CentOS 8 Migration Notes
When ssh'ing into a CentOS 8 machine via ssh and xterm, slow logouts usually occur. The fix is to not include ssh -X or ssh -Y.
Consult Virtual Box running CentOS8 Stream notes if dnf updates are slow
Fix php for phpmyadmin:
dnf install php-gd php-ldap php-mysqlnd php-pecl-mcrypt php-pecl-zip
Also comment out the cookie validity setting in config.inc.php
Secure the mariadb
Fix php.ini from known good config
Configure $HOME/.vimrc as the following:
autocmd FileType * setlocal formatoptions-=c formatoptions-=r formatoptions-=o
# python3 -m pip install --upgrade pip # python3 -m pip install dictor # python3 -m pip install wheel # python3 -m pip install httplib2 # python3 -m pip install PyMySQL
PyMySQL v0.9.3 has been upgraded to v1.0.2 and requires modification to "connect" statement.
Other fixes:
- Disable WiFi LAN connection with
# nmcli radio wifi off
For migrating a system from a different OS, take note of this info first:
- Make a test user on CentOS7 and one on CentOS8
- Compare hidden files to see if anything changed between OSs
- This allows for easy migrating of data for users' $HOME directories
- ensure all scripts make their own log file directory
- $log_dir = "/var/tmp/check_disk_space";
- mkdir ("$log_dir", 0755);
- should crons write to /tmp and then have a daily script that checks cron logs for errors?
- Get inventory of users
- / * Check that PHP is working correctly, localhost/index.php tries to open a file * check httpd.conf * /
- Clear all history from Firefox before testing phpmyadmin
- Check httpd logs for any errors, such as mod security
- uninstall mod_security if necessary
-
firewall-cmd –zone=public –add-service=http –permanent
firewall-cmd –zone=public –add-service=https –permanent
- MySQL / MariaDB Database and users
- Notes for installing LAMP on CentOS 8
-
- Note that the restore of mysql does not use "–all-databases" option and is an error in link above
-
- They can be exported from phpmyadmin (but don't include root)
- export MySQL databases with mysqldump
- list of installed perl modules
- grep all .pl script and look for the "use " calls
- Copy the following to accessible location for restore after upgrade
- users' $HOME
- crons should be in each user's $HOME/crontab
- various processing log files from /var/tmp/
- /etc/ssh/*key* or possibly the entire directory contents (this may prevent man-in-the-middle attack messages but testing needed)
- /etc/hosts
- /etc/httpd/conf/httpd.conf
- Samba users, passwords, shares (for security cameras)
- /etc/samba/smb.conf
- /var/lib/samba/private/passdb.tbd
- /var/lib/samba/private/secrets.tbd
- Make sure service is running and will start at boot.
- Check output with: testparm -v
- nxclient-3.5.0-7.x86_64.rpm
- nxnode-3.5.0-9.x86_64.rpm
- nxserver-3.5.0-11.x86_64.rpm
skype-4.3.0.37-fedora.i586.rpm- verify services that should be installed/running in chkconfig
- Note firewall rules
Below is copied from CentOS 7 Migration Notes so modify as needed.
Must-Have functionality:
- Apache, MySQL, PHP, Perl
-
- edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour
- Check logs: # cat /var/log/fail2ban.log
- Ensure service is running:
# systemctl enable fail2ban
# systemctl restart fail2ban
- Disable SELinux
- VSFTP (for security cameras)
- As root: setsebool -P allow_ftpd_full_access on
- As root: systemctl restart vsftpd
- As root: systemctl enable vsftpd
- Samba
Skype- Virtual Box
- Working crontabs for each user
Customize MATE Desktop displays
- Adjust System > Preferences > Look and Feel > Appearance
- Under Fonts tab, set all to size 8
- Click Details, set resolution to 96 dpi, Smoothing Grayscale, Hinting Slight, Subpixel order RGB
- Firefox has large bullets for password masking. Theme setting?
- Set up gnome-terminal preferences
- General: Font Monospace 9, No terminal bell
- Colors: Use colors from system theme
- Or, black background with text color #d3d7cf (from GNOME Dark in RHEL9)
- Scrolling: unlimited
- Edit > Keyboard Shortcuts > Reset and Clear > F2
- Disable Vim auto-indent following Vi and Vim Tips
Change setting on screensaver
- System > Preferences > Look and Feel > Screensaver
System Monitor (needs mate-system-monitor and mate-applets RPMs):
- Right-click top panel > Add to Panel
- In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
- Moving display of current CPU usage should appear
Database work:
- Backup /etc/my.cnf
- Add this line under [mysqld]
- default-storage-engine=MyISAM
- Add other database users with phpMyAdmin GUI
- set username
- set password
- select "Grant all privileges on wildcard name (username\_%)."
- Dump all databases from source server to sql file then import on target server
- mysqldump -u USER -p'PASS' DATABASE > /tmp/DATABASE.sql
- Ensure database on target server exists; create if necessary
- Tables migrated should be MyISAM
- Default database engine is InnoDB asRed Highlighted Text of MySQL 5.5
-
- The exact number of rows of InnoDB tables cannot be shown
- Need to monitor /var</fc>/lib/mysql for growing logs
- Alternatively, set MyISAM to default database engine
- systemctl start mariadb.service
- systemctl enable mariadb.service
- mysql DATABASE -h localhost -u USER -p'PASS' < /tmp/DATABASE.sql
Setup ddclient:
- dnf -y install ddclient
- Use /etc/ddclient/* for configs from previous machine
Setup duckdns:
- crontab is
~/duckdns/duck.sh >/dev/null 2>&1
Setup ydns:
- crontab is
~/ydns/updater.sh -V -u <snip> -p <snip> -H juckins.ydns.eu >>~/ydns/updater.log 2>&1
Firewall notes:
- Using firewall-config to close rules from previous machine
rsync /var/www/html/
- test pages for proper display
- check soft link to phpmy is correct and current
Restore and test crons
- check that each cron job runs and the specified log directory exists
Backup /etc/selinux/config and change from enforcing to permissive
Restore /etc/hosts from previous machine as needed
Then, edit the network connections and make sure the "Ethernet" tab for the active connection, such as enp0s3, has the "Device" set to that interface. Reboot to test.
Download sample .png, .gif, .jpg images and test /usr/bin/display for any errors
Install Oracle Java (note, this is not the default CentOS, it will not auto-update)
Install X2Go
Restore Thunderbird profile
Restore Firefox profile
Restore VirtualBox and all machines
Test ASMAD for processing end-to-end
SSH issues
- Cannot ssh to yourself passwordlessly with default /etc/ssh/sshd_config
- Comment out the following line, like this:
- #AuthorizedKeysFile .ssh/authorized_keys
- This allows you to NX into the CentOS7 machine
- Update to openssh seems to require RSA keys now and authorized_keys file instead of DSA keys and authorized_keys2 file
- Set "PermitRootLogin no"
But MATE does not work, tried KDE with dnf group install "KDE Plasma Workspaces" and seems to work better but still no icons on the screenBut need to configure custom desktop to use /etc/X11/xinit/Xsession mate-sessionAlso tried /usr/bin/startxfce4 but still general odd behavior- Additional tips: http://ubuntuforums.org/archive/index.php/t-941530.html
- systemctl restart sshd.service
- User accounts at remove machines connecting to the new machine will need their $HOME/.ssh/known_hosts either rebuilt or offending entries removed
Update GRUB and splash screen
- My saved splash images with varying resolutions are in /root/downloads/splash
- As of CentOS 7.2 cannot get custom splash image to appear at boot (with UEFI)
- cd /etc/default
- cp grub grub.YYYYMMDD
- vi grub
- remove "rhgb quiet" from the GRUB_CMDLINE_LINUX call
- add "vga=0x317" to the GRUB_CMDLINE_LINUX call for better screen resolution (try 0x34b for 1920x1200x8 or 0x34c for 1920x1200x16, or vga=ask to see all available resolutions)
- comment out this line: GRUB_TERMINAL_OUTPUT="console"
- add this line: GRUB_BACKGROUND="/boot/grub2/splash.png"
- Ensure it is rw-r-r permissions
- Upload this image to the directory noted above
- For VM/BIOS-based installs, as root: grub2-mkconfig -o /boot/grub2/grub.cfg (Dell XPS 8930)
- For UEFI-based installs, as root: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
- More info at Customizing the Grub2 Config File and RHEL7 GRUB Guide
-
- Tried part about making a special font
- Tried installing all grub2* rpms
- Tried 640x480 small splash image
GRUB_CMDLINE_LINUX_DEFAULT="video=1024x768" GRUB_GFXMODE=1024x768 GRUB_GFXPAYLOAD_LINUX=keep
Set default GRUB entry
- Download grub2-select.bash
If GRUB2 no longer finds other OS to boot (such as Windows 10) use SourceForge Boot Repair Disk
Install ClamAV
Set up local printer(s)
- Note that Brother has notes for the HL2170W at https://support.brother.com/g/b/downloadlist.aspx?c=us&lang=en&prod=hl2170w_all&os=127
- RPM #1: brhl2170wlpr-2.0.2-1.i386.rpm
- RPM #2: cupswrapperHL2170W-2.0.2-1.i386.rpm
- Use 'lpstat' and 'lpq' to ensure it's a known destination printer
- dnf install cups
- service cups start
- systemctl enable cups
- Use System > Administration > Print Settings
- Add printer with Network JetDirect by IP address
- Default printer driver works OK
- Or use web browser:
- # dnf install httpd
- # /bin/systemctl start httpd.service
- # dnf install system-config-firewall
- # firewall-config (or System > Administration > Firewall)
- Allow http and https as rules
- Sometimes the firewall-config command will hang if trying to run via an SSH connection to a remote machine
- To add a port manually follow http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port
- To close a port manually follow http://www.codero.com/knowledge-base/content/10/377/en/how-to-manage-firewall-rules-in-centos-7.html
- # systemctl enable httpd
- Go to http://localhost:631
- Go to Administration tab
- Enter credentials for user root
- Add printer with prompts
Firewall Notes
- Adding an allowed port at the command line (from http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port
- Use this command to find your active zone(s):
firewall-cmd --get-active-zones
- It will say either public, dmz, or something else. You should only apply to the zones required.
- If you want to add a port such as 8080 to your public zone:
firewall-cmd --zone=public --add-port=8080/tcp --permanent
- Then remember to reload the firewall for changes to take effect.
firewall-cmd --reload
Managing runlevel settings
- Switch to runlevel 5:
# systemctl isolate graphical.target
- Initiate runlevel 5 by default:
# systemctl set-default graphical.target
- Switch to runlevel 3:
# systemctl isolate multi-user.target
- Initiate runlevel 3 by default:
# systemctl set-default multi-user.target
- For other run-level info, see RHEL7 Working with Systemd Targets
After machine has been running for a few days, don't forget to use "alpine" and check for local email from crons that indicate any errors or failures.