==== Rocky Linux 9 Migration Notes ==== __2024-11-25__ Old news, but LibreOffice no longer supported by RedHat. Get the latest LibreOffice from https://www.libreoffice.org/download/download-libreoffice/ Unpack the tar and verify you see individual RPMs. Then: dnf localinstall *.rpm You can then start an application like this: libreoffice24.8 --calc test.csv Make a .bashrc alias for shortcuts. __2024-11-21__ Upgrade to Rocky Linux 9.5: Had to run the following due to package problems (which will break 'vlc') dnf remove compat-ffmpeg4 ffmpeg-libs vlc dnf update dnf install vlc gstreamer1-plugin-openh264 Then security cameras running vlc and totem worked correctly. __2024-05-13__ Upgrade to Rocky Linux 9.4: Had to run ''dnf remove gnome-applets'' to allow upgrade to proceed. After the upgrade the test Rocky Linux 9.3 VM would not start X with Xfce. Tried a bunch of things like reinstalling all RPMs, getting list of matching RPMs against another VM that upgraded OK but X still would not start. ''/var/log/messages'' just kept showing the X server was crashing. Discovered that if you select the "Standard (Wayland display server)" option on the login page, let the system start its display and log out, then you can login with Xfce successfully. Very odd but that seems to be the workaround for this upgrade. ---- NOTE 1: The fresh install instructions below were tested on Rocky Linux 9.3 NOTE 2: Upgrading Rocky Linux 9.2 to 9.3 in late November 2023 resulted in ImageMagick errors. Tried to remove ImageMagick*, then upgrade 9.2 to 9.3, and then reinstall ImageMagick* but the same error occurs. Fix was to disable /etc/yum.repos.d/epel-next.repo and then reinstall ImageMagick*. NOTE 3: To migrate from Rocky Linux 8.x to 9, [[https://www.starwindsoftware.com/blog/upgrade-from-rocky-linux-8-x-to-rocky-linux-9-0|try these steps]]. //The notes below have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\ //It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.// __Before Starting__ * Get inventory of users (see /home) * Become familiar with what each one does and the crons they run * Copy the following to external hard drive or other machine for restoration after upgrade * All users $HOME directories * Ensure crons are in each user's $HOME/crontab directory * ''/etc/hosts'' * ''/etc/samba/smb.conf'' * ''/var/lib/samba/private/passdb.tbd'' * ''/var/lib/samba/private/secrets.tbd'' * ''/etc/vsftpd/*'' __Installation__ * Perform a minimal or basic install of Rocky Linux 9 * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot. * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages * Reboot target computer and login. * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed. * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to this machine * ''cd .config/xfce4; rsync -avzn --delete --progress . XX.XX.XX.XX:~/.config/xfce4/'' * See {{:xfce.png?linkonly|Xfce Desktop image 1}} or {{:xfce_desktop_layout.png?linkonly|Xfce Desktop image 2}} for suggested icons, placement, etc. * [[https://itsfoss.com/install-themes-xfce-xubuntu/|Notes for installing additional Xfce themes]] * Disable screensaver and power management * If necessary, disable WiFi LAN connection as root: ''nmcli radio wifi off'' * If necessary, keep WiFi LAN enabled but install Intel WiFi drivers if needed * ''dnf install iwl6000g2b-firmware.noarch'' * Reboot and enable Wifi in task bar (the WiFi choice may be grayed out at first). Check that the wifi switch on the laptop needs to be turned on (keyboard toggle). * http://linuxwireless.sipsolutions.net/en/users/Drivers/iwlwifi/ * https://www.intel.com/content/www/us/en/support/articles/000005511/wireless.html * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]] * Create necessary user accounts * ''mate-user-admin'' is a graphical admin tool (old tool was system-config-users) * Restore user's $HOME directories * Copy over non-hidden files/directories first * You can use rsync with the option to [[rsync_ignore_hidden_files|ignore hidden files]] * Then rsync other hidden directories in each user's $HOME one-by-one, taking only what is needed * [[https://www.linuxteck.com/how-to-install-apache-on-rocky-linux/|Install Apache on Rocky Linux 9]] * Copy/merge in ''/etc/httpd/conf/httpd.conf'' (and all backup versions) from previous machine * Test password-restricted pages * Run through [[php8.2_on_rocky_linux_8|PHP 8.2 on Rocky Linux 9]] * Copy/merge in a known good ''/etc/php.ini'' file from previous machine * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1) * Check httpd logs for any errors, such as mod security * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security RPMs]] and restart apache if web pages cycle between Forbidden errors * Firewall configuration * [[https://linuxhint.com/enable-disable-firewall-rocky-linux-9/|Enable-Disable Firewall]] * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]] * Can also try ''firewall-config'' to clone rules from previous machine * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]] * ''firewall-cmd --zone=public --add-service=http --permanent'' * ''firewall-cmd --zone=public --add-service=https --permanent'' * [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|Configure fail2ban]] * Edit ''/etc/fail2ban/jail.local'' to ban for longer than default of 1 hour * Review ''/var/log/fail2ban.log'' output * As root, ensure service is running: * ''systemctl enable fail2ban'' * ''systemctl restart fail2ban'' * MySQL / MariaDB Database - Installation * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] and follow all steps to secure it, change default password, etc. * How to [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|reset mysql root password]] if needed * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] and use [[installing_phpmyadmin_tips|these tips]] * Merge in config.inc.php from previous machine * Clear local browser history, then test * To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root db user) * To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine. * If problematic, save to a .sql file locally and use the Import function. * MySQL / MariaDB Database - Migrate databases * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] * They can be exported from phpMyAdmin (but don't include root) * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]] * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]] * Export MySQL databases with mysqldump * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]] * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]] * When done, check format of tables (MyISAM vs InnoDB vs Aria) * To change database engine, see [[https://phoenixnap.com/kb/myisam-vs-innodb|these notes]] * [[python_notes|Run through Python/PIP configuration]] * For the non-root user needing it, run ''pip install dictor'' and ''pip install astral'' * Install miniconda3 (see [[python_virtual_environments|Python Virtual Environments]]) * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]] * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras) * Credentials are stored in my secure password file * command will be: ''smbpasswd -a USER'' (then enter password at next prompt) * Make sure service is running and will start at boot. * Check output with: ''testparm -v'' * The security cameras will need to reformat their nas disk locations to store video files * VSFTP (for security cameras) * [[https://wiki.crowncloud.net/?How_Install_VSFTPD_on_Rocky_Linux_9|Rocky Linux 9 instructions]] * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|CentOS 7 instructions]] * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]] * As root: ''setsebool -P allow_ftpd_full_access on'' * As root: ''systemctl restart vsftpd'' * As root: ''systemctl enable vsftpd'' * Setup ddclient: * https://sourceforge.net/p/ddclient/wiki/Home/ * ''dnf -y install ddclient'' * Use ''/etc/ddclient.conf'' for configs from previous machine * Setup duckdns updater cron * Setup ydns updater cron * Rsync over ''/var/www/html/'' * Test pages for proper display * Check httpd logs for errors * Restore and test crons for each user * At the top of each user's cron file, add something like ''MAILTO=email@address.com'' so that emails sent to localhost are actually delivered to the sys admin * Alternatively, look at /etc/aliases and have ''root'' send email to my actual email address * Check that each cron job runs and the specified log directory exists * Modify ''/etc/environment'' to include ''LC_TIME="en_GB.UTF-8"'' for 24-hour clock used by cron jobs * Check network connections and make sure active connection comes up at boot time * Restore Thunderbird profile * [[https://www.virtualbox.org/wiki/Linux_Downloads|Install VirtualBox]] * Migrate/import VirtualBox machines [[https://4sysops.com/archives/move-virtualbox-vm-to-other-hosts/|using these notes]] * I had to create and self-sign MOK (Machine Owner Key) certificates. Info [[https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4|here]]. * My Google Doc "Linux Replacement 2024" has some crude notes * Restore Remmina profiles * ''$HOME/.local/share/remmina'' and ''$HOME/.config/remmina'' * Test ASMAD for processing end-to-end * All perl scripts * Required modules should be included in the [[dnf_installer_bash_script_rocky_linux_9|dnf installer bash script]] * All python scripts * Check my amtrak_status "doc" directory for required python modules * Install [[clamav_antivirus|ClamAV]] * Install local printer * Use http://localhost:631/admin and root username/password for credentials * If you don't use root credentials, then you need to modify /etc/cups/cups-files.conf and add my username to the SystemGroup line * Then restart cups ''systemctl restart cups'' * Use AppSocket/HP JetDirect to add printer by IP address like ''socket://XX.XX.XX.XX'' * Choose driver ''Foomatic/hl1250 en'' * Use option settings to make it the default printer and use 600x600 DPI quality * Test using enscript filename.txt (old a2ps command) * See if printer is default with ''lpstat -p -d'' and/or set it with ''lpoptions -d PRINTER_NAME'' * ''lpstat -d'' should now show the new printer as the default * Local RPMs * perl-Math-Round * Slack * sunwait * Test with ''/usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W'' * Check any remaining ''/etc/yum.repos.d/*'' configuration setup * For example, [[https://www.speedtest.net/apps/cli|Ookla Speedtest CLI]] * If Ookla becomes a graphical output, might need to consider ''dnf install speedtest-cli'' * Mount /disk2 (see [[adding_a_second_hard_drive]]) * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]] * See repo at https://sourceforge.net/projects/passwordsafe/files/Linux/ * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]] * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm'' * Binary is /usr/bin/pwsafe * Add CPU graph and Weather Info to panel * Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page * Right-click top panel > Add New Items * Add CPU Graph, Weather Info * Adjust top and bottom panels * Reverse positions * Make top panel 24px with icons at fixed 22px * Bottom panel 24px with icons at fixed 16px * Top panel has these buttons: * Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, password safe, keepassxc, shortcut to security cams, VirtualBox, Remmina, XfreeRDP * Stop the Keyring popup GUI when starting Chrome (see [[https://unix.stackexchange.com/questions/718489/how-to-fix-login-keyring|this post]]) * ''cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE'' * Log out and log back in or reboot __Post Installation__ * In /root/bin on old/new machines, see final_sync_for_new_server.txt * As root, use ''alpine'' to check email from crons that indicate any errors or failures * Cleanup old files in root, my $HOME * Fix date [[https://unix.stackexchange.com/questions/553679/set-clock-to-24-hour-format-for-all-users|to show 24 hour clock]] * Setting should be in .bashrc * If you have slow dnf updates, add these 2 lines to '/etc/dnf/dnf.conf': * ''fastestmirror=1'' * ''max_parallel_downloads=8'' __Other Notes__ MATE is now available. See [[https://docs.rockylinux.org/guides/desktop/mate_installation/|MATE Documentation]] * Add System Monitor to panel * ''dnf -y install mate-system-monitor'' * Right-click top panel > Add to Panel * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add * Moving display of current CPU usage should appear __Known issues__ * SHA-1 security signing is not supported on RHEL9 ([[https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9|see RedHat blog post]]) * /etc/cron.daily/google-chrome fails because of this * Probably not a critical issue since Chrome can be updated via dnf