==== CentOS 8 Migration Notes ====
When ssh'ing into a CentOS 8 machine via ssh and xterm, slow logouts usually occur. The fix is to not include ssh -X or ssh -Y.
Consult [[virtualbox_for_centos_stream_notes|Virtual Box running CentOS8 Stream]] notes if dnf updates are slow
Fix php for phpmyadmin:
dnf install php-gd php-ldap php-mysqlnd php-pecl-mcrypt php-pecl-zip
Also comment out the cookie validity setting in config.inc.php
Secure the mariadb
Fix php.ini from known good config
Configure $HOME/.vimrc as the following:
autocmd FileType * setlocal formatoptions-=c formatoptions-=r formatoptions-=o
# python3 -m pip install --upgrade pip
# python3 -m pip install dictor
# python3 -m pip install wheel
# python3 -m pip install httplib2
# python3 -m pip install PyMySQL
PyMySQL v0.9.3 has been upgraded to v1.0.2 and requires modification to "connect" statement.
Other fixes:
* Disable WiFi LAN connection with ''# nmcli radio wifi off''
* [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]
For migrating a system from a different OS, take note of this info first:
* Make a test user on CentOS7 and one on CentOS8
* Compare hidden files to see if anything changed between OSs
* This allows for easy migrating of data for users' $HOME directories
* ensure all scripts make their own log file directory
* $log_dir = "/var/tmp/check_disk_space";
* mkdir ("$log_dir", 0755);
* should crons write to /tmp and then have a daily script that checks cron logs for errors?
----
* Get inventory of users
* ///
* Check that PHP is working correctly, localhost/index.php tries to open a file
* check httpd.conf
* ///
* Clear all history from Firefox before testing phpmyadmin
* Check httpd logs for any errors, such as mod security
* uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security]] if necessary
* [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]]
* ''firewall-cmd --zone=public --add-service=http --permanent''
* ''firewall-cmd --zone=public --add-service=https --permanent''
* MySQL / MariaDB Database and users
* [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|Reset mysql root password]]
* [[https://www.tecmint.com/install-lamp-on-centos-8/|Notes for installing LAMP]] on CentOS 8
* [[https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-centos-8]]
* [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]
* Note that the restore of mysql does not use "--all-databases" option and is an error in link above
* [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]
* [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]]
* They can be exported from phpmyadmin (but don't include root)
* export MySQL databases with mysqldump
* [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]]
* [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]]
* list of installed perl modules
* grep all .pl script and look for the "use " calls
* Copy the following to accessible location for restore after upgrade
* users' $HOME
* crons should be in each user's $HOME/crontab
* various processing log files from /var/tmp/
* /etc/ssh/*key* or possibly the entire directory contents (this may prevent man-in-the-middle attack messages but testing needed)
* /etc/hosts
* /etc/httpd/conf/httpd.conf
* Samba users, passwords, shares (for security cameras)
* /etc/samba/smb.conf
* /var/lib/samba/private/passdb.tbd
* /var/lib/samba/private/secrets.tbd
* Make sure service is running and will start at boot.
* Check output with: testparm -v
* nxclient-3.5.0-7.x86_64.rpm
* nxnode-3.5.0-9.x86_64.rpm
* nxserver-3.5.0-11.x86_64.rpm
* skype-4.3.0.37-fedora.i586.rpm
* verify services that should be installed/running in chkconfig
* Note firewall rules
* [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]
**Below is copied from [[centos_7_migration_notes|CentOS 7 Migration Notes]] so modify as needed.**
Must-Have functionality:
* Apache, MySQL, PHP, Perl
* [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|fail2ban]]
* edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour
* Check logs: # cat /var/log/fail2ban.log
* Ensure service is running:
* ''# systemctl enable fail2ban''
* ''# systemctl restart fail2ban''
* [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]
* Disable SELinux
* VSFTP (for security cameras)
* [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|Config instructions]]
* [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]
* As root: setsebool -P allow_ftpd_full_access on
* As root: systemctl restart vsftpd
* As root: systemctl enable vsftpd
* Samba
* [[samba_file_sharing|Samba File Sharing]]
* Skype
* Virtual Box
* Working crontabs for each user
* [[python_notes|Install Python 3]]
Customize MATE Desktop displays
* Adjust System > Preferences > Look and Feel > Appearance
* Under Fonts tab, set all to size 8
* Click Details, set resolution to 96 dpi, Smoothing Grayscale, Hinting Slight, Subpixel order RGB
* Firefox has large bullets for password masking. Theme setting?
* [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=centos7_desktop.png|Configure Desktop]]
* Set up gnome-terminal preferences
* General: Font Monospace 9, No terminal bell
* Colors: Use colors from system theme
* Or, black background with text color #d3d7cf (from GNOME Dark in RHEL9)
* Scrolling: unlimited
* Edit > Keyboard Shortcuts > Reset and Clear > F2
* Disable Vim auto-indent following [[vim_tips|Vi and Vim Tips]]
Change setting on screensaver
* System > Preferences > Look and Feel > Screensaver
System Monitor (needs mate-system-monitor and mate-applets RPMs):
* Right-click top panel > Add to Panel
* In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
* Moving display of current CPU usage should appear
----
Database work:
* Backup /etc/my.cnf
* Add this line under [mysqld]
* default-storage-engine=MyISAM
* Add other database users with phpMyAdmin GUI
* set username
* set password
* select "Grant all privileges on wildcard name (username\_%)."
* Dump all databases from source server to sql file then import on target server
* mysqldump -u USER -p'PASS' DATABASE > /tmp/DATABASE.sql
* Ensure database on target server exists; create if necessary
* Tables migrated should be MyISAM
* Default database engine is InnoDB asRed Highlighted Text of MySQL 5.5
* [[https://dev.mysql.com/doc/refman/5.6/en/innodb-default-se.html|Perform some tests and queries]]
* The exact number of rows of InnoDB tables cannot be shown
* Need to monitor /var/lib/mysql for growing logs
* CHECK: [[http://stackoverflow.com/questions/3927690/howto-clean-a-mysql-innodb-storage-engine/4056261#4056261|Manage and Cleanup InnoDB Infrastructure]]
* [[http://dba.stackexchange.com/questions/8982/what-is-the-best-way-to-reduce-the-size-of-ibdata-in-mysql|Similar Post 1]]
* [[http://pc-freak.net/blog/fix-mysql-ibdata-file-size-ibdata1-file-growing-large-preventing-ibdata1-eating-disk-space/|Similar Post 2]]
* [[https://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html|dev.mysql info]]
* Alternatively, set MyISAM to default database engine
* systemctl start mariadb.service
* systemctl enable mariadb.service
* mysql DATABASE -h localhost -u USER -p'PASS' < /tmp/DATABASE.sql
Setup ddclient:
* https://sourceforge.net/p/ddclient/wiki/Home/
* dnf -y install ddclient
* Use /etc/ddclient/* for configs from previous machine
Setup duckdns:
* crontab is ~/duckdns/duck.sh >/dev/null 2>&1
Setup ydns:
* crontab is ~/ydns/updater.sh -V -u -p -H juckins.ydns.eu >>~/ydns/updater.log 2>&1
Firewall notes:
* Using firewall-config to close rules from previous machine
rsync /var/www/html/
* test pages for proper display
* check soft link to phpmy is correct and current
Restore and test crons
* check that each cron job runs and the specified log directory exists
Backup /etc/selinux/config and change from enforcing to permissive
Restore /etc/hosts from previous machine as needed
Then, edit the network connections and make sure the "Ethernet" tab for the active connection, such as enp0s3, has the "Device" set to that interface. Reboot to test.
Download sample .png, .gif, .jpg images and test /usr/bin/display for any errors
* [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.gif|GIF image]]
* [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.jpg|JPG image]]
* [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.png|PNG image]]
[[http://www.if-not-true-then-false.com/2014/install-oracle-java-8-on-fedora-centos-rhel/|Install Oracle Java]] (note, this is not the default CentOS, it will not auto-update)
Install X2Go
Restore Thunderbird profile
Restore Firefox profile
Restore VirtualBox and all machines
Test ASMAD for processing end-to-end
SSH issues
* Cannot ssh to yourself passwordlessly with default /etc/ssh/sshd_config
* Comment out the following line, like this:
* #AuthorizedKeysFile .ssh/authorized_keys
* This allows you to NX into the CentOS7 machine
* Update to openssh seems to require RSA keys now and authorized_keys file instead of DSA keys and authorized_keys2 file
* Set "PermitRootLogin no"
* But MATE does not work, tried KDE with dnf group install "KDE Plasma Workspaces" and seems to work better but still no icons on the screen
* But need to configure custom desktop to use /etc/X11/xinit/Xsession mate-session
* Also tried /usr/bin/startxfce4 but still general odd behavior
* Additional tips: http://ubuntuforums.org/archive/index.php/t-941530.html
* systemctl restart sshd.service
* User accounts at remove machines connecting to the new machine will need their $HOME/.ssh/known_hosts either rebuilt or offending entries removed
Update GRUB and splash screen
* My saved splash images with varying resolutions are in /root/downloads/splash
* As of CentOS 7.2 cannot get custom splash image to appear at boot (with UEFI)
* cd /etc/default
* cp grub grub.YYYYMMDD
* vi grub
* remove "rhgb quiet" from the GRUB_CMDLINE_LINUX call
* add "vga=0x317" to the GRUB_CMDLINE_LINUX call for better screen resolution (try 0x34b for 1920x1200x8 or 0x34c for 1920x1200x16, or vga=ask to see all available resolutions)
* comment out this line: GRUB_TERMINAL_OUTPUT="console"
* add this line: GRUB_BACKGROUND="/boot/grub2/splash.png"
* Ensure it is rw-r-r permissions
* [[http://192.168.1.14/dokuwiki/lib/exe/fetch.php?media=splash.png|Upload this image]] to the directory noted above
* For VM/BIOS-based installs, as root: grub2-mkconfig -o /boot/grub2/grub.cfg (Dell XPS 8930)
* For UEFI-based installs, as root: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
* More info at [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Customizing_the_GRUB_2_Configuration_File.html|Customizing the Grub2 Config File]] and [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Desktop_Migration_and_Administration_Guide/GRUB.html|RHEL7 GRUB Guide]]
* [[https://www.centos.org/forums/viewtopic.php?t=49321|Change GRUB Menu Resolution]]
* [[https://www.centos.org/forums/viewtopic.php?t=50957|Change GRUB2 splash screen in CentOS 7]]
* [[http://www.tuxfixer.com/set-grub2-custom-splash-screen-on-rhel-7-centos-7-uefi-and-legacy-bios-iso-image/]]
* [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/desktop_migration_and_administration_guide/grub]]
* Tried part about making a special font
* Tried installing all grub2* rpms
* Tried 640x480 small splash image
GRUB_CMDLINE_LINUX_DEFAULT="video=1024x768"
GRUB_GFXMODE=1024x768
GRUB_GFXPAYLOAD_LINUX=keep
Set default GRUB entry
* Download [[https://www.systutorials.com/3826/setting-default-entry-in-grub2-and-grub/|grub2-select.bash]]
If GRUB2 no longer finds other OS to boot (such as Windows 10) use [[https://sourceforge.net/projects/boot-repair-cd/|SourceForge Boot Repair Disk]]
Install [[clamav_antivirus|ClamAV]]
Set up local printer(s)
* Note that Brother has notes for the HL2170W at https://support.brother.com/g/b/downloadlist.aspx?c=us&lang=en&prod=hl2170w_all&os=127
* RPM #1: brhl2170wlpr-2.0.2-1.i386.rpm
* RPM #2: cupswrapperHL2170W-2.0.2-1.i386.rpm
* Use 'lpstat' and 'lpq' to ensure it's a known destination printer
* [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Printer_Configuration.html#sec-Starting_Print_Settings_Config|RHEL7 Print Settings]]
* dnf install cups
* service cups start
* systemctl enable cups
* Use System > Administration > Print Settings
* Add printer with Network JetDirect by IP address
* Default printer driver works OK
* Or use web browser:
* # dnf install httpd
* # /bin/systemctl start httpd.service
* # dnf install system-config-firewall
* # firewall-config (or System > Administration > Firewall)
* Allow http and https as rules
* Sometimes the firewall-config command will hang if trying to run via an SSH connection to a remote machine
* To add a port manually follow [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]]
* To close a port manually follow [[http://www.codero.com/knowledge-base/content/10/377/en/how-to-manage-firewall-rules-in-centos-7.html]]
* # systemctl enable httpd
* Go to http://localhost:631
* Go to Administration tab
* Enter credentials for user root
* Add printer with prompts
Firewall Notes
* Adding an allowed port at the command line (from [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]]
* Use this command to find your active zone(s):
firewall-cmd --get-active-zones
* It will say either public, dmz, or something else. You should only apply to the zones required.
* If you want to add a port such as 8080 to your public zone:
firewall-cmd --zone=public --add-port=8080/tcp --permanent
* Then remember to reload the firewall for changes to take effect.
firewall-cmd --reload
Managing runlevel settings
* Switch to runlevel 5:
# systemctl isolate graphical.target
* Initiate runlevel 5 by default:
# systemctl set-default graphical.target
* Switch to runlevel 3:
# systemctl isolate multi-user.target
* Initiate runlevel 3 by default:
# systemctl set-default multi-user.target
* For other run-level info, see [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Targets.html#sect-Managing_Services_with_systemd-Targets-Change_Default|RHEL7 Working with Systemd Targets]]
After machine has been running for a few days, don't forget to use "alpine" and check for local email from crons that indicate any errors or failures.