Christopher Juckins

NOTE: The fresh install instructions below were tested on Rocky Linux 10.0 (which is based on Fedora 40)

The instructions below are a work in progress, using Rocky Linux 9 Migration Notes as a starting point and utilizing the Xfce Desktop Environment.

Downloaded the minimal ISO, did my basic install.

• dnf install net-tools

Installing the bash script produced these errors:

No match for group package "hardlink"
Error: Unable to find a match: libreoffice*
Error: Unable to find a match: alpine
Error: Unable to find a match: mate-user-admin
Error: Unable to find a match: evince
Error: Unable to find a match: gimp
Error: Unable to find a match: perl-Array-Unique.noarch
Error: Unable to find a match: perl-List-Compare.noarch
Error: Unable to find a match: gparted
Error: Unable to find a match: keepassxc
Error: Unable to find a match: system-config-printer
Error: Unable to find a match: totem
Error: Unable to find a match: wgrib2
Error: Unable to find a match: xrdp
Module or Group 'xfce' is not available.
Error: Nothing to do.
Error: Unable to find a match: xfce4-cpugraph-plugin
Error: Unable to find a match: xfce4-weather-plugin
Error: Unable to find a match: lightdm
Removed '/etc/systemd/system/display-manager.service'.
Failed to enable unit: Unit lightdm.service does not exist

Machine did not boot into any kind of graphical desktop.

Tried full iso and installed GNOME, I just don't like it.

Tried KDE iso and am evaluating it.

* NOTHING BELOW HAS BEEN MODIFIED/TESTED YET *

Before Starting

• Get inventory of users (see /home)
  • Become familiar with what each one does and the crons they run
• Copy the following to external hard drive or other machine for restoration after upgrade
  • All users $HOME directories
  • Ensure crons are in each user's $HOME/crontab directory
  • /etc/hosts
  • /etc/samba/smb.conf
  • /var/lib/samba/private/passdb.tbd
  • /var/lib/samba/private/secrets.tbd
  • /etc/vsftpd/*

Installation

• Perform a minimal or basic install of Rocky Linux 9
• Backup /etc/selinux/config and change from enforcing to permissive. Reboot.
• Run the Rocky Linux 10 bash setup script to get the usual extras, add-ons and other packages
• Reboot target computer and login.

• Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed.
  • Log out of the target machine
  • Copy files in ~/.config/xfce4/ from another pre-configured machine to the target machine
  • cd .config/xfce4; rsync -avzn –delete –progress . XX.XX.XX.XX:~/.config/xfce4/
  • Copy files in ~/.config/Thunar/ from another pre-configured machine to the target machine
  • cd .config/Thunar; rsync -avzn –delete –progress . XX.XX.XX.XX:~/.config/Thunar/
  • Reboot the target machine
  • See Xfce Desktop image 1 or Xfce Desktop image 2 for suggested icons, placement, etc.
    • Notes for installing additional Xfce themes

• Disable screensaver and power management
• If necessary, disable WiFi LAN connection as root: nmcli radio wifi off
• If necessary, keep WiFi LAN enabled but install Intel WiFi drivers if needed
  • dnf install iwl6000g2b-firmware.noarch
  • Reboot and enable Wifi in task bar (the WiFi choice may be grayed out at first). Check that the wifi switch on the laptop needs to be turned on (keyboard toggle).
  • http://linuxwireless.sipsolutions.net/en/users/Drivers/iwlwifi/
  • https://www.intel.com/content/www/us/en/support/articles/000005511/wireless.html
• Disable bell

• Create necessary user accounts
  • mate-user-admin is a graphical admin tool (old tool was system-config-users)
• Restore user's $HOME directories
  • Copy over non-hidden files/directories first
    • You can use rsync with the option to ignore hidden files
  • Then rsync other hidden directories in each user's $HOME one-by-one, taking only what is needed

• Install Apache on Rocky Linux 9
• Copy/merge in /etc/httpd/conf/httpd.conf (and all backup versions) from previous machine
• Test password-restricted pages
• Run through PHP 8.2 on Rocky Linux 9
• Copy/merge in a known good /etc/php.ini file from previous machine
• Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1)
• Check httpd logs for any errors, such as mod security
  • Uninstall mod_security RPMs and restart apache if web pages cycle between Forbidden errors

• Firewall configuration
  • Enable-Disable Firewall
  • Export Firewall Rules to new server
    • Can also try firewall-config to clone rules from previous machine
  • Add https and http to firewall rules
    • firewall-cmd –zone=public –add-service=http –permanent
    • firewall-cmd –zone=public –add-service=https –permanent
  • Configure fail2ban
    • Edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour
    • Review /var/log/fail2ban.log output
    • As root, ensure service is running:
      • systemctl enable fail2ban
      • systemctl restart fail2ban

• MySQL / MariaDB Database - Installation
  • Install MariaDB on Rocky Linux 9 and follow all steps to secure it, change default password, etc.
  • How to reset mysql root password if needed

• Install phpMyAdmin and use these tips
  • Merge in config.inc.php from previous machine
  • Clear local browser history, then test
  • To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root db user)
  • To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine.
    • If problematic, save to a .sql file locally and use the Import function.

• MySQL / MariaDB Database - Migrate databases
  • Migrate MySQL users to new machine
    • They can be exported from phpMyAdmin (but don't include root)
  • Migrate all databases with mysqldump
    • Note that the restore of mysql does not use -all-databases option and is an error in link above
  • Migrate with tar
  • Export MySQL databases with mysqldump
    • Migrate MySQL database to new server
    • Move MySQL databases to new server
  • When done, check format of tables (MyISAM vs InnoDB vs Aria)
  • To change database engine, see these notes

• Run through Python/PIP configuration
  • For the non-root user needing it, run pip install dictor and pip install astral

• Install miniconda3 (see Python Virtual Environments)

• Set up Gmail Relay and test
• Set up Samba users, passwords, shares (for security cameras)
  • Credentials are stored in my secure password file
    • command will be: smbpasswd -a USER (then enter password at next prompt)
  • Make sure service is running and will start at boot.
  • Check output with: testparm -v
  • The security cameras will need to reformat their nas disk locations to store video files
• VSFTP (for security cameras)
  • Rocky Linux 9 instructions
  • CentOS 7 instructions
  • 500 writeable root error
  • As root: setsebool -P allow_ftpd_full_access on
  • As root: systemctl restart vsftpd
  • As root: systemctl enable vsftpd
• Setup ddclient:
  • https://sourceforge.net/p/ddclient/wiki/Home/
  • dnf -y install ddclient
  • Use /etc/ddclient.conf for configs from previous machine
• Setup duckdns updater cron
• Setup ydns updater cron
• Rsync over /var/www/html/
  • Test pages for proper display
  • Check httpd logs for errors
• Restore and test crons for each user
  • At the top of each user's cron file, add something like [email protected] so that emails sent to localhost are actually delivered to the sys admin
    • Alternatively, look at /etc/aliases and have root send email to my actual email address
  • Check that each cron job runs and the specified log directory exists
  • Modify /etc/environment to include LC_TIME="en_GB.UTF-8" for 24-hour clock used by cron jobs
• Check network connections and make sure active connection comes up at boot time
• Restore Thunderbird profile
• Install VirtualBox
  • Migrate/import VirtualBox machines using these notes
  • I had to create and self-sign MOK (Machine Owner Key) certificates. Info here.
  • My Google Doc "Linux Replacement 2024" has some crude notes
• Restore Remmina profiles
  • $HOME/.local/share/remmina and $HOME/.config/remmina
• Test ASMAD for processing end-to-end
  • All perl scripts
    • Required modules should be included in the dnf installer bash script
  • All python scripts
    • Check my amtrak_status "doc" directory for required python modules
• Install ClamAV
• Install local printer
  • Use http://localhost:631/admin and root username/password for credentials
  • If you don't use root credentials, then you need to modify /etc/cups/cups-files.conf and add my username to the SystemGroup line
  • Then restart cups systemctl restart cups
  • Use AppSocket/HP JetDirect to add printer by IP address like ''socket://XX.XX.XX.XX''
  • Choose driver Foomatic/hl1250 en
  • Use option settings to make it the default printer and use 600x600 DPI quality
  • Test using enscript filename.txt (old a2ps command)
  • When using evince to print out PDFs, it seems you need to choose "Print to "LPR".
    • Otherwise the output does not fit the page.
    • Note that Libre Office can print to the printer name "Brother_HL-2170W" without a problem.
  • See if printer is default with lpstat -p -d and/or set it with lpoptions -d PRINTER_NAME
  • lpstat -d should now show the new printer as the default
• Local RPMs
  • perl-Math-Round
  • Slack
  • sunwait
    • Test with /usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W
• Check any remaining /etc/yum.repos.d/* configuration setup
  • For example, Ookla Speedtest CLI
    • If Ookla becomes a graphical output, might need to consider dnf install speedtest-cli
• Mount /disk2 (see adding_a_second_hard_drive)
• Install PasswordSafe for Linux
  • See repo at https://sourceforge.net/projects/passwordsafe/files/Linux/
  • Use this instead of Gorilla password manager
  • v1.16 works with dnf localinstall passwordsafe-fedora37-1.16.rpm
  • Binary is /usr/bin/pwsafe
• Add CPU graph and Weather Info to panel
  • Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page
  • Right-click top panel > Add New Items
  • Add CPU Graph, Weather Info
• Adjust top and bottom panels
  • Reverse positions
  • Make top panel 24px with icons at fixed 22px
  • Bottom panel 24px with icons at fixed 16px
  • Top panel has these buttons:
    • Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, password safe, keepassxc, shortcut to security cams, VirtualBox, Remmina, XfreeRDP
  • Stop the Keyring popup GUI when starting Chrome (see this post)
    • cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE
    • Log out and log back in or reboot

Post Installation

• In /root/bin on old/new machines, see final_sync_for_new_server.txt
• As root, use alpine to check email from crons that indicate any errors or failures
• Cleanup old files in root, my $HOME
• Fix date to show 24 hour clock
  • Setting should be in .bashrc
• If you have slow dnf updates, add these 2 lines to '/etc/dnf/dnf.conf':
  • fastestmirror=1
  • max_parallel_downloads=8

Other Notes

MATE is now available. See MATE Documentation

• Add System Monitor to panel
  • dnf -y install mate-system-monitor
  • Right-click top panel > Add to Panel
  • In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
  • Moving display of current CPU usage should appear

Known issues

• SHA-1 security signing is not supported on RHEL9 (see RedHat blog post)
  • /etc/cron.daily/google-chrome fails because of this
    • Probably not a critical issue since Chrome can be updated via dnf