==== Rocky Linux 9 Migration Notes ==== NOTE 1: The fresh install instructions below were tested on Rocky Linux 9.3 NOTE 2: Upgrading Rocky Linux 9.2 to 9.3 in late November 2023 resulted in ImageMagick errors. Tried to remove ImageMagick*, then upgrade 9.2 to 9.3, and then reinstall ImageMagick* but the same error occurs. Fix was to disable /etc/yum.repos.d/epel-next.repo and then reinstall ImageMagick*. NOTE 3: To migrate from Rocky Linux 8.x to 9, [[https://www.starwindsoftware.com/blog/upgrade-from-rocky-linux-8-x-to-rocky-linux-9-0|try these steps]]. //The notes below have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\ //It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.// __Before Starting__ * Get inventory of users (see /home) * Become familiar with what each one does and the crons they run * Copy the following to external hard drive or other machine for restoration after upgrade * All users $HOME directories * Ensure crons are in each user's $HOME/crontab directory * ''/etc/hosts'' * ''/etc/samba/smb.conf'' * ''/var/lib/samba/private/passdb.tbd'' * ''/var/lib/samba/private/secrets.tbd'' * ''/etc/vsftpd/*'' __Installation__ * Perform a minimal or basic install of Rocky Linux 9 * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot. * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages * Reboot target computer and login. * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed. * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to this machine * ''cd .config/xfce4; rsync -avzn --delete --progress . XX.XX.XX.XX:~/.config/xfce4/'' * See {{:xfce.png?linkonly|Xfce Desktop image 1}} or {{:xfce_desktop_layout.png?linkonly|Xfce Desktop image 2}} for suggested icons, placement, etc. * [[https://itsfoss.com/install-themes-xfce-xubuntu/|Notes for installing additional Xfce themes]] * Disable screensaver and power management * If necessary, disable WiFi LAN connection as root: ''nmcli radio wifi off'' * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]] * Create necessary user accounts * ''mate-user-admin'' is a graphical admin tool (old tool was system-config-users) * Restore user's $HOME directories * Copy over non-hidden files/directories first * You can use rsync with the option to [[rsync_ignore_hidden_files|ignore hidden files]] * Then rsync other hidden directories in each user's $HOME one-by-one, taking only what is needed * [[https://www.linuxteck.com/how-to-install-apache-on-rocky-linux/|Install Apache on Rocky Linux 9]] * Copy/merge in ''/etc/httpd/conf/httpd.conf'' (and all backup versions) from previous machine * Test password-restricted pages * Run through [[php8.2_on_rocky_linux_8|PHP 8.2 on Rocky Linux 9]] * Copy/merge in a known good ''/etc/php.ini'' file from previous machine * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1) * Check httpd logs for any errors, such as mod security * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security RPMs]] and restart apache if web pages cycle between Forbidden errors * Firewall configuration * [[https://linuxhint.com/enable-disable-firewall-rocky-linux-9/|Enable-Disable Firewall]] * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]] * Can also try ''firewall-config'' to clone rules from previous machine * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]] * ''firewall-cmd --zone=public --add-service=http --permanent'' * ''firewall-cmd --zone=public --add-service=https --permanent'' * [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|Configure fail2ban]] * Edit ''/etc/fail2ban/jail.local'' to ban for longer than default of 1 hour * Review ''/var/log/fail2ban.log'' output * As root, ensure service is running: * ''systemctl enable fail2ban'' * ''systemctl restart fail2ban'' * MySQL / MariaDB Database - Installation * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] and follow all steps to secure it, change default password, etc. * How to [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|reset mysql root password]] if needed * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] and use [[installing_phpmyadmin_tips|these tips]] * Merge in config.inc.php from previous machine * Clear local browser history, then test * To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root db user) * To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine. * If problematic, save to a .sql file locally and use the Import function. * MySQL / MariaDB Database - Migrate databases * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] * They can be exported from phpMyAdmin (but don't include root) * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]] * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]] * Export MySQL databases with mysqldump * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]] * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]] * When done, check format of tables (MyISAM vs InnoDB vs Aria) * To change database engine, see [[https://phoenixnap.com/kb/myisam-vs-innodb|these notes]] * [[python_notes|Run through Python/PIP configuration]] * For the non-root user needing it, run ''pip install dictor'' and ''pip install astral'' * Install miniconda3 (see [[python_virtual_environments|Python Virtual Environments]]) * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]] * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras) * Credentials are stored in my secure password file * command will be: ''smbpasswd -a USER'' (then enter password at next prompt) * Make sure service is running and will start at boot. * Check output with: ''testparm -v'' * The security cameras will need to reformat their nas disk locations to store video files * VSFTP (for security cameras) * [[https://wiki.crowncloud.net/?How_Install_VSFTPD_on_Rocky_Linux_9|Rocky Linux 9 instructions]] * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|CentOS 7 instructions]] * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]] * As root: ''setsebool -P allow_ftpd_full_access on'' * As root: ''systemctl restart vsftpd'' * As root: ''systemctl enable vsftpd'' * Setup ddclient: * https://sourceforge.net/p/ddclient/wiki/Home/ * ''dnf -y install ddclient'' * Use ''/etc/ddclient.conf'' for configs from previous machine * Setup duckdns updater cron * Setup ydns updater cron * Rsync over ''/var/www/html/'' * Test pages for proper display * Check httpd logs for errors * Restore and test crons for each user * Check that each cron job runs and the specified log directory exists * Modify ''/etc/environment'' to include ''LC_TIME="en_GB.UTF-8"'' for 24-hour clock used by cron jobs * Check network connections and make sure active connection comes up at boot time * Restore Thunderbird profile * [[https://www.virtualbox.org/wiki/Linux_Downloads|Install VirtualBox]] * Migrate/import VirtualBox machines [[https://4sysops.com/archives/move-virtualbox-vm-to-other-hosts/|using these notes]] * I had to create and self-sign MOK (Machine Owner Key) certificates. Info [[https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4|here]]. * My Google Doc "Linux Replacement 2024" has some crude notes * Restore Remmina profiles * ''$HOME/.local/share/remmina'' and ''$HOME/.config/remmina'' * Test ASMAD for processing end-to-end * All perl scripts * Required modules should be included in the [[dnf_installer_bash_script_rocky_linux_9|dnf installer bash script]] * All python scripts * Check my amtrak_status "doc" directory for required python modules * Install [[clamav_antivirus|ClamAV]] * Install local printer * Use http://localhost:631/admin and root username/password for credentials * If you don't use root credentials, then you need to modify /etc/cups/cups-files.conf and add my username to the SystemGroup line * Then restart cups ''systemctl restart cups'' * Use AppSocket/HP JetDirect to add printer by IP address like ''socket://XX.XX.XX.XX'' * Choose driver ''Foomatic/hl1250 en'' * Use option settings to make it the default printer and use 600x600 DPI quality * Test using enscript filename.txt (old a2ps command) * See if printer is default with ''lpstat -p -d'' and/or set it with ''lpoptions -d PRINTER_NAME'' * ''lpstat -d'' should now show the new printer as the default * Local RPMs * perl-Math-Round * Slack * sunwait * Test with ''/usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W'' * Check any remaining ''/etc/yum.repos.d/*'' configuration setup * For example, [[https://www.speedtest.net/apps/cli|Ookla Speedtest CLI]] * Mount /disk2 (see [[adding_a_second_hard_drive]]) * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]] * See repo at https://sourceforge.net/projects/passwordsafe/files/Linux/ * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]] * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm'' * Binary is /usr/bin/pwsafe * Add CPU graph and Weather Info to panel * Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page * Right-click top panel > Add New Items * Add CPU Graph, Weather Info * Adjust top and bottom panels * Reverse positions * Make top panel 24px with icons at fixed 22px * Bottom panel 24px with icons at fixed 16px * Top panel has these buttons: * Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, password safe, keepassxc, shortcut to security cams, VirtualBox, Remmina, XfreeRDP * Stop the Keyring popup GUI when starting Chrome (see [[https://unix.stackexchange.com/questions/718489/how-to-fix-login-keyring|this post]]) * ''cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE'' * Log out and log back in or reboot __Post Installation__ * In /root/bin on old/new machines, see final_sync_for_new_server.txt * As root, use ''alpine'' to check email from crons that indicate any errors or failures * Cleanup old files in root, my $HOME * Fix date [[https://unix.stackexchange.com/questions/553679/set-clock-to-24-hour-format-for-all-users|to show 24 hour clock]] * Setting should be in .bashrc __Other Notes__ MATE is now available. See [[https://docs.rockylinux.org/guides/desktop/mate_installation/|MATE Documentation]] * Add System Monitor to panel * ''dnf -y install mate-system-monitor'' * Right-click top panel > Add to Panel * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add * Moving display of current CPU usage should appear __Known issues__ * SHA-1 security signing is not supported on RHEL9 ([[https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9|see RedHat blog post]]) * /etc/cron.daily/google-chrome fails because of this * Probably not a critical issue since Chrome can be updated via dnf