewall-config command will hang if trying to run via an SSH connection to a remote machine
+    * To add a port manually follow [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]]
+    * To close a port manually follow [[http://www.codero.com/knowledge-base/content/10/377/en/how-to-manage-firewall-rules-in-centos-7.html]]
+  * # systemctl enable httpd
+  * Go to http://localhost:631
+    * Go to Administration tab
+    * Enter credentials for user root
+    * Add printer with prompts
+Firewall Notes
+  * Adding an allowed port at the command line (from [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]]
+  * Use this command to find your active zone(s):
+<code>
+firewall-cmd --get-active-zones
+</code>
+  * It will say either public, dmz, or something else. You should only apply to the zones required.
+  * If you want to add a port such as 8080 to your public zone:
+<code>
+firewall-cmd --zone=public --add-port=8080/tcp --permanent
+</code>
+  * Then remember to reload the firewall for changes to take effect.
+<code>
+firewall-cmd --reload
+</code>
+Managing runlevel settings
+  * Switch to runlevel 5:
+<code>
+# systemctl isolate graphical.target
+</code>
+  * Initiate runlevel 5 by default:
+<code>
+# systemctl set-default graphical.target
+</code>
+  * Switch to runlevel 3:
+<code>
+# systemctl isolate multi-user.target
+</code>
+  * Initiate runlevel 3 by default:
+<code>
+# systemctl set-default multi-user.target
+</code>
+  * For other run-level info, see [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Targets.html#sect-Managing_Services_with_systemd-Targets-Change_Default|RHEL7 Working with Systemd Targets]]
+----
+USB HEADSET:
+Plugin to right-side lower USB jack on HP Pavilion P7-1235, type dmesg at root prompt to see if it was found by system
+  [37013.137134] usb 8-1: New USB device found, idVendor=046d, idProduct=0a44
+  [37013.137145] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
+  [37013.137151] usb 8-1: Product: Logitech USB Headset
+  [37013.137160] usb 8-1: Manufacturer: Logitech
+  [37013.399267] input: Logitech Logitech USB Headset as /devices/pci0000:00/0000:00:10.1/usb8/8-1/8-
+:1.3/input/input85
+  [37013.449648] hid-generic 0003:046D:0A44.004B: input,hidraw3: USB HID v1.00 Device [Logitech Logitech USB
+  Headset] on usb-0000:00:10.1-1/input3
+Right-click the speaker icon in the top panel and choose Sound Preferences.  Or, navigate to System > Preferences > Hardware > Sound \\
+Sound effects tab:  Sound theme: No Sounds\\
+Hardware tab:  Highlight Headset H390, Profile: Analog Stereo Output + Analog Mono Input \\
+Input tab:  choose Headset H390 Analog Mono \\
+Output tab:  choose Headset H390 Analog Stereo, Connector is Headphones
+Settings are saved to $HOME/.config/pulse
+See Linux Mint [[https://forums.linuxmint.com/viewtopic.php?t=246194|Sound settings keep switching output against my will]] and possibly [[https://forums.linuxmint.com/viewtopic.php?t=224479|HDMI + Sound + Mint 18]]