Christopher Juckins

SysAdmin Tips, Tricks and other Software Tools

User Tools

Site Tools

Trace:
rocky_linux_9_migration_notes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rocky_linux_9_migration_notes [2022/06/26 17:45] juckinsrocky_linux_9_migration_notes [2024/01/10 20:52] juckins
Line 1: Line 1:
 ==== Rocky Linux 9 Migration Notes ==== ==== Rocky Linux 9 Migration Notes ====
  
-//Below are CentOS 8 migration notes, so update/refine as appropriate.//+NOTE 1: The fresh install instructions below were tested on Rocky Linux 9.3
  
 +NOTE 2: Upgrading Rocky Linux 9.2 to 9.3 in late November 2023 resulted in ImageMagick errors.  Tried to remove ImageMagick*, then upgrade 9.2 to 9.3, and then reinstall ImageMagick* but the same error occurs. Fix was to disable /etc/yum.repos.d/epel-next.repo and then reinstall ImageMagick*.
  
-Check Does ssh'ing into a RL9 machine via ssh and xterm have slow logouts? The fix is to not include ssh -X or ssh -Y.+NOTE 3To migrate from Rocky Linux 8.x to 9, [[https://www.starwindsoftware.com/blog/upgrade-from-rocky-linux-8-x-to-rocky-linux-9-0|try these steps]].
  
-Consult [[virtualbox_for_centos_stream_notes|Virtual Box running CentOS8 Stream]] notes if dnf updates are slow+//The notes below have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\ 
 +//It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.//
  
 +__Before Starting__
  
-Fix php for phpmyadmin:+  * Get inventory of users (see /home) 
 +    * Become familiar with what each one does and the crons they run 
 +  * Copy the following to external hard drive or other machine for restoration after upgrade 
 +    * All users $HOME directories 
 +    * Ensure crons are in each user's $HOME/crontab directory 
 +    * ''/etc/hosts'' 
 +    * ''/etc/samba/smb.conf'' 
 +    * ''/var/lib/samba/private/passdb.tbd'' 
 +    * ''/var/lib/samba/private/secrets.tbd'' 
 +    * ''/etc/vsftpd/*''
  
-  dnf install php-gd php-ldap php-mysqlnd php-pecl-mcrypt php-pecl-zip +__Installation__
-   +
-Also comment out the cookie validity setting in config.inc.php+
  
-Secure the mariadb+  * Perform a minimal or basic install of Rocky Linux 9 
 +  * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot. 
 +  * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages 
 +  * Reboot target computer and login.
  
-Fix php.ini from known good config+  * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed. 
 +    * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to this machine 
 +    * ''cd .config/xfce4; rsync -avzn --delete --progress . XX.XX.XX.XX:~/.config/xfce4/''     
 +    * See {{:xfce.png?linkonly|Xfce Desktop image 1}} or {{:xfce_desktop_layout.png?linkonly|Xfce Desktop image 2}} for suggested icons, placement, etc. 
 +      * [[https://itsfoss.com/install-themes-xfce-xubuntu/|Notes for installing additional Xfce themes]]
  
-Configure $HOME/.vimrc as the following:+  * Disable screensaver and power management 
 +  * If necessary, disable WiFi LAN connection as root''nmcli radio wifi off'' 
 +  * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]
  
-  autocmd FileType setlocal formatoptions-=c formatoptions-=r formatoptions-=o+  * Create necessary user accounts 
 +    *  ''mate-user-admin'' is a graphical admin tool (old tool was system-config-users) 
 +  * Restore user's $HOME directories 
 +    * Copy over non-hidden files/directories first 
 +      * You can use rsync with the option to [[rsync_ignore_hidden_files|ignore hidden files]] 
 +    * Then rsync other hidden directories in each user's $HOME one-by-one, taking only what is needed
  
-  # python3 -m pip install --upgrade pip +  * [[https://www.linuxteck.com/how-to-install-apache-on-rocky-linux/|Install Apache on Rocky Linux 9]] 
-  # python3 -m pip install dictor +  * Copy/merge in ''/etc/httpd/conf/httpd.conf'' (and all backup versions) from previous machine 
-  # python3 -m pip install wheel +  * Test password-restricted pages 
-  # python3 -m pip install httplib2 +  * Run through [[php8.2_on_rocky_linux_8|PHP 8.2 on Rocky Linux 9]] 
-  # python3 -m pip install PyMySQL+  * Copy/merge in a known good ''/etc/php.ini'' file from previous machine 
 +  * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1) 
 +  * Check httpd logs for any errors, such as mod security 
 +    * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security RPMs]] and restart apache if web pages cycle between Forbidden errors
  
-PyMySQL v0.9.3 has been upgraded to v1.0.and requires modification to "connect" statement.+  * Firewall configuration 
 +    * [[https://linuxhint.com/enable-disable-firewall-rocky-linux-9/|Enable-Disable Firewall]] 
 +    * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]] 
 +      * Can also try ''firewall-config'' to clone rules from previous machine 
 +    * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]] 
 +      * ''firewall-cmd --zone=public --add-service=http --permanent'' 
 +      * ''firewall-cmd --zone=public --add-service=https --permanent'' 
 +    * [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|Configure fail2ban]] 
 +      * Edit ''/etc/fail2ban/jail.local'' to ban for longer than default of 1 hour 
 +      * Review ''/var/log/fail2ban.log'' output 
 +      * As root, ensure service is running: 
 +        * ''systemctl enable fail2ban'' 
 +        * ''systemctl restart fail2ban''
  
-Other fixes:+  * MySQL / MariaDB Database - Installation 
 +    * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] and follow all steps to secure it, change default password, etc. 
 +    * How to [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|reset mysql root password]] if needed
  
-  * Disable WiFi LAN connection with ''# nmcli radio wifi off'' +  * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] and use [[installing_phpmyadmin_tips|these tips]] 
-  * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]+    * Merge in config.inc.php from previous machine 
 +    * Clear local browser history, then test  
 +    * To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root db user) 
 +    * To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine.   
 +      * If problematic, save to a .sql file locally and use the Import function.
  
-For migrating a system from a different OS, take note of this info first: +  * MySQL / MariaDB Database - Migrate databases 
-  Make a test user on CentOS7 and one on CentOS8 +    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] 
-    * Compare hidden files to see if anything changed between OSs +      They can be exported from phpMyAdmin (but don't include root)
-    * This allows for easy migrating of data for users' $HOME directories +
-  * ensure all scripts make their own log file directory +
-    * $log_dir = "/var/tmp/check_disk_space"; +
-    * mkdir ("$log_dir", 0755); +
-    * should crons write to /tmp and then have a daily script that checks cron logs for errors? +
- +
- +
----- +
- +
- +
-  * Get inventory of users +
-  * /// +
-  * Check that PHP is working correctly, localhost/index.php tries to open a file +
-    * check httpd.conf +
-  * /// +
-  * Clear all history from Firefox before testing phpmyadmin +
-    * Check httpd logs for any errors, such as mod security +
-    * uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security]] if necessary +
-  * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]] +
-    * ''firewall-cmd --zone=public --add-service=http --permanent'' +
-    * ''firewall-cmd --zone=public --add-service=https --permanent'' +
-  * <color #ed1c24>MySQL / MariaDB Database and users</color> +
-    * [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|Reset mysql root password]] +
-    * [[https://www.tecmint.com/install-lamp-on-centos-8/|Notes for installing LAMP]] on CentOS 8 +
-    [[https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-centos-8]]+
     * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]     * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]
-      * Note that the restore of mysql does not use "--all-databasesoption and is an error in link above+      * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above
     * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]     * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]
-    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] +    * Export MySQL databases with mysqldump 
-      * They can be exported from phpmyadmin (but don't include root) +      * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]] 
-  * export MySQL databases with mysqldump +      * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]] 
-    * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]] +    When done, check format of tables (MyISAM vs InnoDB vs Aria
-    * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]] +    * To change database enginesee [[https://phoenixnap.com/kb/myisam-vs-innodb|these notes]]
-  list of installed perl modules +
-    * grep all .pl script and look for the "use " calls +
-  * Copy the following to accessible location for restore after upgrade +
-    * users' $HOME +
-    * crons should be in each user's $HOME/crontab +
-    * various processing log files from /var/tmp/ +
-    * /etc/ssh/*key* or possibly the entire directory contents (this may prevent man-in-the-middle attack messages but testing needed+
-    * /etc/hosts +
-    * /etc/httpd/conf/httpd.conf +
-    * Samba userspasswords, shares (for security cameras) +
-      * /etc/samba/smb.conf +
-      * /var/lib/samba/private/passdb.tbd +
-      * /var/lib/samba/private/secrets.tbd +
-      * Make sure service is running and will start at boot. +
-      * Check output with: testparm -v +
-  * nxclient-3.5.0-7.x86_64.rpm +
-  * nxnode-3.5.0-9.x86_64.rpm +
-  * nxserver-3.5.0-11.x86_64.rpm +
-  * <del>skype-4.3.0.37-fedora.i586.rpm</del> +
-  * verify services that should be installed/running in chkconfig +
-  * Note firewall rules +
-    * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]+
  
-<color #ed1c24>**Below is copied from [[centos_7_migration_notes|CentOS 7 Migration Notes]] so modify as needed.**</color>+  * [[python_notes|Run through Python/PIP configuration]] 
 +    For the non-root user needing it, run ''pip install dictor'' and ''pip install astral'' 
 + 
 +  Install miniconda3 (see [[python_virtual_environments|Python Virtual Environments]])
  
-Must-Have functionality: 
-  * Apache, MySQL, PHP, Perl 
-  * [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|fail2ban]] 
-    * edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour 
-    * Check logs: # cat /var/log/fail2ban.log 
-    * Ensure service is running: 
-      * ''# systemctl enable fail2ban'' 
-      * ''# systemctl restart fail2ban'' 
   * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]   * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]
-  * Disable SELinux+  * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras) 
 +    * Credentials are stored in my secure password file 
 +      * command will be: ''smbpasswd -a USER'' (then enter password at next prompt) 
 +    * Make sure service is running and will start at boot. 
 +    * Check output with: ''testparm -v'' 
 +    * The security cameras will need to reformat their nas disk locations to store video files
   * VSFTP (for security cameras)   * VSFTP (for security cameras)
-    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|Config instructions]]+    * [[https://wiki.crowncloud.net/?How_Install_VSFTPD_on_Rocky_Linux_9|Rocky Linux 9 instructions]] 
 +    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|CentOS 7 instructions]]
     * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]     * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]
-    * As root: setsebool -P allow_ftpd_full_access on  +    * As root: ''setsebool -P allow_ftpd_full_access on'' 
-    * As root: systemctl restart vsftpd +    * As root: ''systemctl restart vsftpd'' 
-    * As root: systemctl enable vsftpd +    * As root: ''systemctl enable vsftpd'' 
-  * Samba +  * Setup ddclient: 
-    * [[samba_file_sharing|Samba File Sharing]] +    * https://sourceforge.net/p/ddclient/wiki/Home/ 
-  * <del>Skype</del> +    ''dnf -y install ddclient'' 
-  * Virtual Box +    * Use ''/etc/ddclient.conf'' for configs from previous machine 
-  * Working crontabs for each user +  Setup duckdns updater cron 
-  * [[python_notes|Install Python 3]] +  * Setup ydns updater cron 
- +  * Rsync over ''/var/www/html/'' 
-Customize MATE Desktop displays +    Test pages for proper display 
-  * Adjust System > Preferences > Look and Feel > Appearance +    * Check httpd logs for errors 
-  * Under Fonts tab, set all to size 8 +  * Restore and test crons for each user 
-  * Click Details, set resolution to 96 dpi, Smoothing Grayscale, Hinting Slight, Subpixel order RGB +    Check that each cron job runs and the specified log directory exists 
-  * Firefox has large bullets for password masking.  Theme setting? +  * Check network connections and make sure active connection comes up at boot time 
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=centos7_desktop.png|Configure Desktop]] +  * Restore Thunderbird profile 
-  * Set up gnome-terminal preferences +  * [[https://www.virtualbox.org/wiki/Linux_Downloads|Install VirtualBox]] 
-    * General: Font Monospace 9, No terminal bell +    Migrate/import VirtualBox machines [[https://4sysops.com/archives/move-virtualbox-vm-to-other-hosts/|using these notes]] 
-    * Colors: Use colors from system theme +    I had to create and self-sign MOK (Machine Owner Key) certificates Info [[https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4|here]]. 
-      * Or, black background with text color #d3d7cf (from GNOME Dark in RHEL9) +    * My Google Doc "Linux Replacement 2024" has some crude notes 
-    * Scrolling: unlimited +  Restore Remmina profiles 
-    * Edit > Keyboard Shortcuts > Reset and Clear > F2 +    * ''$HOME/.local/share/remmina'' and ''$HOME/.config/remmina'' 
-  * Disable Vim auto-indent following [[vim_tips|Vi and Vim Tips]] +  Test ASMAD for processing end-to-end 
- +    All perl scripts 
-Change setting on screensaver +      Required modules should be included in the [[dnf_installer_bash_script_rocky_linux_9|dnf installer bash script]] 
-  * System > Preferences > Look and Feel > Screensaver +    All python scripts 
- +      Check my amtrak_status "docdirectory for required python modules 
-System Monitor (needs mate-system-monitor and mate-applets RPMs): +  * Install [[clamav_antivirus|ClamAV]] 
-  * Right-click top panel > Add to Panel +  * Install local printer 
-  * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add +    Use http://localhost:631/admin and root username/password for credentials 
-  * Moving display of current CPU usage should appear +    If you don't use root credentials, then you need to modify /etc/cups/cups-files.conf and add my username to the SystemGroup line 
- +    Then restart cups ''systemctl restart cups'' 
----- +    Use AppSocket/HP JetDirect to add printer by IP address like <nowiki>''socket://XX.XX.XX.XX''</nowiki
- +    Choose driver ''Foomatic/hl1250 en'' 
-Database work: +    * Use option settings to make it the default printer and use 600x600 DPI quality 
-  * Backup /etc/my.cnf +    * Test using enscript filename.txt (old a2ps command
-    * Add this line under [mysqld] +    * See if printer is default with ''lpstat --d'' and/or set it with ''lpoptions -d PRINTER_NAME'' 
-      * default-storage-engine=MyISAM +    ''lpstat -d'' should now show the new printer as the default 
-  * Add other database users with phpMyAdmin GUI +  * Local RPMs 
-    * set username +    * perl-Math-Round 
-    * set password +    Slack 
-    * select "Grant all privileges on wildcard name (username\_%)." +    * sunwait 
-  * Dump all databases from source server to sql file then import on target server +      * Test with ''/usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W'' 
-    * mysqldump -u USER -p'PASSDATABASE > /tmp/DATABASE.sql +  * Check any remaining ''/etc/yum.repos.d/*'' configuration setup 
-    Ensure database on target server exists; create if necessary +    For example, [[https://www.speedtest.net/apps/cli|Ookla Speedtest CLI]] 
-      * Tables migrated should be MyISAM +  * Mount /disk2 (see [[adding_a_second_hard_drive]]) 
-      * Default database engine is InnoDB as<color #ed1c24>Red Highlighted Text</color> of MySQL 5.5 +  * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]] 
-      * [[https://dev.mysql.com/doc/refman/5.6/en/innodb-default-se.html|Perform some tests and queries]] +    * See repo at https://sourceforge.net/projects/passwordsafe/files/Linux
-        * The exact number of rows of InnoDB tables cannot be shown +    * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]] 
-        * Need to monitor /var</fc>/lib/mysql for growing logs +    * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm'' 
-        * <color #ed1c24>CHECK</color>: [[http://stackoverflow.com/questions/3927690/howto-clean-a-mysql-innodb-storage-engine/4056261#4056261|Manage and Cleanup InnoDB Infrastructure]] +    Binary is /usr/bin/pwsafe 
-        * [[http://dba.stackexchange.com/questions/8982/what-is-the-best-way-to-reduce-the-size-of-ibdata-in-mysql|Similar Post 1]]  +  * Add CPU graph and Weather Info to panel 
-        * [[http://pc-freak.net/blog/fix-mysql-ibdata-file-size-ibdata1-file-growing-large-preventing-ibdata1-eating-disk-space/|Similar Post 2]] +    * Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page 
-        * [[https://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html|dev.mysql info]] +    * Right-click top panel > Add New Items 
-      * Alternatively, set MyISAM to default database engine +    Add CPU Graph, Weather Info 
-      * systemctl start mariadb.service +  * Adjust top and bottom panels 
-      * systemctl enable mariadb.service +    * Reverse positions 
-    * mysql DATABASE -h localhost -u USER -p'PASS' < /tmp/DATABASE.sql +    * Make top panel 24px with icons at fixed 22px 
- +    * Bottom panel 24px with icons at fixed 16px 
-Setup ddclient: +    * Top panel has these buttons: 
-  * https://sourceforge.net/p/ddclient/wiki/Home/ +      * Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, password safe, keepassxc, shortcut to security cams, VirtualBox, Remmina, XfreeRDP 
-  * dnf -y install ddclient +    Stop the Keyring popup GUI when starting Chrome (see [[https://unix.stackexchange.com/questions/718489/how-to-fix-login-keyring|this post]]) 
-  * Use /etc/ddclient/* for configs from previous machine +      ''cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE''  
- +      Log out and log back in or reboot
-Setup duckdns: +
-  * crontab is <code>~/duckdns/duck.sh >/dev/null 2>&1</code> +
- +
-Setup ydns+
-  * crontab is <code>~/ydns/updater.sh -V -u <snip> -p <snip> -H juckins.ydns.eu >>~/ydns/updater.log 2>&1</code> +
- +
-Firewall notes: +
-  * Using firewall-config to close rules from previous machine +
- +
-rsync /var/www/html/  +
-  test pages for proper display +
-  * check soft link to phpmy is correct and current +
- +
-Restore and test crons +
-  check that each cron job runs and the specified log directory exists +
- +
-Backup /etc/selinux/config and change from enforcing to permissive +
- +
-Restore /etc/hosts from previous machine as needed +
- +
-Then, edit the network connections and make sure the "Ethernet" tab for the active connection, such as enp0s3, has the "Device" set to that interface.  Reboot to test. +
- +
-Download sample .png, .gif, .jpg images and test /usr/bin/display for any errors +
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.gif|GIF image]] +
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.jpg|JPG image]] +
-  [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.png|PNG image]] +
- +
-[[http://www.if-not-true-then-false.com/2014/install-oracle-java-8-on-fedora-centos-rhel/|Install Oracle Java]] (note, this is not the default CentOS, it will not auto-update)  +
- +
-Install X2Go +
- +
-Restore Thunderbird profile +
- +
-Restore Firefox profile +
- +
-Restore VirtualBox and all machines +
- +
-Test ASMAD for processing end-to-end +
- +
-SSH issues +
-  Cannot ssh to yourself passwordlessly with default /etc/ssh/sshd_config +
-  Comment out the following line, like this: +
-  #AuthorizedKeysFile .ssh/authorized_keys   +
-  This allows you to NX into the CentOS7 machine +
-  * Update to openssh seems to require RSA keys now and authorized_keys file instead of DSA keys and authorized_keys2 file +
-  * Set "PermitRootLogin no+
-  * <del>But MATE does not work, tried KDE with dnf group install "KDE Plasma Workspaces" and seems to work better but still no icons on the screen</del> +
-  * <del>But need to configure custom desktop to use /etc/X11/xinit/Xsession mate-session</del> +
-  <del>Also tried /usr/bin/startxfce4 but still general odd behavior</del> +
-  Additional tips: http://ubuntuforums.org/archive/index.php/t-941530.html +
-  * systemctl restart sshd.service +
-  User accounts at remove machines connecting to the new machine will need their $HOME/.ssh/known_hosts either rebuilt or offending entries removed +
- +
-Update GRUB and splash screen +
-  * My saved splash images with varying resolutions are in /root/downloads/splash +
-  * <color #ed1c24>As of CentOS 7.2 cannot get custom splash image to appear at boot (with UEFI)</color+
-  cd /etc/default +
-  * cp grub grub.YYYYMMDD +
-  * vi grub  +
-    * remove "rhgb quiet" from the GRUB_CMDLINE_LINUX call +
-    * add "vga=0x317" to the GRUB_CMDLINE_LINUX call for better screen resolution (try 0x34b for 1920x1200x8 or 0x34c for 1920x1200x16, or vga=ask to see all available resolutions+
-    * comment out this line: GRUB_TERMINAL_OUTPUT="console" +
-    * add this line: GRUB_BACKGROUND="/boot/grub2/splash.png" +
-      * Ensure it is rw-r-r permissions +
-      * [[http://192.168.1.14/dokuwiki/lib/exe/fetch.php?media=splash.png|Upload this image]] to the directory noted above +
-  For VM/BIOS-based installs, as root: grub2-mkconfig -o /boot/grub2/grub.cfg (Dell XPS 8930) +
-  * For UEFI-based installs, as root: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg +
-  More info at [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Customizing_the_GRUB_2_Configuration_File.html|Customizing the Grub2 Config File]] and [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Desktop_Migration_and_Administration_Guide/GRUB.html|RHEL7 GRUB Guide]] +
-  * [[https://www.centos.org/forums/viewtopic.php?t=49321|Change GRUB Menu Resolution]] +
-  * [[https://www.centos.org/forums/viewtopic.php?t=50957|Change GRUB2 splash screen in CentOS 7]] +
-  * [[http://www.tuxfixer.com/set-grub2-custom-splash-screen-on-rhel-7-centos-7-uefi-and-legacy-bios-iso-image/]] +
-  * [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/desktop_migration_and_administration_guide/grub]] +
-    * Tried part about making a special font +
-    * Tried installing all grub2* rpms +
-    * Tried 640x480 small splash image +
- +
-<code> +
-GRUB_CMDLINE_LINUX_DEFAULT="video=1024x768" +
-GRUB_GFXMODE=1024x768 +
-GRUB_GFXPAYLOAD_LINUX=keep +
-</code> +
- +
-Set default GRUB entry +
-  * Download [[https://www.systutorials.com/3826/setting-default-entry-in-grub2-and-grub/|grub2-select.bash]] +
- +
-If GRUB2 no longer finds other OS to boot (such as Windows 10) use [[https://sourceforge.net/projects/boot-repair-cd/|SourceForge Boot Repair Disk]] +
- +
-Install [[clamav_antivirus|ClamAV]] +
- +
-Set up local printer(s) +
-  * Note that Brother has notes for the HL2170W at https://support.brother.com/g/b/downloadlist.aspx?c=us&lang=en&prod=hl2170w_all&os=127 +
-    * RPM #1: brhl2170wlpr-2.0.2-1.i386.rpm +
-    * RPM #2: cupswrapperHL2170W-2.0.2-1.i386.rpm +
-    * Use 'lpstatand 'lpq' to ensure it's a known destination printer +
-  [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Printer_Configuration.html#sec-Starting_Print_Settings_Config|RHEL7 Print Settings]] +
-  * dnf install cups +
-  * service cups start +
-  * systemctl enable cups +
-  * Use System > Administration > Print Settings +
-    * Add printer with Network JetDirect by IP address +
-    * Default printer driver works OK +
-  * Or use web browser: +
-  * # dnf install httpd +
-  * # /bin/systemctl start httpd.service +
-  * # dnf install system-config-firewall +
-  * # firewall-config (or System > Administration > Firewall) +
-    * Allow http and https as rules +
-    * Sometimes the firewall-config command will hang if trying to run via an SSH connection to a remote machine +
-    * To add a port manually follow [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]] +
-    * To close a port manually follow [[http://www.codero.com/knowledge-base/content/10/377/en/how-to-manage-firewall-rules-in-centos-7.html]] +
-  # systemctl enable httpd +
-  * Go to http://localhost:631 +
-    * Go to Administration tab +
-    * Enter credentials for user root +
-    * Add printer with prompts +
- +
-Firewall Notes  +
- +
-  Adding an allowed port at the command line (from [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]] +
-  Use this command to find your active zone(s): +
- +
-<code> +
-firewall-cmd --get-active-zones +
-</code> +
- +
-  * It will say either public, dmz, or something elseYou should only apply to the zones required. +
- +
-  * If you want to add a port such as 8080 to your public zone: +
- +
-<code> +
-firewall-cmd --zone=public --add-port=8080/tcp --permanent +
-</code> +
- +
-  * Then remember to reload the firewall for changes to take effect. +
- +
-<code> +
-firewall-cmd --reload +
-</code> +
- +
-Managing runlevel settings +
- +
-  * Switch to runlevel 5: +
-<code> +
-# systemctl isolate graphical.target +
-</code> +
- +
-  Initiate runlevel 5 by default: +
  
-<code> +__Post Installation__
-# systemctl set-default graphical.target +
-</code>+
  
-  * Switch to runlevel 3: +  * In /root/bin on old/new machines, see final_sync_for_new_server.txt 
-<code> +  * As root, use ''alpine'' to check email from crons that indicate any errors or failures 
-# systemctl isolate multi-user.target +  * Cleanup old files in root, my $HOME 
-</code>+  * Fix date [[https://unix.stackexchange.com/questions/553679/set-clock-to-24-hour-format-for-all-users|to show 24 hour clock]] 
 +    * Setting should be in .bashrc
  
-  * Initiate runlevel 3 by default: +__Other Notes__
  
-<code> +MATE is now available See [[https://docs.rockylinux.org/guides/desktop/mate_installation/|MATE Documentation]]
-# systemctl set-default multi-user.target +
-</code>+
  
-  * For other run-level info, see [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Targets.html#sect-Managing_Services_with_systemd-Targets-Change_Default|RHEL7 Working with Systemd Targets]]+  * Add System Monitor to panel 
 +    * ''dnf -y install mate-system-monitor'' 
 +    * Right-click top panel > Add to Panel 
 +    * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add 
 +    * Moving display of current CPU usage should appear
  
-After machine has been running for a few days, don't forget to use "alpine" and check for local email from crons that indicate any errors or failures.+__Known issues__ 
 +  * SHA-1 security signing is not supported on RHEL9 ([[https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9|see RedHat blog post]]) 
 +    * /etc/cron.daily/google-chrome fails because of this 
 +      * Probably not a critical issue since Chrome can be updated via dnf
rocky_linux_9_migration_notes.txt · Last modified: 2024/01/11 11:21 by juckins